kresy.pl Open in urlscan Pro
2606:4700:20::681a:c9f Public Scan

Go To Rescan
Add Verdict Report

URL:
https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
Submission: On January 08 via api (January 8th 2023, 11:23:46 am UTC) from CH — Scanned from DE

Summary HTTP 1447 Redirects Links 19 Behaviour Indicators

Summary

This website contacted 112 IPs in 12 countries across 98 domains to perform 1447 HTTP transactions. The main IP is 2606:4700:20::681a:c9f, located in United States and belongs to CLOUDFLARENET, US. The main domain is kresy.pl. The Cisco Umbrella rank of the primary domain is 772355.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 10th 2022. Valid for: a year.

This is the only time kresy.pl was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
164	2606:4700:20:... 2606:4700:20::681a:c9f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:400d:80e::2008	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:400d:806::200a	15169 (GOOGLE) (GOOGLE)
3	2606:4700::68... 2606:4700::6810:5914	13335 (CLOUDFLAR...) (CLOUDFLARENET)
57	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
14	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
2	151.101.194.133 151.101.194.133	54113 (FASTLY) (FASTLY)
1	2606:4700::68... 2606:4700::6810:3965	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	212.91.26.93 212.91.26.93	15694 (ATMAN-ISP...) (ATMAN-ISP-AS ATM S.A.)
3	2606:2800:220... 2606:2800:220:de:468:2285:c1:4a3	15133 (EDGECAST) (EDGECAST)
2	2600:9000:211... 2600:9000:211e:1200:9:46dc:4700:93a1	16509 (AMAZON-02) (AMAZON-02)
10	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
2	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:80f::200a	15169 (GOOGLE) (GOOGLE)
1	2600:9000:214... 2600:9000:214f:cc00:4:f9aa:3d40:93a1	16509 (AMAZON-02) (AMAZON-02)
1 2	2600:1f1c:a99... 2600:1f1c:a99:832c:ec8b:437a:257b:cb2d	16509 (AMAZON-02) (AMAZON-02)
29	2a00:1450:400... 2a00:1450:400d:805::2002	15169 (GOOGLE) (GOOGLE)
1	2600:9000:211... 2600:9000:211e:e200:3:a4cd:8380:93a1	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:400d:802::200e	15169 (GOOGLE) (GOOGLE)
34	99.86.4.60 99.86.4.60	16509 (AMAZON-02) (AMAZON-02)
1	212.8.250.83 212.8.250.83	49981 (WORLDSTREAM) (WORLDSTREAM)
3	2600:9000:211... 2600:9000:211e:4600:9:46dc:4700:93a1	16509 (AMAZON-02) (AMAZON-02)
2	138.68.13.4 138.68.13.4	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
3	2a00:1450:400... 2a00:1450:400c:c01::9c	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f01... 2a03:2880:f01c:216:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1 3	2a00:1450:400... 2a00:1450:4001:810::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:400d:80a::2003	15169 (GOOGLE) (GOOGLE)
1	54.183.96.130 54.183.96.130	16509 (AMAZON-02) (AMAZON-02)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
31	2606:4700:20:... 2606:4700:20::ac43:49e4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:211... 2600:9000:211e:8200:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
3	208.115.232.150 208.115.232.150	46475 (LIMESTONE...) (LIMESTONENETWORKS)
47	81.17.55.98 81.17.55.98	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
2 100	37.252.171.52 37.252.171.52	29990 (ASN-APPNEX) (ASN-APPNEX)
31	2602:803:c004... 2602:803:c004:200::140	26667 (RUBICONPR...) (RUBICONPROJECT)
31	204.237.133.116 204.237.133.116	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
1 40	37.157.3.30 37.157.3.30	198622 (ADFORM) (ADFORM)
31	2a02:2638:1::1a 2a02:2638:1::1a	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	104.244.42.8 104.244.42.8	13414 (TWITTER) (TWITTER)
2	2a03:2880:f11... 2a03:2880:f11c:8083:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	64.225.42.52 64.225.42.52	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
3	64.227.50.180 64.227.50.180	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
17	151.101.65.108 151.101.65.108	54113 (FASTLY) (FASTLY)
6 89	2001:4860:480... 2001:4860:4802:36::15	15169 (GOOGLE) (GOOGLE)
98	65.9.66.43 65.9.66.43	16509 (AMAZON-02) (AMAZON-02)
42	23.2.214.109 23.2.214.109	16625 (AKAMAI-AS) (AKAMAI-AS)
6	2606:4700:10:... 2606:4700:10::ac43:2415	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6 12	65.9.66.6 65.9.66.6	16509 (AMAZON-02) (AMAZON-02)
12 12	52.53.116.191 52.53.116.191	16509 (AMAZON-02) (AMAZON-02)
7 7	37.252.172.123 37.252.172.123	29990 (ASN-APPNEX) (ASN-APPNEX)
38	151.101.193.108 151.101.193.108	54113 (FASTLY) (FASTLY)
6	34.95.69.49 34.95.69.49	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
33	2a00:1450:400... 2a00:1450:4001:810::2001	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
6	34.149.12.213 34.149.12.213	15169 (GOOGLE) (GOOGLE)
6 13	142.250.181.230 142.250.181.230	15169 (GOOGLE) (GOOGLE)
16	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
16	2a00:1450:400... 2a00:1450:4001:813::2006	15169 (GOOGLE) (GOOGLE)
1	192.0.77.48 192.0.77.48	2635 (AUTOMATTIC) (AUTOMATTIC)
1 5	185.29.132.242 185.29.132.242	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1	2602:803:c004... 2602:803:c004:200::154	26667 (RUBICONPR...) (RUBICONPROJECT)
2	107.178.244.119 107.178.244.119	15169 (GOOGLE) (GOOGLE)
2	143.204.215.88 143.204.215.88	16509 (AMAZON-02) (AMAZON-02)
21 24	172.217.18.98 172.217.18.98	15169 (GOOGLE) (GOOGLE)
3 3	193.135.9.130 193.135.9.130	48314 (IP-PROJECTS) (IP-PROJECTS)
3 3	85.90.246.246 85.90.246.246	63949 (AKAMAI-AP...) (AKAMAI-AP Akamai Technologies)
22	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
1 4	35.186.194.101 35.186.194.101	15169 (GOOGLE) (GOOGLE)
1	88.99.219.174 88.99.219.174	24940 (HETZNER-AS) (HETZNER-AS)
1	2.18.233.201 2.18.233.201	16625 (AKAMAI-AS) (AKAMAI-AS)
2	23.0.214.93 23.0.214.93	16625 (AKAMAI-AS) (AKAMAI-AS)
2 4	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
1 5	78.46.23.46 78.46.23.46	24940 (HETZNER-AS) (HETZNER-AS)
12	99.86.4.64 99.86.4.64	16509 (AMAZON-02) (AMAZON-02)
38	23.2.211.147 23.2.211.147	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:4001:809::200a	15169 (GOOGLE) (GOOGLE)
6	3.212.145.252 3.212.145.252	14618 (AMAZON-AES) (AMAZON-AES)
6	35.241.31.249 35.241.31.249	15169 (GOOGLE) (GOOGLE)
42	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
17	37.157.5.72 37.157.5.72	198622 (ADFORM) (ADFORM)
6 8	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
2 4	52.46.130.91 52.46.130.91	16509 (AMAZON-02) (AMAZON-02)
1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 2	2a05:d018:d29... 2a05:d018:d29:3602:f84d:3d72:727e:650c	16509 (AMAZON-02) (AMAZON-02)
2 3	52.95.118.179 52.95.118.179	16509 (AMAZON-02) (AMAZON-02)
13 20	104.36.113.110 104.36.113.110	62713 (AS-PUBMATIC) (AS-PUBMATIC)
6 25	104.36.113.107 104.36.113.107	62713 (AS-PUBMATIC) (AS-PUBMATIC)
3	168.119.79.223 168.119.79.223	24940 (HETZNER-AS) (HETZNER-AS)
19	2.18.233.180 2.18.233.180	16625 (AKAMAI-AS) (AKAMAI-AS)
18	104.36.113.112 104.36.113.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
3	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	151.101.130.49 151.101.130.49	54113 (FASTLY) (FASTLY)
10 39	204.237.133.120 204.237.133.120	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
7	54.147.255.25 54.147.255.25	14618 (AMAZON-AES) (AMAZON-AES)
1	72.251.245.179 72.251.245.179	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
5 5	54.187.126.246 54.187.126.246	16509 (AMAZON-02) (AMAZON-02)
1 1	74.214.196.131 74.214.196.131	19189 (PULSEPOINT) (PULSEPOINT)
1 1	185.86.137.131 185.86.137.131	201081 (SMARTADSE...) (SMARTADSERVER)
1	193.122.130.38 193.122.130.38	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
1 1	185.29.134.244 185.29.134.244	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1	178.250.0.163 178.250.0.163	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	169.197.150.7 169.197.150.7	398989 (DEEPINTENT) (DEEPINTENT)
1 1	34.102.163.6 34.102.163.6	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 2	54.186.226.179 54.186.226.179	16509 (AMAZON-02) (AMAZON-02)
1 2	2606:4700::68... 2606:4700::6812:19ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	23.2.234.181 23.2.234.181	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	52.220.229.2 52.220.229.2	16509 (AMAZON-02) (AMAZON-02)
1 2	54.81.205.56 54.81.205.56	14618 (AMAZON-AES) (AMAZON-AES)
1	35.190.60.146 35.190.60.146	15169 (GOOGLE) (GOOGLE)
1 1	141.94.171.214 141.94.171.214	16276 (OVH) (OVH)
9	54.176.29.121 54.176.29.121	16509 (AMAZON-02) (AMAZON-02)
9 10	34.91.62.186 34.91.62.186	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (AMOBEE) (AMOBEE)
1 1	18.144.106.164 18.144.106.164	16509 (AMAZON-02) (AMAZON-02)
13	104.36.113.111 104.36.113.111	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	54.80.89.182 54.80.89.182	14618 (AMAZON-AES) (AMAZON-AES)
3 3	35.212.133.238 35.212.133.238	15169 (GOOGLE) (GOOGLE)
2 2	35.212.132.154 35.212.132.154	15169 (GOOGLE) (GOOGLE)
1	209.25.233.254 209.25.233.254	13768 (COGECO-PEER1) (COGECO-PEER1)
1	2a02:fa8:8806... 2a02:fa8:8806:13::1370	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1 2	204.2.255.233 204.2.255.233	2914 (NTT-LTD-2914) (NTT-LTD-2914)
1 1	34.102.253.54 34.102.253.54	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
9 9	35.214.223.115 35.214.223.115	15169 (GOOGLE) (GOOGLE)
9 9	104.45.178.220 104.45.178.220	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
9 9	34.236.140.33 34.236.140.33	14618 (AMAZON-AES) (AMAZON-AES)
18 18	199.127.204.171 199.127.204.171	26120 (RHYTHMONE) (RHYTHMONE)
9 9	172.104.64.149 172.104.64.149	63949 (AKAMAI-AP...) (AKAMAI-AP Akamai Technologies)
13 13	35.201.96.126 35.201.96.126	15169 (GOOGLE) (GOOGLE)
9	104.36.113.68 104.36.113.68	62713 (AS-PUBMATIC) (AS-PUBMATIC)
8 17	77.243.60.138 77.243.60.138	42697 (NETIC-AS) (NETIC-AS)
9	54.78.245.184 54.78.245.184	16509 (AMAZON-02) (AMAZON-02)
9 18	35.162.174.47 35.162.174.47	16509 (AMAZON-02) (AMAZON-02)
16 16	35.227.197.177 35.227.197.177	15169 (GOOGLE) (GOOGLE)
16 16	54.243.212.30 54.243.212.30	14618 (AMAZON-AES) (AMAZON-AES)
8	2600:1f18:ed:... 2600:1f18:ed:550e:8a5c:b0cf:9d7c:272c	() ()
8	3.218.77.41 3.218.77.41	14618 (AMAZON-AES) (AMAZON-AES)
1	142.251.208.98 142.251.208.98	() ()
1447	112

164 2606:4700:20::681a:c9f (United States)

ASN13335 (CLOUDFLARENET, US)

kresy.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:400d:80e::2008 (Ireland)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400d:806::200a (Ireland)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:5914 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

57 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.194.133 (United States)

ASN54113 (FASTLY, US)

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:3965 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 212.91.26.93 (Poland)

ASN15694 (ATMAN-ISP-AS ATM S.A., PL)
PTR: web18.mydevil.net

ads.operiada.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:2800:220:de:468:2285:c1:4a3 (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:211e:1200:9:46dc:4700:93a1 (United States)

ASN16509 (AMAZON-02, US)

quantcast.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

rddywd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:214f:cc00:4:f9aa:3d40:93a1 (United States)

ASN16509 (AMAZON-02, US)

jscdn.yieldbird.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f1c:a99:832c:ec8b:437a:257b:cb2d (San Jose, United States) 1 redirects

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 2a00:1450:400d:805::2002 (Ireland)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:211e:e200:3:a4cd:8380:93a1 (United States)

ASN16509 (AMAZON-02, US)

test.cmp.quantcast.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400d:802::200e (Ireland)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

34 99.86.4.60 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-60.fra6.r.cloudfront.net

guandads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.8.250.83 (Rotterdam, Netherlands)

ASN49981 (WORLDSTREAM, NL)
PTR: customer.worldstream.nl

ad.vidverto.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:211e:4600:9:46dc:4700:93a1 (United States)

ASN16509 (AMAZON-02, US)

cmp.quantcast.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 138.68.13.4 (Santa Clara, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

cdn.webpushr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400c:c01::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:216:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400d:80a::2003 (Ireland)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.183.96.130 (San Jose, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-183-96-130.us-west-1.compute.amazonaws.com

audit-tcfv2.cmp.quantcast.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 2606:4700:20::ac43:49e4 (United States)

ASN13335 (CLOUDFLARENET, US)

hb.adpone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:211e:8200:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 208.115.232.150 (United States)

ASN46475 (LIMESTONENETWORKS, US)
PTR: 150-232-115-208.static.reverse.lstn.net

shb.richaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

47 81.17.55.98 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

prg.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

100 37.252.171.52 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fra1-ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 2602:803:c004:200::140 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 204.237.133.116 (Ambler, United States)

ASN3257 (GTT-BACKBONE GTT, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 37.157.3.30 (Denmark) 1 redirects

ASN198622 (ADFORM, DK)

adx.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 2a02:2638:1::1a (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.8 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8083:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.225.42.52 (Santa Clara, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

bot.webpushr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 64.227.50.180 (Santa Clara, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

analytics.webpushr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 151.101.65.108 (United States)

ASN54113 (FASTLY, US)

cdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

89 2001:4860:4802:36::15 (United States) 6 redirects

ASN15169 (GOOGLE, US)

track.scoota.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

98 65.9.66.43 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-43.fra56.r.cloudfront.net

assets.scoota.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

42 23.2.214.109 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-2-214-109.deploy.static.akamaitechnologies.com

c.evidon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:10::ac43:2415 (United States)

ASN13335 (CLOUDFLARENET, US)

j.adlooxtracking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 65.9.66.6 (United States) 6 redirects

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-6.fra56.r.cloudfront.net

go.affec.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 52.53.116.191 (San Jose, United States) 12 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-53-116-191.us-west-1.compute.amazonaws.com

map.go.affec.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 37.252.172.123 (Frankfurt am Main, Germany) 7 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

38 151.101.193.108 (United States)

ASN54113 (FASTLY, US)

acdn.adnxs-simple.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 34.95.69.49 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 49.69.95.34.bc.googleusercontent.com

i.clean.gg	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

33 2a00:1450:4001:810::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 34.149.12.213 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 213.12.149.34.bc.googleusercontent.com

tps.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 142.250.181.230 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 142.250.185.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:813::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.48 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: s.w.org

s.w.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.29.132.242 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

tags.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2602:803:c004:200::154 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

beacon-fra2.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 107.178.244.119 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 119.244.178.107.bc.googleusercontent.com

beacon.sojern.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.215.88 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-88.fra53.r.cloudfront.net

choices.truste.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 172.217.18.98 (United States) 21 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s42-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 193.135.9.130 (Germany) 3 redirects

ASN48314 (IP-PROJECTS, DE)

ads.smartstream.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 85.90.246.246 (Frankfurt am Main, Germany) 3 redirects

ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG)
PTR: li1429-246.members.linode.com

cm.adsafety.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.186.194.101 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 101.194.186.35.bc.googleusercontent.com

ad.sxp.smartclip.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 88.99.219.174 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.174.219.99.88.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.233.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-201.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.0.214.93 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-0-214-93.deploy.static.akamaitechnologies.com

ad.yieldlab.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.80.39.216 (Canada) 2 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 78.46.23.46 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.46.23.46.78.clients.your-server.de

hal900023.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 99.86.4.64 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-64.fra6.r.cloudfront.net

choices.trustarc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

38 23.2.211.147 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-2-211-147.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 3.212.145.252 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-212-145-252.compute-1.amazonaws.com

l.betrad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 35.241.31.249 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 249.31.241.35.bc.googleusercontent.com

data00.adlooxtracking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

42 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 37.157.5.72 (Denmark)

ASN198622 (ADFORM, DK)

s1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 69.173.144.165 (Frankfurt am Main, Germany) 6 redirects

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.46.130.91 (Ashburn, United States) 2 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:d018:d29:3602:f84d:3d72:727e:650c (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.95.118.179 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 104.36.113.110 (United States) 13 redirects

ASN62713 (AS-PUBMATIC, US)

image8.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 104.36.113.107 (United States) 6 redirects

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 168.119.79.223 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.223.79.119.168.clients.your-server.de

sync.richaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2.18.233.180 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-180.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 104.36.113.112 (United States)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.130.49 (United States) 2 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

39 204.237.133.120 (Ambler, United States) 10 redirects

ASN3257 (GTT-BACKBONE GTT, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 54.147.255.25 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-147-255-25.compute-1.amazonaws.com

rtb.adentifi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 72.251.245.179 (Amsterdam, Netherlands)

ASN32475 (SINGLEHOP-LLC, US)

cm.adgrx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 54.187.126.246 (Boardman, United States) 5 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-187-126-246.us-west-2.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.214.196.131 (Sunnyvale, United States) 1 redirects

ASN19189 (PULSEPOINT, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.137.131 (France) 1 redirects

ASN201081 (SMARTADSERVER, FR)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.122.130.38 (Ashburn, United States)

ASN31898 (ORACLE-BMC-31898, US)

sync.technoratimedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.134.244 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.163 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 169.197.150.7 (United States)

ASN398989 (DEEPINTENT, US)
PTR: g.deepintent.com

match.deepintent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.163.6 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 6.163.102.34.bc.googleusercontent.com

ad.mrtnsvr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.186.226.179 (Boardman, United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-186-226-179.us-west-2.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:19ad (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.2.234.181 (Amsterdam, Netherlands) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-2-234-181.deploy.static.akamaitechnologies.com

px.owneriq.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.220.229.2 (Singapore) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-220-229-2.ap-southeast-1.compute.amazonaws.com

cm-supply-web.gammaplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.81.205.56 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-81-205-56.compute-1.amazonaws.com

beacon.lynx.cognitivlabs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.60.146 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 146.60.190.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.94.171.214 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: pikafka-eu-8.cloudy.ovh

pixel.onaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 54.176.29.121 (San Jose, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-176-29-121.us-west-1.compute.amazonaws.com

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 34.91.62.186 (Groningen, Netherlands) 9 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 186.62.91.34.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:678:cb4:bbbb::11 (United Kingdom) 1 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.144.106.164 (San Jose, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-144-106-164.us-west-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 104.36.113.111 (United States)

ASN62713 (AS-PUBMATIC, US)

image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
simage4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.80.89.182 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-80-89-182.compute-1.amazonaws.com

sync.ipredictive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.212.133.238 (The Dalles, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 238.133.212.35.bc.googleusercontent.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.212.132.154 (The Dalles, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 154.132.212.35.bc.googleusercontent.com

m.fg8dgt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 209.25.233.254 (Canada)

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:13::1370 (Singapore)

ASN41041 (VCLK-EU-SE, US)

pubmatic-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 204.2.255.233 (United States) 1 redirects

ASN2914 (NTT-LTD-2914, US)

pmp.mxptint.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.253.54 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 54.253.102.34.bc.googleusercontent.com

ads.playground.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 35.214.223.115 (Groningen, Netherlands) 9 redirects

ASN15169 (GOOGLE, US)
PTR: 115.223.214.35.bc.googleusercontent.com

csync.loopme.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 104.45.178.220 (Tappahannock, United States) 9 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

mweb.ck.inmobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 34.236.140.33 (Ashburn, United States) 9 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-236-140-33.compute-1.amazonaws.com

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 199.127.204.171 (United States) 18 redirects

ASN26120 (RHYTHMONE, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 172.104.64.149 (Tokyo, Japan) 9 redirects

ASN63949 (AKAMAI-AP Akamai Technologies, Inc., SG)
PTR: li1674-149.members.linode.com

gocm.c.appier.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 35.201.96.126 (Kansas City, United States) 13 redirects

ASN15169 (GOOGLE, US)
PTR: 126.96.201.35.bc.googleusercontent.com

visitor.fiftyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 104.36.113.68 (United States)

ASN62713 (AS-PUBMATIC, US)

aud.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 77.243.60.138 (Norresundby, Denmark) 8 redirects

ASN42697 (NETIC-AS, DK)

uipglob.semasio.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 54.78.245.184 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-78-245-184.eu-west-1.compute.amazonaws.com

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 35.162.174.47 (Boardman, United States) 9 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-162-174-47.us-west-2.compute.amazonaws.com

io.narrative.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 35.227.197.177 (Kansas City, United States) 16 redirects

ASN15169 (GOOGLE, US)
PTR: 177.197.227.35.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 54.243.212.30 (Ashburn, United States) 16 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-243-212-30.compute-1.amazonaws.com

i.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2600:1f18:ed:550e:8a5c:b0cf:9d7c:272c (None, )

ASN- ()

i6.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 3.218.77.41 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-218-77-41.compute-1.amazonaws.com

bpi.rtactivate.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.208.98 (None, )

ASN- ()

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
187	scoota.co 6 redirects track.scoota.co — Cisco Umbrella Rank: 54741 assets.scoota.co — Cisco Umbrella Rank: 54764	15 MB
174	pubmatic.com 29 redirects hbopenbid.pubmatic.com — Cisco Umbrella Rank: 739 image8.pubmatic.com — Cisco Umbrella Rank: 933 image2.pubmatic.com — Cisco Umbrella Rank: 1316 ads.pubmatic.com — Cisco Umbrella Rank: 741 image6.pubmatic.com — Cisco Umbrella Rank: 996 simage2.pubmatic.com — Cisco Umbrella Rank: 882 image4.pubmatic.com — Cisco Umbrella Rank: 1480 simage4.pubmatic.com — Cisco Umbrella Rank: 1564 aud.pubmatic.com — Cisco Umbrella Rank: 8381	166 KB
164	kresy.pl kresy.pl — Cisco Umbrella Rank: 772355	2 MB
159	adnxs.com 9 redirects ib.adnxs.com — Cisco Umbrella Rank: 318 cdn.adnxs.com — Cisco Umbrella Rank: 2150 fra1-ib.adnxs.com — Cisco Umbrella Rank: 6905 secure.adnxs.com — Cisco Umbrella Rank: 670 acdn.adnxs.com — Cisco Umbrella Rank: 872	1 MB
94	doubleclick.net 27 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 64 stats.g.doubleclick.net — Cisco Umbrella Rank: 179 securepubads.g.doubleclick.net — Cisco Umbrella Rank: 285 ad.doubleclick.net — Cisco Umbrella Rank: 214 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 395 cm.g.doubleclick.net — Cisco Umbrella Rank: 321	859 KB
91	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 145 tpc.googlesyndication.com — Cisco Umbrella Rank: 187 ade.googlesyndication.com	844 KB
78	rubiconproject.com 6 redirects fastlane.rubiconproject.com — Cisco Umbrella Rank: 716 beacon-fra2.rubiconproject.com — Cisco Umbrella Rank: 11152 eus.rubiconproject.com — Cisco Umbrella Rank: 832 token.rubiconproject.com — Cisco Umbrella Rank: 858 pixel.rubiconproject.com — Cisco Umbrella Rank: 452	222 KB
57	adform.net 1 redirects adx.adform.net — Cisco Umbrella Rank: 3427 cm.adform.net — Cisco Umbrella Rank: 1979 track.adform.net — Cisco Umbrella Rank: 3383 s1.adform.net — Cisco Umbrella Rank: 6770 c1.adform.net — Cisco Umbrella Rank: 871	203 KB
48	smartadserver.com 1 redirects prg.smartadserver.com — Cisco Umbrella Rank: 1916 rtb-csync.smartadserver.com — Cisco Umbrella Rank: 721	26 KB
42	criteo.net static.criteo.net — Cisco Umbrella Rank: 743	1 MB
42	evidon.com c.evidon.com — Cisco Umbrella Rank: 1876	108 KB
34	guandads.com guandads.com — Cisco Umbrella Rank: 538917	127 KB
32	criteo.com bidder.criteo.com — Cisco Umbrella Rank: 834 dis.criteo.com — Cisco Umbrella Rank: 903	10 KB
31	adpone.com hb.adpone.com — Cisco Umbrella Rank: 23166	4 MB
24	liadm.com 16 redirects i.liadm.com — Cisco Umbrella Rank: 881 i6.liadm.com	12 KB
24	affec.tv 18 redirects go.affec.tv — Cisco Umbrella Rank: 11260 map.go.affec.tv — Cisco Umbrella Rank: 12216	11 KB
24	gstatic.com www.gstatic.com fonts.gstatic.com	1 MB
22	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 456	6 KB
18	narrative.io 9 redirects io.narrative.io — Cisco Umbrella Rank: 5785	6 KB
18	1rx.io 18 redirects sync.1rx.io — Cisco Umbrella Rank: 791	12 KB
17	semasio.net 8 redirects uipglob.semasio.net — Cisco Umbrella Rank: 1792	11 KB
16	tapad.com 16 redirects pixel.tapad.com — Cisco Umbrella Rank: 674	2 KB
16	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 362	1021 KB
13	fiftyt.com 13 redirects visitor.fiftyt.com — Cisco Umbrella Rank: 7169	2 KB
13	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 221	560 KB
12	trustarc.com choices.trustarc.com — Cisco Umbrella Rank: 1192	47 KB
12	adlooxtracking.com j.adlooxtracking.com — Cisco Umbrella Rank: 12829 data00.adlooxtracking.com — Cisco Umbrella Rank: 10627	136 KB
10	simpli.fi 9 redirects um.simpli.fi — Cisco Umbrella Rank: 1282	5 KB
9	agkn.com aa.agkn.com — Cisco Umbrella Rank: 762	4 KB
9	appier.net 9 redirects gocm.c.appier.net — Cisco Umbrella Rank: 3355	3 KB
9	stackadapt.com 9 redirects sync.srv.stackadapt.com — Cisco Umbrella Rank: 1014	5 KB
9	inmobi.com 9 redirects mweb.ck.inmobi.com — Cisco Umbrella Rank: 5324	3 KB
9	loopme.me 9 redirects csync.loopme.me — Cisco Umbrella Rank: 1202	2 KB
9	crwdcntrl.net sync.crwdcntrl.net — Cisco Umbrella Rank: 1114	2 KB
8	rtactivate.com bpi.rtactivate.com — Cisco Umbrella Rank: 2603	865 B
7	adentifi.com rtb.adentifi.com — Cisco Umbrella Rank: 1913	102 B
7	amazon-adsystem.com 4 redirects s.amazon-adsystem.com — Cisco Umbrella Rank: 396 aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 977	5 KB
7	mathtag.com 2 redirects tags.mathtag.com — Cisco Umbrella Rank: 5630 pixel.mathtag.com — Cisco Umbrella Rank: 1380 sync.mathtag.com — Cisco Umbrella Rank: 679	4 KB
6	betrad.com l.betrad.com — Cisco Umbrella Rank: 2303	721 B
6	redintelligence.net 1 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 33053 hal900023.redintelligence.net — Cisco Umbrella Rank: 440804	8 KB
6	doubleverify.com tps.doubleverify.com — Cisco Umbrella Rank: 696	972 B
6	clean.gg i.clean.gg — Cisco Umbrella Rank: 2193	45 B
6	richaudience.com shb.richaudience.com — Cisco Umbrella Rank: 4289 sync.richaudience.com — Cisco Umbrella Rank: 2913	1 KB
6	webpushr.com cdn.webpushr.com — Cisco Umbrella Rank: 25954 bot.webpushr.com — Cisco Umbrella Rank: 57970 analytics.webpushr.com — Cisco Umbrella Rank: 40300	65 KB
6	operiada.pl ads.operiada.pl	34 KB
5	bidr.io 5 redirects match.prod.bidr.io — Cisco Umbrella Rank: 814	3 KB
5	quantcast.com test.cmp.quantcast.com — Cisco Umbrella Rank: 11095 cmp.quantcast.com — Cisco Umbrella Rank: 3557 audit-tcfv2.cmp.quantcast.com — Cisco Umbrella Rank: 12266	146 KB
5	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 127 www.googleapis.com — Cisco Umbrella Rank: 53 ajax.googleapis.com — Cisco Umbrella Rank: 520	35 KB
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 843	3 KB
4	smartclip.net 1 redirects ad.sxp.smartclip.net — Cisco Umbrella Rank: 5776	601 B
4	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 16 region1.analytics.google.com — Cisco Umbrella Rank: 4057	924 B
4	twitter.com platform.twitter.com — Cisco Umbrella Rank: 1084 syndication.twitter.com — Cisco Umbrella Rank: 1366	137 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 123	230 KB
3	bidswitch.net 3 redirects x.bidswitch.net — Cisco Umbrella Rank: 411	2 KB
3	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 356	25 KB
3	yahoo.com 2 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 723 ups.analytics.yahoo.com — Cisco Umbrella Rank: 405	2 KB
3	adsafety.net 3 redirects cm.adsafety.net — Cisco Umbrella Rank: 18703	4 KB
3	smartstream.tv 3 redirects ads.smartstream.tv — Cisco Umbrella Rank: 24782	2 KB
3	adnxs-simple.com acdn.adnxs-simple.com — Cisco Umbrella Rank: 3694	130 KB
3	google.de www.google.de — Cisco Umbrella Rank: 3658	671 B
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 103	20 KB
3	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 488	15 KB
2	mxptint.net 1 redirects pmp.mxptint.net — Cisco Umbrella Rank: 7850	963 B
2	fg8dgt.com 2 redirects m.fg8dgt.com — Cisco Umbrella Rank: 7156	769 B
2	cognitivlabs.com 1 redirects beacon.lynx.cognitivlabs.com — Cisco Umbrella Rank: 2473	835 B
2	owneriq.net 1 redirects px.owneriq.net — Cisco Umbrella Rank: 1625	476 B
2	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 1178 s.tribalfusion.com — Cisco Umbrella Rank: 2747	1 KB
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 1172	1 KB
2	everesttech.net 2 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 918	747 B
2	yieldlab.net ad.yieldlab.net — Cisco Umbrella Rank: 3757	1 KB
2	truste.com choices.truste.com — Cisco Umbrella Rank: 1209	11 KB
2	sojern.com beacon.sojern.com — Cisco Umbrella Rank: 6383	285 B
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 107	203 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 173	114 KB
2	quantserve.com 1 redirects secure.quantserve.com — Cisco Umbrella Rank: 1458 cms.quantserve.com — Cisco Umbrella Rank: 1004	11 KB
2	rddywd.com rddywd.com — Cisco Umbrella Rank: 170569	1 KB
2	consensu.org quantcast.mgr.consensu.org — Cisco Umbrella Rank: 3413	45 KB
2	paypalobjects.com www.paypalobjects.com — Cisco Umbrella Rank: 2207	3 KB
1	playground.xyz 1 redirects ads.playground.xyz — Cisco Umbrella Rank: 4735	466 B
1	dotomi.com pubmatic-match.dotomi.com — Cisco Umbrella Rank: 4330	104 B
1	sitescout.com pixel-sync.sitescout.com — Cisco Umbrella Rank: 963	191 B
1	ipredictive.com 1 redirects sync.ipredictive.com — Cisco Umbrella Rank: 1395	554 B
1	turn.com 1 redirects ad.turn.com — Cisco Umbrella Rank: 1147	518 B
1	onaudience.com 1 redirects pixel.onaudience.com — Cisco Umbrella Rank: 4199	551 B
1	rlcdn.com idsync.rlcdn.com — Cisco Umbrella Rank: 525	98 B
1	gammaplatform.com 1 redirects cm-supply-web.gammaplatform.com — Cisco Umbrella Rank: 3979	639 B
1	mrtnsvr.com 1 redirects ad.mrtnsvr.com — Cisco Umbrella Rank: 4372	292 B
1	deepintent.com match.deepintent.com — Cisco Umbrella Rank: 1272	44 B
1	technoratimedia.com sync.technoratimedia.com — Cisco Umbrella Rank: 1743
1	contextweb.com 1 redirects bh.contextweb.com — Cisco Umbrella Rank: 821	517 B
1	adgrx.com cm.adgrx.com — Cisco Umbrella Rank: 1952	283 B
1	linkedin.com px.ads.linkedin.com — Cisco Umbrella Rank: 840	706 B
1	w.org s.w.org — Cisco Umbrella Rank: 2138	684 B
1	quantcount.com rules.quantcount.com — Cisco Umbrella Rank: 1277	643 B
1	vidverto.io ad.vidverto.io — Cisco Umbrella Rank: 48636	8 KB
1	yieldbird.com jscdn.yieldbird.com — Cisco Umbrella Rank: 85689
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 1438	6 KB
0	acuityplatform.com Failed ums.acuityplatform.com Failed
1447	98

	Domain	Requested by
164	kresy.pl	kresy.pl static.cloudflareinsights.com
98	assets.scoota.co	guandads.com track.scoota.co assets.scoota.co
89	track.scoota.co	6 redirects guandads.com
66	fra1-ib.adnxs.com	hb.adpone.com guandads.com cdn.adnxs.com acdn.adnxs-simple.com
57	pagead2.googlesyndication.com	kresy.pl pagead2.googlesyndication.com hb.adpone.com googleads.g.doubleclick.net acdn.adnxs-simple.com tpc.googlesyndication.com ad.doubleclick.net www.googletagservices.com
47	prg.smartadserver.com	hb.adpone.com
42	static.criteo.net	hb.adpone.com static.criteo.net
42	c.evidon.com	hb.adpone.com c.evidon.com guandads.com
39	simage2.pubmatic.com	10 redirects ads.pubmatic.com
38	eus.rubiconproject.com	guandads.com eus.rubiconproject.com hb.adpone.com
35	acdn.adnxs.com	guandads.com hb.adpone.com
34	ib.adnxs.com	2 redirects hb.adpone.com googleads.g.doubleclick.net
34	guandads.com	kresy.pl guandads.com
33	tpc.googlesyndication.com	googleads.g.doubleclick.net tpc.googlesyndication.com acdn.adnxs-simple.com kresy.pl
31	bidder.criteo.com	hb.adpone.com
31	adx.adform.net	hb.adpone.com
31	hbopenbid.pubmatic.com	hb.adpone.com
31	fastlane.rubiconproject.com	hb.adpone.com
31	hb.adpone.com	guandads.com
29	googleads.g.doubleclick.net	pagead2.googlesyndication.com hb.adpone.com googleads.g.doubleclick.net guandads.com kresy.pl acdn.adnxs-simple.com
25	image2.pubmatic.com	6 redirects ads.pubmatic.com
24	cm.g.doubleclick.net	21 redirects googleads.g.doubleclick.net guandads.com
22	match.adsrvr.org	googleads.g.doubleclick.net guandads.com ads.pubmatic.com
20	image8.pubmatic.com	13 redirects ads.pubmatic.com
19	ads.pubmatic.com	hb.adpone.com
18	io.narrative.io	9 redirects
18	sync.1rx.io	18 redirects
18	image6.pubmatic.com	ads.pubmatic.com
17	uipglob.semasio.net	8 redirects ads.pubmatic.com
17	s1.adform.net	track.adform.net s1.adform.net kresy.pl
17	cdn.adnxs.com	hb.adpone.com
16	i.liadm.com	16 redirects
16	pixel.tapad.com	16 redirects
16	s0.2mdn.net	guandads.com googleads.g.doubleclick.net acdn.adnxs-simple.com kresy.pl s0.2mdn.net
16	googleads4.g.doubleclick.net	googleads.g.doubleclick.net acdn.adnxs-simple.com kresy.pl
14	www.gstatic.com	kresy.pl www.gstatic.com googleads.g.doubleclick.net
13	visitor.fiftyt.com	13 redirects
13	ad.doubleclick.net	6 redirects guandads.com www.googletagservices.com
13	www.googletagservices.com	googleads.g.doubleclick.net kresy.pl www.googletagservices.com acdn.adnxs-simple.com s0.2mdn.net
12	simage4.pubmatic.com	ads.pubmatic.com
12	choices.trustarc.com	choices.truste.com choices.trustarc.com
12	map.go.affec.tv	12 redirects
12	go.affec.tv	6 redirects guandads.com
10	um.simpli.fi	9 redirects
10	fonts.gstatic.com	fonts.googleapis.com kresy.pl
9	aa.agkn.com	ads.pubmatic.com
9	aud.pubmatic.com
9	gocm.c.appier.net	9 redirects
9	sync.srv.stackadapt.com	9 redirects
9	mweb.ck.inmobi.com	9 redirects
9	csync.loopme.me	9 redirects
9	sync.crwdcntrl.net	ads.pubmatic.com
9	securepubads.g.doubleclick.net	guandads.com securepubads.g.doubleclick.net
8	bpi.rtactivate.com	ads.pubmatic.com
8	i6.liadm.com
7	rtb.adentifi.com	ads.pubmatic.com
7	secure.adnxs.com	7 redirects
6	data00.adlooxtracking.com	j.adlooxtracking.com
6	l.betrad.com
6	tps.doubleverify.com	guandads.com track.scoota.co
6	i.clean.gg	acdn.adnxs-simple.com
6	j.adlooxtracking.com	hb.adpone.com
6	ads.operiada.pl	kresy.pl ads.operiada.pl
5	match.prod.bidr.io	5 redirects
5	track.adform.net	hal900023.redintelligence.net s1.adform.net
5	hal900023.redintelligence.net	1 redirects guandads.com hal900023.redintelligence.net
5	tags.mathtag.com	1 redirects kresy.pl guandads.com tags.mathtag.com
4	s.amazon-adsystem.com	2 redirects ads.pubmatic.com
4	pixel.rubiconproject.com	2 redirects guandads.com
4	token.rubiconproject.com	4 redirects
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	ad.sxp.smartclip.net	1 redirects googleads.g.doubleclick.net
4	www.googletagmanager.com	kresy.pl www.googletagmanager.com
3	x.bidswitch.net	3 redirects
3	cdnjs.cloudflare.com	s1.adform.net
3	sync.richaudience.com	hb.adpone.com
3	aax-eu.amazon-adsystem.com	2 redirects
3	cm.adsafety.net	3 redirects
3	ads.smartstream.tv	3 redirects
3	acdn.adnxs-simple.com	hb.adpone.com
3	analytics.webpushr.com	cdn.webpushr.com
3	shb.richaudience.com	hb.adpone.com
3	www.google.de	kresy.pl
3	www.google.com	1 redirects kresy.pl
3	stats.g.doubleclick.net	www.google-analytics.com www.googletagmanager.com
3	cmp.quantcast.com	quantcast.mgr.consensu.org
3	www.google-analytics.com	www.googletagmanager.com kresy.pl www.google-analytics.com
3	platform.twitter.com	kresy.pl platform.twitter.com
3	cdn.jsdelivr.net	kresy.pl
3	fonts.googleapis.com	kresy.pl googleads.g.doubleclick.net
2	pmp.mxptint.net	1 redirects
2	m.fg8dgt.com	2 redirects
2	beacon.lynx.cognitivlabs.com	1 redirects ads.pubmatic.com
2	px.owneriq.net	1 redirects ads.pubmatic.com
2	pm.w55c.net	2 redirects
2	sync-tm.everesttech.net	2 redirects
2	c1.adform.net	1 redirects ads.pubmatic.com
2	pr-bh.ybp.yahoo.com	1 redirects
2	cm.adform.net	googleads.g.doubleclick.net
2	ad.yieldlab.net	googleads.g.doubleclick.net
2	choices.truste.com	hb.adpone.com s0.2mdn.net
2	beacon.sojern.com	hb.adpone.com guandads.com
2	www.facebook.com	kresy.pl
2	connect.facebook.net	kresy.pl connect.facebook.net
2	cdn.webpushr.com	kresy.pl
2	rddywd.com	kresy.pl
2	quantcast.mgr.consensu.org	kresy.pl quantcast.mgr.consensu.org
2	www.paypalobjects.com	kresy.pl
1	ade.googlesyndication.com
1	ads.playground.xyz	1 redirects
1	pubmatic-match.dotomi.com
1	pixel-sync.sitescout.com
1	sync.ipredictive.com	1 redirects
1	image4.pubmatic.com
1	ups.analytics.yahoo.com	1 redirects
1	ad.turn.com	1 redirects
1	pixel.onaudience.com	1 redirects
1	idsync.rlcdn.com
1	cm-supply-web.gammaplatform.com	1 redirects
1	s.tribalfusion.com	ads.pubmatic.com
1	a.tribalfusion.com	1 redirects
1	ad.mrtnsvr.com	1 redirects
1	match.deepintent.com	ads.pubmatic.com
1	cms.quantserve.com	1 redirects
1	dis.criteo.com	ads.pubmatic.com
1	sync.mathtag.com	1 redirects
1	sync.technoratimedia.com	ads.pubmatic.com
1	rtb-csync.smartadserver.com	1 redirects
1	bh.contextweb.com	1 redirects
1	cm.adgrx.com	ads.pubmatic.com
1	px.ads.linkedin.com	guandads.com
1	ajax.googleapis.com	hal900023.redintelligence.net
1	pixel.mathtag.com	tags.mathtag.com
1	hal9000.redintelligence.net	kresy.pl
1	beacon-fra2.rubiconproject.com	kresy.pl
1	s.w.org
1	bot.webpushr.com	cdn.webpushr.com
1	syndication.twitter.com	platform.twitter.com
1	rules.quantcount.com	secure.quantserve.com
1	region1.analytics.google.com	www.googletagmanager.com
1	audit-tcfv2.cmp.quantcast.com	cmp.quantcast.com
1	ad.vidverto.io	ads.operiada.pl
1	test.cmp.quantcast.com	quantcast.mgr.consensu.org
1	secure.quantserve.com	quantcast.mgr.consensu.org
1	jscdn.yieldbird.com	kresy.pl
1	www.googleapis.com	kresy.pl
1	static.cloudflareinsights.com	kresy.pl
0	ums.acuityplatform.com Failed	ads.pubmatic.com
1447	148

This site contains links to these domains. Also see Links.

Domain
kompaniahandlowa.pl
facebook.com
twitter.com
www.altair.com.pl
www.rheinmetall.com
www.facebook.com
plus.google.com
pinterest.com
linkedin.com
www.tumblr.com
vk.com
reddit.com
www.paypal.com
www.theguardian.com
polt.pl
www.webpushr.com

Subject Issuer	Validity	Valid
kresy.pl Cloudflare Inc ECC CA-3	`2022-05-10` - `2023-05-10`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-02` - `2023-06-01`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
www.paypalobjects.com DigiCert SHA2 Extended Validation Server CA	`2022-10-13` - `2023-11-13`	a year	crt.sh
ads.operiada.pl R3	`2022-11-13` - `2023-02-11`	3 months	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-06` - `2023-11-06`	a year	crt.sh
cmp.quantcast.com R3	`2022-11-10` - `2023-02-08`	3 months	crt.sh
jscdn.yieldbird.com Amazon	`2022-12-26` - `2024-01-24`	a year	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
guandads.com Amazon	`2022-08-17` - `2023-09-14`	a year	crt.sh
ad.vidverto.io R3	`2022-11-28` - `2023-02-26`	3 months	crt.sh
*.webpushr.com Sectigo RSA Domain Validation Secure Server CA	`2022-05-13` - `2023-05-17`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-10-17` - `2023-01-15`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
quantserve.com R3	`2022-11-11` - `2023-02-09`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.richaudience.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2022-03-11` - `2023-03-10`	a year	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-25` - `2023-01-25`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-08` - `2023-04-04`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2022-06-13` - `2023-07-14`	a year	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2022-09-20` - `2023-09-20`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-04` - `2023-03-31`	3 months	crt.sh
syndication.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
cdn.adnxs.com GeoTrust TLS RSA CA G1	`2022-03-11` - `2023-04-11`	a year	crt.sh
*.evidon.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-04-12` - `2023-04-12`	a year	crt.sh
*.adlooxtracking.com E1	`2022-12-08` - `2023-03-08`	3 months	crt.sh
i.clean.gg GTS CA 1D4	`2022-12-01` - `2023-03-01`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
track.scoota.co GTS CA 1D4	`2022-12-17` - `2023-03-17`	3 months	crt.sh
*.scoota.co Amazon	`2022-06-28` - `2023-07-27`	a year	crt.sh
*.tps.doubleverify.com Go Daddy Secure Certificate Authority - G2	`2022-09-28` - `2023-10-30`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.w.org Sectigo ECC Domain Validation Secure Server CA	`2022-12-06` - `2024-01-06`	a year	crt.sh
*.mathtag.com DigiCert TLS RSA SHA256 2020 CA1	`2022-04-18` - `2023-04-25`	a year	crt.sh
*.sojern.com DigiCert TLS RSA SHA256 2020 CA1	`2021-12-16` - `2023-01-16`	a year	crt.sh
*.truste.com Amazon	`2022-12-18` - `2024-01-16`	a year	crt.sh
redintelligence.net R3	`2022-12-05` - `2023-03-05`	3 months	crt.sh
pixel.mathtag.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-05` - `2023-07-05`	a year	crt.sh
*.trustarc.com Amazon	`2022-05-17` - `2023-06-15`	a year	crt.sh
*.betrad.com Amazon	`2022-05-13` - `2023-06-11`	a year	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-11-08` - `2023-02-04`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh
adentifi.com Amazon	`2022-08-05` - `2023-09-03`	a year	crt.sh
s.amazon-adsystem.com Amazon	`2022-05-09` - `2023-04-21`	a year	crt.sh
public1.adgear.com Sectigo RSA Domain Validation Secure Server CA	`2022-03-01` - `2023-03-28`	a year	crt.sh
*.technoratimedia.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-09-15` - `2023-09-15`	a year	crt.sh
*.deepintent.com Go Daddy Secure Certificate Authority - G2	`2022-05-02` - `2023-06-03`	a year	crt.sh
*.owneriq.net GeoTrust RSA CA 2018	`2022-11-10` - `2023-11-12`	a year	crt.sh
beacon.lynx.cognitivlabs.com Amazon	`2022-04-13` - `2023-05-12`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh
*.simpli.fi DigiCert TLS RSA SHA256 2020 CA1	`2022-11-07` - `2023-12-08`	a year	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-11-08` - `2023-05-03`	6 months	crt.sh
*.sitescout.com GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1	`2021-12-15` - `2023-01-15`	a year	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2022-08-09` - `2023-09-10`	a year	crt.sh
*.agkn.com RapidSSL Global TLS RSA4096 SHA256 2022 CA1	`2022-09-06` - `2023-09-21`	a year	crt.sh
*.semasio.net GlobalSign GCC R3 DV TLS CA 2020	`2022-03-18` - `2023-04-19`	a year	crt.sh
*.crwdcntrl.net Go Daddy Secure Certificate Authority - G2	`2022-05-01` - `2023-06-02`	a year	crt.sh
rtactivate.com Amazon	`2022-04-13` - `2023-05-12`	a year	crt.sh

This page contains 223 frames:

Primary Page: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
Frame ID: 618BD8BCCD1FAAF60420819ECF6200DE
Requests: 249 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230104/r20190131/zrt_lookup.html
Frame ID: C9B9DC33A7D6898CE6B4140538C931ED
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: C373C5B45C9EFF8155CE01B5AADA91B8
Requests: 15 HTTP requests in this frame

Frame: https://guandads.com/r/p.html?f=tcmufcve&e=1586314810833
Frame ID: A962DF69BC539F0BD3974EB883640B9A
Requests: 10 HTTP requests in this frame

Frame: https://guandads.com/r/p.html?f=tbqp&e=1586314810833
Frame ID: 0DEC4B3D9C9B88DA6E49420E3BA4E605
Requests: 8 HTTP requests in this frame

Frame: https://guandads.com/r/p.html?f=ygqcyx&e=1586314810833
Frame ID: D18248FB9BB32C29F92DFB257CDC301B
Requests: 10 HTTP requests in this frame

Frame: https://guandads.com/r/p.html?f=xdfphtnzg&e=1586314810833
Frame ID: 5299163C420180971719FD8B19D03C12
Requests: 8 HTTP requests in this frame

Frame: https://guandads.com/r/p.html?f=iiualeoksp&e=1586314810833
Frame ID: F4B7BC8AF15A8584F368C151035EFF2B
Requests: 8 HTTP requests in this frame

Frame: https://guandads.com/r/p.html?f=yuptqxg&e=1586314810833
Frame ID: AC8ED19B4C7C0CDB547D2A90D3563830
Requests: 10 HTTP requests in this frame

Frame: https://guandads.com/r/p.html?f=ubuvjhejdh&e=1586314810833
Frame ID: 8278B2BC71F2C600E72D12FDCB6EBE7C
Requests: 10 HTTP requests in this frame

Frame: https://guandads.com/r/p.html?f=stgvme&e=1586314810833
Frame ID: E4BBB0D9A08EA0EE11C112A79F6E69FF
Requests: 8 HTTP requests in this frame

Frame: https://guandads.com/r/p.html?f=hpozqtsoj&e=1586314810833
Frame ID: E5D4A31738177D7AC2815F9753903FAD
Requests: 8 HTTP requests in this frame

Frame: https://guandads.com/r/p.html?f=hcqynxwpr&e=1586314810833
Frame ID: FE97EB86B59F51F29A7EB508CC80D26D
Requests: 10 HTTP requests in this frame

Frame: https://guandads.com/r/p.html?f=pmzablfh&e=1586314810833
Frame ID: 475A15D0CF828B31895E7227D5ED1E3C
Requests: 8 HTTP requests in this frame

Frame: https://guandads.com/r/p.html?f=elbbkpf&e=1586314810833
Frame ID: 0F1D0CFB631A0005C8F3CFFC44715AE7
Requests: 10 HTTP requests in this frame

Frame: https://guandads.com/r/p.html?f=hwvfnqo&e=1586314810833
Frame ID: 1A70C2305B5E2EC35DBD6AEDADD6722B
Requests: 10 HTTP requests in this frame

Frame: https://guandads.com/r/p.html?f=jkeqtqhp&e=1586314810833
Frame ID: 407CAD62EC48F01BF0C4930BB25DAD7A
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 3038FDB9296CFB8D735C23F4CC6922E2
Requests: 16 HTTP requests in this frame

Frame: https://guandads.com/r/p.html?f=jojq&e=1250011214715
Frame ID: 987AFA37DD764997DB3159B3FC8F4B2F
Requests: 9 HTTP requests in this frame

Frame: https://guandads.com/r/p.html?f=dtbuvkzau&e=1250011214715
Frame ID: B65F6DF51DDC7FAF25F9BC4A55ABA60E
Requests: 11 HTTP requests in this frame

Frame: https://guandads.com/r/p.html?f=xebwvxkv&e=1250011214715
Frame ID: 9CE59F77AAEC52EA95F0D68612354276
Requests: 11 HTTP requests in this frame

Frame: https://guandads.com/r/p.html?f=runvt&e=1250011214715
Frame ID: 6FFBC98AFC0FFEDE183A321F8180CDCC
Requests: 11 HTTP requests in this frame

Frame: https://guandads.com/r/p.html?f=ehgguw&e=1250011214715
Frame ID: 8E8024E89C2B7B0932F941C3428C0780
Requests: 11 HTTP requests in this frame

Frame: https://guandads.com/r/p.html?f=hifpjvmm&e=1250011214715
Frame ID: 541C47BBD6CC4E954284EDC46B58E8A7
Requests: 11 HTTP requests in this frame

Frame: https://guandads.com/r/p.html?f=auwfxq&e=1250011214715
Frame ID: 9C005B461D75F9C90F7A96A5AFD3B89D
Requests: 11 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: F94323DA2E07D92FA508EF67E2138B83
Requests: 16 HTTP requests in this frame

Frame: https://guandads.com/r/p.html?f=hpzswbsj&e=1977672056027
Frame ID: 81D41E7F24005839FA27170328068874
Requests: 11 HTTP requests in this frame

Frame: https://guandads.com/r/p.html?f=nlmhiwtr&e=1977672056027
Frame ID: A941D79DC609AAEF75BC86CF325F8C3F
Requests: 9 HTTP requests in this frame

Frame: https://guandads.com/r/p.html?f=lfippz&e=1977672056027
Frame ID: A610F3A6F6CCE4FA18DDA9E06FD59172
Requests: 11 HTTP requests in this frame

Frame: https://guandads.com/r/p.html?f=qxnnnps&e=1977672056027
Frame ID: 6E84B63EE2C9C583A89EA8474A283571
Requests: 11 HTTP requests in this frame

Frame: https://guandads.com/r/p.html?f=okjsbkm&e=1977672056027
Frame ID: 56ADB529CF58A8CBD317E18B04E652E8
Requests: 11 HTTP requests in this frame

Frame: https://guandads.com/r/p.html?f=ltbniayio&e=1977672056027
Frame ID: 37E9B4EC6AAF9E07437A9E434007820C
Requests: 11 HTTP requests in this frame

Frame: https://guandads.com/r/p.html?f=cgokrjn&e=1977672056027
Frame ID: 333DCD17F88A1F27DAC40AF9F3F8C4D5
Requests: 9 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.644279d1635fd969e87af94a98bd232b.html?origin=https%3A%2F%2Fkresy.pl
Frame ID: 723FAD35614630B61B6DCFE5E98AC810
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 415C053C8D218D94001B6B5CB7337026
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Frame ID: 124CA75CA623B479111838EB76872227
Requests: 17 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/xbfe_backfill.js
Frame ID: 6D7C94A8FA09932BA84A4CA43FB9987A
Requests: 7 HTTP requests in this frame

Frame: https://assets.scoota.co/serving/31880/placement.js?ts=1673177008550
Frame ID: 55AC80F1FCB9745D3DA659538E8EA5D9
Requests: 48 HTTP requests in this frame

Frame: https://acdn.adnxs-simple.com/strikeforce/script.js
Frame ID: 10602F663327E1B03562F218E9394F38
Requests: 9 HTTP requests in this frame

Frame: https://assets.scoota.co/serving/31880/placement.js?ts=1673177008584
Frame ID: BC7727832ACD1DD2E204188030C3A62C
Requests: 49 HTTP requests in this frame

Frame: https://assets.scoota.co/serving/31880/placement.js?ts=1673177008606
Frame ID: 338241CF180205B424FF69242DFC3942
Requests: 49 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=2030592
Frame ID: F2B530A27361A8383D0F73C59A4CC777
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Frame ID: 99400FEF2C04ECCAA172EA8CF23FD141
Requests: 17 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=2030592
Frame ID: 5423347CA13811A9CEF707EE4E74AD87
Requests: 1 HTTP requests in this frame

Frame: https://assets.scoota.co/serving/31880/placement.js?ts=1673177008756
Frame ID: 5C97EF51047C876CF537AAFAFD579182
Requests: 37 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Frame ID: B8BA662F84890FA2013D00B8AC4709AC
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/xbfe_backfill.js
Frame ID: ADB61B1B5A5789C6E1D7D2D483A80013
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ64bnAhiI64rdATAB&v=APEucNWmNJccUi4kOl2MDpSc86qhoYnN078rLI-rlHb_1EY11vY7wGBi3YyZkVdgD7M26rBMBDinHlJssQfXVefY0A5u8fHUEJefquXWIYSTjpCqZHRWxLpEa68BuiNtupW-jpluooP8d2s6C2wg56BedKX2ORa9dw_RdNvcziiWSXAskfpJfjD_GiMe3LLu9-kCE3VE7Die6zcrOfU4_zYFQ9WpOcXGYJF7WE7R4J0SHPDG-T5Ip2Q
Frame ID: 58B1ED850607175E08072CB682BC8EE5
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D6Hv1BpIW1gcKhxkYzfa6zYjoXCnSMM_kkCYKSAWoKjLsQqwW7_03zUs-CemDzCDq_TAPYttQDA84BAdzd_u-VIqsZvLQjWAO8Zesb1YzAjxIgLal2gEuGN8Ak-UGdgu_g2r7Apvg_z2N2SVYkjN7jBPktKYcNB0hErHCJ1pfM0o32UGs&cry=1&dbm_d=AKAmf-DLKZQ-UQCA-4ovMToSPUDU_xE3FaRliIbYUNZWm28seFoHmfH7yxbZhWVCDEOZqNKrqbpWisUrVororbkVFRIyopaXE6X-8kJfd-ybum3BnuwyT9gSDywKpqD9IH3QO_AV1JUisqQnWyk5lAmTEyim8en5Cn1OCBJBNX_5_XafvH01t8TEdtVruLWKCEeaKUEymVAMaVo-Mgp78Huf9ir83oHrZHo_PHDSKN0ZTFbEeGohWz2mi6NsFAKOLSWf1veAi6iaiC99a0fETmtpf7c2pxmbaMWGW7dHJvqH0uoPDFjQ_qf79JhVdCaFURm6lphN5odJEl3FSOZqDVi6V-gIhm9qYIgNxE6YTvgaQLcHS4FSlZqRAe_Qy4EedL0GOAzNvdbIffkqBV2ppS9ZeYYPUKD6N4I72eY61YZNrSpcShruVM2pIEggwbaut3afxBlSooxZyiLSJRa1T41BpbiN2KTikgXwEjam10QXriT2_nPrUYwdoTd1QfqglhuT2XGLeQOxvj_jFQ4X87tZxFJQ2t-EwgYyjcRwbo9kqPaA6jXGnQGhHDvXv6eAO6QfmroRN9x3xulqJeqiVLKayy0lYxKsmSOk42PYq6VROHQS7WVReuSfq6Iage3XELvMQOq30lkYWgepKBGWBcjY9Dr-a7QcFHzCChD7UARRX7svbTHJSnwdZypqbLPeclbPCzgqki8sNp7oJOwHxptK7tRDmkJ56b7jp8u3sA9q63xMdekZ-c5tSL6gsdZNTr2RhBdXzgqW50Es_zdQCD-Gqt6AdCLiyfseQxHRs6SCgkLkuu1uusRq9nDPLAab5JLaKXGFXM-k-IIn80wVBl5iSTjEkAzqGfK2bT8IJ7NWw8GwUBHyt2mdtv2_HkX79-2WRokai7oZwjf_2qnKCXa_EIdLrAFUD2pN6FMlcX7p8v1V2YCfzT6IKhlPGu-Qxvqn8Q6tKo-IuapOGeVYfjtiWxHD47ZP8cbYa33_0Vy_NJP-Yr-sBEIM2l8EMeAnoUSYfUVuN9MSBI3EMyZ_U5ifVwYT8tbu-EGVFq5HUuRrhOYhODHTpSael0ARs5U69cLj6h6lAbKOEFIoE0Om5FxuUSnKPF9Cj_qUN3Thi05lWzlea3Ujmbb3m_ROSrp5cLlLQ7EgXj--ErSx0iglr64YZ5Et1PcUGetDUO16HSvjG-mEnZKKFksDrVj8wtE-cOJIstkXhD_wIPRvQGCIwgo9xi3bnogogKA7DcPVncY8w-GvjqNUb3NXERLAVx1l23r9xjrykwbtxY7yCTamUaYw2YjRSaqDMTJUoSqyD7y3ZdXQY28DlCPZ-_GuU1xnONMdazqYlQXbrA-pfv_mYSvXj1JGIXMEGuWRcYOSNXAPSuL4uC4oEsVpovHXwol3uETToWLud8jkBnVu9TrmkE-lYysB24195RMLXCqraYdU8PT2jWSJMUvQhnw2rYIzBVd3KKALH-2svctbvEPtwe_McEKM21a2K8H-DtrTW9v6zNRAV2FauIj8M4uECIJws_P-kWnk_Vov_AJNQrbfrG4UkrP0ezqpW9OZPM8RDxXPWF_QMairoCXRMc1cFvLT0E57GTB-dUG9wHlIwVHZkoxk5iSH_yZYq8xVb85Ja5rA3A0Jc1LmkWA-wvBhNXBSkReDWTkADtqNILnXR8gh-ai438ob3-fy2uvaHrW_3F3XVvF20h_aXDJM7pWh7Z2jIVXVqcU2HmvKLSE6L6PUOPmuC1UW9RNX8nuqN5G3e_9O65TSN_bfRKfvf1I161exumOq9JP3DGsitofKInCPwxQDoYBEm-SjUnJGUywG3Pv-SF5Rr8D5LNqLwGuGkG4tcX9h0qZ8qZSQu9yxPjYJAl3_DJcRzQhKNpd74MP-7RqyBzrvWh8YLvBUUz1SClRmoKJyLfXgXq4Zo8ZIc8jm6yQ_CQY--2K4eoY0kJ5cjVSL_3pIoNSSfxwr_lWUckjsNeV1NF2rpArPwG1TfAV0CxYd2ZAASvU5kxRpa690c0RJ3T8k3GkXbARKIWyNu_2Zn7f_Vb7y5Dqy49dfkUJTOn13htYD4P8l2Q0EWyCy6rmaAZ1_j3P5GynTvRozHlfOhgurTIhePKhc3G1z5fQPhZ-8Chml-c-lbx-6VZPzqlqMpw4GUNm0tPX_U0_Bbk62D41MOcuT8UYfiuvdYqeCwxiRzEAspF23L7SoLCerPbRT74zAVofwI68aEcSvHJ62M73CXmsMRmrOndBierTUUCjsLycHnJnE42H3RJJD2GQPo_4KVzA81I6KD7tiYMj_tr1Z5RsUF7IpzcmvutPGnHSdgHXuZTud1TltAmz2Jf7vndn-5QCCagSFBu4Ifan2A0-ob_q-CBqLhn1MGT-8_OGf7vepopqZekv98y7GDGLMW9YR6nvL63bIMxNceWojes-GPLiGz3iayWQtavwhOcoZCYwJkIMg6XPz7asjNbzd0zRq81og149DKAH4B6UzyxCJu17RovtFO5Ysq62wOpRnalJlQeiZY_1iw88GOPvRMZWAJeWTdvP6-NSrIi5OFT0tNh2vECbvljfDSC8m-0vEoB2zbjEm8-djFQkYnaipvR2SBZIG_sR1RK0o13KyUNHoGnRwC-ltqNOVwpd5lpA_E_dOoMev_ELuGsjXze5Xsjy0UYkDu1zz_yTD5-GnenGqKsmVc9v6sUyozP-ibhMu900vy5Ir3mja0m1PBbffTh9U4uJ3dlYJ6sslhNim3rTK8N_GaoPkD7loOFSIVKnKnbp7WmFjO_A_un9WOktcIurojLli3nMJA6-ltgnLqVAaPUZVS3v0bo-Ig2h6x1qWPFj5Rl7y00uAPZNcQ4vSbo2my7MoMNVKtX69oAi-seD7ixghgsQrbyMKIv49qb09stMUMtaAaAlLMH3XWO_8ji8brpHlAST5L6FGddXBnHBqfNlKaAeuRPn-9Tsiz9ZSeUknYbZECMoO4wyLqdP9lIlmbmqQH-YIi0Yj360tAOTxlIZpflhwDMVs_9fcxqnJTEtFcRjFlXnswGdWINOXTatvEDPElvg467wZ7QiC2pjmKP2ZWTI4y2odsoVWHKhH7Jd9HzSqX42ultOW5Vi9EV15cNWbewOdZDiEdqZPvsDYdfnLK0kaW8lxlzSAfJQQaPNOHiqmbRToM42PI7eLueqVRLXSvRSuXoMONQHwgoFDxMei2TemgHxz1RtwYxrHfrutje4qg9omMOj_dsTR6wqZ3znmQYrVgMGKnkEJWEuFzwle2oUBkRjqkS28HB3sRoKJ81hTpsrIJyMnukpjvQjPZx6lyKYSFc74dtSI8IguSY0Lo-trYZbCVjPmP5LMYp3QPRsoSbk4-wVaYOkwl1qDfD3Xun7oCqqvo6SEiiNyNf8Vhtv8shQTbe7ceYSOCaAPuUMbAAFxbANXCojT_5VllgrnZ6G_RElyZNl_IYOKY6JzwEsICqq_z1vZ6kfRbQpKRL_1WuWdbuAAK5Rt8jTaMaaLVkQZGnM5pPLH4lQRUgd-Tb6zSvarMTld1Jba353J2TyPIw&cid=CAQSGwDq26N92x_8tYBwdDqfKEkGKpWLhWzJ5TvHxRgBIAo&rfl=2%2Chttps%253A%252F%252Fkresy.pl%252F%240
Frame ID: 85AA78BD8BFF9DA886A3AB23A349B47E
Requests: 15 HTTP requests in this frame

Frame: https://assets.scoota.co/serving/31881/placement.js?ts=1673177008795
Frame ID: D42446858E49069CF202A3BF63430A9F
Requests: 55 HTTP requests in this frame

Frame: https://assets.scoota.co/serving/31881/placement.js?ts=1673177008799
Frame ID: 0ABF262A74D90B1B33B98153BCECAEB5
Requests: 54 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=2030592
Frame ID: 44D03A66A71D71AB3E74B8BDD4FD0ADD
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs-simple.com/strikeforce/script.js
Frame ID: B1827C49189CB4CD30115EA2331DB877
Requests: 17 HTTP requests in this frame

Frame: https://tags.mathtag.com/notify/js?exch=ruc&s_exch=ruc&id=5aW95q2jLzIzLyAvWlRBelpHUmpObVV0WW1Nd1pTMDBNemRqTFRBd01EQXRNREF3TURBd01EQXdNREF3LzE3NjQ2ODYxMzI3MzY3NjI4NDgvMTEyMDQ0MTQvMTI3ODAzMzYvOS9rNXQyOTRaRGZ2TWtqazA5ZGdBNjFtWDJWOUxNeGp0dWdIdkphczROZVVrLzEvOS8wLzAvMjAzOTIxNi8wLzIxNTU0My8xMjYyMTQyLzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvMTc2NDY4NjEzMjczNjc2Mjg0OC96cmgvMC8xMDQxMC8zOS85OTkvMi8yMDAxOjFiNjA6MjoyMDA6Oi8wLjAwMC8xNjczMTc3MDA4LzE2NzMxODk2MDgvOS8xNzIxMC8/6NphwL_p_XG7tCn-AjBRq9boYX4&nodeid=3753&group=zrh&auctionid=1764686132736762848&pbs_auctionid=1764686132736762848&shardkey=1764686132736762848&sid=12780336&cid=11204414&bp=a_cagefj&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.134.227&3pck=https%3A%2F%2Fbeacon-nf.rubiconproject.com%2Fbeacon%2Fv3%2Ft%2Ffra2%2F0%2F48826c9f-2e22-4293-836d-e96a87629420%2F
Frame ID: 10184F7EF067755D32A914668487D4F7
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ64bnAhiI64rdATAB&v=APEucNVagFrpaB-ZbMSiAYYZ_YP63R7qphX0gNZz23jsbfEII4pLE3nUE0u57CFJVZWLAiGOepD7WGZXO_wkKzcwzYxbXVWQs6_NVLd1l1yRaE5GK3D19WVgj_MjO4Y51_JyUsDH10YFg7MUDAQUt7qlHiQub9A8auLFXJ1bu9JiFx1SgbeZy-IxZsb0PZ_M1KUUmSLIQg_M1COzpn1ka87-CI8fEm5wXJds3B-Kz9zQggl3TabNhuw
Frame ID: 0FAB6E75F072044A0E5A680B62373166
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AAXnRLXJ3fE8CObqN_YyUMRZ0OlIc7G4_O34nJpNtC19l59JHR-DGdNKYJr4fhj1SVisSMwTIwG4uKzQP7BLQcHXaZg6akpNziPToJNm6UjJ2BBwB8zr1U-aSWNPj5_y01nqzQ8WQHljJ46J9DY1WRUN3a0B2a_v2EHI2pLogfm9IjIgs&cry=1&dbm_d=AKAmf-DrevnH5c_itm1KiK2KXejXpfxSHnylXbN4kjoYDLsVURiYyN0_FlQcoct4YezJ431EAEeLXcmnLnf-jIr5CoLO7LlGQBoh3ePcZ5z1Lc4iHztj9ur6f_nWXtarz1_xeYSdodNQZTwwAAqZT4OAqK2kVuXe78R9qe38pNKoiRts9zgMHeOaXd_mwh07ngk2k_Pj31t6KrL0-V52jCvbHmbhecyVsELwAszp-CELZ60kPbL-g-DEljG-4HE17K7SeR63zzSjNf_sJiUC5-Fog5kQvJOikMp3Vqe8w_B8P7D6cMAKsCln8kj-5cy-1yKgt0MOsFUmv1MPu2eVR4JHCqw13mTV3Tw9vVeareaPsf_qsyngXDmQe4vQsPdqpbQlhNXW7A1pG--RpPX_c5-fcnLBX41hfnfHyGGhXo-uJwrPXeHhnLECS3ZFzTh4eAtjfSRHQyrdej26HALYsvosjqYuvdfs2yiHqP7fbypUb8H2448t3Q5S_pHdZZBh8LB04fRO0iZRmzAF9MNLinUnvYstsX_LxbqFSatSF0y3nCcZQY7jy0AbTN7UBZ9bQlzsO0qr97Npvy0Jk6-lJEDDm6t7UQ2dmBnWdnTp0oN1jHimWGmFJ5ar9tMzaJx2lQz7KN6fqhW6SCrelDCZeCJbGsrrdad8GUgHR0MHZnXlK84A90vDJpoC1nXTVCuj32-b_FKirIfJoUH_0yoDxr4fhpcI3nORHF7-_mJWcTF1mQ6SArFsIZQGx6lypMcCKOYq6h0TMdhynkv7uA0jdVw23mU2rPzkrQEB3kwd1wi_QQXf164dcBXbDuWKsOTTVNTMEV-cEVcAmT96f-XL4pIHFPfVTWQ0rZuswz7sQrswjCVymuZs-42QbkeKZW4uMEZOJ8jTL_xtP5vmreEuMM9Br7okiS5MK1Tmbnm7996p49Kdx3PW53BIBRiUYx4kgP3zDZe69phZ5NEYFUj6AYQN7O2FK3_589zWQ3CfyBjn_k8EWmRaFEv3xqgBL9MiQ_o_Mg1Wa6-h4nZs8nPBQJg4U2NVCMY62yT_ag1z6Upt8NWkKZ9Y5PQrRmYCv5NHrzcIqUXy_5xHGACFj-kJ5WCnZkoCFaOlNoRzPXdmXd4qI9PWI5J5wHZmBf4dh8EAEA3b-3SVsPTboCXlHaEJFrvRhoZpLMgO_Le2RZ_atmOIBxvozt2SWi3QDAvzIIExKivMT1fkLoktZk80-N7MMBk3B3RaK1gQqbEaRErtzGOShtpIFidzPYfZAObN8cHw1ZJmPZAnKWB0N7zLToBOxkC-9VccahMk7NZbDxc4bynt3Py-aVVgB4NM7T2PnqUtoP3nrIsPr4FLEccq4yXRW24CsjXrAhk3fHbvogSqh4g45YgDg3s1e8snTpJ5mnNUsaVmQ-aBpUy8nJQdbE3e8xvpFWrlHmmH7OsFWMUfjTvftAg4FpXEybeTzR2LVZeFYUgfUxFoP_mEoLoYdnz16Yb1CgI5Qh1hXCFmgjE6BwDoBRUO9THAVw3SoRC8eoKOGHqxj06JTvpUYyf4VPmervgkzMDHX8p0njTbPSBjWmgYdGNctfQv6CFDm87epJz32xa8T7bti7nPqzxi0hVXid4Yja4uCVmpnMHr4Ux6dIKTzxBt4NEgaydTahE-IZm3DpNmiWxxDfmzwY3u4faFoPDAc-tGLyLY8FBtib9xcQKRUHfT2my1c9irDIlgtwxMeKgkvWEfNV89RaEntijzi9YCQnSlq7cg7ihHe-PSPeLsTUvvxrGGBjXClXLi50F1wywOYpGYXCt7R2Xl0aW3Ut7RqrQm2KsFBmkTWVv4IWw12q0Xml881OLUW6m4zuPjma69VnfS3Q7mF-7T2di5ub8SMX3PHFqRfW7wvZsVS6s44YFxwR7icP961q-snepyF4LJq1MALEvkzci5pz-WDVSAQ8OLZxOGl7surY8C4BumeQVAY5xKAmZmYW5sZvF3-6rUbQ7vV1XsSNOF_Cc1mR80U3YXTjtjNtJUuc4P7WHQ4ZSYxZ9hSOGkQObQMLI38aUfftjUpseNzsAAkrg6wMe9X02GUE9AG0yAnTJH53HPF1DE8JPx-E7u4bNTCi3C2fiDstn1mAMkPw9hlRwYAGKoZ3plTbPwj_cva2v-3XgLp3OzBX5eyDIOiWYA_t2JEPsKxUWpGqkSuKgXLAIGViTtKZVP7Yx0l-pVGHkoBtH3vOBsBxy9jxeJFvugrnq_JIvlkRwzekvoRzQW3zO1Jd0BZXGA9wFkMfKjZXMiKEpWYEPYjz7rPUubFTCecRV3C28UW_y5vql22djtfhmKgWIeW8WmT38MwN_KT29gVAI8cb-GkMeDM8Zo3V6sysLcN2jxjIAz4zd0JZxU-oJKZfVFukegD2lJQC1gCIjJ-2ogWOW28mUTh6R1NaaAHBrJFAdU2Z9aYtru8FJU531iLpScBQ_ANl--slkk80QS4C5D0Z42QhZpddweeCpHIUqAl1oXq0iFGMJVAERlI2XErkDtQgYCJWNfCMulA3AqU6NE5JitFZNOwt4cLi5IHcjufqYSS4bqG8QXns8HbH6LKcJWY4qppSvz3VmFZzQjwk5iazDBmtWYX5bZu2EeCiiuHkNdx4u_GAjfEwBLJeK91mHvkYoYJs5DMGfx_E1juEEovH7FN2dRnT_H77MBqFbiRjLybr60KM6CTz8_dIGsUj2H3WG2UU-NZ_1JIyuEDRl8ghax_pbcW5VQ8008KeA8pTC0KtQCWmL5YczVYl4AT5n_ndt5aLDN7whVzZMyZzUUHNbvsuuXzmDx3IoP47_RW_0wL1w0CjsT7CMmi60_9gZdrMCCj4u57VrkOXLOv2cma7vkehDXEbiv7PRLPjjfVCFP4RVDK1pAt91YCa9bmC6uMICJqWoNRMFCS_4cntFXoM4eBhDWm6EbSrL8IZmNZNT-TVo5PNNdMQJ7Y2eCIGFcHpWri1RRMh-zUax66V0vjDsBn1CFe7KT9OrpF-VQpY9W-XhjPYOXGUCgRl7Pz1jZ9h4QL8l3Abm-VmObdKOVULt0hf378Io7oWLHeZSSj-3KV4CqYKQMWG9i_JPPFNbOT2_JCV34xD-4AqlbTfp7y10X3P0yJ-UXTeHi4XTc7UxXKuC8lzzJUVPuwcc_pmJeW7Ypu5b-2_A4AcUo7wpuf0Cdfpxa1jPxIYM8t8ut7rUooXE5fc-ZL4zthzTd-dPteXXKoO3wnAxfvsJKn5HH8uF36vdwj-JL-QIqHoJbDccgeAl8IcnwbRCytZfbiWECzFqdxo0rKcCJ3GiS--iJXVXS_8HJAExOklMkRrkDteWxbVoJu7_UxjbRwtwCRNWNMLvpvVmCnag762Y52QQcXulrNrBSUx_Fbed320iVSobcpOsQKCGYjVIgq-zOhQNnvIRcUxQ3uy_W08_msnsb_OjssEoqOVnMkG5lqsA0RnFpEK89hk8Nuc-Szmk1yKgduyP4eTVSuBFMadiUG1-TCG5HK89nEqXk2yxsaQxRB34xbVhfBG7L1_SRbCUQuMd2dHdqD4fnEA&cid=CAQSGwDq26N9XRQOd2_eBpffwC9Mms4EeJnB2qaQWBgBIAo&rfl=2%2Chttps%253A%252F%252Fkresy.pl%252F%240
Frame ID: FEFFA891C75B802253CA8AF8581511F1
Requests: 13 HTTP requests in this frame

Frame: https://acdn.adnxs-simple.com/strikeforce/script.js
Frame ID: EE538A1C5D762CAFEA49B0D2F47324D5
Requests: 17 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=2030592
Frame ID: B3F6CEB933B286C8B9749801C2DA131F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ64bnAhiI64rdATAB&v=APEucNVoDR_Ttl59HfpmHmd5EMjEYzGejVHKE7Atr8ONhJjode7vWNkR1G8MzCQs7-T3tkAuUYYuTbR188lGhyLUd0NTol7C0WVOiECzWRJQgyNq9oQCBSyH2xVkHvoL76KDZHN4081-v2JyU9crHv9iOi5xYRgMh6I688bGnCkVuAUR9cG15Q5tTHxbqO1KOJzwiMek738t4n17TKe5IFuak_JOWDHkEsnEyqpiXlEqBC_U3oHN6Xs
Frame ID: A669A9FEAD6361BB2753CBEEA04570B6
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BE6BMwNVivTYZNlGnLKigsublyU-Ik_2Z_BZAItxS_lV9TIODEeYSplQWXN7HIHBGmrDUcgIQw-p1Gieb9NXCkL7Xx7vlrN-1GYIyuX7xYgUijy4-3iPd9iMeIYslyMMGzzfIq45M4QejJ4beX8hnl2OaHtFYKwiy0-uyMZBMqzq9OVKQ&cry=1&dbm_d=AKAmf-An79bXF4pAUnuJlbmyeCbG9XrddpAdBwx23RZo8xrFYznvCsdQ6sWtPWAaFzGSa5UKm6sogzo93IUuFBt79aI4_dD48C3g7R0IyfWbsJ0xFOdypB4KXnJrOi5K7yVfwDRqDFebHOo5C5tATO7PuGpadOdJlPigSqb-KFRtUrxkXoMpVrAEybOZGIU9ZURVvCgViQnxsMGVI7YzYC2iodDN86URQOcz0Rh0BUMPwrhQ0-F9EfdXFIk3eGIRXq8jH-1r7_cFkCMGwl2VqrEgvz2QkCjIU64LOayH5df2WfL2kKUe47vPzYrcgz0yDCkUMGBItPj-W5ZatMXmNeGV4Erb8MWI60dm4Nw9rjukK9PliD93t2JGeiLMG-BkQj0bCxtagk0Y9ZzzEE9rQysytstDcfWHg8gd0n61wZtcsefWch7BcxPS7kclIBZWnRHzYKHzVSD7aVqj11EsKyaVEfMclVJnryNjcsqBboO8IG7cRy_hznsKeIVezrHGJ923xspeu0f7w2H7F8lMp50qNesmslI6Ld8N7hZa3oOPvHJFwbspmos78-XeD4K46RrMShGeqmJ-RqB2yRrXVulQkZYeZrfpISVLQ3Rhwu3jo7GwmmEwr4SJ1Fa2ACH-IFad7hzQymqSz-q0yGlL62AIS_9EllOiyge0zkDpWsoMIVJQGSxL194oj5UVNevF24UPkQUZGGEs0la1lwonCbAQS-tru9wsY3LskL4vDyJGKv-zTG-x-VhpCHhi2xFddgbJmhm6lILNEe5o3Wxj9EvH5VIglCPP4QJ_T2dfLsWfF_VQNPD8ntyY4On_fuomSiro0aLM7jBV3_P3OgJ0_FLl7i6A9JVYTl8HuLthKYVcq46ZJ4A6oao2UeIAPJLzDbeiNaNJ0nat6VGib300SzlTsnADLv0eoWfSXtlewqFDKVecPiWXKP6AgCasgPYJDEVQtMUJEcS2Tyw7ODxz9ASU4BSEPqK5Kil97rt1Q52lSSO6EBrwUOoRi13fhJh-TLBSwgzBU610FZrasUpOOIJ0J_g4ff5hkXP-rqtxKt50yPUu7IQkcS0UfEU-EVYqhjUESl440dwlWxNQp-1wnP70tGIqPhzteLL5khYAVsv2CovGwRqquFBuTnKBpa6dFbANnI96zfL7eNQVBjxsJZR_j691TU8gYT2ntSJMRcSSJNAHjxpsvbuXjP9BQeGhlU5eZjqF-U-mV8dPBcbGzj-b10HmREU4r-MHnraCP17h3rXjaUHtHvsmo3KaqJgC7n8u10NNc_Kbydve9sfB1BThXIKdygA2PDM7X0fgM55QFSf1VODN9LEeaGV0f_ssw0h3dUm_0QKPFxxzWoPLkPdbMILgenyuQLt7en_0cIl7aMX9Rk63IZRFiVYsPcHxkg54ofZoBWPB7_XM9cXYghAITp34BbDFYy8Ll07FCXZQ-mrBHtnoZFgbnvQmWEmGIM0EiFrMMydCcdsFe3V7LW31F1P2dGnaEUtl4LQxnXMD3gy9yLMyyVDXxN9IO4n2Ib57uNzSLUaxxi4DcKuWm75YXJ279i60zcj7U0H5zBWr05vAokPb1euDx9bUmfGan7IvC18gF49R6tuwJ1sRE8JPaYvtJ1XUzjMoHfdcuSQeigCihNjA7xZ6wlW6ytnn3t0F4VjmBBOQMm6YCpHiJqqRJKAL9ZtBMQEj3JU1b25zl0dhnOsEDGZNjEBvnW0Je3DA1GZVdZgFnbCjSSSGaNGcehEg7YLuuEbWnoYgpcrFqxeA2fcduRDBCfRSlprlmGVsFBQpOz3ciez-B9wfpWuJc2PcSgZeQT5bN28ipgdeoq87e9odRUBGGasMpMOgr3bzs1fSPDtiDOC5V1I04_LyBaiBMFkZX6Y3l6ey6_z3g_zseK96QBDevWblWmh3oJB0zXxbEObAdlz7pc4eaZthP92uIfJ95bOYaEZoBKvIcYsk1KchrBMB0m05WJTI0IkqQMiEWB9a1OqU38TZRmKeIaB86gOw9Y9z8CN2976o96GMIzvBeZGHnrHvcYeoUVJplLl6B-5VWzZy8SFcXSvSs2bcbNHE0F1SNdEIhdeeQRXWAWHwqU0-UZs-V0ye_WlCRfrUpN0U0PmP-MqrKQjahoc9wfDaq1opGsog-gw5cC8MYGngITwPiJ3ok4cTMoVWQigpXtIU_io3XibA7lJyfPFblLPHmK6fgFh9LYTa9cPfk_-H2WxALQPFRdvoCFSM5OjSuarP_uYA-IaZzu5_QyUW6X1jM5vxeSIx-bTJ7QGmJHe6iJT92LEIYV_KFLiwXgvCKcryrwbNoyXHh7siCLZq7HDgJEAIqAOWwJDc3HDSgTz9OAzPrvC9Z0APurJxye9F_TylvQujYwnw1Npm4ZCYPMaTWYWOPh9g9chfFeLrTlz0s3C5Vvr60eyj2BuNKB_YweH_T1CWBEm0fdOVFzoyJXyzHK9rpkZWwCfP6b6HvKMuVUb1ua6cMjay8_5MmlchmSSe__RRI3YsiM5aKrCN2HPeEfIjfvw_6G3ym91-0_Sf3QmPADMnBSYt-5yZj7A9cHHzsH7lgx8wP7wpwwAkacn2s3VmKOgkbN-lxwJjUnX86fRxGRAiJDefky82Wh53wlsHTUG9Mvfz1GT9fq1ztX6sw03X85cYH-_TMNk9kLj1cGf4MkNEOE9nhfeodNDC_hjB9Ap3uK57j2x3EHAofDCkuSIrqfkjQRPFK2-t5RmQZqoZ2uPF5HvgLfEllT9LdJV28svaXFty_31VYzd_bO12LYuzZZ7oxpNefNC66VZet0SuCPIjE92NvOoN9DBWn6h1osBnN4ERj7ddFrCaKBbuHRD-bkZZ6V9cLX4GnpcbGeTrvepSDOFCqWw8x38xNZRPPbGGYSb8uhOAwif8gl0IuSk0yF-zC61F6hesTd0RHwVc-d9RmVHuMM4bFxjpjsGgvurLVJZkJh2eJJ15mDVwokcNXx69fNHjosRM8-yYXu1h8QxpSMjJDUmJgjw9-rIUuANJ1Oxetqjtc4ymg5PJXJ53Ilr8HLBTzQzaG934BDfnA1gRdW0k0P-Etj1aEWMzNsHkWCZXoTxJy3tfOjvcuArzkLzPwI1hDr7PtJCnQy-kzcmQqmuneDNwXNrgJ94Q8gJS_iEKOe69A2c93gdHyxECtWnMTzJSwE_2FpNEHm2xhPy-ww7txG-5x6Zo159e11Gmx86Yjcr7fGv4IvDzc1ghReZJO68ks4I9aNj9N-kVkQnjUXi2-K5vHHeqApRjJAA-nnXz9d6IZQ6eDrCnX7keV_2biHGtYOvvB7PJypQq0S6Augi7vpNnnqAT3Jw5aMNpKl7fIRAy599Xyws19eEm0yjQf0ro-WnrWuYz8RmZMcKqaGrAjBkDc9Nq0ZXacV6at14tu10Ac3KAUWMTQPiWLzejLt3rt8jt3wWvOMVqzp45DJTiKXkd6mexSwI5yMVLCZlbOAJUAmtjCAmUuoAApoK7Oq0Q_GxZfxDBV2l_hZKvO4wAHAWcKRzZd5bMehAuS1GbFTRRjkURhSc02A&cid=CAQSGwDq26N9g_dFmm1B6KZ5X1Hq8ip2fYztIDoB_xgBIAo&rfl=2%2Chttps%253A%252F%252Fkresy.pl%252F%240
Frame ID: 2047CF6E3043795988632834C8DA5C3F
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ64bnAhiI64rdATAB&v=APEucNV3cO1FuFzy6zxX0jQicxKm1cnP3EPzh73W-owkUygXIBR779jMe2f4VAsDcaUl25nujA4IAHBZ7uZbyQporBNSolfAtzqLcadLOE1cjWc8E2zmvlPKjhuve62AEHXRIbF-WJ076CykZTJMc-CJGqzyOgzpbQ9z6L2B35Mry-ww8YNuSgQ1jpmdR47IPplN-a9JnIGM0AeEuPGzeGWUsW8xn2elBN0y7dabTy7ricyi1I_mYNY
Frame ID: FD26E30C7287CD2DBC8A99866B361D59
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CaO6JiyescqQiEL4VQZ2VOc_L74T341bWg_cTtgzCGJC9x1HsbUO6GboDdwRxzmfyD8246wAddncbGnRdkvPea3jhmurPq2-rvwvj2RQp4tiaHjLoIdZG0alc7rzRT7UrFd3xPLrzYkU7xhymKi3EnPcm_5A6vABxxsj24bSAAUXaobBY&cry=1&dbm_d=AKAmf-Az51PNUB0yFib84HikgGPTZeGV3AyRI1jsAh1uvGm64IviHuZLT5D8ciNW_TJ7EGTCaAqwXLG_TdhmLf7a7EAvP2mOLjiGeFklh-uK2aAPtaeMFAeZc7iw2rgqCCtEnHxos0Ot3gaNZ9Kc6eY9HtJvsTZnbzSh1WXMHaIVmFTAzNEbOE4UY3xNOoztfSz1DH3VKwOfm2V-bBL-36CgrFXbgiBKksQTlaLMxmxr1qqe5TJp8YUexG2O9-Z94JRJ-i1kzMXuiPX9iwEywVbEi8f9LV0qY9biEZMCHLIit85J9i-4-DWI58PR4veZBIJzsiGj5QlNwv1ajYygxXR-ilw1eh7e1hH5oW2nRG3jfFNKUM_A5bLwZ7wAzD-rr2h5NJoy32YJ6CNZGunHsC3DZuXDXGmLZD_7You43YlPP8SMd_GZDzIpUuAEwda5mvrUQJMN3lSORdRUWGupb5LdPXHgVk5F2tD_2L_RUYPHG0z_nu8La0sB75usiUBf3muMjnqYII-2E_u-LBd-wN0tIUNDfiM2FRV-hWlSEo1wxH5kW9tgCaS873uuH6qR1Wk7hpGsH6nGs_ueLsbcgoByd7Di2KWda1HSg9DELixN1ISo8RM5VAcqxhl3BL2HOtVRU9uRZiroLU48jAadLx3tMGFQR6zsvW2QEcCMxdXbX--Xa8j6BdQGhpksAkuIyKTyq6h7zbEI3p47IKZAZ-3lxfm3cVj9LBpaPj6xzJ6TBZwRRySI45rbVTlQrQHW2EZ8KYGmzd_3LJJNbgLtY3ZfT6MNCpVAG5_FyouYxfrK3vUazjubKLHYKeYnXLDn3olZS6dPzagMDKVf8oZqoOjd-EQeD0NHqdvs3CJ1pQV-t1LZS1Idv8k42Yw9DjYF3TY0EViX4APp36dHVmHwb6gIddyznD3GJwQ1He-1LL8VhJ3Ul99E7wwnd1ULx7i4FDOgeXf-24lgsqnt2_hLH8BYOpXib7SXMhhISIBEjrMN4hiSdEzBDMfl0R0sCl87r6j7yxG0BnVI-KBZMdOnBYLeG3QJYzUhQoQ6bhTbAY3EK0FCf_Ip0HDSdlAnrN4rNEaAJDRqUx6ixX1r3FxAXQFJqmbLXwjXpYzuqUG0rm-4il_hsrQkMFiVV5KpNb2Ewu4T2kxQl0uDVD0NQTIp85UQOwMxfmUngNwHpTxEWEVmnZ3HhehWnz2cpiZnlsdMZFZkBYLlmZmWQtJec_PevzldjweqZnE-l4SwWa_mKPi-JPUI5y65Uga_jXT_IE2j5bzeYyMVNb4OO9p360yDmyLgVnAOgHx09f8kFsa7CyL8Bh1Z4AxmEhP6XJ0U6sElUBcRMfz660W9hIQ5IkanrOWKbpcHiosbZ8zRSZ-rSz6vY6dbM9MeCIkPtqFOQlYjxp-Wg71sujblS_VEmOv6vh3ACs-FaJeskIVRPAlkMbRNA84YljhcSU9IFARuynwNHOZkaxC_gp4tf_JopjgPcCGgE1dhxLms7SzNrgtQPglf307pkU0VRGy6XVAkjOufAzaZzMsq-PLOl1mWJfyAxgwAMOGdCD8p8Bcip7H9N43hjOCQ12CyrEY6izw3GXNGBIiCia_cg_jf5Nd23-Eyv-PhHmwkP_erhvGHy31l7RZQiSq0L91IinWcZcvzh5pGUI1U_RCuHe422YgJ6Fm5fdP-HKBVu_kJqHbW_OcDVA6DHLe6BCuIzSztgbY1qA01sDaGlEHZs4xOpeZUtVKTMXoqrkqtI5KJpDUxE4k0y4CxpdhpBxZ7cFkQzYaChdUTcZiiWBDDqGjm1l6m5FHXj_FXH1ThVmGpZp0XlMtybQ6X947GHlynJ3pdIcoXYACdOHcEPaDjb2JBFcdGXM8Qzc4_AC5BLQz6z4leIhykaIuHWWqPdZHRuj_-uPW51EPHhkBG_YbjejumRzk5x12np8ZlugVMGXQ3U7xpkIlQrplBfcdseBrUQdlF-B3Pg1hgVse9sO0Vk_es2Loh2Xzfxso-lq0Bvr_TvZ1XGVTj5dyh-K4slEwF5KBM8N9Ezgb6dx6QINXvVdHWH28t2MBr1REPfeSrbEr2r_DKCQBmQ-4Gt9Lia0IMN0qVbZBok_e-xSOGqBg8pUh0qEuqNzJgHVAbnoSttTyXorafP-OqjHEj3NpzqkgSzharktWYVz_2-6k23U_iWrIMhCiXP1_Vt1iQNVuz_ngjzlArXKyC8a-apyEKD7qYixD4tP_bxVPzxElGvAjNnrnfYgUdjA5-icSBG_Qzj5okO0v29QcvkX8cijDNT5UDxMfbq61aklyK984k8QDkh7BAWSXFI7Y8HrMTFUPIk4wvXDr1eLSPdh8-qbfKc3C8i7Z_dCNNujz7MRzWyBA5Y0q2lHpw6fhZuK-j1hG78HbZhxyXRtNlIKimgUuyY3apIGuELVqOZ33qpd7hLFocvVAdu_ULY-mlNQFp5JYvdN2c70AQErAwfEWhDUaMHvwvcCrfIm4FBdWHAyiLQPLpOZlTe3NtxxcnBDIG7XhRr7KXHqMbcPEd-F-toBDrEQE6zaRhhEfTco7zPivxJDFm2MDMFeiIOlSkCRamX8UR-2oQc_vpJslnr5WMoRXye52YCf3FAbRMZR9GIc8cqoX11cfQf8QdX0_DxcSEdyUHU1bdNa-0E8Awc0z2cXfkEZzNGXKdf2ffoX5WwVCCzud9XFes7K1D_XIf4dUYRzmFi2mUms5Fz1Ppx4HW_j9bLcTEQwYGR1ReyvzcNEaxQL_xBE49BRqZeY-RFL6NowxUvQcSwrqQh1bD9VQuAP1jYRuhCDh3KzaHQKbmHPPn1zrSYI0BIyTyIXhA9F0bXWEUxTKiD8WGzhk4GHqt0xqnAG3PsgFjSyQUula6zFm9UWGxL5FZ3AM75o75CrPlCBBBcdjpFlOH0k3Q-Xrzyg2r2oKuRpD1Et2Ea1b0LbqV68qjH0XV_E6u5su8CeKGXmLvT0LzIypIzIJnZoa6XC91N5Ji_6M_uCIRI3wOXn2u8tlYtLhHFxVBWUzWEcZhQ17mqC6KRH01DLCXYgGa8xS_yDF5Q-FcUJoB0hf0CzM0hQo6pANYDwV_brs5OMgkdkZdmfBq89QCBVLx__VO7tmdfhmN2lG_lIChqNvauGW8r7joqKbrNSnavDr2CSDSZCeUuD8KR11JGn-_jpAxP6JccJF5LRIthfGroDfhe36DYFVBmmPRPccyENe46a3VfzUnfv01QLehJhFQTVe9oExKpfdA-vQb2kpmU4kdYIGoSNq3CFreJi8Fr5AuERFHOycuNCc5MHey324-NY5GOUfPzhOgu889QjZg0Mu0R3x5TqvpjXNs4dnO6Pjoj2C8-tLv1uUIv4n6QarvcnJnoMwD717QeLONIASgj_aQEzntdTxd0W8uF7oGXiZQGwpGmFeYuCfF-TYNDwA63UiG_WMi9Sksmfvfm1Jt4L8dLppHGLtiRgQ182nYu4MSl0rXezoNV1ZnmTwUthab_orJG-hAWvYaJnVvYk2VAGYLt-S_BddLrFgE&cid=CAQSGwDq26N9O95_hkwgQEjYt6_vrTwEVYGk8QyXFRgBIAo&rfl=2%2Chttps%253A%252F%252Fkresy.pl%252F%240
Frame ID: 59B25940DEEA3004A15DB72CDC358919
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ64bnAhiI64rdATAB&v=APEucNVsp5ChyAFuw6xyH9NIkI2m8uhDGCq2-KojJGFZsY5g5yIoIwPxtaQeT15Oluq5ju6jKIJyCWIXSNikPlqqAG8VjtAjUW51vqctuQf7GTGvRaGWUybBabPiXHJa5G53AAaYxryr3UWH8WsfF8Vn5BVr1AOGeuHwOW1-tlnVZ2Pv-NZ_bavWgYfGs-mmT-p3C4tUgbVfOIYhJQmKxQZiP5nzJCH5iD-6U5tftElCRlvTglPujrk
Frame ID: 4AF3B82CC401CFC2CF8FA4D3ACE51CF6
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AwBpCS6BeZZzeE6YFpdl08FBDUOR3NsqieqSl8X7Dl82Bx44dZdLZbC6AEOyjHsdwSwl6WIje_CtTrFoKbgILQzlTb220RcJX3ar4tYmsU2iO3z80CliOpvjgTGT0PTllZHmkldSO-G0Em58-az68_sxAwBaasUma6STKDscYPDbpbXNc&cry=1&dbm_d=AKAmf-A_46l5d8gkO_V2_pHUZkQWj8J2D27_p9SVX7LxD9M7b9cdoYNR_l4aTDwNmZcxVZdOudKMgiigreWPoxALjd9Zh36ksvujlV05AFrWrgyupMDbLZ7z0VLXDoZm1V03rZl26ajMBqpgHNBHHR35SffotFvIe_DLwANDA-AHpv3D0lDZPY5M3y7_elMLi0OuFqgELdpqs7x34_hbxc4QVhe-d0FrxBTq_MR11jC57K6qKYJyWEwP3qVkctoyiacubQGu3LtZdlu7Br7E1hzZgFy5YZ3jRLPNkKl84s3Kmq2-dmOk-Lao4JiqG8izgcxoep_vktMqbc6RUf0u26VqvHs7wzq-YrwgaOIx4A_7OVSZjWNWsy4J7emkMKxYKd94OirDqfYtRez9tFgFOVEQ0ZzK0rnZaVoGT221911MH0A2qP9v0k_e31_QfXiYOiZsKmy3ATlhfWspxHclqQ3lHWKeeYTALSfm7CYMAWVhuclj88TEfOBrjjDOmHLBqA0OfrtsaHzrEG8HVtZwNI0QRi6q2SprlPk3fmAGMp1e1W440SvAozxgSn3xWk2KPlEPGqalWcs-Ob_IHmojCkGp83v00O3nFbmCV3TQn1EgjNwBLlluG4i8muGYwW_HheS2bdZRc4CqD63P4xyKkjBc2Y6m7H_VZWW3aPFQnJ0kicf5pE4W-FF0h0GXXDAlGglhnmfE2P8EV65XzPiYyf8BPqiE_OB_Jiwk2914E69DZ5ULJ8PKQLhQWHY7a_SQnwIpAuCsQRpzp7Qgm79IYBaRViwAo5PCIXK5i5tEAFZ4tx1ZWqTF_eLc-jYyy7K8S1-i_YwwAFTOrEW_GsqRZGQomGDORA_qFxgUTWtxag1fX6sYoVu2_NyCe1OU4LYoe1pBKIYeVqSMC0WHEc5_vU2fHvvmM9DOyG7znOsIFGhZsT4fP9cS7tTC2XXTb7VtoD4iQ6_y1nzktiLUU4-bpO-5sm2uwEsQLvQigJN8jliNkf1mjMdntLlWqYt-FIBTS898lc7zQlWw5dT6Oy4SV45f8YiLzZ3pjPYAJ79dJepfdyhrVUJ1AHjvAugzteifjO6WYuYQHOaB5GnueA8pxiTuYNgivwZ6Kp9qwvIV1-rZxwksZFYfNaD-kheLIQOMGwAXtuAn1YFNZKwCMIL9Ssxnk-aH6AV_Hz4VCO9x5NSx8ZEeCYH0HclZEjdBcSbV9PeEiXTAxhK4QjltyHcHSkhKZ6zNPI_cUWwGGzS7JqNw4Kszu1f1onb3d2bvnbvK8ieL70PSOEVnJyMA-zXI4QC8xJWzJ6ugRWh4z1PmpGX_htnxCsYirvEO4ybSJhROoWCa_kL7hwOyZTxLawkhudd0_0mjbGB1iUquNCQIqYzX2tV9wO0kFVkZZ_8FAcLaR8XRA-_hgJbtw_wOVj240M7vwbIGSU7w5d2W-gGKFF9gudhm9lokpCRE7ekrTHbQNfQeGgMlMuuGbmcQEkFYw5Ahep_JPhbCTXfSNvhppibcQMU9hradPNbX6h6KX-sk9tE8f6MnSEPOKJ8WkW7GClrFslOhlbBFdYGbwbpwpz106nfHKoqwPIcb1-il-2v22jclfFVLe9BMKZU8DhqWKuS08I1lYgJqPvxG8LsxRWRQqBtvAHy9G8zc63oyfcyr1hKnep8_6EsR5sHrTKZka6rx6iDnYQkWnTmib_4orGsaloOYjQpu3LYrwgUFKVVDU_oBqsoXia82YFoUTXj8kPKPjrbP8OsO6H58oE7nfe4r5EXsYwvovW-iWxGfXNxm6_JNbK2ws5CIUnd0YjhXzsq5kvoYF6WPst_iToT0MnYfuLJSlunv0u3aT6EZLJCSLGkvQg89vg-KVQck3wKhTEFXUGFvdHhEp5qN-HGstQDXIcyTip-lelnVSUfmX9PthnTPIfMPa9krsaJqc8a9xlMOESdngV_eDO1GZFM6uRtFbVYw6wV5QJ3MfOWTO-b-pfnZU1Nujdt0yD2VrbgQqV8gv43eWvwUeUSoIfmB6FPCbSuW3Woxzh0KOQzOSCEof-b_YoZVVJmz7rLutJi2eV_HtO0AyNS9nyN9geuYwM9ZdoxV-ATgW864dHLkSHYuelU07sixTup6ELuK_dMw7hibSCy3WhYDRZYVdC33TWhzGY8G6HtBjUSuWj3eD_13PH1zb5nuWYLY7oyufcw-gVDchESlMJr0wQXkLvfrREnODG3xbzvNly5nY3IQM12FWQNf2DMqnXv9S9qASFLVirE-HYeh6f9Jt7M4zCIHAEpbRPmGk5Nc_Mm4U7oQddqV9ZQ-Vzh3z65ye3T5E1T0I1MUBuQW7P0ptX99THRvj_ByU1un4p5NtkeEr4hAXNpA5UmS423ikSDPKvIzvpzHRE9tpI_JEt56rbjInJfjN0NWqpkN4KiMdjqRAbA3EGypW-4B_VU6uWEaO_NPGrJAr8lBP2uXraUOdAvwZygp1TkHQWmLkaTvFaRdsEMtAyR01QC5o9MudGrVecrUaTrraUu5XhwrgdDrNsIngVqC_XbuSZtuHF8oTd-vezmnwDcrzvHGjb4kjNyHXl3NdUScf3EIJfG9RZZjhyWqpcIou_jWSpbUbfSOyWphVNQ3yBbSh7AVE4-_UhjSqfKS1I9uiNoxQTlTUoQYTo9v30AB-QuHz8Ly8MM_Qi0c81xHCo1qn4aKzBJ_1dbslX7vuh_GHH-QuLU-X0xC0kjJWeowcv9LTq_nFrBBlNeAy3j7p8HQ7OfyY5-TvNISWzSBKsxN5S7-p2e7MlE9psH4i24DaV60KB30UgH2E08dYZIBbzgfYtIXbZYbKVpmIse5OEhMgZZpi4rtxKJEZi9p7YDQirhCPRVi3VJ4KLFzuyRS2F4X0s4ERSv4UEVphLp0TgYJUeI4gM4lBA3bkzpQrI6CrJZC-tHvUFVqRXucTi8zp-H-REUtpK9YXMODCICSa82Yg0zLk2hVeUz9Anw1wgtC5Lj7tYPAc6Jh6SDnI10BFSkElhEL4FvuNVm7FVnA9cIyToCkE2PzlvqhfakQ1slAoY40G0Bvnmlw1nj3oW46XbNjspwgkils-EjsvSalWv5s4Lsi7uRdYbS_mHNO5D7PXgU6npwrocrhlQt2Z8WpHUKNUD97F7Baou7686p9zzZ1zHc_97NdYYdJhJSmQTfpebW4IBacrGQl3x3jgAMBfnGktlCor69FgpgKsTArqiZRhIg8kJP56m-zz7dIOsjLP0ec43BIprecW74uf6bFzE1GnGB2z-yKB4-8bU2D4uTeHUhReUgTyWxX7fY92EA7HkCbxKcfoPNmKWI_tI38nfc3hL9vc6WiyPEBSM5gkWyI6hJ-HARkwgZu8_tSWjKdJ24AWEWEEZ6u3USv9Lgmu0VK5NeNLOKlxmcIbJl0KkajZgUWulflsCuj8qe1GmHUGZdHfifAC8dMM71X7CbTgVvqRuspEwNKh33u3acjSD3m9wSEvlcMfpXmKQ2Zb_bFFASZOiV7aMGc6a-QOFe2DYKxU771H10BTFvAqKuk6YWr8uvsaxQ4BJIyaA&cid=CAQSGwDq26N9u4pK3Bk8Y1UPH5ig2wEPGwXzafD4_RgBIAo&rfl=2%2Chttps%253A%252F%252Fkresy.pl%252F%240
Frame ID: 83FB7A622B21033C8ECFC9C0181D55F5
Requests: 15 HTTP requests in this frame

Frame: https://www.googletagservices.com/dcm/dcmads.js
Frame ID: C09853DB4A96669A22365633AA2DDB96
Requests: 28 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ64bnAhiI64rdATAB&v=APEucNVNgrY_UdERqygeTr-MJXPyuIFhnEZd-FQyAUDJpkFzFwGQ7lnkrY90grSw3URu65QnzgWMsJDOCUSvui0KKBXLlYNE8qk0jbdHSFtEmyg2Hu9Wb0vWAmjbEgm9VMtDJcRVOdnhYfgFwArqxikKaJ8SMsrE3SW9UE-kYXYEYOvsTOnr56e13bPvTRsQYEM7ckKgXp0_ps3JLi3v-s5hWoSf2_mtYusoVfkLZ_2t48c6HrlRJ6A
Frame ID: 535F4F13700FED1B54597A8FB4395AF5
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ64bnAhiI64rdATAB&v=APEucNXPV2Ku3pV7c-L4GMTimn9dDeRzeXHNDSUOdRZinPLeCpHRqycrwVbfHjJsiqiZzQA_x7lM-2eUnMzZV4LMMkuroveWZMDmhBWoCb62R7EkuT7a4CBAgd1zseBmtMZr7arqvJ1C8JtLwNr0EcYtZCpMfEMEtXVjRZ7mCIBwKyyd1pftdd1b34mzGSAWp9eStDsKf2zbmfWHy9SICq13aaOf6iU_XgwW54nP_xta_u6NFUtzF4I
Frame ID: ACF67E128019D628FEE2930828FC62ED
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 36F8FCDD1B1D91B32E4756410679E13E
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 19E81B17B2220C734088734F70BC3D12
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/OU_aD-3-G2pcaJqwlUagl315JVS_daCE4k47Wxj7Xso.js
Frame ID: 9357BF9F23683CBE77EF6E6BA25EB571
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=2030592
Frame ID: 51164D3AB72FE7D6603EF1C1324FDC31
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=2030592
Frame ID: 69075558A606EC3E01A6212384C78279
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=2030592
Frame ID: 6641428CFCD66CCAA0341AD1C1CE775F
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=2030592
Frame ID: 5CA2CB82A62FCE73ECFC6A71C74F583B
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/OU_aD-3-G2pcaJqwlUagl315JVS_daCE4k47Wxj7Xso.js
Frame ID: 1F3C911AB5AB1BD4C8BEA1C3D9FBAB58
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/OU_aD-3-G2pcaJqwlUagl315JVS_daCE4k47Wxj7Xso.js
Frame ID: 9715CEB4F8D44EFFB455AE1D44F790F4
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: AD07E0CCB5F427516917CDAD6FBF3714
Requests: 3 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=2030592
Frame ID: F7E065283A0C7B6A4492841DC30C309C
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=2030592
Frame ID: F086B7E78EA87E453DB58A826AAA7A8A
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 8FED8CFD22651BC8363405190E525B6F
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 3E6D4A59999F4570AE27A74FF9EDAAD7
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: E04028E89AD1FFA02C0F573D585ADA30
Requests: 3 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=2030592
Frame ID: 5826C77424E9C5E60DCF7FAF217D1513
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=2030592
Frame ID: B902A0F3EEFEC77C2168BBB04DAC04B7
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=2030592
Frame ID: 24926C4EF7C23F3B01045712335EF67E
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=2030592
Frame ID: 1A1F0BD0969A6C8B4B31E4B0B5EBC7D9
Requests: 1 HTTP requests in this frame

Frame: https://hal900023.redintelligence.net/request_content.php?s=22272800078875306783187012198023&a=85005784
Frame ID: D49BC165AD4BA6A4FAA5FE06B6ED7650
Requests: 12 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
Frame ID: 7DB50413DE9B34DC32F0D8A276C8C3B0
Requests: 10 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 31A825D15BA2720939E716C1B972391E
Requests: 3 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=2030592
Frame ID: 27A2D54338E0754B82FA2DB87EEDAFFF
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: B11480AA1DB4A3C48122301D0379C671
Requests: 3 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=2030592
Frame ID: DE9D330581B9EEFFC3ABF64368647845
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=2030592
Frame ID: A4195F9F49D5EE5762CB824708427307
Requests: 1 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/5702536393117632765/index.html
Frame ID: 2CE473D3FAEF2416E839A6AA3657B2A5
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 785BD1185ED99E9FA1412931BFB0AF81
Requests: 3 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 968FC4DAEFB56DCC6CD510213C1CB3EE
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 0B05D3808236BDFF94C560E443C0BFF0
Requests: 2 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Frame ID: 9D35C0AEBB2D644BEFCBE661B22BC01B
Requests: 20 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 689D67D0CAA730131CDB4C26F6269FBE
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Frame ID: 0682FBEEAF221BEADE7809A2F90726B9
Requests: 7 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 8698D7A56496FCB9ED9BA492412C18C5
Requests: 2 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Frame ID: 0EC2AF963060D882739CEB2AA037F009
Requests: 7 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 993F4A78DC37FBA3DC7E3ECCD6A1A8D5
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 6F66AD4FD4F7CC0F75145DD604504316
Requests: 2 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Frame ID: C87ADC2F42E6281C5868AF300B0E279C
Requests: 7 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 4B660C0839BA5C7D9FF3749B16FD4E41
Requests: 2 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: DFC547565F4254B5ED0F04E1B7F953A1
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Frame ID: F7F015282695C93210AAA2F93A0063ED
Requests: 7 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: F2F4D078D07C9A7A5ECDB58EF9A63419
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 65184C6F6DE98D568D47FF880435D3B2
Requests: 2 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 6D1FEAB7EFFE43C30D92F6EFCECC68C5
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: F63EA42B88388E5959FB0D11776B4067
Requests: 2 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Frame ID: E948C0798F23917B6042AD42195D3DED
Requests: 7 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 2DFA93D293C7A5B8D2F6BF250C788812
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Frame ID: F332FB6E86B98DA86DB2EE28BD73F6C3
Requests: 7 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 0072B4A900B732F6CEA837E3C82CA9FD
Requests: 2 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Frame ID: 603CEC8BA6CF5C12802ADA4F5FFE078E
Requests: 7 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: EFFC1546A19C483E0F9E146C55DB6C59
Requests: 2 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: F2D38075AF14DDDB15CEBB440715D7B6
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 3E085A564C4D5798419FFF282584D7EA
Requests: 2 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 249CB8496628FC3317A2627C0265E107
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Frame ID: 80F48A4062971743169593851518D78F
Requests: 7 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Frame ID: B11B70ED4994D3F5A52B3C7E9C168B8C
Requests: 7 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: DB73B8F4CD7B1F54D556AB145ADD5237
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: A51EB3F84652DBF5B93507DE5F47D657
Requests: 2 HTTP requests in this frame

Frame: https://s1.adform.net/Banners/Elements/Files/160090/12153522/12153522.js?ADFassetID=12153522&bv=516
Frame ID: 5EE22420C34FF9A16DA5A519D2F8EA51
Requests: 18 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Frame ID: 35B6F0BD9A99259A60B2410591F5C5F8
Requests: 6 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 226E1144B436B9D7E70C704550F24015
Requests: 2 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 8864A1F36883BBF5119CD271650507B8
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Frame ID: 75D232405B120B8DD5BB0F23B2760392
Requests: 6 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: C546B1C94BFAF0BC7418BF4D645A71A2
Requests: 2 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: B3FAFB27973A9C6804274276FF4F53B1
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 4DF5A6958F7D78DB3521092807BC0A4B
Requests: 2 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 1D248E59862262346BD471A0CE2A24F5
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Frame ID: FF1DA7A70B548E7968373F2AC525DE61
Requests: 6 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 46602D2ADB58D24C0E058E7676B00FAF
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Frame ID: 21F9F1D81849FA5401CC194B2DF47560
Requests: 6 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 92D3AF9E7506CB902ECA30BBCAD9AD86
Requests: 2 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Frame ID: 0E81FD8576C96741AAC5FB51CAA68B18
Requests: 6 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: E957F659174736B7FC9799992C95DCDC
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 1308672B9602A1B69F92D71182409188
Requests: 2 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Frame ID: 964EE472917611DB4B52219FB2D2BDBB
Requests: 6 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: C6F7D1A27E153517304EA598F2CA655B
Requests: 2 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: C378B36AFB2AC7CA04003383FFF01DF6
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 2D7A04776E084324639DDDA595496DFC
Requests: 2 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 8723D03751C62E187568F36EC084FDDA
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Frame ID: 88EA75C088B8590C130A1ADA988B358D
Requests: 7 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Frame ID: 42C43556DDADAA1AF862EBB4F5B8FC97
Requests: 7 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: BC55FEB2E039B29A54B478CB62FDCBD1
Requests: 2 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 1C00C212DF7B2CA83E7F68A4D6C1884E
Requests: 1 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?party=14&cid=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=0&gdpr_consent=
Frame ID: 8F926C0B556261635DC7C76FD860BE8A
Requests: 1 HTTP requests in this frame

Frame: https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent=
Frame ID: 597415B1BF466E1D5439328553AAF560
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/dcm?pid=3b882453-6770-4785-baf8-a598533c054a&id=FC664E40-1D0C-4169-A69F-C6161527EB7F&redir=true&gdpr=0&gdpr_consent=
Frame ID: 5D49FFAAF29207283E7D8156495420A9
Requests: 1 HTTP requests in this frame

Frame: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Frame ID: 1D18501E7D43107204EE67645E53F71A
Requests: 1 HTTP requests in this frame

Frame: https://sync.technoratimedia.com/services?srv=cs&pid=73&uid=AA5cBU7HdU8AACC6j2vCZg&cb=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26gdpr%3D0%26userid%3D3142036600569924402%26gdpr%3D0%26gdpr_consent%3D%26bee_sync_partners%3Dpm%26bee_sync_current_partner%3Dsyn%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D4&gdpr=0
Frame ID: B627855E96803B418542BAD0C2F91A4B
Requests: 1 HTTP requests in this frame

Frame: https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent=
Frame ID: 2A1FE8B31EBE5064D5A90040AF0CD8A6
Requests: 1 HTTP requests in this frame

Frame: https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent=
Frame ID: 3B9ED432EECFACE2CA3C8C55430F83A9
Requests: 1 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: E918A89A557818A68310D8D27D32067F
Requests: 1 HTTP requests in this frame

Frame: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Frame ID: 20D8FB278FA5E7C4CD85046450EA4F50
Requests: 1 HTTP requests in this frame

Frame: https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
Frame ID: AF1F62AD3571D369E444BDA600EC8154
Requests: 1 HTTP requests in this frame

Frame: https://ums.acuityplatform.com/tum?umid=6
Frame ID: CF430D09FC9C61D76CD7E09C398CB80C
Requests: 1 HTTP requests in this frame

Frame: https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent=
Frame ID: 84125674CD94E39158D704F5F6CD8702
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:sqat4b7Z1PetM15&gdpr=0&gdpr_consent=
Frame ID: 4E41D2C49DFB8378737366786F44F7DC
Requests: 1 HTTP requests in this frame

Frame: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Frame ID: 432789AF5278E9354F3035CF5F5A8850
Requests: 1 HTTP requests in this frame

Frame: https://px.owneriq.net/noop?ct=image%2Fgif
Frame ID: 68644F0F5905D65FE45A753A1CA32ECB
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTkmdGw9NDMyMDA=&piggybackCookie=t0wmqaag8ow2
Frame ID: 135301E6CAF87D31B6F310A89DD4BFC2
Requests: 1 HTTP requests in this frame

Frame: https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=FC664E40-1D0C-4169-A69F-C6161527EB7F
Frame ID: 9133285E1AEFE5E3BFE614617DCBDBC2
Requests: 1 HTTP requests in this frame

Frame: https://choices.trustarc.com/get?name=admarker-icon-tr.png
Frame ID: DC27FAADF9D3AE11BE502C3772EF1CC0
Requests: 2 HTTP requests in this frame

Frame: https://choices.trustarc.com/get?name=admarker-icon-tr.png
Frame ID: 8DA3522559B3F6D49459581FE6AC0CF4
Requests: 2 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
Frame ID: 2F143878B63138EA61F40A6E915F8DC5
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=caec47e7-dde4-4ea7-b761-a6ead9c679dd
Frame ID: BB612C8D4C665C53FE197906A484175A
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=4wbEUFcJQPdDnuC6bXjU1Nly2hs
Frame ID: 04D418C10C5142337A9D565B1FF11283
Requests: 1 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=690074008
Frame ID: C361964902A0C5EE486E52B9BD93591F
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:69523958190D401695BC3F4D843FF8B6&gdpr=0&gdpr_consent=
Frame ID: D4ACF2426705FE0AA2FA3949216231F7
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=orsw1G7wD12i6ubEt6e6Yw
Frame ID: 814E6B47ACEA5AE569CFD50EC9BF8AAD
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
Frame ID: 5D66480D524E5004CB5BA8AFFA15396A
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=a4ae893c-a80e-4412-b6a8-56766896647c
Frame ID: 9E5B812E7367B28A577653DA898BDB9C
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=1JH85z35QSVjoGTgVAcQc9ly2hs
Frame ID: 3B5F6706C6CE0CC2386F4179E98D83B6
Requests: 1 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=739940594
Frame ID: 4EC38FEA8E49AB534F023622B5B2E742
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:69523958190D401695BC3F4D843FF8B6&gdpr=0&gdpr_consent=
Frame ID: 3EEA20A65ACBB43EFAE2670507DD09B7
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=s1yRClZyCn28geQdt6e6Yw
Frame ID: E7E241E572980A192B184F15E6AE5D7F
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
Frame ID: 59D24F9A320AEA31FCC81B5542E40CF1
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=0d9f2299-90e5-4eff-8aee-a8642bc34c32
Frame ID: 91B90167391DAD995B3811FF4468AB6B
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=FqDBpn7NSMdMDrAxZvlNmdly2hs
Frame ID: 0A9F0B655FB3D4C3D612FA3781973C21
Requests: 1 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=6248985971
Frame ID: 5610C709BE32A242AE31268882F430D3
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:69523958190D401695BC3F4D843FF8B6&gdpr=0&gdpr_consent=
Frame ID: 1FF5DB32C4718B3C31F05ECD494B4B76
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=nZkck4hYAn63dI-ct6e6Yw
Frame ID: BBB00AA044D72B71A3B9933E49B1DBE8
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
Frame ID: CA8EF8BBC0462F94EC8577689A04D001
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=fc1b8e89-8410-43c2-9d98-f3c0c8db2ded
Frame ID: CAB469E3C6D93479DB9483872A5908B5
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=GxDfqZMxT8BO0TMmFOA5f9ly2hs
Frame ID: FC26040DC2B9AA1689E852F987C11BD5
Requests: 1 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=3581863977
Frame ID: DA4A7CB19452B74C29A05BF0AEC57026
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:69523958190D401695BC3F4D843FF8B6&gdpr=0&gdpr_consent=
Frame ID: 9A988677C7766D48B029EC7E73C09BD9
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=tzJyaYULA6WAeMCVt6e6Yw
Frame ID: 40CCE24D2D40A81CAB1EC78D20595DA2
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
Frame ID: 90101EEE114F15FA9153334A4C2B656F
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=7e7c368b-58d1-43e3-88b6-1699a55b307e
Frame ID: 0942582BC7707695A984B762A066E1FB
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=gn3kVDKYSAFiVGjzKhv-vdly2hs
Frame ID: 36295728D5CA44BBDB4BCE4761EC934B
Requests: 1 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=7764146630
Frame ID: E514F94E3CA12454C7B607DBE30D3060
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:69523958190D401695BC3F4D843FF8B6&gdpr=0&gdpr_consent=
Frame ID: 6CC9AA995BD78EB487487AB4D8A27AC8
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=lj1R9_HpDMOeh6fVt6e6Yw
Frame ID: 308F879D29A53BC301C6B53D65D69126
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
Frame ID: 306A974DCBB3E4BD23518B40CFF9F898
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=c4b576a8-2c49-4e71-bdc1-f3322cfe72fd
Frame ID: E85C80E0631FBC692E81673D3D06D8B7
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=fm9Twt9USxxuBk6SPlPKFdly2hs
Frame ID: 726D45D63E97383737E5471603036435
Requests: 1 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=4018854905
Frame ID: BF8CC49C1B8679AB8B0EDAC5DD993B13
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:69523958190D401695BC3F4D843FF8B6&gdpr=0&gdpr_consent=
Frame ID: E867511950D791A7C8030B3187896A50
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=RCwb06O2DxON-N4Yt6e6Yw
Frame ID: B27A48014727CCB3CC7CB46861351CE0
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
Frame ID: FE43E31040059AC0CEB2E6EC13D8EA64
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=ea47ba91-8c63-4275-9788-2436797abc15
Frame ID: BF89C361002688AA9EAD4530D8FBE605
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=SiUKDfyOQL9aZjF23dHXt9ly2hs
Frame ID: 2CB9202BB338AC7545523144B0184904
Requests: 1 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=6082781188
Frame ID: 294E361DB3526293D3A84EAAE793AA85
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:69523958190D401695BC3F4D843FF8B6&gdpr=0&gdpr_consent=
Frame ID: 31B5CB37D004E2336217C2DAE5545FDD
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=RYi49kTlDXW78HfJt6e6Yw
Frame ID: 28265A658509D0EB6DD35E4D0ED6C363
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
Frame ID: 27E2FF0551E8AECC1E4563727DAE6532
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=98f1ee8b-74ad-47bd-9a6b-c84cdde59c69
Frame ID: 2132403432248CBBDDD0CB26B1521713
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=T1GOtTFnQjhQgGvNt6Qipdly2hs
Frame ID: AF1681FD35EE70BEE1226E300EEF4C14
Requests: 1 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=735525043
Frame ID: E1CB9DE3F21B97E065F47F0CDED9F6FE
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:69523958190D401695BC3F4D843FF8B6&gdpr=0&gdpr_consent=
Frame ID: 36F08AC17CADE11B10DFD30C1B9A2169
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=1_PqpcCsADG-BhAEt6e6Yw
Frame ID: 0B95815D4142C18648D10623462B96EC
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
Frame ID: A1B2398873825E82E6ADCF64A6940264
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=46898e21-a644-4df4-aca9-9ce428421390
Frame ID: E5A4D8080148B5BF28E63877E98D5EAA
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=WjyCYBVaTQxwI3CkahAPq9ly2hs
Frame ID: 59D853365801A0B9110B32064C877CAB
Requests: 1 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=1864459052
Frame ID: 242FA48A28EF0F78D41B4DAAB305FEDB
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:69523958190D401695BC3F4D843FF8B6&gdpr=0&gdpr_consent=
Frame ID: A39D096ABBD676484B34B95E14DBDD35
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=g41ldnf1C1-669XguKe6Yw
Frame ID: 6EBD0BFF8BE702233754F6E9BEFA701D
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Węgry zbudują fabrykę materiałów wybuchowych we współpracy z niemieckim Rheinmetall » Kresy - wiadomości, wydarzenia, aktualności, newsy

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

PayPal (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

paypalobjects\.com

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Crownpeak (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

c\.evidon\.com

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Lightbox (JavaScript Libraries) Expand

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Quantcast Choice (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

quantcast\.mgr\.consensu\.org

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Select2 (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

select2(?:\.min|\.full)?\.js

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

1447
Requests

93 %
HTTPS

32 %
IPv6

98
Domains

148
Subdomains

112
IPs

12
Countries

29618 kB
Transfer

53891 kB
Size

124
Cookies

19 Outgoing links

These are links going to different origins than the main page.

URL: https://kompaniahandlowa.pl/
Title: Koszulka Elementum meum libertas.130,00 zł

Search URL Search Domain Scan URL

URL: https://facebook.com/KresyPL
Title: Kresy.pl na facebooku

Search URL Search Domain Scan URL

URL: https://twitter.com/KRESYPL/
Title: Kresy.pl na Twitterze

Search URL Search Domain Scan URL

URL: https://twitter.com/kresypl

Search URL Search Domain Scan URL

URL: https://facebook.com/KresyPL/

Search URL Search Domain Scan URL

URL: https://www.altair.com.pl/news/view?news_id=38951
Title: Altair.com.pl

Search URL Search Domain Scan URL

URL: https://www.rheinmetall.com/en/rheinmetall_ag/press/news/latest_news/index_37312.php
Title: rheinmetall.com

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/&t=W%C4%99gry%20zbuduj%C4%85%20fabryk%C4%99%20materia%C5%82%C3%B3w%20wybuchowych%20we%20wsp%C3%B3%C5%82pracy%20z%20niemieckim%20Rheinmetall
Title: Udostępnij na Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/share?text=W%C4%99gry%20zbuduj%C4%85%20fabryk%C4%99%20materia%C5%82%C3%B3w%20wybuchowych%20we%20wsp%C3%B3%C5%82pracy%20z%20niemieckim%20Rheinmetall&url=https://kresy.pl/?p=859296
Title: Udostępnij na Twitter

Search URL Search Domain Scan URL

URL: https://plus.google.com/share?url=https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
Title: Udostępnij na Google+

Search URL Search Domain Scan URL

URL: https://pinterest.com/pin/create/button/?url=https%3A%2F%2Fkresy.pl%2Fwydarzenia%2Fwegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall%2F&description=W%C4%99gry%20zbuduj%C4%85%20fabryk%C4%99%20materia%C5%82%C3%B3w%20wybuchowych%20we%20wsp%C3%B3%C5%82pracy%20z%20niemieckim%20Rheinmetall&media=https%3A%2F%2Fkresy.pl%2Fwp-content%2Fuploads%2F2023%2F01%2FRheinmetall-amunicja-30x173-mm-APFSDS-T-i-TPFDS-T.-Zdj.-ilustr.-Fot.-wikimedia-705x443.jpg
Title: Udostępnij na Pinterest

Search URL Search Domain Scan URL

URL: https://linkedin.com/shareArticle?mini=true&title=W%C4%99gry%20zbuduj%C4%85%20fabryk%C4%99%20materia%C5%82%C3%B3w%20wybuchowych%20we%20wsp%C3%B3%C5%82pracy%20z%20niemieckim%20Rheinmetall&url=https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
Title: Udostępnij na Linkedin

Search URL Search Domain Scan URL

URL: https://www.tumblr.com/share/link?url=https%3A%2F%2Fkresy.pl%2Fwydarzenia%2Fwegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall%2F&name=W%C4%99gry%20zbuduj%C4%85%20fabryk%C4%99%20materia%C5%82%C3%B3w%20wybuchowych%20we%20wsp%C3%B3%C5%82pracy%20z%20niemieckim%20Rheinmetall&description=Na%20W%C4%99grzech%20z%20udzia%C5%82em%20niemieckiego%20koncernu%20Rheinmetall%20powstanie%20fabryka%20materia%C5%82%C3%B3w%20wybuchowych%2C%20s%C5%82u%C5%BC%C4%85cych%20do%20produkcji%20amunicji.%20Produkcja%20ma%20ruszy%C4%87%20do%202027%20roku.%20G%C5%82%C3%B3wnym%20odbiorc%C4%85%20b%C4%99dzie%20Rheinmetall.%20W%C4%99gry%20wybra%C5%82y%20Denel%20Munition%2C%20po%C5%82udniowoafryka%C5%84ski%20oddzia%C5%82%20niemieckiego%20koncernu%20Rheinmetall%2C%20na%20na%20dostawc%C4%99%20technologii%20produkcji%20heksogenu%20%28RDX%2C%20Research%20Department%20eXplosive%29.%20W%20w%C4%99gierskim%20mie%C5%9Bcie%20V%C3%A1rpalota%20ma%20powsta%C4%87%20zak%C5%82ad%2C%20kt%C3%B3ry%20b%C4%99dzie%20produkowa%C5%82%20heksogen%20%5B%E2%80%A6%5D
Title: Udostępnij na Tumblr

Search URL Search Domain Scan URL

URL: https://vk.com/share.php?url=https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
Title: Udostępnij na Vk

Search URL Search Domain Scan URL

URL: https://reddit.com/submit?url=https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/&title=W%C4%99gry%20zbuduj%C4%85%20fabryk%C4%99%20materia%C5%82%C3%B3w%20wybuchowych%20we%20wsp%C3%B3%C5%82pracy%20z%20niemieckim%20Rheinmetall
Title: Udostępnij na Reddit

Search URL Search Domain Scan URL

URL: https://www.paypal.com/donate/?cmd=_s-xclick&hosted_button_id=JZ2K4A6YUBC28
Title: Wspieram jednorozowo

Search URL Search Domain Scan URL

URL: https://www.theguardian.com/world/2023/jan/06/russia-preparing-mobilise-extra-500000-conscripts-claims-ukraine
Title: pisze

Search URL Search Domain Scan URL

URL: https://polt.pl/
Title: POLT.pl - Strony i sklepy internetowe

Search URL Search Domain Scan URL

URL: https://www.webpushr.com/
Title: Webpushr

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 515

https://track.scoota.co/serve?bid_id=1951772018706946693&delivery_id=a4063513-e4df-4114-b27e-eb96b5221ee8&domain=kresy.pl&cachebuster=279801505&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008550&ts=1673177008550&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008550 HTTP 301
https://assets.scoota.co/serving/31880/placement.js?ts=1673177008550

Request Chain 518

https://go.affec.tv/i/611cd427bc326a56c7c4e2d1?auction_id=1951772018706946693&tag_id=22885805&creative_id=409830601&creative_size=970x250&reserve_price=0&price_paid=0.00739&bid_price=0.00739&ecp=0.21&referer_url_enc=https%3A%2F%2Fkresy.pl%2F&user_id=2028049306522560814&user_ip=217.114.218.27&age=0&gender=u&session_freq=-1&adv_id=3671963&cpg_id=19540231&cp_id=279904487&seg_ids=&adv_freq=0&site_id=5743058&publisher_id=2030592&inv_class=&inv_source_id=&geo_lat=&geo_lon=&ext_app_id=&msft_app_id=${MSFT_APP_ID}&device_md5=&device_sha1=&device_openudid=&device_odin=&device_apple_ida=&device_make_id=0&device_model_id=0&carrier_id=1 HTTP 302
https://map.go.affec.tv/map/af/?gdpr=&gdpr_consent=&redirect_url=%2F%2Fgo.affec.tv%2Fpx HTTP 303
https://secure.adnxs.com/getuid?https%3A%2F%2Fmap.go.affec.tv%2Fmap%2Fan%2F%24UID%3Fch%3D63baa7b1dd6505000163dd51%26chc%3Daf%26gdpr%3D%26gdpr_consent%3D%26redirect_url%3D%252F%252Fgo.affec.tv%252Fpx HTTP 302
https://map.go.affec.tv/map/an/2028049306522560814?ch=63baa7b1dd6505000163dd51&chc=af&gdpr=&gdpr_consent=&redirect_url=%2F%2Fgo.affec.tv%2Fpx HTTP 303
https://go.affec.tv/px

Request Chain 526

https://track.scoota.co/serve?bid_id=8666453536827556983&delivery_id=5f6e1fb6-b0ed-4657-b676-7fb29b5006ae&domain=kresy.pl&cachebuster=1600130912&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008584&ts=1673177008584&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008584 HTTP 301
https://assets.scoota.co/serving/31880/placement.js?ts=1673177008584

Request Chain 529

https://go.affec.tv/i/611cd427bc326a56c7c4e2d1?auction_id=8666453536827556983&tag_id=22885805&creative_id=409830601&creative_size=970x250&reserve_price=0&price_paid=0.00739&bid_price=0.00739&ecp=0.21&referer_url_enc=https%3A%2F%2Fkresy.pl%2F&user_id=2028049306522560814&user_ip=217.114.218.27&age=0&gender=u&session_freq=-1&adv_id=3671963&cpg_id=19540231&cp_id=279904487&seg_ids=&adv_freq=0&site_id=5743058&publisher_id=2030592&inv_class=&inv_source_id=&geo_lat=&geo_lon=&ext_app_id=&msft_app_id=${MSFT_APP_ID}&device_md5=&device_sha1=&device_openudid=&device_odin=&device_apple_ida=&device_make_id=0&device_model_id=0&carrier_id=1 HTTP 302
https://map.go.affec.tv/map/af/?gdpr=&gdpr_consent=&redirect_url=%2F%2Fgo.affec.tv%2Fpx HTTP 303
https://secure.adnxs.com/getuid?https%3A%2F%2Fmap.go.affec.tv%2Fmap%2Fan%2F%24UID%3Fch%3D63baa7b1dd6505000163dd52%26chc%3Daf%26gdpr%3D%26gdpr_consent%3D%26redirect_url%3D%252F%252Fgo.affec.tv%252Fpx HTTP 302
https://map.go.affec.tv/map/an/2028049306522560814?ch=63baa7b1dd6505000163dd52&chc=af&gdpr=&gdpr_consent=&redirect_url=%2F%2Fgo.affec.tv%2Fpx HTTP 303
https://go.affec.tv/px

Request Chain 532

https://track.scoota.co/serve?bid_id=7379796288815871095&delivery_id=fad5fb22-6ac2-4ccf-97ea-6eb12e46c096&domain=kresy.pl&cachebuster=671432163&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008606&ts=1673177008606&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008606 HTTP 301
https://assets.scoota.co/serving/31880/placement.js?ts=1673177008606

Request Chain 535

https://go.affec.tv/i/611cd427bc326a56c7c4e2d1?auction_id=7379796288815871095&tag_id=22885805&creative_id=409830601&creative_size=970x250&reserve_price=0&price_paid=0.00739&bid_price=0.00739&ecp=0.21&referer_url_enc=https%3A%2F%2Fkresy.pl%2F&user_id=2028049306522560814&user_ip=217.114.218.27&age=0&gender=u&session_freq=-1&adv_id=3671963&cpg_id=19540231&cp_id=279904487&seg_ids=&adv_freq=0&site_id=5743058&publisher_id=2030592&inv_class=&inv_source_id=&geo_lat=&geo_lon=&ext_app_id=&msft_app_id=${MSFT_APP_ID}&device_md5=&device_sha1=&device_openudid=&device_odin=&device_apple_ida=&device_make_id=0&device_model_id=0&carrier_id=1 HTTP 302
https://map.go.affec.tv/map/af/?gdpr=&gdpr_consent=&redirect_url=%2F%2Fgo.affec.tv%2Fpx HTTP 303
https://secure.adnxs.com/getuid?https%3A%2F%2Fmap.go.affec.tv%2Fmap%2Fan%2F%24UID%3Fch%3D63baa7b18d451b00013ce235%26chc%3Daf%26gdpr%3D%26gdpr_consent%3D%26redirect_url%3D%252F%252Fgo.affec.tv%252Fpx HTTP 302
https://map.go.affec.tv/map/an/2028049306522560814?ch=63baa7b18d451b00013ce235&chc=af&gdpr=&gdpr_consent=&redirect_url=%2F%2Fgo.affec.tv%2Fpx HTTP 303
https://go.affec.tv/px

Request Chain 555

https://track.scoota.co/serve?bid_id=2207446029686697550&delivery_id=db5e5970-dd4f-405f-b471-8d265112bec7&domain=kresy.pl&cachebuster=122896422&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008756&ts=1673177008756&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008756 HTTP 301
https://assets.scoota.co/serving/31880/placement.js?ts=1673177008756

Request Chain 558

https://go.affec.tv/i/611cd427bc326a56c7c4e2d1?auction_id=2207446029686697550&tag_id=22885805&creative_id=409830601&creative_size=970x250&reserve_price=0&price_paid=0.00739&bid_price=0.00739&ecp=0.21&referer_url_enc=https%3A%2F%2Fkresy.pl%2F&user_id=2028049306522560814&user_ip=217.114.218.27&age=0&gender=u&session_freq=-1&adv_id=3671963&cpg_id=19540231&cp_id=279904487&seg_ids=&adv_freq=0&site_id=5743058&publisher_id=2030592&inv_class=&inv_source_id=&geo_lat=&geo_lon=&ext_app_id=&msft_app_id=${MSFT_APP_ID}&device_md5=&device_sha1=&device_openudid=&device_odin=&device_apple_ida=&device_make_id=0&device_model_id=0&carrier_id=1 HTTP 302
https://map.go.affec.tv/map/af/?gdpr=&gdpr_consent=&redirect_url=%2F%2Fgo.affec.tv%2Fpx HTTP 303
https://secure.adnxs.com/getuid?https%3A%2F%2Fmap.go.affec.tv%2Fmap%2Fan%2F%24UID%3Fch%3D63baa7b18d451b00013ce236%26chc%3Daf%26gdpr%3D%26gdpr_consent%3D%26redirect_url%3D%252F%252Fgo.affec.tv%252Fpx HTTP 302
https://map.go.affec.tv/map/an/2028049306522560814?ch=63baa7b18d451b00013ce236&chc=af&gdpr=&gdpr_consent=&redirect_url=%2F%2Fgo.affec.tv%2Fpx HTTP 303
https://go.affec.tv/px

Request Chain 572

https://track.scoota.co/serve?bid_id=7202460214858058873&delivery_id=3fdc4e55-f72c-4b5f-87e0-94ccff97d0e9&domain=kresy.pl&cachebuster=985648012&event=serve&placement_id=31881&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008795&ts=1673177008795&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31881%2Fplacement.js%3Fts%3D1673177008795 HTTP 301
https://assets.scoota.co/serving/31881/placement.js?ts=1673177008795

Request Chain 575

https://go.affec.tv/i/611cd427bc326a56c7c4e2d1?auction_id=7202460214858058873&tag_id=22885859&creative_id=409831045&creative_size=300x250&reserve_price=0&price_paid=0.00739&bid_price=0.00739&ecp=0.19&referer_url_enc=https%3A%2F%2Fkresy.pl%2F&user_id=2028049306522560814&user_ip=217.114.218.27&age=0&gender=u&session_freq=-1&adv_id=3671963&cpg_id=19540231&cp_id=279904487&seg_ids=&adv_freq=0&site_id=5743058&publisher_id=2030592&inv_class=&inv_source_id=&geo_lat=&geo_lon=&ext_app_id=&msft_app_id=${MSFT_APP_ID}&device_md5=&device_sha1=&device_openudid=&device_odin=&device_apple_ida=&device_make_id=0&device_model_id=0&carrier_id=1 HTTP 302
https://map.go.affec.tv/map/af/?gdpr=&gdpr_consent=&redirect_url=%2F%2Fgo.affec.tv%2Fpx HTTP 303
https://secure.adnxs.com/getuid?https%3A%2F%2Fmap.go.affec.tv%2Fmap%2Fan%2F%24UID%3Fch%3D63baa7b18d451b00013ce237%26chc%3Daf%26gdpr%3D%26gdpr_consent%3D%26redirect_url%3D%252F%252Fgo.affec.tv%252Fpx HTTP 302
https://map.go.affec.tv/map/an/2028049306522560814?ch=63baa7b18d451b00013ce237&chc=af&gdpr=&gdpr_consent=&redirect_url=%2F%2Fgo.affec.tv%2Fpx HTTP 303
https://go.affec.tv/px

Request Chain 578

https://track.scoota.co/serve?bid_id=3605273051021679518&delivery_id=9fb09995-9bdb-4590-9bdc-da93d9cb4c8f&domain=kresy.pl&cachebuster=2070341175&event=serve&placement_id=31881&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008799&ts=1673177008799&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31881%2Fplacement.js%3Fts%3D1673177008799 HTTP 301
https://assets.scoota.co/serving/31881/placement.js?ts=1673177008799

Request Chain 581

https://go.affec.tv/i/611cd427bc326a56c7c4e2d1?auction_id=3605273051021679518&tag_id=22885859&creative_id=409831045&creative_size=300x250&reserve_price=0&price_paid=0.00739&bid_price=0.00739&ecp=0.19&referer_url_enc=https%3A%2F%2Fkresy.pl%2F&user_id=2028049306522560814&user_ip=217.114.218.27&age=0&gender=u&session_freq=-1&adv_id=3671963&cpg_id=19540231&cp_id=279904487&seg_ids=&adv_freq=0&site_id=5743058&publisher_id=2030592&inv_class=&inv_source_id=&geo_lat=&geo_lon=&ext_app_id=&msft_app_id=${MSFT_APP_ID}&device_md5=&device_sha1=&device_openudid=&device_odin=&device_apple_ida=&device_make_id=0&device_model_id=0&carrier_id=1 HTTP 302
https://map.go.affec.tv/map/af/?gdpr=&gdpr_consent=&redirect_url=%2F%2Fgo.affec.tv%2Fpx HTTP 303
https://secure.adnxs.com/getuid?https%3A%2F%2Fmap.go.affec.tv%2Fmap%2Fan%2F%24UID%3Fch%3D63baa7b1dd6505000163dd53%26chc%3Daf%26gdpr%3D%26gdpr_consent%3D%26redirect_url%3D%252F%252Fgo.affec.tv%252Fpx HTTP 302
https://map.go.affec.tv/map/an/2028049306522560814?ch=63baa7b1dd6505000163dd53&chc=af&gdpr=&gdpr_consent=&redirect_url=%2F%2Fgo.affec.tv%2Fpx HTTP 303
https://go.affec.tv/px

Request Chain 603

https://ad.doubleclick.net/ddm/trackimp/N1153793.3855423HYBRIDTHEORY/B28820081.354377800;dc_trk_aid=545270457;dc_trk_cid=183240913;ord=1673177008883;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ltd= HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N1153793.3855423HYBRIDTHEORY/B28820081.354377800;dc_pre=CJz4j4rut_wCFY3luwgdpPYE6g;dc_trk_aid=545270457;dc_trk_cid=183240913;ord=1673177008883;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ltd=

Request Chain 611

https://ad.doubleclick.net/ddm/trackimp/N1153793.3855423HYBRIDTHEORY/B28820081.354377800;dc_trk_aid=545270457;dc_trk_cid=183240913;ord=1673177008889;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ltd= HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N1153793.3855423HYBRIDTHEORY/B28820081.354377800;dc_pre=CMn4j4rut_wCFcDiuwgdBYsNBg;dc_trk_aid=545270457;dc_trk_cid=183240913;ord=1673177008889;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ltd=

Request Chain 619

https://ad.doubleclick.net/ddm/trackimp/N1153793.3855423HYBRIDTHEORY/B28820081.354377800;dc_trk_aid=545270457;dc_trk_cid=183240913;ord=1673177008897;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ltd= HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N1153793.3855423HYBRIDTHEORY/B28820081.354377800;dc_pre=CMv_j4rut_wCFdTsEQgdU0MIKQ;dc_trk_aid=545270457;dc_trk_cid=183240913;ord=1673177008897;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ltd=

Request Chain 640

https://ad.doubleclick.net/ddm/trackimp/N1153793.3855423HYBRIDTHEORY/B28820081.354377800;dc_trk_aid=545270457;dc_trk_cid=183240913;ord=1673177008947;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ltd= HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N1153793.3855423HYBRIDTHEORY/B28820081.354377800;dc_pre=CLv-j4rut_wCFVm4ewod2CMDmw;dc_trk_aid=545270457;dc_trk_cid=183240913;ord=1673177008947;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ltd=

Request Chain 654

https://ad.doubleclick.net/ddm/trackimp/N1153793.3855423HYBRIDTHEORY/B28820081.354377800;dc_trk_aid=545270457;dc_trk_cid=183240913;ord=1673177009010;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ltd= HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N1153793.3855423HYBRIDTHEORY/B28820081.354377800;dc_pre=CMDTlorut_wCFWiTdwodxwYJBw;dc_trk_aid=545270457;dc_trk_cid=183240913;ord=1673177009010;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ltd=

Request Chain 665

https://ad.doubleclick.net/ddm/trackimp/N1153793.3855423HYBRIDTHEORY/B28820081.354377800;dc_trk_aid=545270457;dc_trk_cid=183240913;ord=1673177009017;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ltd= HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N1153793.3855423HYBRIDTHEORY/B28820081.354377800;dc_pre=CJ_Ulorut_wCFfLhuwgdTuANdQ;dc_trk_aid=545270457;dc_trk_cid=183240913;ord=1673177009017;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ltd=

Request Chain 679

https://tags.mathtag.com/notify/img?exch=ruc&s_exch=ruc&id=5aW95q2jLzIzLyAvWlRBelpHUmpObVV0WW1Nd1pTMDBNemRqTFRBd01EQXRNREF3TURBd01EQXdNREF3LzE3NjQ2ODYxMzI3MzY3NjI4NDgvMTEyMDQ0MTQvMTI3ODAzMzYvOS9rNXQyOTRaRGZ2TWtqazA5ZGdBNjFxX0V1em1xNk8wXzZDSURQMVJQZDRFLzEvOS8wLzAvMjAzOTIxNi8wLzIxNTU0My8xMjYyMTQyLzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvMTc2NDY4NjEzMjczNjc2Mjg0OC96cmgvMC8xMDQxMC8zOS85OTkvMi8yMDAxOjFiNjA6MjoyMDA6Oi8wLjAwMC8xNjczMTc3MDA4LzE2NzMxODk2MDgvOS8xNzIxMC8/tWkE7-wgdKZtI-r-QLQI1vfnMIw&nodeid=3753&group=zrh&auctionid=1764686132736762848&pbs_auctionid=1764686132736762848&shardkey=1764686132736762848&sid=12780336&cid=11204414&price=9EA28A1ECD524110&bp=a_cagefj&nfy_act=LD5wfn0&src=imp&type=burl&client=c2s&bfip=185.29.134.227 HTTP 302
https://tags.mathtag.com/ck-confirm?bid_id=1764686132736762848&node_id=3753&exch_id=9

Request Chain 737

https://cm.g.doubleclick.net/pixel?google_nid=smartstreamtv_dbm&google_cm&google_dbm HTTP 302
https://ads.smartstream.tv/cm/?cmsrc=dcm&google_gid=CAESELYErAlZoSVrfvofGsDz8IY&google_cver=1 HTTP 302
https://cm.adsafety.net/?_cmsrc=dcm&testmidt=1&testdid=CAESELYErAlZoSVrfvofGsDz8IY&idt=0&did=0&data[stv][midt]=100&data[stv][mdid]=2ed9109f867c3a37caaed37b26bb98a8&uid=2ed9109f867c3a37caaed37b26bb98a8&data[stv][idt_did_status]=added&gdpr_consent=&gdpr=0 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=admans&ttd_tpi=1&gdpr=1&gdpr_consent=

Request Chain 738

https://cm.g.doubleclick.net/pixel?google_nid=smartclip_dbm&google_cm&google_dbm HTTP 302
https://ad.sxp.smartclip.net/sync?type=host&dsp=10&dspuuid=CAESEDwzdaZjPX6RcOMaCWM4puE&google_cver=1 HTTP 302
https://ad.sxp.smartclip.net/sync?type=host&dsp=10&dspuuid=CAESEDwzdaZjPX6RcOMaCWM4puE&google_cver=1&ang_testid=1

Request Chain 766

https://cm.g.doubleclick.net/pixel?google_nid=yieldlab&google_cm&google_dbm HTTP 302
https://ad.yieldlab.net/m?dt_id=52&ext_id=CAESEHr1pxAyN5jvoAQ4MedILC8&google_cver=1

Request Chain 767

https://cm.g.doubleclick.net/pixel?google_nid=adform_dbm&google_cm&google_dbm HTTP 302
https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESELODE_JobNzGqRBFl5DZue4&google_cver=1&adform_v=1

Request Chain 768

https://cm.g.doubleclick.net/pixel?google_nid=smartstreamtv_dbm&google_cm&google_dbm HTTP 302
https://ads.smartstream.tv/cm/?cmsrc=dcm&google_gid=CAESELYErAlZoSVrfvofGsDz8IY&google_cver=1 HTTP 302
https://cm.adsafety.net/?_cmsrc=dcm&testmidt=1&testdid=CAESELYErAlZoSVrfvofGsDz8IY&idt=0&did=0&data[stv][midt]=100&data[stv][mdid]=2ed9109f867c3a37caaed37b26bb98a8&uid=2ed9109f867c3a37caaed37b26bb98a8&data[stv][idt_did_status]=not_changed&gdpr_consent=&gdpr=0 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=admans&ttd_tpi=1&gdpr=1&gdpr_consent=

Request Chain 769

https://cm.g.doubleclick.net/pixel?google_nid=smartclip_dbm&google_cm&google_dbm HTTP 302
https://ad.sxp.smartclip.net/sync?type=host&dsp=10&dspuuid=CAESEDwzdaZjPX6RcOMaCWM4puE&google_cver=1

Request Chain 770

https://cm.g.doubleclick.net/pixel?google_nid=smartstreamtv_dbm&google_cm&google_dbm HTTP 302
https://ads.smartstream.tv/cm/?cmsrc=dcm&google_gid=CAESELYErAlZoSVrfvofGsDz8IY&google_cver=1 HTTP 302
https://cm.adsafety.net/?_cmsrc=dcm&testmidt=1&testdid=CAESELYErAlZoSVrfvofGsDz8IY&idt=0&did=0&data[stv][midt]=100&data[stv][mdid]=2ed9109f867c3a37caaed37b26bb98a8&uid=2ed9109f867c3a37caaed37b26bb98a8&data[stv][idt_did_status]=not_changed&gdpr_consent=&gdpr=0 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=admans&ttd_tpi=1&gdpr=1&gdpr_consent=

Request Chain 771

https://cm.g.doubleclick.net/pixel?google_nid=smartclip_dbm&google_cm&google_dbm HTTP 302
https://ad.sxp.smartclip.net/sync?type=host&dsp=10&dspuuid=CAESEDwzdaZjPX6RcOMaCWM4puE&google_cver=1

Request Chain 782

https://cm.g.doubleclick.net/pixel?google_nid=yieldlab&google_cm&google_dbm HTTP 302
https://ad.yieldlab.net/m?dt_id=52&ext_id=CAESEHr1pxAyN5jvoAQ4MedILC8&google_cver=1

Request Chain 783

https://cm.g.doubleclick.net/pixel?google_nid=adform_dbm&google_cm&google_dbm HTTP 302
https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESELODE_JobNzGqRBFl5DZue4&google_cver=1&adform_v=1

Request Chain 827

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO5e5rMFqHtQpXqG-z2h52s&google_cver=1

Request Chain 828

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y7qnsWW3zaGr-WnHUJbxbgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO5e5rMFqHtQpXqG-z2h52s&google_cver=1

Request Chain 829

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEChYt0gBh2uVqUzstA67JgA&google_cver=1

Request Chain 830

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjAyODA0OTMwNjUyMjU2MDgxNA%3D%3D

Request Chain 840

https://hal900023.redintelligence.net/request.php?zone=qcnz3il3mbuc&nw=20&renderingType=javascript&namespace=0dda538860&subid=&uid=e43c682b0c84b6d0&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aruc&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D1cdf1942e01b0880c87179d193f3caa15506e76e%26mt_aid%3D1764686132736762848%26mt_id%3D11204414%26mt_adid%3D215543%26mt_sid%3D12780336%26mt_exid%3D9%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D695b63ba-a7b1-4001-a45b-b92890f35042%26mt_cid%3D695b63ba-a7b1-4001-a45b-b92890f35042%26mt_3pck%3Dhttps%253A%2F%2Fbeacon-nf.rubiconproject.com%2Fbeacon%2Fv3%2Ft%2Ffra2%2F0%2F48826c9f-2e22-4293-836d-e96a87629420%2F%26redirect%3D&documentReferer=https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Dehgguw%26e%3D1250011214715&ancestorOrigins=https%3A%2F%2Fguandads.com%2Chttps%3A%2F%2Fkresy.pl&random=384744200761&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900023.redintelligence.net/request.php?zone=qcnz3il3mbuc&nw=20&renderingType=javascript&namespace=0dda538860&subid=&uid=e43c682b0c84b6d0&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aruc&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D1cdf1942e01b0880c87179d193f3caa15506e76e%26mt_aid%3D1764686132736762848%26mt_id%3D11204414%26mt_adid%3D215543%26mt_sid%3D12780336%26mt_exid%3D9%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D695b63ba-a7b1-4001-a45b-b92890f35042%26mt_cid%3D695b63ba-a7b1-4001-a45b-b92890f35042%26mt_3pck%3Dhttps%253A%2F%2Fbeacon-nf.rubiconproject.com%2Fbeacon%2Fv3%2Ft%2Ffra2%2F0%2F48826c9f-2e22-4293-836d-e96a87629420%2F%26redirect%3D&documentReferer=https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Dehgguw%26e%3D1250011214715&ancestorOrigins=https%3A%2F%2Fguandads.com%2Chttps%3A%2F%2Fkresy.pl&random=384744200761&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 890

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 1039

https://token.rubiconproject.com/token?pid=25470 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TENOQUUxWEgtMTktQzdNVw==

Request Chain 1040

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEPmTsrFLaTtRuCjmL5U6yhI&google_cver=1

Request Chain 1041

https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=OGY4NTQ4ZWNkZDUyYTg0MjBiM2M3MzY5MjcxY2RmYWU2Zjg4YTk1Yg

Request Chain 1042

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=TCIuxA2JSJG5LjzPkDYZ-g&rk=usync-na HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=TCIuxA2JSJG5LjzPkDYZ-g

Request Chain 1043

https://token.rubiconproject.com/token?pid=36584 HTTP 302
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LCNAE1XH-19-C7MW

Request Chain 1044

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/rubicon/k5ZRxy0wVXlIQAwZ6hzPp8n5EUdSAgOZEtemQ7w0kco?csrc= HTTP 302
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-dw2bgS1E2oKTWsfDlvrWEsVrrWSbGswq.0grsA--~A

Request Chain 1046

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id= HTTP 302
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=MKQmamumQdCLSG2MCqaZQw&rk=usync-other HTTP 302
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=MKQmamumQdCLSG2MCqaZQw

Request Chain 1051

https://image8.pubmatic.com/AdServer/ImgSync?p=156383&us_privacy=1--- HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?p=156383&us_privacy=1---&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=MDMwN0Y3MjAtMzlDNi00REE4LThFODctQkQyRUNGRjk5OENB&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=

Request Chain 1053

https://image8.pubmatic.com/AdServer/ImgSync?p=156383&us_privacy=1--- HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?p=156383&us_privacy=1---&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NEU3QkRBOEUtNzhGMC00QTAxLUI2MTctNDk0N0RDOUU0MTk1&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=

Request Chain 1055

https://image8.pubmatic.com/AdServer/ImgSync?p=156383&us_privacy=1--- HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?p=156383&us_privacy=1---&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NzY5OTFFRjgtQ0NGQy00RUYxLUI5ODctMTI2MTdCQTEyQzEx&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=

Request Chain 1177

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&_test=Y7qntAAAANM4KwAp HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Y7qntAAAANM4KwAp&gdpr=0&gdpr_consent=&_test=Y7qntAAAANM4KwAp HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent=

Request Chain 1180

https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent= HTTP 303
https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent=&_bee_ppp=1 HTTP 303
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUE1Y0JVN0hkVThBQUNDNmoydkNaZw&gdpr=0&gdpr_consent=&bee_sync_partners=pp%2Csas%2Csyn%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 302
https://match.prod.bidr.io/cookie-sync/adx?gdpr=0&gdpr_consent=&bee_sync_partners=pp%2Csas%2Csyn%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 303
https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AA5cBU7HdU8AACC6j2vCZg&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26bee_sync_partners%3Dsas%252Csyn%252Cpm%26bee_sync_current_partner%3Dpp%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2&gdpr=0 HTTP 302
https://match.prod.bidr.io/cookie-sync?gdpr=0&bee_sync_partners=sas%2Csyn%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AA5cBU7HdU8AACC6j2vCZg&pid=558502&do=add&gdpr=0 HTTP 303
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AA5cBU7HdU8AACC6j2vCZg&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26gdpr%3D0%26bee_sync_partners%3Dsyn%252Cpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID&gdpr=0 HTTP 302
https://match.prod.bidr.io/cookie-sync?gdpr=0&gdpr=0&bee_sync_partners=syn%2Cpm&bee_sync_current_partner=sas&bee_sync_initiator=adx&bee_sync_hop_count=3&userid=3142036600569924402&gdpr=0&gdpr_consent= HTTP 303
https://sync.technoratimedia.com/services?srv=cs&pid=73&uid=AA5cBU7HdU8AACC6j2vCZg&cb=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26gdpr%3D0%26userid%3D3142036600569924402%26gdpr%3D0%26gdpr_consent%3D%26bee_sync_partners%3Dpm%26bee_sync_current_partner%3Dsyn%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D4&gdpr=0

Request Chain 1181

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:695b63ba-a7b1-4001-a45b-b92890f35042&gdpr=0&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent=

Request Chain 1182

https://ib.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=2028049306522560814&gdpr=0&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent=

Request Chain 1184

https://cms.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=6GMubL9nLjnzaXg-5jJhOu5mdTTzNXQ15jGRldIR HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=

Request Chain 1187

https://ad.mrtnsvr.com/sync/pubmatic HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTgmdGw9MTI5NjAw&piggybackCookie=RgOaZg3aM HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent=

Request Chain 1188

https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent= HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:sqat4b7Z1PetM15&gdpr=0&gdpr_consent=

Request Chain 1189

https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID} HTTP 302
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}

Request Chain 1190

https://px.owneriq.net/epm?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=$UID HTTP 302
https://px.owneriq.net/noop?ct=image%2Fgif

Request Chain 1191

https://cm-supply-web.gammaplatform.com/adx/usersyncsupply?pid=7&t=pixel HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTkmdGw9NDMyMDA=&piggybackCookie=t0wmqaag8ow2

Request Chain 1192

https://beacon.lynx.cognitivlabs.com/pbmtc.gif?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTM0MzkmdGw9MTI5NjAw&piggybackCookie=$UID HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTM0MzkmdGw9MTI5NjAw&piggybackCookie=d5fca368-d3d4-4446-b270-369f78c103ce&r=https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=${PUBMATIC_UID} HTTP 302
https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=FC664E40-1D0C-4169-A69F-C6161527EB7F

Request Chain 1193

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=_GZOQB0MQWmmn8YWFSfrfw%3D%3D&gdpr=0&gdpr_consent= HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=

Request Chain 1195

https://pixel.onaudience.com/?partner=214&mapped=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=0&gdpr_consent= HTTP 302
https://sync.crwdcntrl.net/map/c=8587/tp=CLOD/tpid=d4bc4804f5384c53/gdpr=0/gdpr_consent=?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%24%7Bgdpr%7D

Request Chain 1196

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RkM2NjRFNDAtMUQwQy00MTY5LUE2OUYtQzYxNjE1MjdFQjdG&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=

Request Chain 1197

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEEyHceFOap_mgXm_1clAi9A&google_cver=1 HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=

Request Chain 1199

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=2636074057763413096&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent=

Request Chain 1202

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=FC664E40-1D0C-4169-A69F-C6161527EB7F&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-IK1IYeRE2uXGgiuxIYUfOKMCfPcHut0-~A&gdpr=0

Request Chain 1203

https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=f25844d6-9ad0-4f4a-a2eb-79ce86055426&gdpr=0&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=

Request Chain 1204

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://m.fg8dgt.com/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&ssp_uuid=a4093597-115c-40fd-bf55-4722f694dec2 HTTP 302
https://m.fg8dgt.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&ssp_uuid=a4093597-115c-40fd-bf55-4722f694dec2 HTTP 302
https://x.bidswitch.net/sync?dsp_id=108&expires=14&ssp=pubmatic&user_id=f9d31042-9151-4600-afcd-fc01e6f72929 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=a4093597-115c-40fd-bf55-4722f694dec2&gdpr=&gdpr_consent=&gdpr_pd=

Request Chain 1207

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=1735583901080397550 HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent=

Request Chain 1208

https://pmp.mxptint.net/sn.ashx?&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjc0NCZ0bD0xNTc2ODAw&piggybackCookie=R1B342_FC2AD26A_2E60DF7&r=https://pmp.mxptint.net/sn.ashx?ak=1 HTTP 302
https://pmp.mxptint.net/sn.ashx?ak=1

Request Chain 1209

https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=2028049306522560814 HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent=

Request Chain 1233

https://csync.loopme.me/?pubid=11331&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={viewer_token} HTTP 307
https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}

Request Chain 1234

https://mweb.ck.inmobi.com/sync/15?redirect=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA%3D%3D%26piggybackCookie%3D%24DSP_CKID HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=caec47e7-dde4-4ea7-b761-a6ead9c679dd

Request Chain 1235

https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=4wbEUFcJQPdDnuC6bXjU1Nly2hs

Request Chain 1236

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://sync.1rx.io/usersync2/pubmatic?zcc=1&cb=1673177015419 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=690074008

Request Chain 1237

https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:69523958190D401695BC3F4D843FF8B6&gdpr=0&gdpr_consent=

Request Chain 1238

https://gocm.c.appier.net/pubmatic HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=orsw1G7wD12i6ubEt6e6Yw

Request Chain 1239

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr= HTTP 302
https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=&fbounce=1 HTTP 302
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=FC664E40-1D0C-4169-A69F-C6161527EB7F&addseg=19,36,42

Request Chain 1240

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent= HTTP 302
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent=

Request Chain 1242

https://io.narrative.io/?companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F HTTP 302
https://io.narrative.io/?io.narrative.guid.v2=e43da000-8f46-11ed-a2ff-061bc173b447&companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F

Request Chain 1243

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr= HTTP 302
https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=&fbounce=1 HTTP 302
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=FC664E40-1D0C-4169-A69F-C6161527EB7F&addseg=19,36,42

Request Chain 1244

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent= HTTP 302
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent=

Request Chain 1246

https://io.narrative.io/?companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F HTTP 302
https://io.narrative.io/?io.narrative.guid.v2=e43dc710-8f46-11ed-92de-0acf81a41c3f&companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F

Request Chain 1247

https://csync.loopme.me/?pubid=11331&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={viewer_token} HTTP 307
https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}

Request Chain 1248

https://mweb.ck.inmobi.com/sync/15?redirect=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA%3D%3D%26piggybackCookie%3D%24DSP_CKID HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=a4ae893c-a80e-4412-b6a8-56766896647c

Request Chain 1249

https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=1JH85z35QSVjoGTgVAcQc9ly2hs

Request Chain 1250

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://sync.1rx.io/usersync2/pubmatic?zcc=1&cb=1673177015429 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=739940594

Request Chain 1251

https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:69523958190D401695BC3F4D843FF8B6&gdpr=0&gdpr_consent=

Request Chain 1252

https://gocm.c.appier.net/pubmatic HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=s1yRClZyCn28geQdt6e6Yw

Request Chain 1253

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr= HTTP 302
https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=&fbounce=1 HTTP 302
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=FC664E40-1D0C-4169-A69F-C6161527EB7F&addseg=19,36,42

Request Chain 1254

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent= HTTP 302
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent=

Request Chain 1256

https://io.narrative.io/?companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F HTTP 302
https://io.narrative.io/?io.narrative.guid.v2=e444cbf0-8f46-11ed-92de-0acf81a41c3f&companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F

Request Chain 1257

https://csync.loopme.me/?pubid=11331&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={viewer_token} HTTP 307
https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}

Request Chain 1258

https://mweb.ck.inmobi.com/sync/15?redirect=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA%3D%3D%26piggybackCookie%3D%24DSP_CKID HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=0d9f2299-90e5-4eff-8aee-a8642bc34c32

Request Chain 1259

https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=FqDBpn7NSMdMDrAxZvlNmdly2hs

Request Chain 1260

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://sync.1rx.io/usersync2/pubmatic?zcc=1&cb=1673177015470 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=6248985971

Request Chain 1261

https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:69523958190D401695BC3F4D843FF8B6&gdpr=0&gdpr_consent=

Request Chain 1262

https://gocm.c.appier.net/pubmatic HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=nZkck4hYAn63dI-ct6e6Yw

Request Chain 1263

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr= HTTP 302
https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=&fbounce=1 HTTP 302
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=FC664E40-1D0C-4169-A69F-C6161527EB7F&addseg=19,36,42

Request Chain 1264

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent= HTTP 302
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent=

Request Chain 1266

https://io.narrative.io/?companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F HTTP 302
https://io.narrative.io/?io.narrative.guid.v2=e44679a0-8f46-11ed-a2ff-061bc173b447&companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F

Request Chain 1267

https://csync.loopme.me/?pubid=11331&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={viewer_token} HTTP 307
https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}

Request Chain 1268

https://mweb.ck.inmobi.com/sync/15?redirect=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA%3D%3D%26piggybackCookie%3D%24DSP_CKID HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=fc1b8e89-8410-43c2-9d98-f3c0c8db2ded

Request Chain 1269

https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=GxDfqZMxT8BO0TMmFOA5f9ly2hs

Request Chain 1270

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://sync.1rx.io/usersync2/pubmatic?zcc=1&cb=1673177015485 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=3581863977

Request Chain 1271

https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:69523958190D401695BC3F4D843FF8B6&gdpr=0&gdpr_consent=

Request Chain 1272

https://gocm.c.appier.net/pubmatic HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=tzJyaYULA6WAeMCVt6e6Yw

Request Chain 1273

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr= HTTP 302
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=FC664E40-1D0C-4169-A69F-C6161527EB7F&addseg=19,36,42

Request Chain 1274

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent= HTTP 302
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent=

Request Chain 1276

https://io.narrative.io/?companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F HTTP 302
https://io.narrative.io/?io.narrative.guid.v2=e44c9420-8f46-11ed-a2ff-061bc173b447&companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F

Request Chain 1277

https://csync.loopme.me/?pubid=11331&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={viewer_token} HTTP 307
https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}

Request Chain 1278

https://mweb.ck.inmobi.com/sync/15?redirect=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA%3D%3D%26piggybackCookie%3D%24DSP_CKID HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=7e7c368b-58d1-43e3-88b6-1699a55b307e

Request Chain 1279

https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=gn3kVDKYSAFiVGjzKhv-vdly2hs

Request Chain 1280

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://sync.1rx.io/usersync2/pubmatic?zcc=1&cb=1673177015513 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=7764146630

Request Chain 1281

https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:69523958190D401695BC3F4D843FF8B6&gdpr=0&gdpr_consent=

Request Chain 1282

https://gocm.c.appier.net/pubmatic HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=lj1R9_HpDMOeh6fVt6e6Yw

Request Chain 1283

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr= HTTP 302
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=FC664E40-1D0C-4169-A69F-C6161527EB7F&addseg=19,36,42

Request Chain 1284

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent= HTTP 302
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent=

Request Chain 1286

https://io.narrative.io/?companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F HTTP 302
https://io.narrative.io/?io.narrative.guid.v2=e44d3060-8f46-11ed-a2ff-061bc173b447&companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F

Request Chain 1287

https://csync.loopme.me/?pubid=11331&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={viewer_token} HTTP 307
https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}

Request Chain 1288

https://mweb.ck.inmobi.com/sync/15?redirect=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA%3D%3D%26piggybackCookie%3D%24DSP_CKID HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=c4b576a8-2c49-4e71-bdc1-f3322cfe72fd

Request Chain 1289

https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=fm9Twt9USxxuBk6SPlPKFdly2hs

Request Chain 1290

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://sync.1rx.io/usersync2/pubmatic?zcc=1&cb=1673177015521 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=4018854905

Request Chain 1291

https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:69523958190D401695BC3F4D843FF8B6&gdpr=0&gdpr_consent=

Request Chain 1292

https://gocm.c.appier.net/pubmatic HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=RCwb06O2DxON-N4Yt6e6Yw

Request Chain 1293

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr= HTTP 302
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=FC664E40-1D0C-4169-A69F-C6161527EB7F&addseg=19,36,42

Request Chain 1294

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent= HTTP 302
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent=

Request Chain 1296

https://io.narrative.io/?companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F HTTP 302
https://io.narrative.io/?io.narrative.guid.v2=e45a9de0-8f46-11ed-a2ff-061bc173b447&companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F

Request Chain 1297

https://csync.loopme.me/?pubid=11331&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={viewer_token} HTTP 307
https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}

Request Chain 1298

https://mweb.ck.inmobi.com/sync/15?redirect=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA%3D%3D%26piggybackCookie%3D%24DSP_CKID HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=ea47ba91-8c63-4275-9788-2436797abc15

Request Chain 1299

https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=SiUKDfyOQL9aZjF23dHXt9ly2hs

Request Chain 1300

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://sync.1rx.io/usersync2/pubmatic?zcc=1&cb=1673177015527 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=6082781188

Request Chain 1301

https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:69523958190D401695BC3F4D843FF8B6&gdpr=0&gdpr_consent=

Request Chain 1302

https://gocm.c.appier.net/pubmatic HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=RYi49kTlDXW78HfJt6e6Yw

Request Chain 1303

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr= HTTP 302
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=FC664E40-1D0C-4169-A69F-C6161527EB7F&addseg=19,36,42

Request Chain 1304

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent= HTTP 302
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent=

Request Chain 1306

https://io.narrative.io/?companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F HTTP 302
https://io.narrative.io/?io.narrative.guid.v2=e45ac4f0-8f46-11ed-92de-0acf81a41c3f&companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F

Request Chain 1307

https://csync.loopme.me/?pubid=11331&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={viewer_token} HTTP 307
https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}

Request Chain 1308

https://mweb.ck.inmobi.com/sync/15?redirect=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA%3D%3D%26piggybackCookie%3D%24DSP_CKID HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=98f1ee8b-74ad-47bd-9a6b-c84cdde59c69

Request Chain 1309

https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=T1GOtTFnQjhQgGvNt6Qipdly2hs

Request Chain 1310

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://sync.1rx.io/usersync2/pubmatic?zcc=1&cb=1673177015540 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=735525043

Request Chain 1311

https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:69523958190D401695BC3F4D843FF8B6&gdpr=0&gdpr_consent=

Request Chain 1312

https://gocm.c.appier.net/pubmatic HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=1_PqpcCsADG-BhAEt6e6Yw

Request Chain 1314

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr= HTTP 302
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=FC664E40-1D0C-4169-A69F-C6161527EB7F&addseg=19,36,42

Request Chain 1317

https://io.narrative.io/?companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F HTTP 302
https://io.narrative.io/?io.narrative.guid.v2=e461f0e0-8f46-11ed-92de-0acf81a41c3f&companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F

Request Chain 1318

https://csync.loopme.me/?pubid=11331&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={viewer_token} HTTP 307
https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}

Request Chain 1319

https://mweb.ck.inmobi.com/sync/15?redirect=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA%3D%3D%26piggybackCookie%3D%24DSP_CKID HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=46898e21-a644-4df4-aca9-9ce428421390

Request Chain 1320

https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=WjyCYBVaTQxwI3CkahAPq9ly2hs

Request Chain 1321

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://sync.1rx.io/usersync2/pubmatic?zcc=1&cb=1673177015581 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=1864459052

Request Chain 1322

https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:69523958190D401695BC3F4D843FF8B6&gdpr=0&gdpr_consent=

Request Chain 1323

https://gocm.c.appier.net/pubmatic HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=g41ldnf1C1-669XguKe6Yw

Request Chain 1334

https://pixel.tapad.com/idsync/ex/receive?partner_id=3371&partner_device_id=FC664E40-1D0C-4169-A69F-C6161527EB7F HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3371&partner_device_id=FC664E40-1D0C-4169-A69F-C6161527EB7F HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=ec184b35-0543-496e-b30e-55e87b4a67c4%252C%252C&gdpr=0&gdpr_consent=

Request Chain 1335

https://i.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F HTTP 303
https://i.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F&_li_chk=true&previous_uuid=e1acd6192bf54062a78cf5689f30da2e HTTP 303
https://i6.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F

Request Chain 1338

https://pixel.tapad.com/idsync/ex/receive?partner_id=3371&partner_device_id=FC664E40-1D0C-4169-A69F-C6161527EB7F HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3371&partner_device_id=FC664E40-1D0C-4169-A69F-C6161527EB7F HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=3587c183-bfc6-4764-a2c0-264294fa7848%252C%252C&gdpr=0&gdpr_consent=

Request Chain 1339

https://i.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F HTTP 303
https://i.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F&_li_chk=true&previous_uuid=c1dacd99c1724fc4b6ddf2f0dfefdb98 HTTP 303
https://i6.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F

Request Chain 1342

https://pixel.tapad.com/idsync/ex/receive?partner_id=3371&partner_device_id=FC664E40-1D0C-4169-A69F-C6161527EB7F HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3371&partner_device_id=FC664E40-1D0C-4169-A69F-C6161527EB7F HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=3587c183-bfc6-4764-a2c0-264294fa7848%252C%252C&gdpr=0&gdpr_consent=

Request Chain 1343

https://i.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F HTTP 303
https://i.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F&_li_chk=true&previous_uuid=d18129fd74b04692ba5bf296739cf852 HTTP 303
https://i6.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F

Request Chain 1346

https://pixel.tapad.com/idsync/ex/receive?partner_id=3371&partner_device_id=FC664E40-1D0C-4169-A69F-C6161527EB7F HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3371&partner_device_id=FC664E40-1D0C-4169-A69F-C6161527EB7F HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=ec184b35-0543-496e-b30e-55e87b4a67c4%252C%252C&gdpr=0&gdpr_consent=

Request Chain 1347

https://i.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F HTTP 303
https://i.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F&_li_chk=true&previous_uuid=ef178846056745288eee9fcab60092a7 HTTP 303
https://i6.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F

Request Chain 1350

https://pixel.tapad.com/idsync/ex/receive?partner_id=3371&partner_device_id=FC664E40-1D0C-4169-A69F-C6161527EB7F HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3371&partner_device_id=FC664E40-1D0C-4169-A69F-C6161527EB7F HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=1d91ef35-9e81-4eb8-afc2-cffc63709d7a%252C%252C&gdpr=0&gdpr_consent=

Request Chain 1351

https://i.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F HTTP 303
https://i.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F&_li_chk=true&previous_uuid=ac289b8d07534239a25895b437b06bd6 HTTP 303
https://i6.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F

Request Chain 1354

https://pixel.tapad.com/idsync/ex/receive?partner_id=3371&partner_device_id=FC664E40-1D0C-4169-A69F-C6161527EB7F HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3371&partner_device_id=FC664E40-1D0C-4169-A69F-C6161527EB7F HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=1d91ef35-9e81-4eb8-afc2-cffc63709d7a%252C%252C&gdpr=0&gdpr_consent=

Request Chain 1355

https://i.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F HTTP 303
https://i.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F&_li_chk=true&previous_uuid=b6b1e390c2684ac59beb1d968d335f0f HTTP 303
https://i6.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F

Request Chain 1358

https://pixel.tapad.com/idsync/ex/receive?partner_id=3371&partner_device_id=FC664E40-1D0C-4169-A69F-C6161527EB7F HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3371&partner_device_id=FC664E40-1D0C-4169-A69F-C6161527EB7F HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=1d91ef35-9e81-4eb8-afc2-cffc63709d7a%252C%252C&gdpr=0&gdpr_consent=

Request Chain 1359

https://i.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F HTTP 303
https://i.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F&_li_chk=true&previous_uuid=7f01d7b4f7b14ba4be7867f464565644 HTTP 303
https://i6.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F

Request Chain 1362

https://pixel.tapad.com/idsync/ex/receive?partner_id=3371&partner_device_id=FC664E40-1D0C-4169-A69F-C6161527EB7F HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3371&partner_device_id=FC664E40-1D0C-4169-A69F-C6161527EB7F HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=1d91ef35-9e81-4eb8-afc2-cffc63709d7a%252C%252C&gdpr=0&gdpr_consent=

Request Chain 1363

https://i.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F HTTP 303
https://i.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F&_li_chk=true&previous_uuid=a3c8d8b57aae424f99bd27db777073b4 HTTP 303
https://i6.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F

1447 HTTP transactions
10 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/ 395 KB
56 KB 2100ms
2054ms Document
text/html 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/7.4.33

Resource Hash

58fa324ebe557a2bd50b6d74a0ddca77220c3040ec7408f3542e666726592e3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: s-maxage=31536000, max-age=60
cf-apo-via: origin,miss
cf-cache-status: BYPASS
cf-ray: 78648f91cd4abbc7-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sun, 08 Jan 2023 11:23:25 GMT
link: <https://kresy.pl/wp-json/>; rel="https://api.w.org/", <https://kresy.pl/wp-json/wp/v2/posts/859296>; rel="alternate"; type="application/json", <https://kresy.pl/?p=859296>; rel=shortlink
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bRRcpD2jZoX3eevAEGw7%2Bc4rugsUI0qbk0edX129M9Ajm0T1vJVEZQvzHDcdKBXAjkdGa93BeJ6wqpEDaFHOb6To%2BYU%2BKIl9cGrh%2Bzk777z2aQBwz1sePW%2FDoG2s2LhD%2FbkQ4FGn"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-powered-by: PHP/7.4.33
x-wp-cf-super-cache: cache
x-wp-cf-super-cache-active: 1
x-wp-cf-super-cache-cache-control: s-maxage=31536000, max-age=60
x-wp-cf-super-cache-cookies-bypass: swfpc-feature-not-enabled

GET
H2 200 Wv9CrlAi5VUPtZ1mKM7Y8QG2CMI.js Show response
kresy.pl/cdn-cgi/apps/head/ 4 KB
2 KB 65ms
56ms Script
application/javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/cdn-cgi/apps/head/Wv9CrlAi5VUPtZ1mKM7Y8QG2CMI.js

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

abe790aa0e0894acce4dafec6f2c7fd611f85058ed1a8966a02618fed1e1bdb3

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
x-amz-version-id: iAN3Xhs9DVZng9.woB.SNC10UGC6Aj7r
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0; includeSubDomains; preload
x-amz-request-id: 01XKXAWAAH978G74
age: 11023324
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: xXNJM7irNMweygjbOBi0CVPc5cTHsEdrN98ADNvJMypopjO4YbA8Y2blQcSz252Amn7po0th9yU=
last-modified: Tue, 24 Nov 2020 20:24:06 GMT
server: cloudflare
etag: W/"a67cec9c3e438e5b4fb8efd0b6aa9065"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0vmTfESZfsKmm2wL3CcgOKTMDykVc5m9i%2B1lvHn6a3wgx%2BpEyVEwjcw4%2FB1Ovk0YSWylsy4p0wvJIc0OvIIzn%2Fc%2FvkcxCYEandq7TtYVKa5wngzs4y%2FbDMT2%2FdCL%2FNQJXQguI6up"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 78648f9ebfddbbc7-FRA

GET
H2 200 grid.css
kresy.pl/wp-content/themes/uniset/css/ 6 KB
2 KB 66ms
56ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/css/grid.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0407ab8c80d6b6d290c06dbc87a0fc3f8a48733e3f68384ff461274beae72b77

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=9488
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"2510-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l7%2FIrTRVYeojsJLVDkUXh%2FcKFexpg2Y9AS0cPjIkcPnqPaU3xdN6WHd1HtJhtH8YRGbCvoyq4iy1YFIxAwG7rXhGI1%2BUjumhBqXEsyo1ri9f1GKIp7o4jOcTuQOgIvmo1r0LUQ9%2B"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ebfe9bbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 base.css
kresy.pl/wp-content/themes/uniset/css/ 15 KB
5 KB 83ms
73ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/css/base.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a0506dbe24d2cc1ef6da5dc0b498fe2294eab9b42565f466f6be0e01bdc2ee8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=19050
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"4a6a-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GqYsXIZ29Ipvw8dygHkvx%2FJF7AuKPXXN7pq9cyTWwCK1nyxFdFyVe6AsPQukk%2FjcnfK3RLF58qp2z%2FUZ0sMVp8D8xYg5Kp8PhTgNXCp9hvrHPOUjX3%2FbC1LGj95SvrJXYt9x37%2Bl"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ebfecbbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 layout.css
kresy.pl/wp-content/themes/uniset/css/ 65 KB
12 KB 80ms
70ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/css/layout.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9e17860dce93ca8dafb93b33e14f7980ec8cc7e380f83690aebfdd2e95d20d21

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=79145
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"13529-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E0nhNm6z1lDBz3hyitmVpLyjaE2AvATBd0AR9FYEGzYuK%2Bg8yAWZRARk0ZUCUkByPxWxr1aG31gIp2Vg%2F5zj%2B65JBsOt14d6IAHFoHhsl6OV%2B1sL0%2FY1Q8sDj%2FFbjGoyw%2Bt1RYt1"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ebfeebbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 audio-player.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/audio-player/ 941 B
623 B 78ms
69ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/audio-player/audio-player.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

498f93c96722a6c58cf4ed38e8433ba746b9eb84b1dd8657f90d4f3368e1ba82

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=1385
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"569-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uxlvzaRW%2BKSr6Y3dquzajypxhDqSfeOR020fxWpWXYpD9db4yqZ1vNEfGYWQbsNwg%2FFqowGTUGwU3qt8x7wNSPxk2mlIvbjullST2F5kzci0xnJhrx4Mfj4QgNIFfmG9W3RWPhVN"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ebff0bbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 blog.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/blog/ 13 KB
3 KB 79ms
69ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/blog/blog.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

848e277d731c7facca38dadb49fc8cc914cb24ac07d32c8cf1ee7e07bada8fe1

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=15137
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"3b21-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6TiCaLUzIw%2FRvP%2BTF3xDaGG9dnFtcq23kExVBndOklGv0oDq5vG5pGxcKMoi6In3NaEfrZ2abBesrPN%2FZlcmXaBZ5DQ%2BVFBi5IJqfqyoHWT6xRrosawbNXtZDnphWgo3FF4sedhB"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ebff3bbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 postslider.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/postslider/ 3 KB
1 KB 103ms
94ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/postslider/postslider.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c5edb3fb036e9efbe185084ca375d6610d49e9eb5956ef199a8cdcb6e53dac2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=3911
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"f47-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NJAdnM%2Bwwabq7ie1Oyp5x9Dqoe84Sf%2BnK5NsEuuQDFHr3FN532a%2FX1fU%2FbPntp6J9jC1jTAa4KZKdVMxH7IYC8Wcmcf9dfzeCGNBh%2BZ%2FDOqMe9kKsWu44ZhycPm3FpG0tFI3Ml1R"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ebff5bbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 buttons.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/buttons/ 4 KB
1 KB 77ms
68ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/buttons/buttons.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d04c68b0acb56088775cd5b97bfe20f3ef52c4a2f6a15768ce8a57ca8cd30553

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=4709
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"1265-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=93zQEUTQMkS4I6%2FydQ%2FzBfl8o7VEoIg2K1R1oxgWcQJt%2BdTvYLqH1woe2FovH67qchdgkIFQmRr1hNG%2B4m79u5Z%2BroiRTvZJwA%2FyDDr88t1tfUKn7Z7UyE6LWhIyTjna7O5t96G7"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ebff6bbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 buttonrow.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/buttonrow/ 406 B
451 B 105ms
96ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/buttonrow/buttonrow.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

04639038679e27e8350b0d828b3bbe2cfd1e23e5807b4c2f7d6a7d0914da0456

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=472
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"1d8-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OgWcxa3fkWj7xQddRcfTdZq3pBnA6nh4H1vCclKmrHiQxHrVjpifV4JJrSXUTQakeYfGaIf3pEYytrJ%2Bm%2BGF%2FhjGVqkrEuJSOimzecOTna3%2F58dDyRwdB4i0%2FudYX2A1p39%2Fv7QA"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ebffabbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 buttons_fullwidth.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/buttons_fullwidth/ 1 KB
763 B 85ms
76ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/buttons_fullwidth/buttons_fullwidth.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1f7b823bd59de50aee3cd5a02e584a0222de98b138a294c8c87ef8dac0c85089

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=1478
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"5c6-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pxvnn5Cm9RIqzOaOyqvT9AYQEj%2F4%2BWTElrgLv8BY8FviThSKHX8i7vxOzjzdqFVAkEonAX%2B%2FvlB2dhBuqcjaiYJijDDvkbaP29akpgHa1xU4Hm7NmUZ3qK76%2FsAo%2F45q14b%2F3ea8"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ebffbbbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 catalogue.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/catalogue/ 1 KB
760 B 100ms
91ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/catalogue/catalogue.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

50b36fa309b42e6249086a31123186ee05a6ce3083caa7e92225d7998492e78e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=1432
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"598-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BUA9xPfTbTMWIKeqFZm6ib6mve6Hn668Hi%2FTAQS31g0j4FoljPmc2GQIr3DTuDPpfjycsKCsxoLWjJ90aDPiUOebPfjLXosyBY%2BQzXFVGMFVOfMynyu6%2FbOOwm88HrmYEVO8BoqN"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ed82fbbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 comments.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/comments/ 4 KB
2 KB 109ms
100ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/comments/comments.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

12506325d993e2ba431c8c1ab42655762b389bd210d87011a6796d7ed301d66a

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=5508
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"1584-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cIWmseUhFJexUCCYNfshVqbxhj%2FFoaiqkwEyPQjcSn6HMr7hd9X9KFX9v2NuWa4hhgm01ih%2BzwZuy%2BjwkJ1r%2Bq4sAG%2Bvd8RexxsFU9jJ2laJoP0PmsjeDKCoY5WICDgaSLIbcdis"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ed832bbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 contact.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/contact/ 9 KB
2 KB 103ms
95ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/contact/contact.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ee369c8f7dd10490f8e953abe81efd6a22e6304175f40699087c4b09a9edd0b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=10401
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"28a1-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S2CkDB0sGZfNo4MQSMCkfOxlfLIxcBzLS6kgHK%2FUj7ZWn4LvoZps3Ybe6mVIHueahYj2co3hE9EQKHfYaBLLJfp8hyg1pTUXi3TCBQehyv2XkIh1js5lxVKHnLhINZh1bt9QIGLG"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ed835bbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 slideshow.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/slideshow/ 10 KB
3 KB 105ms
97ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/slideshow/slideshow.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

90503cb0e7fb4c2f66e0bdce3b391e765608eeddc16074ca319dbac30beb8dc6

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=11896
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"2e78-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZuZwnAZL4eTXEfDg9yZiQKq6h3B%2FMAxmT%2BC8AHxfGDYnqUOwqZZJHzY8FU47Lhy7KU25njkbWv8e2iiBVjinep1uzvQ3EIt4HQBR1d%2FyDEW46qaHt7MSA5MJeKWSTcAzsD5BAF9L"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ed838bbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 contentslider.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/contentslider/ 2 KB
877 B 101ms
93ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/contentslider/contentslider.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

723e78e1433b034fa7270ca4694c923dfd72d416bba956795910c1966d224685

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=2717
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"a9d-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dhmpuj6Zv4lwx2v7kD6XW0WWJasYwXM1rPsQu248uxqggYSG0RJJl7LcpbU7O0xK9MPLN6TZKoWW%2FUBaQZes4HM8WbSpHUq4sTFY01vYm2VAdoGkoPsKeiylwoFCiOkqSFiC7ObB"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ed83abbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 countdown.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/countdown/ 2 KB
813 B 84ms
75ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/countdown/countdown.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a953240b16b972326afc613fd2bac857cd68178b9ee60bd3d7870a035ebd7c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=2124
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"84c-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r7Evawd7kbxsAFC9SRXdMQLhRFMq8xOUiR1botMhFDe5r2c5iJsqx2R0mxx5fIbb6y%2F8nBw30szjlLy2hsSO0AXzBrjuTYDuAwNE1aXsscLBZ%2BFkENuRpsOxv1Tzz6xFdS6v%2FZIx"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ed83dbbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 gallery.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/gallery/ 2 KB
861 B 99ms
91ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/gallery/gallery.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

38ac9778d920c87ed6392d0e0c6212d7c8599247f2bfdbf0d67be2439cebda26

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=2302
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"8fe-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P6jEg7lZ5AeWuz5uddlKYLqF4Q%2F3upPx8gLlkiraxqabopgX9izzJPaZHFZx%2BJ65rbs%2FMrfQXHxvLysy7zFf1G4JNGrz0O5jvUB0PV4w4zszHqVQB21A6bJG4BHIDw9s3Mo0OidN"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ed83fbbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 gallery_horizontal.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/gallery_horizontal/ 3 KB
1 KB 103ms
95ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/gallery_horizontal/gallery_horizontal.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

13f9049558446d056d1730015f34676e26759cc098e904c8cc9e91d01f7f516c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=4006
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"fa6-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BWCSAic%2FI9QpmKyonRyZriYTR75%2B3gR1WH5bWNW73zPbY2A61Hk7S6V0nqD5y65bXUv7LYwcTzAn8mY4%2B6AIehgYduscBxHqBlRF7EQ2e4w%2BsObHPKDUqAmnwrYxET%2BNP%2FZCHu2L"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ed840bbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 google_maps.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/google_maps/ 1 KB
893 B 102ms
94ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/google_maps/google_maps.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c2dcb2c191e085f5df265f13731da2d94f93e01b1b45b1c76a27830b1540eaa5

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=2038
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"7f6-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8UhaBOKgvq3b1q0c94Bw9bjnBWC847ccUCbhg7snNjN4IX%2BjFUqht5gF6Sh7XHGHI5DDXLZxHLuFiMRsfZHnLUEiddlY4cwwrjd5lZ1jr5cDc%2FzbHadyy%2BCiYDwjzxlAnqb73yrI"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ed841bbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 grid_row.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/grid_row/ 722 B
700 B 118ms
111ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/grid_row/grid_row.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

35ad4e6609bf8fca3cdce5a7f72287c1f13bf0273b617bb889110aecfdd6e644

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=1156
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"484-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RlTLt15DbShASbJesbkijByBEmotUTS19ud7PEV7P0dhqDHNy91u9aamDtgME%2FyaZpavSuQZYAqEoqRXyrlS30tEVuy6RNyFnJkOosqAtSguY0vVdQYOMXjsst90JqR4GfGmANiq"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ed844bbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 heading.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/heading/ 2 KB
1 KB 123ms
115ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/heading/heading.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf5eae9b6e5bd6950ac80f57a371e22018a2365b4a45da74fd81da31caafd3aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=3123
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"c33-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PvSnoUL98Krz8Q4Agu6Vb1GfF6cE%2FlpkkgDCYNCrJDdlAUyKBPQb8f5v0bGaSbNpomSSG5smR0P%2F9FS3GjMGpMRs%2BdJa0HdA2D13lADxx7l6qY2kJiNh8TdEGiftM4tdLwtaDvcg"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ed845bbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 headline_rotator.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/headline_rotator/ 1 KB
796 B 99ms
92ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/headline_rotator/headline_rotator.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dea8e5ff2098d521ee54c164efcf019aaf45405a36ce852e5dc147ce26d62d05

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=1920
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"780-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=47DI7%2F2KYhxRW7uByNubh9N4YRTdyNCAoIWwmS4yK8TSBdy3oVrHINdjWgtwC1eA4W8ehqEd%2BtecQHyOBB0lZe%2FSkuOcIi4VnBPXWIVEMzaBtuVNzs3si9WBUbdRsMpSxAhSS1ZY"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ed848bbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 hr.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/hr/ 2 KB
930 B 106ms
99ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/hr/hr.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8a6984edb82b77de1067128bc9dd73bb0a5561435fba73dca23643c0f99c35ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=2265
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"8d9-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tADfGHJoIk4W5WkUs1YhghujLlN5NLqnSjxj%2FJpYn36838K2oXBpK1di3u%2F9OhSJEfb1aBNZSNHNVthPbeGooOkumQwDcXSvrAuo1DlNKnWtYEQ4k%2Fk%2BlxWr8wO7yfHEZXAn%2FukR"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ed84bbbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 icon.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/icon/ 2 KB
1000 B 107ms
100ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/icon/icon.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f99aac0c68a9d0b85193e595e030107f2f8eb8bcd688f27196673e4180f665da

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=2443
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"98b-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dM5RmN998f6g0eVSiAJwfSj1MMySuAub9ZBnRcHe9Xk%2BsotD0%2Bmb9ZBd49e%2BWTgvPeiuJExh2g2jkzC%2FWZJdJV4YCsyhH30e7LW6EqjlZaZGJ8%2FIOmvdD7qajNRRiE6C4rxj%2FnxV"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ed84dbbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 iconbox.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/iconbox/ 2 KB
1 KB 110ms
103ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/iconbox/iconbox.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c0c38130ff41e5e893df422a1793fddef49372a187487e81650056f3c4900bdc

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=3132
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"c3c-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jDNGrJcjGEqfCfyLt7wWGcI80vuH3GD1TEWyKuldzJAe6KsEaLc8u4tbqNWbOti3wKushze7F0C9jEmbICcBGqfV5dK2JmaDzzGH5SJ1wGKwu55x2WhzIuMvVm5DFdcKQXEDwwPn"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ed850bbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 iconlist.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/iconlist/ 3 KB
1 KB 122ms
115ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/iconlist/iconlist.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60ab0ff2b1620b48bf9070ab8c2485f09c4516c6246f7170053a048807ddfa5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=3623
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"e27-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XsHFZZV9NCmk1TlXAFBndxhtis2Qmgof%2BBKfYNru90vUeEZdwyX6O5GY7e3M9bGUKlZeu1QQQNfCNJ7Hha2ekmX3A9DbkNJDyBcO6zy%2BiptxnU6NOKZ70VoITu6WB8XEHETSDOSx"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ed853bbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 image.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/image/ 4 KB
1 KB 105ms
98ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/image/image.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

56ad679ed3e0df1fcda0d2e47c5c71c31d2f7789927e7e720d46c8fb7a0fa3bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=5408
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"1520-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SArqxuwRfWjSrjd5MX9F9ELlIM8wsSBLdLX%2BBlXcIGMMiwwYZzncbcL2rYL94Aq3R%2BwjOgwTMg4qB4OLd0SlL1ODBIuhuYFUOJOLiww7P5znWKOYW0YQz%2Bk%2Fe6j74zHGWv1PcbqV"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ed855bbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 image_hotspots.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/image_hotspots/ 4 KB
1 KB 102ms
95ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/image_hotspots/image_hotspots.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ab15dcfce68f4cc0d56e44f9015387cd7f70e7ec29d5e822d1cd67291c193282

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=4444
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"115c-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7zxfCvD23QwhV8JQeWIHmGQoY7jVXbnxgbg4YmZw2JEHh4JUZWuKauGnkwlipvWOxrnbGx%2BTfDgFtlQ%2FVa%2BqnCbAUXAvbmEFVwUhzMC70eRQNDdWUxxxSYZKTsKImQ3DQpUzlJYh"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ed856bbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 magazine.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/magazine/ 3 KB
1 KB 119ms
112ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/magazine/magazine.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

613466f187839be97bc9d5b0afa4cdb17da0a11dfb91a212196127885be01db4

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=3671
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"e57-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m8VhK2te4PdcAvwbvPqsIWPpG8OV6XdiDuajFnqKyIF5T5uvVUaRqhgIKwbV%2FBBv22eETP7d6jG1rg9mNHPrfHF%2BJXd9pvlsW58PcoJiXfVN0QE0uexTnswLl1iSR3lBZ3NDyvMP"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ed858bbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 masonry_entries.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/masonry_entries/ 14 KB
3 KB 115ms
108ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/masonry_entries/masonry_entries.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d9bcd6bf5b87dea03b0c9c45deea41cfc5c82ea7c29599a9ab860d000025b3d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=17085
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"42bd-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hdgg%2B7qv7g5gWkyNsy956Tiz5LpD%2BI0hf6wRfx97ph3AkGfiToXkJXZGp58IefC0ZPXfUXcIHnloZhjT4Ds7ZgyXd0twpDkj2%2BFSuTuUe6Wm84HQGGGRljngwcNRK51bFejzFxCW"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ed85bbbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 avia-snippet-site-preloader.css
kresy.pl/wp-content/themes/uniset/css/ 2 KB
949 B 104ms
97ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/css/avia-snippet-site-preloader.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

83bdb180e301e7623fb9cbf2f5459a37476c098ba3c86baa0eaec40bc11083a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=2178
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"882-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1x%2FsPogGG8Kz%2FApmeHhgXiUox4%2F3V0EdlFRCqBR6zPb5%2BCLvjlP5PD3YeDe%2BNV5kFzvD0E9sWttjI%2BMlQfG%2BOvJJXyrhwSHu9v0ohtEiBg9X5cGBft60FAlCAhGjtykj%2BGT8W%2Bh2"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ed85ebbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 menu.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/menu/ 4 KB
1 KB 107ms
100ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/menu/menu.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c6703af5b39c525d6f311c56d0d5883499821d42f4f4d9981fcf705c7f399bc4

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=4481
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"1181-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QzO4CnpD%2FbdVt2VlZBh%2BJNYc41CE2wkoyNXmv6XGJBqkxSm0msYFSkIJWQi3HDq0ppqPYNiKtOz5ymIEU5rV4TZuYNd4mfenYhFK87qVUD4U0A0RoM8r%2FjqFu4VCX%2FoeskyKqKIn"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ed85fbbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 notification.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/notification/ 2 KB
1 KB 99ms
93ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/notification/notification.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e812d9352f690aca3a55036c76d1f2004c579dca1f3d2c2613870e309d67806a

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=2938
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"b7a-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZocuO701bjvWUPDEjgLPCNPYolYXmUqxpsTZPBkRbhg3WN2PT2Rvdp1yyjJ%2BWv0%2FfRLcPZT6j5JRiUYzKAtZgKC8BFTDAnjYoWRc6eTtbZQHMfaVB9daxvFthHa8dmN4tBWIwQdV"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ed861bbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 numbers.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/numbers/ 1 KB
832 B 107ms
101ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/numbers/numbers.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ee95c15b1ce2ea679b316e9d07d5731796f2580d57595892ca614d2468ee7897

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=1950
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"79e-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OD41ZKNZHCZD8FwbEpQnC%2BdRtm%2FIYbxMORSnPsgoQQWK7r%2F4ABCEBcV8lYlswV%2FgA%2B%2FxcC25hMjm%2FxIUA%2FqTycNFOFZlTUSsbe3h09QrVMwZSCTUGgMwMVKOMBEZEf5eD5h4ECLo"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ed862bbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 portfolio.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/portfolio/ 8 KB
2 KB 120ms
114ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/portfolio/portfolio.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ad7f89bdbaa98f70229f2ba5bee3342c521031c5124913cc5bda010afa23889c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=10194
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"27d2-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MkD6s1yYF86twXF%2BlyKnb%2ByUOCwwmPk5Ap3FKgCzHONfZhXx2CTZr2u0uVe6B7CDhIhhUuQryLlG%2Bo3Nybf73mRiGgTqNn7%2Fdj2Hb8hV6P25ml3PfHlIquZlKbbDbWM0ZNbbj49z"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ed865bbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 progressbar.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/progressbar/ 6 KB
1 KB 117ms
111ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/progressbar/progressbar.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b6651b105fb018b7826b6a23182e4d5f008abb46bab7a05df74cd222868aa5e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=7718
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"1e26-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sBlWtc5ZGa0fWVy5shU2BBEehz0uofmZY95NTGddaEhXpyhywGS6vFEJka6%2BIkVVHi6MQomZqs%2BpX1BtQISrrbFnRO4qestRlHHfJhZHWuiy7waX5BKnhM6kinh2yQntW933IdlG"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ed866bbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 promobox.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/promobox/ 887 B
747 B 119ms
114ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/promobox/promobox.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bd21683a4257c1dc091a37946efc4d97148a9354ef35f8a0ffcf511f680bfd62

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=1294
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"50e-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=imp3Xt0RW97hu84gX2QS6fstz3oQtTj6S00nFvd7oWDiVJs%2F0Lrs8ElTujtvA0NgU676dMhospzfCaqYIcxlHa0q9Nd8kgzlnHLQqL6kO4kZLx%2Bc5gWm%2F%2Bi8A2SmSSXzQsvL5bWU"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ed869bbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 slideshow_accordion.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/slideshow_accordion/ 2 KB
997 B 104ms
98ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/slideshow_accordion/slideshow_accordion.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c82b8b6b572f425169ae715afb4e44980e654f0b7edcec732b5c626855d9ea8

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=2383
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"94f-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S789s%2FuZuETdokpW1icywWz10et0%2FqGOq5NkLB5pV0BjfXm20F6l0pleCN%2BFsSi5HZCkMZl8ze%2BEQjWFhEp6QCXiRAZgzsyxfwBA8I4lfTcfpgnOPvGw4VgChpUuHKlG5Mk9eOvD"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ed86bbbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 slideshow_feature_image.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/slideshow_feature_image/ 1 KB
746 B 104ms
99ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/slideshow_feature_image/slideshow_feature_image.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

918e83a51c2983f0bd13783d3d6f8ebd3151e6cf3208e3707747969f6005661d

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=2078
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"81e-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2yyWbjtZb2Xv9EyRbdLdBPWBDLulVekThBlQ8rJuIw9T8wagnvd6PVb%2BoDvZW7vlR4dzkUn7WJRVgJ%2FBJ%2BhB8bE8TqPypYequEKa8xA65R3uvcyJ9DnFMnS3cJw3C1cuQAzwZ0t7"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ed86dbbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 slideshow_fullsize.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/slideshow_fullsize/ 4 KB
1 KB 108ms
102ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/slideshow_fullsize/slideshow_fullsize.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c8687a69edf6155266d7c5f9299a0c5ffe6208400cad4af5b341ab548434cbc

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=5651
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"1613-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ycbgd55HGc%2BmhUPgTqCifsTVSkPxj1bsKnnTOeWmasAm9fW6VmtwTu1Qwun3sFZhb6FO%2B6WrPtqUZCK83ZIyDvq2QE1IpAMtI5AhkUUaCHDvPoDihbjrgfbdv%2FqH%2FBwY%2BVinYYxu"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ed86ebbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 slideshow_fullscreen.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/slideshow_fullscreen/ 2 KB
850 B 108ms
103ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/slideshow_fullscreen/slideshow_fullscreen.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4bd10fbce80218e264cfcafae75bf1da71a3ae96d9de503e54dc304783db6bf5

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=2070
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"816-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ReO981rpLd%2FKqOmIRxLWNxEFE6%2FCkCTq0MJHa2GNUKfCZqA0Fh2P8SPWqL4RHtjLTGeVNKL4B%2FYMvp%2FhQJnxEm2rJnqGwNaecoJmEpHvoHWjEAVc3KrlxxsyViEDOkKPNQUayfpr"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ed86fbbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 slideshow_layerslider.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/slideshow_layerslider/ 4 KB
1 KB 119ms
113ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/slideshow_layerslider/slideshow_layerslider.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

51a712d2957076df698a5f02ea182033646a763e13d8295aa894bf939a5e1b87

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=4907
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"132b-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3JA4ghV%2FkeH1jAAYiPGnhnL%2FDb%2FlVMDx0CZXeYMTH5OCC2FaAPmrJhilO6coGT4jJjnJYxX3yMz8iVr8wb3zyeLtR0a%2F%2FmJmYQW3NuJ5ydOP1CDp2QPaAeS0W8kPOHInFVX7lYty"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ed870bbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 social_share.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/social_share/ 855 B
668 B 107ms
102ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/social_share/social_share.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a26fe0ecbbd8cf732c6d12f7cf2e81ec684e91348d5f14c025e25f4694488c52

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=1252
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"4e4-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FwkO9vnP9v87UEojicRyyJZsYm2DNqV6nfjXCSl7mmykHsyiHGiLqJezdjvzFREpodo0rNcPQdjXcWErcrB5qUgwPnY8vH572ObS3g0x6tKKib8L%2BnYa79AqKITTlzqIw4yQRlLy"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ed872bbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 tab_section.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/tab_section/ 4 KB
1 KB 116ms
111ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/tab_section/tab_section.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

092401398bba0f370e5dfb08b47055c64798ad806941462536026e3ee9e4e5d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=4555
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"11cb-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v1mnb9CZ1x%2BD5YNhmQ%2F96NVq4eiAqQKWvSGHsq2oF8pOJJHfKx7G6G7%2Fm%2BikXFX9bn92Kzq9Li6%2FMIbS5FyDaz1h3LBKFqqxczP79SyfZdp5U%2Fqi8n1v4km2l6%2BWENOyr%2FXxMMqK"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ed873bbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 table.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/table/ 5 KB
2 KB 102ms
97ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/table/table.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be67eea9de3ced69bba3b09297045d6078a92d9daaf740a7f326fb77fe655a33

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=6692
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"1a24-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vwCW1dwfK8%2F8T79B%2Bd6nR8sdhtjEE2Hw8%2FG0OdezHmQWKXmpNOwfdo%2B40ZQN6%2FMHtzzFsfj0MjbC%2FbJNyXqjhsBQhCKpyQiJUb0l3O5RHePuGgE2ABgu4GthbCbzGonOWappQhgX"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ed87abbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 tabs.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/tabs/ 3 KB
1 KB 121ms
116ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/tabs/tabs.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3c93cb8a8f35fd7c904e52ab625b1b6c178ff9b26a31c6b687381d0d5efa56c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=3691
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"e6b-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JX1x45s752z%2B9Tlk3sYGeXnkBLiyssc4iCuGukv2clnkylKSYj1P92laG%2BTO14nU2sNvlI6Rvp3GZ0vp321msWcjpJ9WJOMZ5JLjRUZmDzAtQKgnU%2B1xyyHErcpEFYXItyVIyfPm"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ed87cbbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 team.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/team/ 3 KB
1 KB 101ms
96ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/team/team.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3fcfb80ce66406ed2331d9044eb58c93edb2c066414c58a556c8ed36059959fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=3478
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"d96-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bFDF%2FjMPmldGFcABjRQ0Ka44Yb9u6qVoqu7bXNL5ga9R4zpXBHnwkyxyzORZFMjCzIEH%2FFeYuHC6bmCTO5Fr81r4pfKK9Hdmmc3zG75FHt1LEUUZvmwlsUbcklwn548KcT%2BjsT6J"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ed87ebbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 testimonials.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/testimonials/ 5 KB
2 KB 116ms
112ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/testimonials/testimonials.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6eae5672fac3b82abcd1d3a2c7e578467295025ba1f2beefb88e1ea6a03df6fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=6379
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"18eb-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R1LX7%2BbvKOukTFfmVk6XI%2FL1j1S5I8G9T3ZUQ7z0Eow0pCSVDoX6PFi4pvcD4NYqwdnn0ma7jR54uTf%2F0W0prUDM8%2BYu49fNtf4pFMsgZlGRWw6FlMA8%2BFDQidAPMc6XBMgSmvwD"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ed880bbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 timeline.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/timeline/ 21 KB
3 KB 100ms
96ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/timeline/timeline.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fc5768cf98f1a441e0bd74aecd45b657d4d20195635aacbec87e3c7c8ff609ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=26939
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"693b-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FY2uZcjqndk4R1Av4i71H9tn28HjRg1tg2v2oxlvgbmiwAWTxDUX3VwpXz%2FCjuepS9XewNECG1bcC%2FuIOPBEvtHM68Lvurg3wYHmHHUPQEfkzqjZvW4CEfrbisbjqUshXELzsJow"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ed881bbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 toggles.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/toggles/ 2 KB
1 KB 106ms
102ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/toggles/toggles.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ebc787aad93152bbbd5f7453ed2f0adb36e460d52dcf5e56a2f80225458a0696

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=2995
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"bb3-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kE8lWNKNpw%2Fjnw8G%2FnqqT4Jz2IDtbPcinpZNNjWDx65zQD26sRCu4G3mXrJ%2FaxuuAtPYo%2BL8sZ%2BGvO0VXCjOKqMDHB6QNrMEqvP6PUSsblD0tUcq3xwPc1iQhG5LJtH90ElUTG4r"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ed883bbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 video.css
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/video/ 1 KB
720 B 113ms
109ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/video/video.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0f0d236fad633c4946c8af4d78bbaa290c7994cd9d1118dd8d4a6b1212f05805

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=1857
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"741-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g1dyUVAXsVhos%2B9WP0YiQI8sloZQPzPK5bmx0l8TcEO1n%2FsYXgj3hxcn%2FYomzZ0lcZIsEHimRT%2FCYPyOu2hbsKN9X13PA6Rt55cSHz2sl47jgDPS1LN2mxlyBgN4xeLdcjUz4n0s"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ed884bbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H2 200 layerslider.css
kresy.pl/wp-content/plugins/LayerSlider/assets/static/layerslider/css/ 20 KB
4 KB 117ms
113ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/plugins/LayerSlider/assets/static/layerslider/css/layerslider.css?ver=1672927377

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

364dba85f50a51168ea3546c4d4afe233c14f89bf8601326ac0ddb74de58b744

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248712
cf-polished: origSize=25566
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:57 GMT
cf-bgj: minify
server: cloudflare
etag: W/"63de-5f184c20a8640-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gv5heD8%2BbvvlEultiIlVkP27WFClpdFtQGkJzS5uAO%2FjSVTSfx6K0Q9N8EXiSWoovrhdLhTVnc%2FAOTSgNLrqSVDRKGEh2eWlDn6sY75UZu61UZIbvKe27h0Bqbt44N3a78I3%2Fiev"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9ed885bbc7-FRA
expires: Fri, 05 Jan 2024 14:18:13 GMT

GET
H3 200 _DQXbaV3DbBp40CLxTa6KatqzQU.js Show response
kresy.pl/cdn-cgi/apps/body/ 4 KB
2 KB 133ms
126ms Script
application/javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/cdn-cgi/apps/body/_DQXbaV3DbBp40CLxTa6KatqzQU.js

Requested by

Host: kresy.pl
URL: https://kresy.pl/cdn-cgi/apps/head/Wv9CrlAi5VUPtZ1mKM7Y8QG2CMI.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b55bd455a5cf8e7a113f6368f8fbfbb27f5b28274539fe2b9743b4d768bf862

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
x-amz-version-id: WfD7aWCX.YZBRr_Gl2GzvRgVnSNSD6Aq
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0; includeSubDomains; preload
x-amz-request-id: FAW49Z11XRMDP7G4
age: 11023255
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: pp0GreGlG86Vp+c6Grt1KgDd6sipccbg+mqfFQPyxdyuTqe+gyJVsBsLWigs+DA0ntfxEfHD+7s=
last-modified: Tue, 24 Nov 2020 20:24:05 GMT
server: cloudflare
etag: W/"1435f6294f43e9f548fb2c415ba55db6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o0ERNslo5G5v88ZzFIW6iuVvzNW8z30Whrm%2BhA72G4OI6tO6QBVIwdjZXjr0%2FPnRoqICcYReqKo3fLtXm74F2BYel4dS35%2B1HTyTCehH1esARXfbqpPOIA6jA62UYMTzP0N8PC0O"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 78648fa0cf699b67-FRA

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 170 KB
63 KB 199ms
102ms Script
application/javascript 2a00:1450:400d:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MT7GKX&gtm_auth=CizSoufveSvyM8hZO_bwBA&gtm_preview=env-2&gtm_cookies_win=x

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

31587e73d8fefbeffa99396d52e71d899dafc9eb0481c82a04c79f94abd4b27f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 64304
x-xss-protection: 0
pragma: no-cache
server: Google Tag Manager
vary: *
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ 7 KB
1 KB 148ms
59ms Stylesheet
text/css 2a00:1450:400d:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,600%7COswald

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

88d3fc154c3ed0e8b688bf7d6fb47cbfab615d846c05baee8c6297bb9678862f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 08 Jan 2023 11:23:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 08 Jan 2023 11:23:26 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 08 Jan 2023 11:23:26 GMT

GET
H3 200 wp-emoji-release.min.js Show response
kresy.pl/wp-includes/js/ 18 KB
5 KB 134ms
127ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-includes/js/wp-emoji-release.min.js?ver=1649742983

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2296608
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 12 Apr 2022 05:56:23 GMT
server: cloudflare
etag: W/"48b9-5dc6eb878efc0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PGrbxUu9wZPzjrTjkPz8Uh5KfRUnv%2Fx3zq6ftXnidssHYg8Kr8dLE6PZvDnMW6%2BJvrOfaAOb2h%2BCFdhAVHZEUvafnopQ78DmLGl%2F%2BrZ%2FCDdwCmVG3SKea4Gx5x7oe1Xbqppy%2FhgC"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648fa0cf729b67-FRA
expires: Tue, 12 Dec 2023 21:26:38 GMT

GET
H3 200 style.min.css
kresy.pl/wp-includes/css/dist/block-library/ 93 KB
13 KB 90ms
90ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-includes/css/dist/block-library/style.min.css?ver=1668178605

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c324ef26b20264369e4568dc9ef1c5cb1f325f6bc4e8b7c01f7fe93fa353276a

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2296608
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 11 Nov 2022 14:56:45 GMT
server: cloudflare
etag: W/"172a9-5ed33192c4540-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YUKYzW7ABB6LQXQuWibXl9Ey%2B4c7%2FuUzgxH7Kzbmr5pylYbltxp%2FmiDt%2BKQNPbpvAX8Il3ftM8TvxDUXQaB6I9iSaIqJXCVfhffmHOLqIGkEfR8qZWrIvfHpnU8siCMlwLPJ%2BBUt"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9f3bb39b67-FRA
expires: Tue, 12 Dec 2023 21:26:38 GMT

GET
H3 200 classic-themes.min.css
kresy.pl/wp-includes/css/ 217 B
703 B 92ms
87ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-includes/css/classic-themes.min.css?ver=1666705516

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2296607
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 25 Oct 2022 13:45:16 GMT
server: cloudflare
etag: W/"d9-5ebdc1e39f300-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=82VQyfxjKPodQUt70%2BhUMtnJmUdqhfwVHXiC8ObrmAcJj7CWPkoPum8HKIYQVFnvR3RkbhJm37rK%2BPC1Lg5Ni%2FMtbs1EKY%2F21EIw2LYC053ryIAxqN5E%2BYt2fC%2BP7JDL7XsFRq7v"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9f3bc29b67-FRA
expires: Tue, 12 Dec 2023 21:26:38 GMT

GET
H2 200 alertify.min.css
cdn.jsdelivr.net/alertifyjs/1.8.0/css/ 18 KB
4 KB 100ms
27ms Stylesheet
text/css 2606:4700::6810:5914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/alertifyjs/1.8.0/css/alertify.min.css?ver=1673177004

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aaaa1d3d000618b91ccc4a906c85d9024a484484d75ff5e7381abffb12cbdd28

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 374411
content-encoding: br
x-cache: HIT, MISS
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19146-FRA, cache-yyz4558-YYZ
server: cloudflare
etag: W/"4905-zm4qxxSU72UCdgztOXWX+u1V2ks"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6tVEHzAr7DEmK5%2BwLnk%2FnJpzLfSqkNWe%2FDzio%2BRYPBx8iOP%2Bb4hln4KIcgjkAgcW8WJV2zAeUQoC6qADcqPE1sL7FL8D64szwfCz0cZYeSSGS6A9ae%2Bsy2aPh%2FIdX5YOMxDwjWEmqc1TEhK1t5k%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 78648f9faf392c22-FRA

GET
H2 200 default.min.css
cdn.jsdelivr.net/alertifyjs/1.8.0/css/themes/ 1 KB
941 B 102ms
28ms Stylesheet
text/css 2606:4700::6810:5914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/alertifyjs/1.8.0/css/themes/default.min.css?ver=1673177004

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

956fd70c10d8530b2739b87baa54e77212904d582fd9e9e615eab66692401908

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 374259
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19164-FRA, cache-yyz4535-YYZ
server: cloudflare
etag: W/"5f0-eNdamcE+BaIdzsYzXXLAKKeY2wo"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Togk1IkoAs9DPm1EBnvHgvRQjOZ7f3dqaCX0EeMSusBatmBA0BBiQetjANBs7zU8Kbti9rON3xq9GloT1UT1R%2BTOT7qBr46QyW99pmmObRFscpMWkL8VQPzpmlzELI4U96QO8mV%2Btc8jH0eLL4k%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 78648f9faf3b2c22-FRA

GET
H3 200 bbpress-mod.css
kresy.pl/wp-content/themes/uniset/config-bbpress/ 25 KB
6 KB 59ms
55ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-bbpress/bbpress-mod.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a28240853844175fdb7d073b2608d0a8e7b6b7bae27606b0e64f40092f84a17b

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
cf-polished: origSize=31047
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"7947-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UuWMiX8ZYHbPahgxHC%2BDBYAihl2zjHHeyEq6Hez938tLMRawRcjQVbGKJ0rgnRp0SRrTUqXYCixTWv24MVuIOJkqrWGNlfUMG7tmHTV1Sqb1hkEDEf8QrjqcLsz1ogu4jTmc%2Fwal"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9f3bc69b67-FRA
expires: Fri, 05 Jan 2024 14:20:03 GMT

GET
H3 200 cookie-law-info-public.css
kresy.pl/wp-content/plugins/cookie-law-info/public/css/ 3 KB
1 KB 91ms
87ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-public.css?ver=1672927377

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b1f4247657f994f6c9520c982ab95f953ee1c052706594d74f521cae670cf8be

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
cf-polished: origSize=3106
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:57 GMT
cf-bgj: minify
server: cloudflare
etag: W/"c22-5f184c20a8640-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l5sXqD0LGRdNAZdQAXLRA8zIDqR%2BjiLWq6Mwwhnm6F3V6xrY%2BJh%2FQYCRFOuJaKUdAr1P2fIVex0M1kHDpLrLrMpMJAGbwWbFC6BIffwPKnR4cT7uaXCSrJoorl3F6mVuawXus1yb"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9f3bc79b67-FRA
expires: Fri, 05 Jan 2024 14:20:03 GMT

GET
H3 200 cookie-law-info-gdpr.css
kresy.pl/wp-content/plugins/cookie-law-info/public/css/ 22 KB
4 KB 92ms
88ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-gdpr.css?ver=1672927377

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2d0ee8b9f5976ae2dc3eefb7aace301d8540ad3d5f01c88f5049b3b7257a1d2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
cf-polished: origSize=27249
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:57 GMT
cf-bgj: minify
server: cloudflare
etag: W/"6a71-5f184c20a8640-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xi8TCuUpnuY2XxhphvGw5iQsi1slL%2B2JZ8hKVJg64mWk%2BYciBi1y%2Fav%2B8hNylgEeofK6gZonkIYKYM07SwSZgB7VIlb7hDZ1cDe%2Fi1Z%2BIQyOfVP9WW4pqmMoaoF6laKX7HsK9T4r"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9f3bc99b67-FRA
expires: Fri, 05 Jan 2024 14:20:03 GMT

GET
H3 200 custom.css
kresy.pl/wp-content/plugins/microblog//css/ 1 KB
915 B 113ms
109ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/plugins/microblog//css/custom.css?ver=1672927378

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

38f467f6fb3a06b5cc50143eb9c394d85b1e26b08d10e8a6f0bee260b186a288

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
cf-polished: origSize=1184
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:58 GMT
cf-bgj: minify
server: cloudflare
etag: W/"4a0-5f184c219c880-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pjpoAbS7UNSRZ8DxR8SxUJ3BQ3anxHN4i1mE%2FFqubGFPQmIXAB6dioAmP40plhZt67T7%2BnMt9Pqy6iqL8YiqF8RKrrPAzUeKbv8sphksbpboWwfDyPrs1lu6g3RUIBk4hPhcel1f"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9f3bca9b67-FRA
expires: Fri, 05 Jan 2024 14:20:03 GMT

GET
H3 200 twitter-feed.css
kresy.pl/wp-content/plugins/wp-to-twitter/css/ 1 KB
1006 B 113ms
110ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/plugins/wp-to-twitter/css/twitter-feed.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a53bc33c39273359690f66fe69169c7f21746854db5a1541fb76bd1313e2122

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
cf-polished: origSize=1645
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"66d-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BJ3mhEoDQwLlLgefavf%2FZXu4rdrbcmJp%2FPnkLclxyPeWs2bWFHK8GaVn2sh9U1ebMZ3SuIGdUBdwiwoBAmj3wt2JmbpMiWTeAeUkyQQCwivqcEZx486t7EzuJayAHzgqr4uuCvXg"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9f3bcd9b67-FRA
expires: Fri, 05 Jan 2024 14:20:03 GMT

GET
H3 200 frontend.min.css
kresy.pl/wp-content/plugins/wp-user-avatar/assets/css/ 72 KB
11 KB 62ms
58ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/plugins/wp-user-avatar/assets/css/frontend.min.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3a03eec8b6b8f7367f1b66ff53ac880713e88c910b739e00c7c022534c179e57

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:25 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
server: cloudflare
etag: W/"11e7c-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LphCimp22SPKCwSdZiExj7kNs%2FarMbyzTP4d9dyM%2Fai%2Bt4kzJgCinetbHvK8aJ8AGkjuRkckCTO4pwPGijEELE3pFW76ZoWP1jAP%2B1w2nsPdJcgq9JHgRP6OL4TZubG5h3WMa5%2Bd"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9f3bce9b67-FRA
expires: Fri, 05 Jan 2024 14:20:03 GMT

GET
H3 200 flatpickr.min.css
kresy.pl/wp-content/plugins/wp-user-avatar/assets/flatpickr/ 16 KB
4 KB 91ms
88ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

661e00570c65c29528d9ce6ee19e5e9939986716c293def67b07f8b6a191b018

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
server: cloudflare
etag: W/"3e52-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=an6JnQBmsMRDr8eGg42dCR0YJ0kdkP%2BeSj3rJVV%2FhlANmGXYDI%2B2yxCFMqAQMiumkmkP%2BahVAC0bMJlc8D7bkV6tf1DXou7EjmEzKPdy5x9TpbR%2B77Sbq59h1MvTokU4xv3wE86p"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9f3bd19b67-FRA
expires: Fri, 05 Jan 2024 14:20:03 GMT

GET
H3 200 select2.min.css
kresy.pl/wp-content/plugins/wp-user-avatar/assets/select2/ 15 KB
2 KB 109ms
106ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/plugins/wp-user-avatar/assets/select2/select2.min.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

044efea78208376302aad3808aaabdf3c2f7bdd80ba9d55c9e0e4d3baa7a3908

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248603
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
server: cloudflare
etag: W/"3a75-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1UxkQ%2B%2FKFkenlwlEEm8oNU%2FfWHnJbxDu78zK6DMN5q42rGoiLOGs4Oq802Y3UNVzYkdtacsluA62bRQZuXoY8AXMs5BfPiwpJqOpdPjH5RfuFk1%2F7EJjxcg5o8Si5UdkxX1nujmc"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9f3bd29b67-FRA
expires: Fri, 05 Jan 2024 14:20:03 GMT

GET
H3 200 font-awesome.min.css
kresy.pl/wp-content/themes/uniset_v1/css/ 28 KB
7 KB 297ms
291ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset_v1/css/font-awesome.min.css?ver=1672927380

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

008a1d103902f15fdb1c191fcb1ce8954330e7b8de43d09abb08555ba609f420

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248599
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:03:00 GMT
server: cloudflare
etag: W/"7187-5f184c2384d00-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IbCvWG4ZfCa2%2BQowJtEy3j5a3OcA8cIbOLeroRHDphcl4wt0YYF01Vd%2BQqca4CefabBHQeAWi%2B8mk%2BNDtDqbvYZ7BrjCWz2SFv%2BDYJ%2F0DfxGyTWBvys9pZE9eD1hhTXchsB7Nx9r"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648fa0cf939b67-FRA
expires: Fri, 05 Jan 2024 14:20:07 GMT

GET
H3 200 custom.css
kresy.pl/wp-content/themes/uniset_v1/css/ 46 KB
10 KB 113ms
110ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset_v1/css/custom.css?ver=1672927380

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

37695b90f89d6b5ab51f8065eb7817a06f4d33a93c609527af25f28b158e41da

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248603
cf-polished: origSize=47614
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:03:00 GMT
cf-bgj: minify
server: cloudflare
etag: W/"b9fe-5f184c2384d00-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IjTt15gBrInrXvptw287e2whu7WcAMyBDqolDxsUPwNelfO3OVPqeXe1F8S3CythK1B8gKbN4q3tcXNOXqmtQKiRzaYeqTdUSgoTIGvz9JFdWQB2sW3nclS5mCbwhvkCdik6QCX4"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9f3bd59b67-FRA
expires: Fri, 05 Jan 2024 14:20:03 GMT

GET
H3 200 shortcodes.css
kresy.pl/wp-content/themes/uniset/css/ 23 KB
6 KB 114ms
110ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/css/shortcodes.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a4478e3b1eb1524f8f11bbdfc4c2fe1f77239f674f1c100aa08197db6f8e13da

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248603
cf-polished: origSize=31875
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"7c83-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LJOFF%2FUcEJx3IKPmbADFX%2F0agbNDg806B2dZL4DLUOgXPudTHCYZTZM1Qyi0WRlBVhBmaN8bGE7cXwpE%2BZfo7Uqu3ccLEwWiH5EamUYEQSQqrMhdkFWSuzYc%2FGqdDIsuPUYQkgEp"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9f3bd89b67-FRA
expires: Fri, 05 Jan 2024 14:20:03 GMT

GET
H3 200 magnific-popup.css
kresy.pl/wp-content/themes/uniset/js/aviapopup/ 5 KB
2 KB 114ms
111ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/js/aviapopup/magnific-popup.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ce913d1dbc1af35278c76a34e8e9570b60b5f96bbc0678fe2b5daef8af684dc0

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
cf-polished: origSize=6948
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"1b24-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WE6WLsXqCGUz8X0XIun6qLgURhhSD5nyE6q6uoYxA8ptxSEC9FFghlon7%2F23wXaXfRAI5TmeU38DFGUn4BiUim0vinvox98ZbfVqJg%2BXQDxR24X565%2B6JuIhONHoX%2BZanflNk%2FJL"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9f3bdb9b67-FRA
expires: Fri, 05 Jan 2024 14:20:03 GMT

GET
H3 200 avia-snippet-lightbox.css
kresy.pl/wp-content/themes/uniset/css/ 3 KB
1 KB 133ms
130ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/css/avia-snippet-lightbox.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ccc80a7ab5b8160e07981e57c67bd53a193a1b0db3579a2959f0151a176d6c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
cf-polished: origSize=3639
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"e37-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E%2FvwXtsiNvXjXZz%2BXBCo0a1NTiMX4NytpQpUHJt%2B5h01K%2BnZSOZjyWepIlmDQN19FKG25bnp38clVZL2uCWB7N0GcYj8n29tUgEn%2FSMfx4zdNX9DNb16iUASFv5WXUrDCYq5rJwT"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9f3bdd9b67-FRA
expires: Fri, 05 Jan 2024 14:20:03 GMT

GET
H3 200 avia-snippet-widget.css
kresy.pl/wp-content/themes/uniset/css/ 15 KB
4 KB 134ms
131ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/css/avia-snippet-widget.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0ecb42a1ffee36d191dc0a19d24967fb62640deae90ea290efb24bd78608bf63

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248603
cf-polished: origSize=18218
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"472a-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fhrvo8A2Yl9As%2Bv1SmelxSZ%2F2f9%2Fi9dFrUUnhgGA63IG%2B0Czp5XOOljjrGHPjYTtS7%2F3ImCDVVtn7yx6hcoPSDfDQaHS2%2Bn2ynFzuybr6N9ehMYm4gtKZa2K8nVPSXvu7oKJsZfh"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9f3bde9b67-FRA
expires: Fri, 05 Jan 2024 14:20:03 GMT

GET
H3 200 uniset.css
kresy.pl/wp-content/uploads/dynamic_avia/ 145 KB
20 KB 157ms
154ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/uploads/dynamic_avia/uniset.css?ver=1670702924

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3c6a317de62b191e13c07554d6105dbf080156ff5714e07b0076267927ec7ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2296608
cf-polished: origSize=156291
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sat, 10 Dec 2022 20:08:44 GMT
cf-bgj: minify
server: cloudflare
etag: W/"26283-5ef7ed65a224c-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eEfhekUMvw6bJUDkX7Gnq5Ku7mXmmc1jODNaU0r8eJg8VrQtkzmtwH%2BW4y%2BD%2BG8sORAajM2um1r4kNIJlY1mMKz2Yzd9NaaFHemd%2BBeRv7gxeCaI5MirGEbmOsOqFrn%2BTxIyYz4w"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9f3bf19b67-FRA
expires: Tue, 12 Dec 2023 21:26:38 GMT

GET
H3 200 custom.css
kresy.pl/wp-content/themes/uniset/css/ 84 B
638 B 136ms
133ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/css/custom.css?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e6706ad7dab8c9155c0f17f80b6fc3684c2b453c8e2c72f7e19eeb7e74700346

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248603
cf-polished: origSize=707
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"2c3-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jj0icleiQhxyBc4U16b9%2F9%2F5P8X19nvV2gncCxbfex0se3IwNjVDpPuWtNFVxIsquYpQKAoVreaBhr%2FHthr5d5ohhHKepL%2B8q3mdIO263KGs0pGdkYhexhIcH0w0gpTktVBxO%2Bzz"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9f3bf39b67-FRA
expires: Fri, 05 Jan 2024 14:20:03 GMT

GET
H3 200 style.css
kresy.pl/wp-content/themes/uniset_v1/ 202 KB
101 KB 136ms
134ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset_v1/style.css?ver=1672927380

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5e4bec29408e5174c818a5e9e73e6ae60fddaf8421133d5f6c20f33b46f06e6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248603
cf-polished: origSize=218614
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:03:00 GMT
cf-bgj: minify
server: cloudflare
etag: W/"355f6-5f184c2384d00-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ev6Tly%2BDfDKaZzvUJN%2FgHWpg1SSPQbkUY%2BZa%2B3U1yJ8soqcV0URRh%2BHvsIvjn0rTbUJEIAF0qqAGBK2pRrFnE8R5lU4J1pWHesxwzzFhxCmDdFBsEwBKpiRNwDhf0frRA3hO%2FYc9"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648f9f3bf49b67-FRA
expires: Fri, 05 Jan 2024 14:20:03 GMT

GET
H3 200 jquery.min.js Show response
kresy.pl/wp-includes/js/jquery/ 88 KB
32 KB 183ms
182ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-includes/js/jquery/jquery.min.js?ver=1663596984

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2296608
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 19 Sep 2022 14:16:24 GMT
server: cloudflare
etag: W/"15e54-5e9085b47de00-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XIUMgq3ZuCPMu%2FOt9oTI7SFcDBY4lvAwDIeKn0Yr851GxKTWaX3gngIKyftzwh3zZSoGcWJYnMRX48GYkBnB4ZgYrQgQyI9Mc9gsmIuD7uUhElronybc6IuJuaWYhwpdxBFZoVPC"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648f9f3bf69b67-FRA
expires: Tue, 12 Dec 2023 21:26:38 GMT

GET
H3 200 jquery-migrate.min.js Show response
kresy.pl/wp-includes/js/jquery/ 11 KB
5 KB 201ms
199ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-includes/js/jquery/jquery-migrate.min.js?ver=1605690366

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2296608
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 18 Nov 2020 09:06:06 GMT
server: cloudflare
etag: W/"2bd8-5b45debe27b80-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ApVtCtJ2CVpNrq57ImS5hMQTKMhzF9q4ep7uiODn%2BHzZqZ%2BbfWl%2BFprqSoBxUsA69pdCrC6kVHgD5qqZvxFqArttDKOTi4tHes1lH0OwSO9OJEDg12qmEFtpyTb%2FkUkhjem5nDE4"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648f9f3bf79b67-FRA
expires: Tue, 12 Dec 2023 21:26:38 GMT

GET
H2 200 alertify.min.js Show response
cdn.jsdelivr.net/alertifyjs/1.8.0/ 35 KB
10 KB 98ms
29ms Script
application/javascript 2606:4700::6810:5914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/alertifyjs/1.8.0/alertify.min.js?ver=1673177004

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fa13f2a7d42e023c8b7e6158197191b9e412805ecd107e0e2dd13b73f5114c22

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 374259
content-encoding: br
x-cache: HIT, MISS
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19164-FRA, cache-yyz4528-YYZ
server: cloudflare
etag: W/"8aaa-TYsU5nRtVWHyjWatrj2q0Q3kB6Q"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ki4o6w%2FTM2YVXH17Xe7okbanxML8ilU9tMbTLLhPZeLy%2BGXa4T1PaHTmCFaa5r3a8hbYMEeevokAiawdr3u39kZg8G1XBNxh74M9wdYRFfyDf4OOnsAoF1SXzqbwzXZj5DfmSg4kK%2Bxv4lnz1rU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 78648f9faf3c2c22-FRA

GET
H3 200 cookie-law-info-public.js Show response
kresy.pl/wp-content/plugins/cookie-law-info/public/js/ 27 KB
7 KB 204ms
202ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/plugins/cookie-law-info/public/js/cookie-law-info-public.js?ver=1672927377

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f24007e2fd5e6c3c6ccecf1155e6955c9629ce2a0c4983e39a522b8f877597e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248603
cf-polished: origSize=35069
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:57 GMT
cf-bgj: minify
server: cloudflare
etag: W/"88fd-5f184c20a8640-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kA3zhp0PLVGRKQrtbpng00LHo0dT06BKdCbhwvcx7qrxgc4SRHS7MiaCHbPAkhkRwbWTD5f%2FmSd3sNb%2FO1JMAVO6jB7J4FbCC5ja74mprEUha%2FIu2CYMTzUmMp0wAFrSKyQVHnvn"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648f9f3bf89b67-FRA
expires: Fri, 05 Jan 2024 14:20:03 GMT

GET
H3 200 flatpickr.min.js Show response
kresy.pl/wp-content/plugins/wp-user-avatar/assets/flatpickr/ 49 KB
15 KB 209ms
208ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.js?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

587e022b442a0d7013a27f5fd2db035e28a74318d44dac1ac431f124c615bb37

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248603
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
server: cloudflare
etag: W/"c205-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qr%2FS4UMLa0ehCCAxPLNKZ4q%2BoWW8jzSD36rdN4Jtju%2F1DFEDXzfKAegooi32ReSuypWJRLWfS%2FcVFfRUgVsKX1cSCzI2T54PyTI0LSMTNfoRxZlWMsT5BFLZh5rZsCd8y04zFe%2F%2F"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648f9f3bfc9b67-FRA
expires: Fri, 05 Jan 2024 14:20:03 GMT

GET
H3 200 select2.min.js Show response
kresy.pl/wp-content/plugins/wp-user-avatar/assets/select2/ 69 KB
20 KB 220ms
219ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/plugins/wp-user-avatar/assets/select2/select2.min.js?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

00501810e93307a8882a74d864e7547fd1458deea539361dc1124ac133799a4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248603
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
server: cloudflare
etag: W/"114c3-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=flX%2FiW6v7HuylI6Lac4r9TDrWnAn5PS3nU4iqXwEU19MKezSP3U8m%2BKEeq1DhzqF84n9oPp0TpdsfjN%2FX6Tl8CjvmumZ9qxTETXUaBiKQ%2Fn8%2Bst3lnasDSO3L0aonTZLHtmrlknv"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648f9f3bff9b67-FRA
expires: Fri, 05 Jan 2024 14:20:03 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 143 KB
49 KB 128ms
71ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8524944207935228

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7f31b14f37f032c7279542755b98c9b06ec9bef250814dfc6594749a7b847cfe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://kresy.pl/
Origin: https://kresy.pl
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49334
x-xss-protection: 0
server: cafe
etag: 10445816253447080853
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sun, 08 Jan 2023 11:23:26 GMT

GET
H3 200 kresy_logo_header_vector_full.svg
kresy.pl/wp-content/uploads/2017/03/ 3 KB
2 KB 136ms
129ms Image
image/svg+xml 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kresy.pl/wp-content/uploads/2017/03/kresy_logo_header_vector_full.svg

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

713f16a7a520948bbc170fee27551a21eb2262f86185d3628a4260babe5b26bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5046113
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 07 Mar 2017 21:19:19 GMT
server: cloudflare
etag: W/"a30-54a2a909f63c0"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LYx2m4xjmVpDNJ6nDWTN7ntvFgJtvLOi9BNMPODVkqL%2FcbxJybbQL6FGcYBvh6%2Fq0C4AXUnkazDTqjsGsLK2mzMG1HW9NfSxC9FSSwPcmErJnZgDWGTAHITqBGHZ2tvmUPSgdkhc"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=5184000
cf-ray: 78648fa0cf769b67-FRA
expires: Tue, 10 Jan 2023 01:41:33 GMT

GET
H3 200 ls-slider-57-slide-1.jpg
kresy.pl/wp-content/uploads/2021/04/ 31 KB
32 KB 136ms
129ms Image
image/webp 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kresy.pl/wp-content/uploads/2021/04/ls-slider-57-slide-1.jpg

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

811b745c41f96db66203adc66dbba365d1ccc6efcf1aaa1f6bd4a5a85d0ea7da

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4391473
cf-polished: qual=85, origFmt=jpeg, origSize=80111
content-disposition: inline; filename="ls-slider-57-slide-1.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 32148
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 30 Apr 2021 21:24:19 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "138ef-5c1373c1626c0"
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t8TVo26nxB4gyc%2BEX0zISWv1loH82qDts2Z1Iyx5bsaDRUBsnXIelD8qTKeo9RqlMQAH%2BPUJEA1ezH8BlMAt0dQQzZSq7nbdrfkgh7OmkF3p80FuyYY3zVckXOORqpw4M1GJV1wE"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=5184000
accept-ranges: bytes
cf-ray: 78648fa0cf7c9b67-FRA
expires: Tue, 17 Jan 2023 15:32:14 GMT

GET
H3 200 ls-slider-57-slide-2.jpg
kresy.pl/wp-content/uploads/2021/04/ 30 KB
31 KB 154ms
147ms Image
image/webp 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kresy.pl/wp-content/uploads/2021/04/ls-slider-57-slide-2.jpg

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

715b046cb6ee42f460d43f888ceca495c6360a0c81661efffa8356acf63c8eab

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 139726
cf-polished: qual=85, origFmt=jpeg, origSize=79336
content-disposition: inline; filename="ls-slider-57-slide-2.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 31174
last-modified: Sat, 10 Dec 2022 18:36:01 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "135e8-5ef7d8ac65123"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xm0ju1RuBxnXqOmk1nGGIHfGObcHpgOErGC4NNLvch%2FFClm7Ry5XF0wdKHHmTDd2G1OdVkRRscqmdVpEMCA6i3LM18oVZD%2F080TeTxSn%2BhzsyNnI9JOAf%2BBmZqsi8FzcJhcvRQ8T"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 78648fa0cf7e9b67-FRA
expires: Sat, 06 Jan 2024 20:34:40 GMT

GET
H3 200 Rheinmetall-amunicja-30x173-mm-APFSDS-T-i-TPFDS-T.-Zdj.-ilustr.-Fot.-wikimedia-970x542.jpg
kresy.pl/wp-content/uploads/2023/01/ 50 KB
51 KB 176ms
170ms Image
image/webp 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kresy.pl/wp-content/uploads/2023/01/Rheinmetall-amunicja-30x173-mm-APFSDS-T-i-TPFDS-T.-Zdj.-ilustr.-Fot.-wikimedia-970x542.jpg

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

26e733acb42ce7ad4968295a82b5dbbffa0366c193673c7913057acd5f4c22e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 42446
cf-polished: qual=85, origFmt=jpeg, origSize=312359
content-disposition: inline; filename="Rheinmetall-amunicja-30x173-mm-APFSDS-T-i-TPFDS-T.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 51280
last-modified: Sat, 07 Jan 2023 23:18:41 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "4c427-5f1b4c13b7ea4"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MB%2BFxuwizXGNb1EbX1cRblKh45BrjIBB%2FVYsTvDCDnrWWgE94Pa693aNi9v3PoUtZr3EyW4XkGvDGE0kT9netuRtywX7i%2BkHX%2BrIQHDO%2FciqJ6u1QqbCtPYO6aNuGvOOZM3zf3CM"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 78648fa0cf839b67-FRA
expires: Sun, 07 Jan 2024 23:36:00 GMT

GET
H3 200 oxfordBanner.png
kresy.pl/wp-content/themes/uniset_v1/img/ 52 KB
53 KB 206ms
200ms Image
image/webp 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kresy.pl/wp-content/themes/uniset_v1/img/oxfordBanner.png

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0d39db71c68241c4c0b5ea43addd9ba1f9a6a49c6cb722de52c3cb3998de2a43

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3209753
cf-polished: origFmt=png, origSize=55739
content-disposition: inline; filename="oxfordBanner.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 53376
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 07 Apr 2022 09:50:22 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "d9bb-5dc0d680e3380"
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ac6MjQl%2BbHicsa08kc74%2FJwRxmt7owryuluqQ3%2BHPWK75rQ%2Fz2p2FwhAeVImOWJnzgA6Rg%2BJ0InJgQe6MGd7l566XQqoNuMs7QobPhwfx72rHyFFa0HiH7LnZdHPatHSI9kKZAtx"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=5184000
accept-ranges: bytes
cf-ray: 78648fa0cf879b67-FRA
expires: Tue, 31 Jan 2023 07:47:33 GMT

GET
H3 200 oxfordBanner-mobile.png
kresy.pl/wp-content/themes/uniset_v1/img/ 115 KB
116 KB 225ms
218ms Image
image/webp 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kresy.pl/wp-content/themes/uniset_v1/img/oxfordBanner-mobile.png

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fb529c19901bbd359388b88f002b43f09dd24e3d98474a47eeb54c3c3d5d98e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 143466
cf-polished: origFmt=png, origSize=118030
content-disposition: inline; filename="oxfordBanner-mobile.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 117844
last-modified: Thu, 05 Jan 2023 14:03:00 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "1cd0e-5f184c2384d00"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=psvLtFTbUwCAiXpvVYQQ8BnONiPikmemRuPLodgdzoHQ2RCKXbrAzWV9Z95nenMDMPN5ZK4bP9Vkl3NE9nRTqYMU9ZVcbWLPhJNePgyVH0a647hwQ4zjJYU1gn0HtWkO1S%2FCqbUB"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 78648fa0cf8b9b67-FRA
expires: Sat, 06 Jan 2024 19:32:20 GMT

GET
H3 200 email-decode.min.js Show response
kresy.pl/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 28ms
28ms Script
application/javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Thu, 05 Jan 2023 11:26:13 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: gzip
etag: W/"63b6b3d5-4d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bmki9rHWkjXgC3rgY1BjX53NrsNUSVKM65QzXFeMISdMrAQQUJmYDwreZ1%2FRvjRANkbEpen753HhU%2FJbB%2FwFLGKN%2BM9AlgFg2108ziWbriQNTXc0esucb%2BjBPhHNWVaBnv3jVk0i"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 78648fa0ae829b67-FRA
expires: Tue, 10 Jan 2023 11:23:26 GMT

GET
H2 200 loader.js Show response
www.gstatic.com/charts/ 65 KB
20 KB 72ms
19ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/charts/loader.js

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

297577d52fce5df45a53b1d2e06469f65ee1dcf2e9bfbc8e2f45dbd06a0de8b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 10:48:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2104
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gviz
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19937
x-xss-protection: 0
last-modified: Wed, 23 Jun 2021 18:41:30 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="gviz"
vary: Accept-Encoding, Origin
report-to: {"group":"gviz","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gviz"}]}
content-type: text/javascript
cache-control: public, max-age=3600
access-control-allow-credentials: true
accept-ranges: bytes
expires: Sun, 08 Jan 2023 11:48:22 GMT

GET
H2 200 btn_subscribeCC_LG.gif
www.paypalobjects.com/pl_PL/PL/i/btn/ 2 KB
2 KB 85ms
24ms Image
image/gif 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/pl_PL/PL/i/btn/btn_subscribeCC_LG.gif

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

7dfc2bd2e4f7df599d5706ba4f44dd6511a78e111fa2e7e9651683fbd0a75ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
x-cache: HIT, HIT
fastly-io-info: ifsz=2237 idim=122x47 ifmt=gif ofsz=2236 odim=122x47 ofmt=gif
paypal-debug-id: 5dfc7b33872f6
fastly-stats: io=1
dc: ccg11-origin-www-1.paypal.com
content-length: 2236
x-served-by: cache-sjc10042-SJC, cache-hhn-etou8220099-HHN
traceparent: 00-00000000000000000005dfc7b33872f6-3a06e845f4231a54-01
x-timer: S1673177006.266746,VS0,VE1
etag: "LyOniz3NX/Bu/UX4M5pqoyt45Ir8jkA36s2wROdpbQM"
content-type: image/gif
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
x-cache-hits: 173, 1

GET
H2 200 pixel.gif
www.paypalobjects.com/pl_PL/i/scr/ 42 B
560 B 82ms
21ms Image
image/gif 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/pl_PL/i/scr/pixel.gif

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

0c1ce4dd3afaa97d8627ecebc2e255fe5c1b3c2038f6961a86d10f0381056cc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
x-cache: HIT, HIT
fastly-io-info: ifsz=43 idim=1x1 ifmt=gif ofsz=42 odim=1x1 ofmt=gif
paypal-debug-id: dd439ad7b275c
fastly-stats: io=1
dc: ccg11-origin-www-1.paypal.com
content-length: 42
x-served-by: cache-sjc10034-SJC, cache-hhn-etou8220099-HHN
traceparent: 00-0000000000000000000dd439ad7b275c-98b4cffbddde7a37-01
x-timer: S1673177006.266750,VS0,VE0
etag: "EMKH4Lmcv0jpPecX1lsuI9JDUC4i6ZE+vkcq+Tq/75s"
content-type: image/gif
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
x-cache-hits: 5232, 6

GET
H2 200 vaafb692b2aea4879b33c060e79fe94621666317369993 Show response
static.cloudflareinsights.com/beacon.min.js/ 17 KB
6 KB 111ms
59ms Script
text/javascript 2606:4700::6810:3965
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
Requested by: Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:3965 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0f48c5678ce459a596423b0e55344e7ad8eb3d3b1b27c54cd76a9d4cee7dd6c3

Request headers

Referer: https://kresy.pl/
Origin: https://kresy.pl
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
content-encoding: gzip
last-modified: Fri, 21 Oct 2022 01:56:09 GMT
server: cloudflare
etag: W/2022.10.1
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 78648fa119d49253-FRA

GET
H3 200 kresy_logo_footer_vector.svg
kresy.pl/wp-content/uploads/2017/03/ 3 KB
2 KB 296ms
290ms Image
image/svg+xml 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kresy.pl/wp-content/uploads/2017/03/kresy_logo_footer_vector.svg

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e5ab43225ac152a3ccedc47805832907964a16d829ad97a4c5b5423edc1ad3bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 612110
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sat, 10 Dec 2022 16:15:30 GMT
server: cloudflare
etag: W/"a19-5ef7b9434c241-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bCJ9REM6ffY1Y8J9c87q8IvEd4UZ6DpgfmuSlRGP3GG7h4oLOsNL0ar%2FaKH2pWAGXH7Kz%2FZCl5ShFCcwjNdEK3tuVp%2F3ODz3%2B8moIzSebQPyVtJgxUGI4OCmEhuHXcMEasN9tdXQ"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=31536000
cf-ray: 78648fa0cf919b67-FRA
expires: Mon, 01 Jan 2024 09:21:36 GMT

GET
H2 200 resolver.js Show response
ads.operiada.pl/ 4 KB
4 KB 139ms
36ms Script
application/javascript 212.91.26.93
ATMAN-ISP-AS ATM ...

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.operiada.pl/resolver.js?id=46
Requested by: Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 212.91.26.93 , Poland, ASN15694 (ATMAN-ISP-AS ATM S.A., PL),
Reverse DNS: web18.mydevil.net
Software: nginx /
Resource Hash: d2802f441c418a4c34b83d6b1ed5e23909a388942d333247fa825300fef9f67d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:24 GMT
last-modified: Thu, 05 Jan 2023 18:57:44 GMT
server: nginx
accept-ranges: bytes, bytes
etag: "63b71da8-10e0"
content-length: 4320
content-type: application/javascript

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 97 KB
29 KB 477ms
102ms Script
application/javascript 2606:2800:220:de:468:2285:c1:4a3
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:de:468:2285:c1:4a3 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (bsa/EB21) /
Resource Hash: c02444f391e8655e79ff8d7d4cb69c3426c3bffbf8731a994fa23aed0f641d12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:26 GMT
Content-Encoding: gzip
Age: 817
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=
Content-Length: 29221
Last-Modified: Wed, 02 Nov 2022 19:43:37 GMT
Server: ECS (bsa/EB21)
Etag: "6633f9603c759c40d9b200995454f17c+gzip"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=1800
Vary: Accept-Encoding

GET
H3 200 avia.js Show response
kresy.pl/wp-content/themes/uniset/js/ 44 KB
14 KB 94ms
93ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/js/avia.js?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e9b342a582a08efbc75edd137b3a987b75df1d9880483453c4643ac40c0319ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
cf-polished: origSize=68035
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"109c3-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XL8YoYe7S9IrQTjE%2Bk0N%2FCG59I21jmhKU3y0LaB4kgJ36Pwn2Bw4%2F5JEx4pzhBXr8Y4gFHXCnR1ORQDKifhrfGAnId%2BjZ%2F7E1R0nxcalIyWS%2BJWmoXZ3rnr%2FSCI8H%2FeoXLC0Beku"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648fa0bea79b67-FRA
expires: Fri, 05 Jan 2024 14:20:04 GMT

GET
H3 200 shortcodes.js Show response
kresy.pl/wp-content/themes/uniset/js/ 26 KB
8 KB 96ms
83ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/js/shortcodes.js?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5cd498c56d9bf99465d04e9d055c963497a7f1b357017d2a193a5cf7127a365e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
cf-polished: origSize=40019
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"9c53-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=md6PsB1wHijaMBAdzkeg%2F2UzqaxzgXejMSZ5ResQGJyqypbiTHr%2FwWcH64mC2JsPDxZ7M3dj564R1U%2B4ccoCYMfhv5YHWurVeCEnIYvSQN737SPfw1aMt5Pk59F4JF56l9oZc9J%2B"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648fa0ced69b67-FRA
expires: Fri, 05 Jan 2024 14:20:04 GMT

GET
H3 200 audio-player.js Show response
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/audio-player/ 723 B
947 B 97ms
84ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/audio-player/audio-player.js?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1553d1efebbf4029ae2cebb097bda34e623aa75fbd872d8de0e615779dcdcb72

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
cf-polished: origSize=1368
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"558-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yttNZ2q9H8Zb5lVeTfX1F95PjTbuwpXApXTGvEdn8YMJEOwJyrLCRkSPVKwIyKdWaM6lo6PEycg3LbZDQ3KtFDp%2Fj9DcRbvzoqY9N7UehZ6h5DrDKZI3atnS%2FAbNafHROCX0zANb"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648fa0cedb9b67-FRA
expires: Fri, 05 Jan 2024 14:20:04 GMT

GET
H3 200 contact.js Show response
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/contact/ 5 KB
2 KB 286ms
273ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/contact/contact.js?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8f4fafbbe6dd314e4c6d3586e736ae6bec8c0f274fb9b8e909dcbc24345f66c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
cf-polished: origSize=7813
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"1e85-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bMGDKiXeszuWuJ3bhXxXm05TzA2%2Bup9%2Bu4bA3jBUCfDXmi3OQGxEBcPDWF0hukkgSmh2%2BVA1c4KoKIrfSpOGVWANZGqXNWV2u%2BSzCRYJZhixovGaaC%2BO1Gb8FqZ75J5FGfhjkapa"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648fa0cedd9b67-FRA
expires: Fri, 05 Jan 2024 14:20:04 GMT

GET
H3 200 slideshow.js Show response
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/slideshow/ 17 KB
5 KB 97ms
84ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/slideshow/slideshow.js?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5f5705501eeee95f1d95bb8fdfd1852692b45e6291a7af03f277d70974d55315

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248603
cf-polished: origSize=31244
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"7a0c-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HxpnZy9mhibIUa5HRigxAslo1qayGbNvooHyzablA2Vp9lFRlq9BTJCogOR2mgzRJwE4V9fEzN2BubpBrJqAnEqfFNi5lgSkrno5yV7Gy%2Br26LMXgs%2F01IqkNonDxiMVob7ztnev"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648fa0cee49b67-FRA
expires: Fri, 05 Jan 2024 14:20:03 GMT

GET
H3 200 countdown.js Show response
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/countdown/ 2 KB
1 KB 97ms
85ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/countdown/countdown.js?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fcd15dfc594a9ae2e2b3a568ee573f71fcaa511b0ba69373d5b806ee6b304420

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
cf-polished: origSize=2939
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"b7b-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NL354jRXczffhDXGR6sQW7i65iBYKFhAUO8gAr6NkHE85vtavE8Hy0TjO12lRnWt2gF8hBBu4WhReDhrGcF%2BmZSh7%2BWAeqseC%2B%2FhahEtjlHA%2BGnHlPecsah%2Fn5o%2FvpzCWprLStHe"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648fa0cee99b67-FRA
expires: Fri, 05 Jan 2024 14:20:04 GMT

GET
H3 200 gallery.js Show response
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/gallery/ 2 KB
1 KB 97ms
85ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/gallery/gallery.js?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4e1bd638fa820ac4bfab62f46359224ac2508d4078c1689e188953ad16535160

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
cf-polished: origSize=2497
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"9c1-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LsuhNAGzXsXC83ENsF%2BYeIH4XhiCMGKzz5HYMBrjFLvdCBChSOu%2BYA%2FoQoJZiEyDm78OPEWrUEciKn8qGkN9JKXACQTUrkWUDvC%2BHkr8riUR92wouRfXGcvOz8Y5HENo9T%2FtWpDj"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648fa0cef29b67-FRA
expires: Fri, 05 Jan 2024 14:20:04 GMT

GET
H3 200 gallery_horizontal.js Show response
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/gallery_horizontal/ 3 KB
2 KB 387ms
375ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/gallery_horizontal/gallery_horizontal.js?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7aed8b4c692023a769c401ed30334a3e13df2666af94456cc791f80709d24f71

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
cf-polished: origSize=5081
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"13d9-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dLFHtKKtBY4bR4FFGTWkzqGBP3m7kYX2mfJesKIiGZXm2iwDgSQ9%2FkvrpzcT9gIykYF8hUGt63dI9Is60qGmoSK5b8xN9ziR%2F31Gl76W94vwXEe3XYCTrMLkPZ5d7zY2FljwA2jq"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648fa0cef79b67-FRA
expires: Fri, 05 Jan 2024 14:20:04 GMT

GET
H3 200 headline_rotator.js Show response
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/headline_rotator/ 3 KB
2 KB 98ms
86ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/headline_rotator/headline_rotator.js?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3df2935c0e6eee02f36e332a4fe389b7fc2e0ca58ac9860454a3b43e34d2e7e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
cf-polished: origSize=4975
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"136f-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bjt4Pf9ZnnBC4mVk7l3msbAm4Yc7G9ksoph7hX6q6h8h7R8KzOF9BvvlEjFniDPe1K1dWp7RWB5nTn3V9PGGnIrUYMcdGuXRY8d5ZmgDuKAazv25dzY4rC1gN6MNl5AatZJIxVIF"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648fa0cf029b67-FRA
expires: Fri, 05 Jan 2024 14:20:04 GMT

GET
H3 200 iconlist.js Show response
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/iconlist/ 336 B
780 B 98ms
86ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/iconlist/iconlist.js?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df9230f9369d193f3f243be620398d0f25173a7ab3029500aa9abc2a9d61d2f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
cf-polished: origSize=685
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"2ad-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jP9sEKhWwHV4%2BY6QW7eB3bmZfH5Wq0dAp6rGVAT8t6tNzp8oJFkIyzuLgAPAkG9uebVRhIuG6n%2FNq9CpTPaEvsPluBlbKjCqKZrzG%2BPXgNsxfFbo%2BZvF93jONkJ377kQhHAzABU6"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648fa0cf049b67-FRA
expires: Fri, 05 Jan 2024 14:20:04 GMT

GET
H3 200 image_hotspots.js Show response
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/image_hotspots/ 439 B
825 B 98ms
87ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/image_hotspots/image_hotspots.js?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7b9c58f9229f610161637b2fd1d0c4f7ff724ae4f1e01c72f5f3803e816aef63

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
cf-polished: origSize=784
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"310-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MgXW0eYHv32%2BnGftX82JUl2Q%2FMdKfJCj7IPJ%2BkFDlxnhtSi%2BCHiKP3oVfedL9hCOwy7msDih0ZEByMyPjpk16Jp8NATpTfT1CH7cukKOnJZl0olSXpOaMOyZunPB%2FTVxAM%2Bzg4tx"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648fa0cf089b67-FRA
expires: Fri, 05 Jan 2024 14:20:04 GMT

GET
H3 200 magazine.js Show response
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/magazine/ 1 KB
1 KB 98ms
87ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/magazine/magazine.js?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22eac0f9b2624c1cfa0c4861b32acdd4ae8f43153fdddf2a9dfc3c4d2b5e42bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
cf-polished: origSize=1782
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"6f6-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3I69t2I3iaeQEVinI1MDVRAcwjf7vq1CJw38CDpbi0%2BI4nrX89awO%2B9nSqf%2FL0xsaY5dZPRP5UAFi0E%2FgT%2B51P5WeTKHvleArxvhc7%2F0z0wYS4RTKQFHNduwSwYyBS6vT%2Bq2NchD"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648fa0cf0c9b67-FRA
expires: Fri, 05 Jan 2024 14:20:04 GMT

GET
H3 200 isotope.js Show response
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/portfolio/ 47 KB
14 KB 99ms
87ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/portfolio/isotope.js?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3df532ff80f07cb7f516b1d7f6adb2d0191de269b908f4035c511c0ec6edf12a

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
cf-polished: origSize=48314
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"bcba-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p2Y04v02wYlRYFOePcNtHv3w09ekFTEcu6WoUKT8AW1dgOaY8hHYDvvw7ycRgEuHa7%2B%2Bs33aCiSk%2FxNmWpifOTXo8Xz8GWiGD0zOgzNmLogVwpex0lfGuaEDHyg3t3Qtqj10dVn2"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648fa0cf0f9b67-FRA
expires: Fri, 05 Jan 2024 14:20:04 GMT

GET
H3 200 masonry_entries.js Show response
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/masonry_entries/ 5 KB
2 KB 101ms
90ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/masonry_entries/masonry_entries.js?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

495c24c12d1bb51bb64e71fcd4c8aaad086516f6fc9fc0a428f07581cd93d6bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
cf-polished: origSize=7984
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"1f30-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZC5ViT2NUN1CHPmC6ZU6FfwlR0imgGiHKnVhYE4h9yneQTophqogdQcHe8191096oMqpqSv4jHGYdH8CuaRgHoMeTgRjW2gKswjdOrW1L48mVcHuA92b6FTy2Lx0kpoY1Xii4uXL"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648fa0cf119b67-FRA
expires: Fri, 05 Jan 2024 14:20:04 GMT

GET
H3 200 menu.js Show response
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/menu/ 3 KB
2 KB 115ms
103ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/menu/menu.js?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a0d10de723e93daa9946aa1faed25837a03283fa7a8135a55e7436c66797fd6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
cf-polished: origSize=3874
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"f22-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ilah89Lsx5Txd9pMTUPXuh21do0a43ne0kZEHhgN28Gm3Pi2GTmR3207o94u%2BBAMyaMQutSy2l24Kh5dcU1LjJUGEVe7vI1XzDFs05ZAg6tb4ZOnFZc5u%2By38idhhMQ%2FJYD9sN3Y"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648fa0cf149b67-FRA
expires: Fri, 05 Jan 2024 14:20:04 GMT

GET
H3 200 notification.js Show response
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/notification/ 1 KB
1 KB 148ms
136ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/notification/notification.js?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bd25c5ae4b8c35d8f63f204795e5006ab377a2d2046e099d4cb730ca2845a375

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
cf-polished: origSize=2996
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"bb4-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=arrnRtI36kezi3RncA8Ekqra0c3hjib0fUh8ICPADxq7W6aenPl9Q9k5Hewnsb4yyBlDykmv7fbBWD%2BjKs4ElL4%2FquB3T6%2FLubzQrz3hMNcEUz9uxHAAUYYZRtRrHxLI7jQtFZMA"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648fa0cf179b67-FRA
expires: Fri, 05 Jan 2024 14:20:04 GMT

GET
H3 200 numbers.js Show response
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/numbers/ 2 KB
1 KB 148ms
137ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/numbers/numbers.js?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

38f2a2b2491586252bcc4f23bd8c59995f8071d4dd9f822346a70f242d38c50f

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
cf-polished: origSize=2974
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"b9e-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YmuriolNUZe%2FjtfwPcAD5JCE7ael05jWbuDc18HozNuo%2BTuR8RvAuWGEjRDnO0Y7lbjdrQSNIZlSICaqK933WFJAfargLs%2F5v2cp%2BNnWBmrViW1i2Br%2F3uIKLZ%2BWYp4S%2FIA7PrUE"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648fa0cf1b9b67-FRA
expires: Fri, 05 Jan 2024 14:20:04 GMT

GET
H3 200 portfolio.js Show response
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/portfolio/ 7 KB
3 KB 193ms
182ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/portfolio/portfolio.js?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f44940d0ac1b1f39f3f8a46e8f9c8609753ed85bc5bd0476634e0c452d8e4fe5

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
cf-polished: origSize=10991
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"2aef-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Nzdm9T3oTqokgW7KN6uTig2xFeyS9x9Eh31%2FzcZWZ%2Fnk7qmLp5OUk%2BMUuQUk9en1Jk4RBu63%2FLqaXWxwWOZKlRD88LCwW3AiNxh28PwGMLgWAxUYElgRJCAFMbj2LyqJPNcIeEO3"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648fa0cf1d9b67-FRA
expires: Fri, 05 Jan 2024 14:20:04 GMT

GET
H3 200 progressbar.js Show response
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/progressbar/ 490 B
838 B 249ms
238ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/progressbar/progressbar.js?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5dfadd96e2181537edc66c954bd4c123563a66316d92cde7a48a218b98df6980

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
cf-polished: origSize=908
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"38c-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uLQa9vvaT5Y9u0w3F9kQKGb0H8emmMKxYCzQhJtycQjb6RpjzEqdmPc9j9Pxku24uIwrVu7iGX6OMVNzr%2FwfAZ7xOkm2RZZ4VuuvOBR9CRScsYtSde8P9%2BYoBZ8phbbfBxJs%2Bxya"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648fa0cf1f9b67-FRA
expires: Fri, 05 Jan 2024 14:20:04 GMT

GET
H3 200 slideshow-video.js Show response
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/slideshow/ 11 KB
4 KB 250ms
240ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/slideshow/slideshow-video.js?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f6428ae5ab56bde526b758d753302b7e1b4b4b6afc3f0d2c48157775d9e7411a

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
cf-polished: origSize=23077
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"5a25-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yFHdswywUaDFcMtIooGlAn6jnLpAfwhEyFUtofwlYfmi0qmQ%2F6LBd1OAk%2BV1bOnSnYyIpTVbyuTvq4b%2FajiOdV4dPFxVUt8F6r0z%2FxaIdAF0WvPrneauxYG25qEEomNYNc7vVUsp"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648fa0cf229b67-FRA
expires: Fri, 05 Jan 2024 14:20:04 GMT

GET
H3 200 slideshow_accordion.js Show response
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/slideshow_accordion/ 6 KB
2 KB 256ms
246ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/slideshow_accordion/slideshow_accordion.js?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1e8a1d80cf88da3b776376a5e64c4b1f1beea27348a9ce226d60eaa4e661f52b

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
cf-polished: origSize=8442
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"20fa-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W3rDTWMKfKxGIaCROmAg0geRtHrolljzDO9JlSGgLMTYSjLZronOiDsFBd8Cz0NNPyqu4b90DA%2Fbsqp4XkCJalQM0BbZKmuPn6FkvJk38p%2B70be3lExq50PgPwl2XA3WKUBCDZ7W"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648fa0cf279b67-FRA
expires: Fri, 05 Jan 2024 14:20:04 GMT

GET
H3 200 slideshow_fullscreen.js Show response
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/slideshow_fullscreen/ 3 KB
2 KB 256ms
246ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/slideshow_fullscreen/slideshow_fullscreen.js?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

72271eafb4ed653a685aa7a6ba78712514a53ce7a333c434e4177f42e5aba700

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
cf-polished: origSize=5625
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"15f9-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1%2BTDT6pVHXSXAIksb0tv8a3TTN%2B5wZdgHdzl6wBefvF5nLWpjgE6uiiUriSD4novpJ%2FeSvwlcoyYqsaUqJf%2Fx9IyqJ7ptTro0nR5rKvnle4izMpc4gYcrbObjp1xYUWLw5eu%2FCdL"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648fa0cf2b9b67-FRA
expires: Fri, 05 Jan 2024 14:20:04 GMT

GET
H3 200 slideshow_layerslider.js Show response
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/slideshow_layerslider/ 409 B
837 B 256ms
247ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/slideshow_layerslider/slideshow_layerslider.js?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2f4209728b16afb9f3683a4b508f9ed23e3efe8cefbf90582e654e3c7527648a

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
cf-polished: origSize=849
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"351-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ReAH6sG2Ek54MhAtPcl32FQyB1JMlVQ3fRQEaHE2VAewpbr0unLIU3cnGKDRyWZ9ajAg2%2BbbkxlcvxbwMS1X8bNngQEIGVljPI6%2B%2Bns%2B5SBNxXNNvscicjvWA7Oi2eRzocn5Blqn"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648fa0cf2d9b67-FRA
expires: Fri, 05 Jan 2024 14:20:04 GMT

GET
H3 200 tab_section.js Show response
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/tab_section/ 4 KB
2 KB 257ms
247ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/tab_section/tab_section.js?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b7f209642837d07048ac14287762f745ff51f45ad8dea00eadd5ef1a8296faa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
cf-polished: origSize=6975
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"1b3f-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KcPvH1lbdo47Cx%2FB4Bjj%2BVIoBzZlMb2KuUbAZDc3%2FfTe8pOhca0rKzbxmOyB9cF2zniyEUfTs87hrfTgqg6k1gOyLSqmEJHCroJy7ZwQO8%2B0YuTiapRGUpxdjzUPYlq7hqAw0lxr"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648fa0cf2e9b67-FRA
expires: Fri, 05 Jan 2024 14:20:04 GMT

GET
H3 200 tabs.js Show response
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/tabs/ 2 KB
1 KB 257ms
248ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/tabs/tabs.js?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d25986066398e3e454ef1a5289e09fa67aca78bf7aaf5b3c175e52c691706911

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
cf-polished: origSize=3255
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"cb7-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Off8itoCBVLKiqwWPm%2FKN%2BcoXVX0qqGB3VEx5wBn1hfxrxCIukF44cJ3ZQ%2FNCl0w%2FAWyRFqdLRu%2BSJpRIRQW74gcQRc%2FKUFsVJrF77rZfnTbWscpemm76sfBKxwdZRt8yT9T%2BxFx"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648fa0cf329b67-FRA
expires: Fri, 05 Jan 2024 14:20:04 GMT

GET
H3 200 testimonials.js Show response
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/testimonials/ 356 B
776 B 258ms
249ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/testimonials/testimonials.js?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3aa91885b9a270b8900d2d5ba7db18294c8b537538275c5f504f8dfbea8fb212

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
cf-polished: origSize=706
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"2c2-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sHH%2FH2MttJRlc91IQqC0ALDTdmAKFFmgX3%2BVYq6k%2FtBnthgNeoc18Rs1svkkLng7j6U9xLgezxtoK6YgpXvx3inK%2FoHTpj4RGDf291HWLKe3jutd04eMvq5F8KeFawhp1MttfHzL"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648fa0cf359b67-FRA
expires: Fri, 05 Jan 2024 14:20:04 GMT

GET
H3 200 timeline.js Show response
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/timeline/ 3 KB
2 KB 259ms
250ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/timeline/timeline.js?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fbfb7faab263547f7b57f9c770852ebf4d5f752e921bd1da15f7642f3aceb4b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
cf-polished: origSize=6521
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"1979-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EHKN7DcOOcQVBenqrx7enYFrhyCwOlm7Et9KoT4PNOYrLsTkCY9bHv7MFk%2Fa4BprzEnBci7kVDFfg8lqYhCOscEXNyIhTHfKr3xkfkMiwYR5GKwRaGD9Awu2L9aMca3dytrXqYf7"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648fa0cf399b67-FRA
expires: Fri, 05 Jan 2024 14:20:04 GMT

GET
H3 200 toggles.js Show response
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/toggles/ 3 KB
1 KB 269ms
259ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/toggles/toggles.js?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6866506e3962f102e74f334d9836c576267a96b8f4ea71a30f54dadd603215b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
cf-polished: origSize=3898
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"f3a-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7hmGZwDJv2xRZgSe54zn1hVAWjKG8yG%2BRrlYwZDNnmu9p72Q9VifW%2B0t7rmvhsZEQW43BTsjo8rKTZE4pMzRl0voBo6rs%2BJIfQw5H6HUjKOufqpWxngKBiIcw8RXkFwXpxquh0Ew"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648fa0cf3b9b67-FRA
expires: Fri, 05 Jan 2024 14:20:04 GMT

GET
H3 200 video.js Show response
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/video/ 553 B
913 B 270ms
261ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-shortcodes/video/video.js?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

821f1da7e083fecfa53125a9c92950a3bbf8a8f822538babe4ef46a9db28d86b

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
cf-polished: origSize=672
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"2a0-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J9GdCrQc7Sgln48gVGUxtwydBluXw%2FBkv8HDFDcs%2BV9cC%2F3lJiEncGHm2OXV0LRFSI3dYADQYBj75JtZ628zvSO%2BqtJFUsqdUrEP4grzgBw%2FMu9WKfzM%2FufwvhIVEBwc8jNz42jT"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648fa0cf419b67-FRA
expires: Fri, 05 Jan 2024 14:20:04 GMT

GET
H3 200 microblog.js Show response
kresy.pl/wp-content/plugins/microblog//js/ 0
560 B 270ms
261ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/plugins/microblog//js/microblog.js?ver=1672927378

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
last-modified: Thu, 05 Jan 2023 14:02:58 GMT
cf-bgj: minify
server: cloudflare
etag: "0-5f184c219c880"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q%2BwNkE%2FMw4O1xapa9XNlKxZEdau13BcTuBZclIhSnqr87PBOOQ%2Br93UHG5wbmTszZcL69OnwQFpdLy6yA7C46mMcEmVpggtfouC0llDxG55WwHj0OUMWpKNY8IiZe2Jg49Yos%2FU8"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 78648fa0cf429b67-FRA
expires: Fri, 05 Jan 2024 14:20:04 GMT

GET
H3 200 frontend.min.js Show response
kresy.pl/wp-content/plugins/wp-user-avatar/assets/js/ 9 KB
3 KB 273ms
264ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/plugins/wp-user-avatar/assets/js/frontend.min.js?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0818610c65fd1ca125b6f560e6cb6e6c8c299e461c2ce91ed197972623cdaf3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
server: cloudflare
etag: W/"2482-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ox39Q05w9pzn1guNVXyuGwCZMGt4dBiRnCwuuYOGjjCqd1ToZ6TAndCRxjnwszxk0o6OXd8yBiiH7wN5xFr5i8tAb5QrsVaefpKQVNp%2F1T%2FbJo6KsKETUlO6MZ5mKHiTptkdgCZJ"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648fa0cf439b67-FRA
expires: Fri, 05 Jan 2024 14:20:04 GMT

GET
H3 200 timeago.jquery.js Show response
kresy.pl/wp-content/themes/uniset_v1/js/ 5 KB
2 KB 273ms
265ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset_v1/js/timeago.jquery.js?ver=1672927380

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

af05e017dd88ad6e1595f8e2bf223fbed26e8679f0fdd257653dba09b6325af8

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
cf-polished: origSize=7403
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:03:00 GMT
cf-bgj: minify
server: cloudflare
etag: W/"1ceb-5f184c2384d00-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0CBPUbODsTE2TItfoIU49VVkRjbeM0spF9vLR%2FRExGDeqpWCNqJb%2Fr0Ln5gZieT4eBDYpXXphcZ7EsaCGNWN7hDPTNOSJBYcmVYATdwlBVWL6y3dyV447C16c973u1bDCUudjDD7"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648fa0cf489b67-FRA
expires: Fri, 05 Jan 2024 14:20:04 GMT

GET
H3 200 adframe.js Show response
kresy.pl/wp-content/themes/uniset_v1/js/ 21 B
604 B 274ms
266ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset_v1/js/adframe.js?ver=1672927380

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1a5a56e5082360b341d768c0b2db7f2f12103af0c119110de520e1661a890e37

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
cf-polished: origSize=23
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 21
last-modified: Thu, 05 Jan 2023 14:03:00 GMT
cf-bgj: minify
server: cloudflare
etag: "17-5f184c2384d00"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AtvQvEhiODJazIx95Eje561fqvk2beVjVD96YelzbB0lNVXBEyhQHX8HKNhPIcA3dyEKz5aaMSmTuDMdAEvChpN6zuua3rxiZSt3gS8S6Lz2px8GRtHJ4DLS90B9eOA%2BaXEIFoBT"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 78648fa0cf4b9b67-FRA
expires: Fri, 05 Jan 2024 14:20:04 GMT

GET
H3 200 script.js Show response
kresy.pl/wp-content/themes/uniset_v1/ 7 KB
3 KB 275ms
266ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset_v1/script.js?ver=1672927380

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9a532c230d6c65c8f317e027508ba6f387c858532186c8c45c3128dce3b96fae

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
cf-polished: origSize=15576
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:03:00 GMT
cf-bgj: minify
server: cloudflare
etag: W/"3cd8-5f184c2384d00-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YTnEWx9JzMrXWb0yybexKSp6yvigEq8%2BaLQltqyRagXD%2FRqS68SjcJAHon55OEZdTnC7X1E%2BCufqOVL6%2BN22u5kCYeRLld3MpUsM8QMwGfjJdFX6M4jFlC%2B3Pza2K6RnO1k1aoZu"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648fa0cf4e9b67-FRA
expires: Fri, 05 Jan 2024 14:20:04 GMT

GET
H3 200 jquery.magnific-popup.min.js Show response
kresy.pl/wp-content/themes/uniset/js/aviapopup/ 20 KB
8 KB 276ms
267ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/js/aviapopup/jquery.magnific-popup.min.js?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
server: cloudflare
etag: W/"4ef8-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q72XC3crUz7eyjqLP7LkCQOCBmzVRVA2Ke5ASFNmn7%2FfSKKBTa%2FxrolzqNl7ohtPDLpdU4zqHzvz9yZvYozcxLEYySCs%2FLj8%2FsFaOJad96p2rmvS%2FGWEqYTFJKDMFInvbLb9YHEG"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648fa0cf509b67-FRA
expires: Fri, 05 Jan 2024 14:20:04 GMT

GET
H3 200 avia-snippet-lightbox.js Show response
kresy.pl/wp-content/themes/uniset/js/ 3 KB
2 KB 280ms
271ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/js/avia-snippet-lightbox.js?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

54ce1863b3fbac5a6b022b21a78342b2e5d6b164e0c9dfff89f4db94a81e72c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
cf-polished: origSize=4770
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"12a2-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=df%2BQo%2FJDHi2qtF8CxPYD55jw8qCELvpCZUT%2BZOIky2G8fe%2FiE8RdhbAQR%2BmT7rlou0TJfHFZH%2FZIo04zGfZiNYPgJ7R7k8QUPi3I6iCycR1f6CKeXla6Bw%2BdvqQxqbPid2hOSYuH"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648fa0cf539b67-FRA
expires: Fri, 05 Jan 2024 14:20:04 GMT

GET
H3 200 avia-snippet-sticky-header.js Show response
kresy.pl/wp-content/themes/uniset/js/ 2 KB
1 KB 290ms
282ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/js/avia-snippet-sticky-header.js?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6c26f61cc0554cacd6c543b5191a76a875123f6b4c7f5035afa5ed66afea30ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
cf-polished: origSize=4249
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"1099-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=517%2FnSjtKS75XkusprU%2F8W61StZ2dRP4%2FGbrZhIBNY1QL9Ylgxi5WcYzg4a5qJfmwcJyztwM%2Fd9VjjlMlpBVnp6EPBbKtOXl8hSEUm%2BQDlGJ6C0TzLOY%2BUp%2BfwlOuAQraSRVLuYK"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648fa0cf549b67-FRA
expires: Fri, 05 Jan 2024 14:20:04 GMT

GET
H3 200 comment-reply.min.js Show response
kresy.pl/wp-includes/js/ 3 KB
2 KB 325ms
317ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-includes/js/comment-reply.min.js?ver=1649448438

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2296464
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 08 Apr 2022 20:07:18 GMT
server: cloudflare
etag: W/"ba5-5dc2a2438e980-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xUOmq4EYuyRHmgQ3xMrleUg4OxOcY%2Fc1zsAykkavJ2mRI9BSwf%2Bt42a26viHSarYwlbhLf2%2FLlH5aEkXdhkfBtqT%2F9%2FZe8%2FSPiOYqClDXa7vxSgZPpLSbrALmeaO5BM8xgRfCJ%2BN"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648fa0cf599b67-FRA
expires: Tue, 12 Dec 2023 21:29:02 GMT

GET
H3 200 avia_google_maps_front.js Show response
kresy.pl/wp-content/themes/uniset/framework/js/conditional_load/ 2 KB
1 KB 376ms
368ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/framework/js/conditional_load/avia_google_maps_front.js?ver=1672927379

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

755f523709079da4414451ab80f3e5a4a19464b665cfba8bc95c25eef38973b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
cf-polished: origSize=3864
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:59 GMT
cf-bgj: minify
server: cloudflare
etag: W/"f18-5f184c2290ac0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y8rd%2BMt4lMYYgN7SmupqFmmDHT6tzQTEPz3nmzETtnFgPrG06zaDCr92a45xY330mt%2F39CO94jPxLwL8WGI69kvqxRxLZiGkMQtygkm98tu4WxnOxerK%2F5b4igPb9ykkAFpy%2BDrd"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648fa0cf5b9b67-FRA
expires: Fri, 05 Jan 2024 14:20:04 GMT

GET
H3 200 layerslider.utils.js Show response
kresy.pl/wp-content/plugins/LayerSlider/assets/static/layerslider/js/ 120 KB
42 KB 380ms
373ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/plugins/LayerSlider/assets/static/layerslider/js/layerslider.utils.js?ver=1672927377

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8f93b921d7be261a7896a0697e5cbeb9e70c855b589a670913e5c6fc0fd9f8c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
cf-polished: origSize=122953
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:57 GMT
cf-bgj: minify
server: cloudflare
etag: W/"1e049-5f184c20a8640-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9JPk3IrzjpBLDrd728w8HFygWkghr7B9%2BjGNkj6rivvIb0sfcvigk2O9Aj9ew0NcD9LW4H1wNXRNr%2FtetHtOKu3gRLeSYuf6tgVP%2Bf8LBu%2F%2Bw3cXzQ18A39biZYzW5XXlPNdkiI7"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648fa0cf5d9b67-FRA
expires: Fri, 05 Jan 2024 14:20:04 GMT

GET
H3 200 layerslider.kreaturamedia.jquery.js Show response
kresy.pl/wp-content/plugins/LayerSlider/assets/static/layerslider/js/ 144 KB
57 KB 110ms
103ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/plugins/LayerSlider/assets/static/layerslider/js/layerslider.kreaturamedia.jquery.js?ver=1672927377

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b22a3bcdf8a356747426feb54a20b0d5c1fc5c6ea6f26ea68d58e8da19710c82

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
cf-polished: origSize=147907
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:57 GMT
cf-bgj: minify
server: cloudflare
etag: W/"241c3-5f184c20a8640-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yw17urwCCCeMabieoRsss9jxlR%2FJSBvl9P5%2BdtAa%2BraJCL%2FCCU6BznPxCNNpnk1%2FbQpHMGoL%2BVEXNudxBQDteTfaLlquZ0LkLMfYF9%2FN%2BPW7dR36Xuyftpd1TPISqJSqGAtr1uhj"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648fa0cf629b67-FRA
expires: Fri, 05 Jan 2024 14:20:04 GMT

GET
H3 200 layerslider.transitions.js Show response
kresy.pl/wp-content/plugins/LayerSlider/assets/static/layerslider/js/ 23 KB
4 KB 133ms
126ms Script
application/x-javascript 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/plugins/LayerSlider/assets/static/layerslider/js/layerslider.transitions.js?ver=1672927377

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9c4fa7dd69c1911559d75fa69d2a0a9a6d6dfaafa36cd210fdab82c65f58ffbf

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 248602
cf-polished: origSize=23719
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 05 Jan 2023 14:02:57 GMT
cf-bgj: minify
server: cloudflare
etag: W/"5ca7-5f184c20a8640-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fsblkxmjsaYc6hf7AvUyX4MnHKkk35y0EHKjhoVwUJ87h1G1wZjkHzDmAAnX77y1haRwIlCicBKwa3P0K3QNeSQQ1moUg7u6XzwuEfxM7wb%2Boi9m%2B4PItrad46BsBXGEybhwBI7N"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=31536000
cf-ray: 78648fa0cf679b67-FRA
expires: Fri, 05 Jan 2024 14:20:04 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 115 KB
46 KB 161ms
66ms Script
application/javascript 2a00:1450:400d:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-15290908-1

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e4a0af9ab2a729402cb4e43e79058c174881a7ed3e0a5af9a4c282b9f7356379

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 46373
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 08 Jan 2023 11:23:26 GMT

GET
H2 200 choice.js Show response
quantcast.mgr.consensu.org/choice/gTTKmuwPTuX5B/kresy.pl/ 3 KB
2 KB 79ms
22ms Script
application/javascript 2600:9000:211e:1200:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/choice/gTTKmuwPTuX5B/kresy.pl/choice.js
Requested by: Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211e:1200:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f32c3fb3f4c03c063ea4b5692b9554ef9bbaaaff2814b89134b7eed0a1ee58b2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:22:38 GMT
content-encoding: gzip
via: 1.1 753f415578c1ca010e51a83aef192330.cloudfront.net (CloudFront)
last-modified: Thu, 07 Oct 2021 12:12:22 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C2
age: 60
x-amz-server-side-encryption: AES256
etag: W/"402df69109aae7db5f08b8ef7030d68d"
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
cross-origin-resource-policy: cross-origin
x-amz-cf-id: KfLARMikA4mFycQFDDqFPsrAGbdvAUrzA6RoChIDOTpzdBcRuRBIkA==

GET
H2 200 TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiZQ.woff2
fonts.gstatic.com/s/oswald/v49/ 10 KB
10 KB 117ms
65ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/oswald/v49/TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiZQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,600%7COswald

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

81cd29d1413ecf75834fb3ce1da572fe5c39e53b22c61f5dafec5b14ed4ee12e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://kresy.pl
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 02 Jan 2023 21:05:42 GMT
x-content-type-options: nosniff
age: 483464
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9840
x-xss-protection: 0
last-modified: Mon, 18 Jul 2022 19:24:04 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 02 Jan 2024 21:05:42 GMT

GET
H2 200 JTUSjIg69CK48gW7PXooxW4.ttf
fonts.gstatic.com/s/bebasneue/v8/ 55 KB
27 KB 56ms
23ms Font
font/ttf 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/bebasneue/v8/JTUSjIg69CK48gW7PXooxW4.ttf

Requested by

Host: kresy.pl
URL: https://kresy.pl/wp-content/themes/uniset_v1/style.css?ver=1672927380

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

939fea723dad24504f40faadc34eeffadfbbee558754f70c3c736e13786b0ab6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://kresy.pl/
Origin: https://kresy.pl
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:57:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 80774
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27089
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 19:14:23 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
vary: Accept-Encoding
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 07 Jan 2024 12:57:12 GMT

GET
H3 200 unnamed-1-2.jpg
kresy.pl/wp-content/uploads/2020/12/ 4 KB
4 KB 283ms
282ms Image
image/webp 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kresy.pl/wp-content/uploads/2020/12/unnamed-1-2.jpg

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0bebe06ad7fa9ebf15e2fd751714c2c44fee9bf88bada838ee5d3a331fa4f9e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1055871
cf-polished: qual=85, origFmt=jpeg, origSize=4238
content-disposition: inline; filename="unnamed-1-2.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3854
last-modified: Sat, 10 Dec 2022 18:17:34 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "108e-5ef7d48c03baa"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ePCUO%2FIx%2FZnik2sRksrPTxSEt%2BfCpx%2B%2B9Uxt8j86PfIEm%2FFJFRy%2FMAS9g9saS7I9bXDp4Kw8YX6Zy%2FBDO%2F0uklm%2BCtbWBSnhJfcRKhFqLbARdSWRmyPIov2jd6ZbPo4L6mayyZ61"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 78648fa0cf9a9b67-FRA
expires: Wed, 27 Dec 2023 06:05:35 GMT

GET
H3 200 Feniks-1.jpg
kresy.pl/wp-content/uploads/2020/12/ 4 KB
4 KB 283ms
277ms Image
image/webp 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kresy.pl/wp-content/uploads/2020/12/Feniks-1.jpg

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3c7574532308b9ea79c764050e9bcac51461e4702f4add462a4be4e87bdba0c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1524850
cf-polished: qual=85, origFmt=jpeg, origSize=4022
content-disposition: inline; filename="Feniks-1.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3646
last-modified: Sat, 10 Dec 2022 18:14:16 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "fb6-5ef7d3cfdefaf"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oPsYQTw2gEhPwbB6AMXJK8ZvnqqYP2RMfxpmYVwg%2F2z1M88ZH9rwrJPwytxgvQAxDNmySd%2FXWTcgTcz%2BFlDk93nXG%2Fc1CsK2TkW2fS9yElgm2ua2j8ZSN27pLAxmNYsed85nGnSt"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 78648fa0cf9d9b67-FRA
expires: Thu, 21 Dec 2023 19:49:16 GMT

GET
H3 200 tshirt-orzel02-c-1.jpg
kresy.pl/wp-content/uploads/2020/12/ 2 KB
3 KB 286ms
280ms Image
image/webp 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kresy.pl/wp-content/uploads/2020/12/tshirt-orzel02-c-1.jpg

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6bbb5b1f902ed13417f917a70c47094824e51cc217508d994864b8b5acd3a387

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 145544
cf-polished: qual=85, origFmt=jpeg, origSize=2856
content-disposition: inline; filename="tshirt-orzel02-c-1.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1934
last-modified: Sat, 10 Dec 2022 18:17:30 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "b28-5ef7d48892dfa"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hxcpXKlqPE6Di9xXasWKKWO4oPG3S1sESZ4UwskvYl%2FV6Q2AE3FgLv1D1Mp1Mb1BEf1JBHO46G%2Fr52LECmIaKtzdDo%2Binobdd5%2BCTVbuBUD7IgKvy3VoJWuksfRnhON9nZJtEz5E"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 78648fa0cfa39b67-FRA
expires: Sat, 06 Jan 2024 18:57:42 GMT

GET
H3 200 twardowski-2018-tshirt-male-1.jpg
kresy.pl/wp-content/uploads/2020/12/ 3 KB
3 KB 286ms
280ms Image
image/webp 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kresy.pl/wp-content/uploads/2020/12/twardowski-2018-tshirt-male-1.jpg

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

57e00473f36ac34e67b9cd90ddfe2ff360eb4b1d311d3409b7302e515a86fbd9

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1515884
cf-polished: qual=85, origFmt=jpeg, origSize=3435
content-disposition: inline; filename="twardowski-2018-tshirt-male-1.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2874
last-modified: Sat, 10 Dec 2022 18:17:31 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "d6b-5ef7d489ed8d4"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6cOf8E95re5NTYE%2FknAuJGYZhZ0g1TUdZS%2BAuHPOkbsryVrD5t%2FnFE8JraPYUFZtkSlEEiWuQgK4zX3amtdd386qKADiWrGSV9a9ultH17eCzQQkCbQnsIdb1PwYoGYmoKTROpHj"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 78648fa0cfa89b67-FRA
expires: Thu, 21 Dec 2023 22:18:42 GMT

GET
H3 200 Achtung-1.jpg
kresy.pl/wp-content/uploads/2020/12/ 3 KB
3 KB 287ms
281ms Image
image/webp 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kresy.pl/wp-content/uploads/2020/12/Achtung-1.jpg

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f849964829fd3b4c871cc51da397cb65407cc04c5c52446706fea3770f7a616

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 140133
cf-polished: qual=85, origFmt=jpeg, origSize=3358
content-disposition: inline; filename="Achtung-1.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2810
last-modified: Sat, 10 Dec 2022 18:13:43 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "d1e-5ef7d3afb893a"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WUYo8zAsqSew0W2%2F3szdCDsnTpokR%2B%2Bmkz%2FBje6B02jhpskIzgMY8wz%2FeezdC4KykTMl7DkkTZXmxikSPfigwO8HuSHH1mlQeKI5qjsKrhqRWsEf3fhGLaCcsn2lHMmPzL0JhRxv"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 78648fa0cfa99b67-FRA
expires: Sat, 06 Jan 2024 20:27:53 GMT

GET
H3 200 tshirt-orzel02-a-1.jpg
kresy.pl/wp-content/uploads/2020/12/ 5 KB
6 KB 287ms
281ms Image
image/webp 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kresy.pl/wp-content/uploads/2020/12/tshirt-orzel02-a-1.jpg

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a5fe9123a293c6f4d6de2a70a6a3150b77bf26cec25ffd667555d4d99bf93734

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 145544
cf-polished: qual=85, origFmt=jpeg, origSize=5389
content-disposition: inline; filename="tshirt-orzel02-a-1.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5206
last-modified: Sat, 10 Dec 2022 18:17:29 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "150d-5ef7d487d56be"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KFEkS8Jd%2F5cil6W6t50Rg663gqNPz3qc%2F7QqSH519vdzSDKsKVqMdzwDbJQdL76l9n0rDwl8ZC5fLyp%2BmWiJd47%2Brj%2FjHzAhQVMDQNjA7VZd1NNEPC3kNnxt8bxLAcAc7bhymyNm"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 78648fa0cfae9b67-FRA
expires: Sat, 06 Jan 2024 18:57:42 GMT

GET
H3 200 heaven-hell-2018-tshirt-male.jpg
kresy.pl/wp-content/uploads/2020/12/ 2 KB
3 KB 289ms
284ms Image
image/webp 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kresy.pl/wp-content/uploads/2020/12/heaven-hell-2018-tshirt-male.jpg

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

18100726a615740d4b8a05a9286a99d2b427010a5e0c4ab3dfb10d9d49e28c8d

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3219658
cf-polished: qual=85, origFmt=jpeg, origSize=2733
content-disposition: inline; filename="heaven-hell-2018-tshirt-male.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2016
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 04 Dec 2020 12:17:57 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "aad-5b5a277746740"
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uyedkXbY3WFIthcPf9GaaNRbmLfVtqmD12YvtWd%2BijhY4mrtJEido%2B%2BaA4x7U2qHsneDbFHLC%2BrMTobjhNMP5dWKlmMTKokT1pkshjLUfTuhkGqoSTCJt5z5aebt6%2BQ77TFwOun6"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=5184000
accept-ranges: bytes
cf-ray: 78648fa0cfb09b67-FRA
expires: Tue, 31 Jan 2023 05:02:28 GMT

GET
H3 200 tshirt-serenissima2018-e1.jpg
kresy.pl/wp-content/uploads/2020/12/ 3 KB
4 KB 290ms
284ms Image
image/webp 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kresy.pl/wp-content/uploads/2020/12/tshirt-serenissima2018-e1.jpg

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

290c1e8a0d29b025714f4a0917c05ede5e875023b267627e1ffc5bdc6b453912

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 236392
cf-polished: qual=85, origFmt=jpeg, origSize=3785
content-disposition: inline; filename="tshirt-serenissima2018-e1.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3140
last-modified: Sat, 10 Dec 2022 18:17:31 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "ec9-5ef7d4891f7f8"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DEV6ZeYcnv01TLxWsxozcK2S0pLmCpjadf2gV2UDVqg6j1a8KUzl6Qur%2Frz0gQn1VCjx0LFEpNLMMij7NCx20YuR9V1OjQF5vlA1O%2FTxTli2JuiGS98oKXvZ%2BXaAILRjJn5E%2BXRL"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 78648fa0cfb29b67-FRA
expires: Fri, 05 Jan 2024 17:43:34 GMT

GET
H3 200 koniec-imprezy-tshirt-meski-black.jpg
kresy.pl/wp-content/uploads/2020/12/ 3 KB
4 KB 291ms
286ms Image
image/webp 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kresy.pl/wp-content/uploads/2020/12/koniec-imprezy-tshirt-meski-black.jpg

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

182ad8a8d5ad0e2b51650f263bb2c856050b885f8b011ae9236139127463d4ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2304425
cf-polished: qual=85, origFmt=jpeg, origSize=3662
content-disposition: inline; filename="koniec-imprezy-tshirt-meski-black.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3192
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Sat, 05 Dec 2020 13:19:33 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "e4e-5b5b771984340"
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0AFioFdLSm48HQSKUDKglJgw4BAcf8aOGZchhuyCOF4zK7RbORCsOENbTwi8WJDVeJ%2FfgFBxwQ9fe4MX1tZymRhVegsVYnotdi5ceX%2F2HbhLYqUVfdcTSgvCUfK3LZdajbStxaiE"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=5184000
accept-ranges: bytes
cf-ray: 78648fa0cfb49b67-FRA
expires: Fri, 10 Feb 2023 19:16:23 GMT

GET
H3 200 tshirt-orzel03-n.jpg
kresy.pl/wp-content/uploads/2020/12/ 3 KB
3 KB 291ms
286ms Image
image/webp 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kresy.pl/wp-content/uploads/2020/12/tshirt-orzel03-n.jpg

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2f38666c1bcbdc06bceadb1a880aa37bd3a7d9b66a754ba0e12831a3ded3c87e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 139001
cf-polished: qual=85, origFmt=jpeg, origSize=3610
content-disposition: inline; filename="tshirt-orzel03-n.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2748
last-modified: Sat, 10 Dec 2022 18:17:31 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "e1a-5ef7d4891b978"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PApO71JQMpjea1H1EoDbBC%2FKWGEY2lRdnxYnvn24ChjEROSgqG6VYWCXMNsFyuJRmAJEDEOUgPpa2OC7EFiNcnT34aACX6EV7FHodfQEslErmGbks0NsG7Wk4i2FjUPkHLZNRhBx"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 78648fa0cfb69b67-FRA
expires: Sat, 06 Jan 2024 20:46:45 GMT

GET
H3 200 Polska.jpg
kresy.pl/wp-content/uploads/2020/12/ 3 KB
4 KB 292ms
286ms Image
image/webp 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kresy.pl/wp-content/uploads/2020/12/Polska.jpg

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f29f806b79cdda258633f6e1418d9405262bc32d9ab653b985dba538ae949a95

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2044371
cf-polished: qual=85, origFmt=jpeg, origSize=3688
content-disposition: inline; filename="Polska.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3086
last-modified: Sat, 10 Dec 2022 18:15:08 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "e68-5ef7d40160b7c"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BqWICKQGABpi%2BA5Hi%2F7Opc2FkVe8JBLmJze37VbNwP5yIHT7PuVC2SiU5%2B8DNkht%2BqZCPXBHdLBfkUTunbRk49DYbbxQz0NxGGcOnaBWBb6ODYxLFt53hC4ebegw3m9%2FDFyBNPZR"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 78648fa0cfba9b67-FRA
expires: Fri, 15 Dec 2023 19:30:35 GMT

GET
H3 200 IMG-09491.jpg
kresy.pl/wp-content/uploads/2020/12/ 3 KB
3 KB 295ms
290ms Image
image/webp 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kresy.pl/wp-content/uploads/2020/12/IMG-09491.jpg

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b9edbded417e761fc9fdafd4e3a16ff46d95b98de1283dccb28341636ab3b541

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4391496
cf-polished: qual=85, origFmt=jpeg, origSize=3773
content-disposition: inline; filename="IMG-09491.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2880
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 08 Dec 2020 07:27:45 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "ebd-5b5eee0fbde40"
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rTEwxpGM%2B6mQvmi5hoorIG8kKGoxNh6pqbcHe4ayHUfgrvIJkLGUCQ3%2FSf49PSfXl3FHappMdvVq9D%2FVMLfXyhc%2BmiUAQyg4xdKZDwTLa17emcrPKzHKetDD6z6K8pGYICRDdHdZ"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=5184000
accept-ranges: bytes
cf-ray: 78648fa0cfbd9b67-FRA
expires: Tue, 17 Jan 2023 15:31:52 GMT

GET
H3 200 husarz_wizual.jpg
kresy.pl/wp-content/uploads/2020/12/ 4 KB
5 KB 295ms
290ms Image
image/webp 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kresy.pl/wp-content/uploads/2020/12/husarz_wizual.jpg

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0af162e212996ea3c5d2112a9cc447e8943396c24699e9fc0dc0533b0fea6527

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 137504
cf-polished: qual=85, origFmt=jpeg, origSize=4739
content-disposition: inline; filename="husarz_wizual.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4556
last-modified: Sat, 10 Dec 2022 18:16:52 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "1283-5ef7d46430776"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6LIvGNpWPV0ZUSdIp3UxeC2FugT1dXpC7%2BwcRPro0YYwq38T4u02Ev9tAQKuGcB%2Fr2697BWZl0m47KvKgI3GNQtdYP%2FkuMmMtAsZA76Fot3fttfKI3zYrvT0ifjiZiag76xsLquG"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 78648fa0cfbf9b67-FRA
expires: Sat, 06 Jan 2024 21:11:42 GMT

GET
H3 200 Bodaj-was-1.jpg
kresy.pl/wp-content/uploads/2020/12/ 3 KB
4 KB 303ms
298ms Image
image/webp 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kresy.pl/wp-content/uploads/2020/12/Bodaj-was-1.jpg

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

08cc23bbd13daa4ef20314563381c36173a4ed28d23291e3fdd807528374f6a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 135661
cf-polished: qual=85, origFmt=jpeg, origSize=3529
content-disposition: inline; filename="Bodaj-was-1.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3088
last-modified: Sat, 10 Dec 2022 18:13:57 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "dc9-5ef7d3bdb8883"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A707hdfdoyxKVDp3ReGZQVzy6lXtisSp3IO9qhh8NFyXsH9QO8Kf%2BW4wQ9GsgLS2yosbYPBnUVyBhJfl8hLEBvplc2C6p1OPJAN0kuN8noO8Q3TS7sI6J6lP4igA1weYcRQZTX2J"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 78648fa11fc29b67-FRA
expires: Sat, 06 Jan 2024 21:42:25 GMT

GET
H3 200 27.jpg
kresy.pl/wp-content/uploads/2020/12/ 3 KB
4 KB 303ms
299ms Image
image/webp 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kresy.pl/wp-content/uploads/2020/12/27.jpg

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cad8a51e9f1a27c09ae39601527334154f9a2fac6d98f54b7fc879a7cd00fe29

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 135060
cf-polished: qual=85, origFmt=jpeg, origSize=3799
content-disposition: inline; filename="27.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3322
last-modified: Sat, 10 Dec 2022 18:13:31 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "ed7-5ef7d3a4b34fa"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xZt0IgawIULvDsgZHd%2FHphL8WAhQkyr8sF95ip03IOcrVOLntll6IlyTPr%2Bezl%2BqOc6dVz773uVALaCSjN9J75H%2F1zzhggEyWYZqtAps%2FX699Dc2wlYQuC5dpv%2BfGTdErFjpa1ds"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 78648fa11fc39b67-FRA
expires: Sat, 06 Jan 2024 21:52:26 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v34/ 44 KB
44 KB 69ms
42ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,600%7COswald

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://kresy.pl
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 16:15:31 GMT
x-content-type-options: nosniff
age: 68875
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44856
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 07 Jan 2024 16:15:31 GMT

GET
H3 200 kresy.woff
kresy.pl/wp-content/uploads/avia_fonts/kresy/ 5 KB
6 KB 303ms
299ms Font
application/font-woff 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/uploads/avia_fonts/kresy/kresy.woff

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

38dbb12dc6ca6b496abbe0c1c53c9c59025b3f8d034034019d13d15e89fb7e96

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
Origin: https://kresy.pl
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 647101
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sat, 10 Dec 2022 20:08:42 GMT
server: cloudflare
etag: W/"14f8-5ef7ed63ce5e5-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1OIAXaHNI0oALfoahst45RUwgwQIgQ%2B%2FkCjxYi22Fycoce3JPHnvas1DWYhr%2FoqFKnJfZ2dKkrpmpzSenZNDBNJ7pcYHvtvOXC79gCi9ZfzS%2BGo13y0A5IkuhAW2mbs%2FrnL5ojka"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff
cache-control: max-age=31536000
cf-ray: 78648fa11fc69b67-FRA
expires: Sun, 31 Dec 2023 23:38:25 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2
fonts.gstatic.com/s/opensans/v34/ 31 KB
31 KB 82ms
55ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,600%7COswald

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

24c0e724005344165ee0a0ff4c96a914e174bb4caa20c8a533fb194d92853e95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://kresy.pl
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 02 Jan 2023 19:00:06 GMT
x-content-type-options: nosniff
age: 491000
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31320
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 18:11:37 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 02 Jan 2024 19:00:06 GMT

GET
H3 200 entypo-fontello.woff
kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-template-builder/assets/fonts/ 30 KB
31 KB 288ms
288ms Font
application/font-woff 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/themes/uniset/config-templatebuilder/avia-template-builder/assets/fonts/entypo-fontello.woff

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

75e801b453bd677c68d4af036055b3036b8fc0390a76bf4661ab50e22b1137ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
Origin: https://kresy.pl
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 654649
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sat, 10 Dec 2022 10:30:15 GMT
server: cloudflare
etag: W/"7854-5ef76c17e1bc0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gphTLGTOHlILTYpLu3tp9jtdpqII%2FbFK4OJsehgTQylejY9XdZnIeMdzdrcChqHQHo8ddS3vQjeYWKSop7R9VIAbRMNj0LOWyXtBg3QOS6QBdavf1lPsAusVp7h%2BiRUaBkYqwkxL"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff
cache-control: max-age=31536000
cf-ray: 78648fa11fc89b67-FRA
expires: Sun, 31 Dec 2023 21:32:37 GMT

GET
H3 200 loader.js Show response
www.gstatic.com/charts/51/ 48 KB
48 KB 65ms
21ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/charts/51/loader.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/charts/loader.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

15f9c7dcb6d3f3fd50ac55a55f8a4168652122756d7763c13c333c9d4b8a36f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 10:43:20 GMT
x-content-type-options: nosniff
age: 2406
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gviz
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49299
x-xss-protection: 0
last-modified: Wed, 23 Jun 2021 03:04:22 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="gviz"
vary: Accept-Encoding, Origin
report-to: {"group":"gviz","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gviz"}]}
content-type: text/javascript
cache-control: public, max-age=3600
access-control-allow-credentials: true
accept-ranges: bytes
expires: Sun, 08 Jan 2023 11:43:20 GMT

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8ce2fca0f90a789d62dd6e570014610bb2f92fc293a9273b9fb7149a507b57b3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 144 KB
49 KB 163ms
114ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3758ace5d5cac4c164c50181eda5cb13ad48bd8459f675bb15ed253099db6a73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49794
x-xss-protection: 0
server: cafe
etag: 10711576024763353714
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sun, 08 Jan 2023 11:23:26 GMT

GET
H2 200 advertising.js Show response
rddywd.com/ 9 B
531 B 84ms
27ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rddywd.com/advertising.js
Requested by: Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f555674a54503e3367276168359cef065eecc75f1fe436ac13bdf3dfd65a970

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
cf-cache-status: HIT
last-modified: Sun, 08 Jan 2023 10:58:38 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1488
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AZd9lcOIk9Zu5QiH%2BCOz%2FC9KYMhy%2Fxg7ZwNu78k2eFEsQdkchx0HMUAjdzxN%2FzVF0tbJ8KzvjqisHpHE6YDJ3V0lte3DBRuBwyGU%2FCKUbAX%2BIQPZBFnT1t0TvEwA8yIeO%2Fm7lGVRxjIG"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86401
accept-ranges: bytes
cf-ray: 78648fa1aa389a0f-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 9

GET
H2 200 adcode.png
rddywd.com/ 43 B
548 B 100ms
40ms Image
image/gif 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rddywd.com/adcode.png
Requested by: Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://kresy.pl/
Origin: https://kresy.pl
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
cf-cache-status: HIT
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 82294
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D0wHfhImUAxMOdN2fc7ikXaYRN%2FKxBvSBXOlXlgdCOLjCbBJg3WAtOen1l2frqPnJDe5mbpBVMSobsWMJct4QE7IvJfQNEwalEzxSCWMGWYqndvJqZbaH86rUjCbaScApuPKuLugjzxd"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86401
accept-ranges: bytes
cf-ray: 78648fa1adbe8fd6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43

GET
H2 204 generate_204
www.googleapis.com/ 0
210 B 83ms
21ms Image
text/plain 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.googleapis.com/generate_204
Requested by: Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 404 yb.v2.js
jscdn.yieldbird.com/75146552-f684-4063-95fc-310bc6ab0d10/ 0
0 92ms
24ms Script
text/html 2600:9000:214f:cc00:4:f9aa:3d40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://jscdn.yieldbird.com/75146552-f684-4063-95fc-310bc6ab0d10/yb.v2.js
Requested by: Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:cc00:4:f9aa:3d40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H3 200 prizyvnik_armiya_rossiya.jpg
kresy.pl/wp-content/uploads/2021/03/ 63 KB
64 KB 217ms
215ms Image
image/jpeg 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kresy.pl/wp-content/uploads/2021/03/prizyvnik_armiya_rossiya.jpg

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

95f717ce72335228a06266f102f1913a322d2a4a1b48ff33d90dba734014cf6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 317208
cf-polished: origSize=69283, status=webp_bigger
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 64813
last-modified: Sat, 10 Dec 2022 18:31:40 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "10ea3-5ef7d7b2de1ec"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YygQvzgomy2qVmVFUSR%2FzH6OjMVY9LCnkUPzN1yjVIQ%2FV1SWUCEjhj0Gz5uWHC537BEuiTFaCh58Onc1IOrmcY8ZuCTe1kh5%2Bm8zvebYhzhmatDCpI%2FhhpWwoVpeaJxei9WE4Ihb"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 78648fa198b49b67-FRA
expires: Thu, 04 Jan 2024 19:16:38 GMT

GET
H2 200 quant.js Show response
secure.quantserve.com/ 25 KB
10 KB 574ms
181ms Script
application/javascript 2600:1f1c:a99:832c:ec8b:437a:257b:cb2d
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/choice/gTTKmuwPTuX5B/kresy.pl/choice.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f1c:a99:832c:ec8b:437a:257b:cb2d San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 673aaadf5ccca4681c2023a6e76f62c478be94fe3b1ed05f3126da067e66f50a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
content-encoding: gzip
etag: "WQX8ubvDGl3DCUDHzxu0sA=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
accept-ranges: bytes
expires: Sun, 15 Jan 2023 11:23:26 GMT

GET
H2 200 cmp2.js Show response
quantcast.mgr.consensu.org/tcfv2/ 177 KB
43 KB 27ms
24ms Script
text/javascript 2600:9000:211e:1200:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=kresy.pl
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/choice/gTTKmuwPTuX5B/kresy.pl/choice.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211e:1200:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2bd23d1a6781e5c15a107f6d5e2fd7b55ae061d92180e3c9b099ccfe6e2b7f01

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 10:35:29 GMT
content-encoding: br
via: 1.1 753f415578c1ca010e51a83aef192330.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 2910
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Thu, 10 Nov 2022 18:23:42 GMT
server: AmazonS3
etag: W/"37fdfbac0c6ef64496f7d86258c934a8"
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=3600
x-amz-meta-qc-ineu: True
vary: Accept-Encoding
x-amz-cf-id: zft5iAJFwDcjo2GvgidhnrQFzpx42je_mr1uwdopy3sTKuht6sP2CQ==

GET
H3 200 Bojowy-woz-piechoty-Marder-zr.-Wikipedia.jpg
kresy.pl/wp-content/uploads/2022/04/ 124 KB
125 KB 216ms
215ms Image
image/jpeg 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kresy.pl/wp-content/uploads/2022/04/Bojowy-woz-piechoty-Marder-zr.-Wikipedia.jpg

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7487f996f5b1e689829a90f8cc0b610ee87ba076abd44b152ba0f46d41a87cca

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 166992
cf-polished: degrade=85, origSize=252474, status=webp_bigger
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 126897
last-modified: Mon, 12 Dec 2022 21:13:47 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "3da3a-5efa7faab5e88"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IxSYoZi3jTdilsQPpg3uSqJXojhL0syblLu%2BQMbyHN4nBXURiku3Q0YGBdkmMyAgPyB57j6c4e8mur%2BPC67nHxIeJhLML3J%2BifZoPy3o8xnnZ9zL7hxHEIbQ1lUHaRntu1SlgLCo"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 78648fa1c9019b67-FRA
expires: Sat, 06 Jan 2024 13:00:14 GMT

GET
DATA 200
OK truncated
/ 803 B
0 Stylesheet
text/css

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4881c5df7768ae1b95e6644d690b41ee9625c1aad05a26f50121acaa3d622f22

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: text/css;charset=utf-8

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212010101/ 356 KB
117 KB 127ms
78ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202212010101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8524944207935228&plah=kresy.pl

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8524944207935228

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

546b8869b88859756ff82786ef4b0685b86fd43d472714b52e85a8f1eedfce09

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119962
x-xss-protection: 0
server: cafe
etag: 9041767157948549446
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 08 Jan 2023 11:23:26 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230104/r20190131/ Frame C9B9 10 KB
5 KB 130ms
35ms Document
text/html 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230104/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8524944207935228

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://kresy.pl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 22781
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 08 Jan 2023 05:03:45 GMT
etag: 10353107486223812946
expires: Sun, 22 Jan 2023 05:03:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 tooltip.css
www.gstatic.com/charts/51/css/core/ 1 KB
2 KB 20ms
20ms Stylesheet
text/css 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/charts/51/css/core/tooltip.css

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/charts/51/loader.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2cb6d99c8ba2262a4d0c6d0333a35b67be6d4db6c5a7d2c4a9cff74e5970e4f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 10:59:14 GMT
x-content-type-options: nosniff
age: 1452
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gviz
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1524
x-xss-protection: 0
last-modified: Wed, 23 Jun 2021 03:22:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="gviz"
vary: Accept-Encoding, Origin
report-to: {"group":"gviz","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gviz"}]}
content-type: text/css
cache-control: public, max-age=3600
access-control-allow-credentials: true
accept-ranges: bytes
expires: Sun, 08 Jan 2023 11:59:14 GMT

GET
H3 200 util.css
www.gstatic.com/charts/51/css/util/ 12 KB
3 KB 21ms
20ms Stylesheet
text/css 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/charts/51/css/util/util.css

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/charts/51/loader.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e9c9244f08810a7573b16fd89288d4587f617de4c005b3e4d74ee034b6dbf280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 10:32:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3035
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gviz
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3203
x-xss-protection: 0
last-modified: Wed, 23 Jun 2021 03:22:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="gviz"
vary: Accept-Encoding, Origin
report-to: {"group":"gviz","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gviz"}]}
content-type: text/css
cache-control: public, max-age=3600
access-control-allow-credentials: true
accept-ranges: bytes
expires: Sun, 08 Jan 2023 11:32:51 GMT

GET
H3 200 jsapi_compiled_default_module.js Show response
www.gstatic.com/charts/51/js/ 263 KB
263 KB 26ms
23ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/charts/51/js/jsapi_compiled_default_module.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/charts/51/loader.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7e7e72eecf6a4fb2981627eb8d15b947d394398db4e67c7ca7705749cdb2f832

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 10:30:30 GMT
x-content-type-options: nosniff
age: 3176
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gviz
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 269363
x-xss-protection: 0
last-modified: Wed, 23 Jun 2021 03:09:09 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="gviz"
vary: Accept-Encoding, Origin
report-to: {"group":"gviz","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gviz"}]}
content-type: text/javascript
cache-control: public, max-age=3600
access-control-allow-credentials: true
accept-ranges: bytes
expires: Sun, 08 Jan 2023 11:30:30 GMT

GET
H3 200 jsapi_compiled_graphics_module.js Show response
www.gstatic.com/charts/51/js/ 24 KB
8 KB 30ms
24ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/charts/51/js/jsapi_compiled_graphics_module.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/charts/51/loader.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9ad0d8bf9e4659eb773ec937a69b25c1e8869b17c43acd258f01e268f0194088

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:08:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 891
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gviz
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7953
x-xss-protection: 0
last-modified: Wed, 23 Jun 2021 03:09:09 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="gviz"
vary: Accept-Encoding, Origin
report-to: {"group":"gviz","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gviz"}]}
content-type: text/javascript
cache-control: public, max-age=3600
access-control-allow-credentials: true
accept-ranges: bytes
expires: Sun, 08 Jan 2023 12:08:35 GMT

GET
H3 200 jsapi_compiled_ui_module.js Show response
www.gstatic.com/charts/51/js/ 507 KB
508 KB 31ms
25ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/charts/51/js/jsapi_compiled_ui_module.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/charts/51/loader.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0867ee1df230c80dc1601a8c56c499fabe444ab3ec173ce8b901444560c8816d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 10:29:17 GMT
x-content-type-options: nosniff
age: 3249
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gviz
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 519614
x-xss-protection: 0
last-modified: Wed, 23 Jun 2021 03:09:09 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="gviz"
vary: Accept-Encoding, Origin
report-to: {"group":"gviz","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gviz"}]}
content-type: text/javascript
cache-control: public, max-age=3600
access-control-allow-credentials: true
accept-ranges: bytes
expires: Sun, 08 Jan 2023 11:29:17 GMT

GET
H3 200 jsapi_compiled_corechart_module.js Show response
www.gstatic.com/charts/51/js/ 8 KB
1 KB 38ms
30ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/charts/51/js/jsapi_compiled_corechart_module.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/charts/51/loader.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30c48eef4e305a1f7e77d50dcac4b5f7baf250b0d55dfbab468db645bfb13c65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 10:54:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1720
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gviz
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1354
x-xss-protection: 0
last-modified: Wed, 23 Jun 2021 03:09:09 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="gviz"
vary: Accept-Encoding, Origin
report-to: {"group":"gviz","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gviz"}]}
content-type: text/javascript
cache-control: public, max-age=3600
access-control-allow-credentials: true
accept-ranges: bytes
expires: Sun, 08 Jan 2023 11:54:46 GMT

GET
H3 200 jsapi_compiled_fw_module.js Show response
www.gstatic.com/charts/51/js/ 83 KB
25 KB 38ms
31ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/charts/51/js/jsapi_compiled_fw_module.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/charts/51/loader.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

23dda07bcc257665b937985a24a105e5e759cda1bd2e277a0cb43acbf6f92f7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:15:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 482
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gviz
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25803
x-xss-protection: 0
last-modified: Wed, 23 Jun 2021 03:09:09 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="gviz"
vary: Accept-Encoding, Origin
report-to: {"group":"gviz","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gviz"}]}
content-type: text/javascript
cache-control: public, max-age=3600
access-control-allow-credentials: true
accept-ranges: bytes
expires: Sun, 08 Jan 2023 12:15:24 GMT

GET
H3 200 dygraph-tickers-combined.js Show response
www.gstatic.com/charts/51/third_party/dygraphs/ 18 KB
6 KB 45ms
37ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/charts/51/third_party/dygraphs/dygraph-tickers-combined.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/charts/51/loader.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

476d9e48b0d5a604dbce0921ef4c0a8f8e44e265ef52faad0031cca0449d066c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:21:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 125
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gviz
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6003
x-xss-protection: 0
last-modified: Wed, 23 Jun 2021 03:22:13 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="gviz"
vary: Accept-Encoding, Origin
report-to: {"group":"gviz","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gviz"}]}
content-type: text/javascript
cache-control: public, max-age=3600
access-control-allow-credentials: true
accept-ranges: bytes
expires: Sun, 08 Jan 2023 12:21:21 GMT

GET
H3 200 webfont.js Show response
www.gstatic.com/charts/51/third_party/webfontloader/ 17 KB
7 KB 46ms
39ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/charts/51/third_party/webfontloader/webfont.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/charts/51/loader.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

770caf20a6970edf3c4af368145962743cc58ed16d29ff235c758e9788d37b50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 10:38:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2711
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gviz
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6672
x-xss-protection: 0
last-modified: Wed, 23 Jun 2021 03:28:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="gviz"
vary: Accept-Encoding, Origin
report-to: {"group":"gviz","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gviz"}]}
content-type: text/javascript
cache-control: public, max-age=3600
access-control-allow-credentials: true
accept-ranges: bytes
expires: Sun, 08 Jan 2023 11:38:15 GMT

GET
H3 200 jsapi_compiled_line_module.js Show response
www.gstatic.com/charts/51/js/ 3 KB
3 KB 45ms
38ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/charts/51/js/jsapi_compiled_line_module.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/charts/51/loader.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a262933654f6acffd409a81ebf5505989db1082c0f956bd9e2bef955e7b92df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 10:45:23 GMT
x-content-type-options: nosniff
age: 2283
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gviz
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3352
x-xss-protection: 0
last-modified: Wed, 23 Jun 2021 03:09:09 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="gviz"
vary: Accept-Encoding, Origin
report-to: {"group":"gviz","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gviz"}]}
content-type: text/javascript
cache-control: public, max-age=3600
access-control-allow-credentials: true
accept-ranges: bytes
expires: Sun, 08 Jan 2023 11:45:23 GMT

GET
H2 200 ads.js Show response
ads.operiada.pl/ 6 KB
6 KB 47ms
39ms Script
application/javascript 212.91.26.93
ATMAN-ISP-AS ATM ...

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.operiada.pl/ads.js?id=1120
Requested by: Host: ads.operiada.pl
URL: https://ads.operiada.pl/resolver.js?id=46
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 212.91.26.93 , Poland, ASN15694 (ATMAN-ISP-AS ATM S.A., PL),
Reverse DNS: web18.mydevil.net
Software: nginx /
Resource Hash: 6ac9a1a3b1725b786618bd348f9d053bb2f2169abed23e14127027a87abd9e1f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:24 GMT
last-modified: Wed, 04 Jan 2023 19:20:07 GMT
server: nginx
etag: "63b5d167-170c"
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ranges: bytes, bytes
content-length: 5900
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 ads.js Show response
ads.operiada.pl/ 5 KB
5 KB 47ms
39ms Script
application/javascript 212.91.26.93
ATMAN-ISP-AS ATM ...

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.operiada.pl/ads.js?id=1121
Requested by: Host: ads.operiada.pl
URL: https://ads.operiada.pl/resolver.js?id=46
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 212.91.26.93 , Poland, ASN15694 (ATMAN-ISP-AS ATM S.A., PL),
Reverse DNS: web18.mydevil.net
Software: nginx /
Resource Hash: 084d4202edec4aba3b7cff7abb8c69eaf86641568eb12dcaf80fa0011e742b37

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:24 GMT
last-modified: Thu, 05 Jan 2023 18:52:29 GMT
server: nginx
etag: "63b71c6d-13a1"
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ranges: bytes, bytes
content-length: 5025
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 ads.js Show response
ads.operiada.pl/ 5 KB
6 KB 45ms
38ms Script
application/javascript 212.91.26.93
ATMAN-ISP-AS ATM ...

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.operiada.pl/ads.js?id=1125
Requested by: Host: ads.operiada.pl
URL: https://ads.operiada.pl/resolver.js?id=46
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 212.91.26.93 , Poland, ASN15694 (ATMAN-ISP-AS ATM S.A., PL),
Reverse DNS: web18.mydevil.net
Software: nginx /
Resource Hash: 55802712f85cf2781a137429ddc30a61771726237064aa8e6a0f535f29400048

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:24 GMT
last-modified: Thu, 05 Jan 2023 18:57:44 GMT
server: nginx
etag: "63b71da8-158c"
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ranges: bytes, bytes
content-length: 5516
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 ads.js Show response
ads.operiada.pl/ 5 KB
6 KB 46ms
39ms Script
application/javascript 212.91.26.93
ATMAN-ISP-AS ATM ...

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.operiada.pl/ads.js?id=1127
Requested by: Host: ads.operiada.pl
URL: https://ads.operiada.pl/resolver.js?id=46
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 212.91.26.93 , Poland, ASN15694 (ATMAN-ISP-AS ATM S.A., PL),
Reverse DNS: web18.mydevil.net
Software: nginx /
Resource Hash: fa1d20086d91a06e527624bab69d2b207eaad4d4d58a8ea4d69d7ff2e8cc4e2d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:24 GMT
last-modified: Tue, 03 Jan 2023 10:30:33 GMT
server: nginx
etag: "63b403c9-158c"
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ranges: bytes, bytes
content-length: 5516
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 ads.js Show response
ads.operiada.pl/ 7 KB
7 KB 45ms
38ms Script
application/javascript 212.91.26.93
ATMAN-ISP-AS ATM ...

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.operiada.pl/ads.js?id=1131
Requested by: Host: ads.operiada.pl
URL: https://ads.operiada.pl/resolver.js?id=46
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 212.91.26.93 , Poland, ASN15694 (ATMAN-ISP-AS ATM S.A., PL),
Reverse DNS: web18.mydevil.net
Software: nginx /
Resource Hash: 280fc9555c09e72e62967cae69bcdf44b29f549b5a8501de64fcf2ce8f90f1a4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:24 GMT
last-modified: Thu, 05 Jan 2023 13:33:20 GMT
server: nginx
etag: "63b6d1a0-1ad7"
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ranges: bytes, bytes
content-length: 6871
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 cmp-list.json Show response
test.cmp.quantcast.com/GVL-v2/ 10 KB
3 KB 81ms
21ms XHR
application/json 2600:9000:211e:e200:3:a4cd:8380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://test.cmp.quantcast.com/GVL-v2/cmp-list.json
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=kresy.pl
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211e:e200:3:a4cd:8380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9e15d161fe141c29bd327d419e9a995f2607a795fb0550ac2d8c26c0b077769b

Request headers

Accept: application/json, text/plain, */*
Referer: https://kresy.pl/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 03:00:36 GMT
x-amz-version-id: SVwDON6NI7y0s2hBQqC0oHz.O7U_wt7T
content-encoding: br
via: 1.1 0363fab377de19b9b4f85394469f6fca.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 30171
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Fri, 30 Dec 2022 19:52:29 GMT
server: AmazonS3
etag: W/"576d8a77f1f7d5a1f043003ddd2da40e"
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=172800
vary: Accept-Encoding
x-amz-cf-id: z1R70TmWPBA1HzR8bHDOY6OvHes5FruKzC6oc1z-x9Ox_iE0CxTV8w==

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 127ms
34ms Script
text/javascript 2a00:1450:400d:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MT7GKX&gtm_auth=CizSoufveSvyM8hZO_bwBA&gtm_preview=env-2&gtm_cookies_win=x

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 08 Jan 2023 10:27:13 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 3373
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Sun, 08 Jan 2023 12:27:13 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 220 KB
77 KB 139ms
68ms Script
application/javascript 2a00:1450:400d:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-4K9XFBFZKZ&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MT7GKX&gtm_auth=CizSoufveSvyM8hZO_bwBA&gtm_preview=env-2&gtm_cookies_win=x

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0a80e3f3a319a23ca174a4de60411756ada89e04a4e7af53fa582f8f8962d875

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 78702
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 08 Jan 2023 11:23:26 GMT

GET
H2 200 t.js Show response
guandads.com/ 54 KB
15 KB 89ms
22ms Script
application/javascript 99.86.4.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://guandads.com/t.js?i=bp0qushabwsvq4suom4yj&cb=8662241673177006465
Requested by: Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-60.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cd0038772a98bda5ec58eba7ca6dc699314b866e14a3a5f45921847d033873f1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-amz-version-id: _w3ae0RYCGBlDTPjQPIQB8LKoj64xOVc
content-encoding: gzip
via: 1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
date: Sun, 08 Jan 2023 03:20:09 GMT
last-modified: Fri, 11 Nov 2022 10:14:17 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 29172
etag: W/"57c945f3c1feba973398debac47b1341"
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: -QlqTs-p6O76Q3rsDrSDw0vij7guNll7boH9FGLCoaqfd6Kh_3yqNg==

GET
H2 200 t.js Show response
guandads.com/ 54 KB
15 KB 89ms
23ms Script
application/javascript 99.86.4.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://guandads.com/t.js?i=um9999b5yxgun6nnat2hc&cb=1861751673177006466
Requested by: Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-60.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cd0038772a98bda5ec58eba7ca6dc699314b866e14a3a5f45921847d033873f1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-amz-version-id: _w3ae0RYCGBlDTPjQPIQB8LKoj64xOVc
content-encoding: gzip
via: 1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
date: Sun, 08 Jan 2023 03:20:09 GMT
last-modified: Fri, 11 Nov 2022 10:14:17 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 29172
etag: W/"57c945f3c1feba973398debac47b1341"
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: jFcb9wfY_u8SMAWd2m21Qg1dEr_X518J8Idv5ZjnjO-cAEtpchHGhQ==

GET
H2 200 t.js Show response
guandads.com/ 54 KB
15 KB 87ms
22ms Script
application/javascript 99.86.4.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://guandads.com/t.js?i=bp0qushabwsvq4suom4yj&cb=5521721673177006467
Requested by: Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-60.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cd0038772a98bda5ec58eba7ca6dc699314b866e14a3a5f45921847d033873f1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-amz-version-id: _w3ae0RYCGBlDTPjQPIQB8LKoj64xOVc
content-encoding: gzip
via: 1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
date: Sun, 08 Jan 2023 03:20:09 GMT
last-modified: Fri, 11 Nov 2022 10:14:17 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 29172
etag: W/"57c945f3c1feba973398debac47b1341"
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: 5e8Kr9HL6kVMFNjr1MNt4wukgk5ZLtgRmMHPg62P8SW9HfFXJupbuw==

GET
H2 200 invocation.js Show response
ad.vidverto.io/vidverto/js/aries/v1/ 25 KB
8 KB 106ms
31ms Script
application/javascript 212.8.250.83
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.vidverto.io/vidverto/js/aries/v1/invocation.js
Requested by: Host: ads.operiada.pl
URL: https://ads.operiada.pl/ads.js?id=1120
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 212.8.250.83 Rotterdam, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: customer.worldstream.nl
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 5ae2b18203325ac2876b69455e08e3eefa59a4dca46ee55b033f1fbd80b28b5b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
content-encoding: gzip
last-modified: Tue, 25 Oct 2022 10:57:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"6357c112-63df"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600, public, max-age=3600
expires: Sun, 08 Jan 2023 12:23:26 GMT

GET
H2 200 cmp2ui-en.js Show response
cmp.quantcast.com/tcfv2/45/ 248 KB
65 KB 89ms
23ms Script
text/javascript 2600:9000:211e:4600:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cmp.quantcast.com/tcfv2/45/cmp2ui-en.js
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=kresy.pl
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211e:4600:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1411268d26be0a8e9200cb1b62fc2252dd389902e94a88cc951a307053487628

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 18:35:29 GMT
content-encoding: gzip
via: 1.1 103eb504d36d97c9f30550032223d996.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 73597
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
last-modified: Thu, 10 Nov 2022 18:23:24 GMT
server: AmazonS3
etag: W/"39d0cac7e548f81f1e1e1c36db3c775e"
access-control-max-age: 604800
access-control-allow-methods: GET
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=172800
vary: Accept-Encoding
x-amz-cf-id: YuE_Nf0EmEG0qT49H7mm-LJY4QCeoFQiiEIA3Y64Mw_xt27Voa6OFw==

GET
H2 200 vendor-list-trimmed-v1.json Show response
cmp.quantcast.com/GVL-v2/ 350 KB
43 KB 88ms
23ms XHR
application/json 2600:9000:211e:4600:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cmp.quantcast.com/GVL-v2/vendor-list-trimmed-v1.json
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=kresy.pl
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211e:4600:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bea94071903f85e6924d728112f2820c1af0792482ba5c4b1969831abcd4d7e3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 03:00:38 GMT
content-encoding: br
via: 1.1 0c0a9358491c37c184a221ad07b92016.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 30169
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Sun, 08 Jan 2023 03:00:33 GMT
server: AmazonS3
etag: W/"b455991ab0c258867af46898dfbb30bf"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=172800
access-control-allow-credentials: true
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id: cSCOs4QSBfvYhONZ-Qhms5EpNU5AuYfSUyE9l1XJKbGDED00F9Sfgg==

GET
H2 200 google-atp-list.json Show response
cmp.quantcast.com/tcfv2/ 152 KB
35 KB 108ms
43ms XHR
application/json 2600:9000:211e:4600:9:46dc:4700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cmp.quantcast.com/tcfv2/google-atp-list.json
Requested by: Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=kresy.pl
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211e:4600:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4565493024f391e68a8d57d175ce092b4e38584cceb5d29c7e720e97ceaab9fe

Request headers

Accept: application/json, text/plain, */*
Referer: https://kresy.pl/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 03:00:30 GMT
content-encoding: br
via: 1.1 0c0a9358491c37c184a221ad07b92016.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 30177
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Sun, 08 Jan 2023 03:00:26 GMT
server: AmazonS3
etag: W/"58570c31dce9eab55dc8f772f3db5315"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=172800
access-control-allow-credentials: true
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id: jjyCMYwZDwRar7PckjF1dei2uv9BNv5tUw9ifuphkB4o6CKecZGQwQ==

GET
H2 200 um9999b5yxgun6nnat2hc.json Show response
guandads.com/c/ 1 KB
2 KB 68ms
22ms Fetch
application/octet-stream 99.86.4.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://guandads.com/c/um9999b5yxgun6nnat2hc.json
Requested by: Host: guandads.com
URL: https://guandads.com/t.js?i=um9999b5yxgun6nnat2hc&cb=1861751673177006466
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-60.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 850fbbae613b70efeac33976278ea4bd2cd25b0d6a467e3dc7b0c7c16d1f6b51

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-amz-version-id: SudBm5i6KRHbe31LnkSiUtRBZWgZDrdO
date: Sat, 07 Jan 2023 11:29:58 GMT
via: 1.1 7ce1191b390045e05b9cc74f7514b77a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 86009
x-cache: Hit from cloudfront
content-length: 1370
last-modified: Thu, 10 Nov 2022 11:12:53 GMT
server: AmazonS3
etag: "36843a1fc6e61b2a501b80bc838d1734"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
access-control-expose-headers: *
accept-ranges: bytes
x-amz-cf-id: d_V0MfH5uMD9AX1Z9KdrFNlP5IMkylFT5RHuRGAc189Cahb-wo_TFw==

GET
H2 200 bp0qushabwsvq4suom4yj.json Show response
guandads.com/c/ 2 KB
2 KB 46ms
24ms Fetch
application/octet-stream 99.86.4.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://guandads.com/c/bp0qushabwsvq4suom4yj.json
Requested by: Host: guandads.com
URL: https://guandads.com/t.js?i=bp0qushabwsvq4suom4yj&cb=5521721673177006467
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-60.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 73abe1afa880fa2e78e3142ce83a2adb17e4321808b0304cbdccc70505cf3dba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-amz-version-id: qj.IREVdCRNhbr4zeKihi4RNIcOkD8OF
date: Sat, 07 Jan 2023 12:13:34 GMT
via: 1.1 7ce1191b390045e05b9cc74f7514b77a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 85629
x-cache: Hit from cloudfront
content-length: 1543
last-modified: Wed, 04 Jan 2023 11:34:37 GMT
server: AmazonS3
etag: "0e5ccbf19ee905d26ac3ad634f3e5238"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
access-control-expose-headers: *
accept-ranges: bytes
x-amz-cf-id: 1Th8Y6JyYr0BLCeMObodEDp56e9WNfYgbGziA7KCEiG16WklIb-qdQ==

GET
H2 200 bp0qushabwsvq4suom4yj.json Show response
guandads.com/c/ 2 KB
2 KB 41ms
22ms Fetch
application/octet-stream 99.86.4.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://guandads.com/c/bp0qushabwsvq4suom4yj.json
Requested by: Host: guandads.com
URL: https://guandads.com/t.js?i=bp0qushabwsvq4suom4yj&cb=8662241673177006465
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-60.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 73abe1afa880fa2e78e3142ce83a2adb17e4321808b0304cbdccc70505cf3dba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-amz-version-id: qj.IREVdCRNhbr4zeKihi4RNIcOkD8OF
date: Sat, 07 Jan 2023 12:13:34 GMT
via: 1.1 7ce1191b390045e05b9cc74f7514b77a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 85629
x-cache: Hit from cloudfront
content-length: 1543
last-modified: Wed, 04 Jan 2023 11:34:37 GMT
server: AmazonS3
etag: "0e5ccbf19ee905d26ac3ad634f3e5238"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
access-control-expose-headers: *
accept-ranges: bytes
x-amz-cf-id: zKz7ke81i3Wqk5BCyMxYJUmt2RgXqzQIzrRiZ7t1Eci_y4sugp5Jtw==

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 112 KB
44 KB 68ms
68ms Script
application/javascript 2a00:1450:400d:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-15290908-1&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MT7GKX&gtm_auth=CizSoufveSvyM8hZO_bwBA&gtm_preview=env-2&gtm_cookies_win=x

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

540cd871b3147af15c55f9dbf4664077fd0f235d26065b5e483bc5b8cba0781c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 45320
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 08 Jan 2023 11:23:26 GMT

GET
H2 200 app.min.js Show response
cdn.webpushr.com/ 42 KB
12 KB 526ms
170ms Script
application/javascript 138.68.13.4
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.webpushr.com/app.min.js
Requested by: Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 138.68.13.4 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: 33963ee4b83b5c6dfe8a85b098f9d4494b85955de79ffa0e038bad24730b2d0c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: gzip
last-modified: Wed, 26 Oct 2022 21:41:57 GMT
server: nginx/1.16.1
etag: W/"6359a9a5-a92e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/javascript
x-gg-cache-status: HIT
cache-control: max-age=86400
expires: Mon, 09 Jan 2023 11:23:27 GMT

GET
H3 200 700p_v3-opt.jpg
kresy.pl/wp-content/themes/uniset_v1/img/ 272 KB
272 KB 77ms
77ms Image
image/jpeg 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kresy.pl/wp-content/themes/uniset_v1/img/700p_v3-opt.jpg

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a123d67ce76c56271efcb9528ed788057c979422d6194fcbac78d5337d92236c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:26 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 972906
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 278361
last-modified: Sat, 10 Dec 2022 10:30:15 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "43f59-5ef76c17e1bc0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aEN%2BCCGXYMmX6oIyPyHt4EgPSdxnmcpb0IFwg6YzDiarwhCFyb%2FQaHa9qfoxnCApHRf6mL1wiA8L%2FVT%2BewT%2FtAp21HOGFo3Rv%2BbkLZZUBqXnOIeNmbSW1FbnhufNheoNLNYjgzma"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 78648fa39c659b67-FRA
expires: Thu, 28 Dec 2023 05:08:20 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
437 B 83ms
27ms XHR
text/plain 2a00:1450:400c:c01::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-15290908-1&cid=419236167.1673177007&jid=1448561815&gjid=1584328279&_gid=878729205.1673177007&_u=YGBAgEABAAAAAEAAI~&z=2128885229

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c01::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://kresy.pl/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 08 Jan 2023 11:23:26 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://kresy.pl
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 105ms
34ms Image
image/gif 2a00:1450:400d:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&a=597476126&t=pageview&_s=1&dl=https%3A%2F%2Fkresy.pl%2Fwydarzenia%2Fwegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall%2F&ul=en-us&de=UTF-8&dt=W%C4%99gry%20zbuduj%C4%85%20fabryk%C4%99%20materia%C5%82%C3%B3w%20wybuchowych%20we%20wsp%C3%B3%C5%82pracy%20z%20niemieckim%20Rheinmetall%20%C2%BB%20Kresy%20-%20wiadomo%C5%9Bci%2C%20wydarzenia%2C%20aktualno%C5%9Bci%2C%20newsy&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAgEABAAAAAAAAI~&jid=1448561815&gjid=1584328279&cid=419236167.1673177007&tid=UA-15290908-1&_gid=878729205.1673177007&gtm=2wg120MT7GKX&z=1175590830

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:802::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 07 Jan 2023 18:07:30 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 62156
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 56ms
56ms XHR
text/plain 2a00:1450:400d:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&a=597476126&t=pageview&_s=1&dl=https%3A%2F%2Fkresy.pl%2Fwydarzenia%2Fwegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall%2F&ul=en-us&de=UTF-8&dt=W%C4%99gry%20zbuduj%C4%85%20fabryk%C4%99%20materia%C5%82%C3%B3w%20wybuchowych%20we%20wsp%C3%B3%C5%82pracy%20z%20niemieckim%20Rheinmetall%20%C2%BB%20Kresy%20-%20wiadomo%C5%9Bci%2C%20wydarzenia%2C%20aktualno%C5%9Bci%2C%20newsy&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAAUABAAAAAGAAI~&jid=1189152164&gjid=827925952&cid=419236167.1673177007&tid=UA-15290908-1&_gid=878729205.1673177007&_r=1&gtm=2ou120&z=1458990884

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:802::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://kresy.pl/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:27 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://kresy.pl
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 105 KB
28 KB 158ms
22ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

cba8862bc0eeff77ab390c0669021b95055e809f226aa0e7dc438d79e3ad399f

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sun, 08 Jan 2023 11:23:27 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27613
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: 5wgr9D6Ai0DsvOg6E3idQT/BsUa395DquAiNtf+8nbo1CwkavsWCbYLbKoOdpBcmcm36DFueap+wJ01wv0x6GQ==
x-fb-trip-id: 2050670934
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 152ms
34ms Image
image/gif 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-15290908-1&cid=419236167.1673177007&jid=1448561815&_u=YGBAgEABAAAAAEAAI~&z=263568734

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 189ms
71ms Image
image/gif 2a00:1450:400d:80a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-15290908-1&cid=419236167.1673177007&jid=1448561815&_u=YGBAgEABAAAAAEAAI~&z=263568734

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 blik_logo.svg
kresy.pl/wp-content/themes/uniset_v1/img/ 1 KB
1 KB 44ms
43ms Image
image/svg+xml 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kresy.pl/wp-content/themes/uniset_v1/img/blik_logo.svg

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8630f00e681c4892ce16a03698e5206f5fe5f9edb1e27e57da76fe7f35ed202b

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 654646
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sat, 10 Dec 2022 10:30:15 GMT
server: cloudflare
etag: W/"545-5ef76c17e1bc0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r52ycTtj06DaJ57loB5ovWEJ%2BZhY4EylVKCyNxb7kQnSYtApxRG2OtbckB4MFo7uYPX2UUmAMmT%2Ftt7JZXVQ9zPt7ex14yiZwDC6a8lgEY1Z9%2Fho3yjTUWDoA6ulUUFjFA9HKBWu"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=31536000
cf-ray: 78648fa659d19b67-FRA
expires: Sun, 31 Dec 2023 21:32:41 GMT

GET
H3 200 paypal_logo.svg
kresy.pl/wp-content/themes/uniset_v1/img/ 5 KB
3 KB 46ms
45ms Image
image/svg+xml 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kresy.pl/wp-content/themes/uniset_v1/img/paypal_logo.svg

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

98ba026cb7615f66ecfe6a9df98de77b9ddc57f89bbd70de34d9ac68b57d5bcb

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 654646
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sat, 10 Dec 2022 10:30:15 GMT
server: cloudflare
etag: W/"137d-5ef76c17e1bc0-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lavGoIqu6e1oyOcXUH09Hc9lfshYmYGDPaObzJm2FJi37w11dW3WVb70S78wfKi5s5o8TXo5Up7Ziu2VPqIrgJdt71J8Ka9jJ5K771EE5nQ9yfCtuiV2S80drtNsMEySE9PE30Vh"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=31536000
cf-ray: 78648fa659d39b67-FRA
expires: Sun, 31 Dec 2023 21:32:41 GMT

GET
H2 200 / Show response
audit-tcfv2.cmp.quantcast.com/ 2 B
101 B 550ms
177ms XHR
text/plain 54.183.96.130
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://audit-tcfv2.cmp.quantcast.com/?log=%7B%22accountId%22%3A%22gTTKmuwPTuX5B%22%2C%22domain%22%3A%22kresy.pl%22%2C%22publisher%22%3A%22Kresy.pl%22%2C%22cmpId%22%3A10%2C%22cmpVersion%22%3A%222.45%22%2C%22displayType%22%3A%22tcfui%3Amandatory%22%2C%22configurationHashCode%22%3A%22Z80Bm0ERC%2F%2BLx0T4fqYaCw%22%2C%22clientTimestamp%22%3A1673177007175%2C%22operationType%22%3A%22init%22%2C%22sessionId%22%3A%22GDPR-yjvtnh11wgl7gbq0jhtw%22%7D
Requested by: Host: cmp.quantcast.com
URL: https://cmp.quantcast.com/tcfv2/45/cmp2ui-en.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.183.96.130 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-183-96-130.us-west-1.compute.amazonaws.com
Software: /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Accept: application/json, text/plain, */*
Referer: https://kresy.pl/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sun, 08 Jan 2023 11:23:27 GMT
content-length: 2
content-type: text/plain; charset=utf-8

POST
H2 204 collect
region1.analytics.google.com/g/ 0
342 B 104ms
29ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-4K9XFBFZKZ&gtm=2oe120&_p=597476126&_gaz=1&cid=419236167.1673177007&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1673177007&sct=1&seg=0&dl=https%3A%2F%2Fkresy.pl%2Fwydarzenia%2Fwegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall%2F&dt=W%C4%99gry%20zbuduj%C4%85%20fabryk%C4%99%20materia%C5%82%C3%B3w%20wybuchowych%20we%20wsp%C3%B3%C5%82pracy%20z%20niemieckim%20Rheinmetall%20%C2%BB%20Kresy%20-%20wiadomo%C5%9Bci%2C%20wydarzenia%2C%20aktualno%C5%9Bci%2C%20newsy&en=page_view&_fv=1&_ss=1&_c=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4K9XFBFZKZ&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:27 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://kresy.pl
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
stats.g.doubleclick.net/g/ 0
17 B 105ms
31ms Ping
text/plain 2a00:1450:400c:c01::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-4K9XFBFZKZ&cid=419236167.1673177007&gtm=2oe120&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4K9XFBFZKZ&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400c:c01::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:27 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://kresy.pl
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 71ms
71ms Image
image/gif 2a00:1450:400d:80a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-4K9XFBFZKZ&cid=419236167.1673177007&gtm=2oe120&aip=1&z=1467729335

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame C373 80 KB
28 KB 131ms
42ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: guandads.com
URL: https://guandads.com/t.js?i=um9999b5yxgun6nnat2hc&cb=1861751673177006466

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0a5677613ffa56ce35f8e7586d2efee3327a9cb31b6bdd1627c879b2c40a24d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27628
x-xss-protection: 0
server: sffe
etag: "1445 / 374 of 1000 / last-modified: 1673046381"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 08 Jan 2023 11:23:27 GMT

GET
H2 200 prebid7.19.0.js Show response
hb.adpone.com/ Frame C373 424 KB
122 KB 127ms
69ms Script
application/javascript 2606:4700:20::ac43:49e4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid7.19.0.js
Requested by: Host: guandads.com
URL: https://guandads.com/t.js?i=um9999b5yxgun6nnat2hc&cb=1861751673177006466
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49e4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 470a2429c3042f378756072ec008c3e0988434499cfd8c211f59ffb9ccdbef6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
x-amz-version-id: mrzpmMNa6L0T_nTXd2e.MsW_mFVsXsAR
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: M0KSET0SMARA7YK8
age: 6905
x-amz-id-2: SU++ksxJ4CTdEQ6wj1iJM6RzFjuUmOETtKnC/ADy2ibrsuiDmtTf8Wc8d++l+n4sNvlauGbObSw=
last-modified: Tue, 25 Oct 2022 11:05:38 GMT
server: cloudflare
etag: W/"c5676242a8c3f69dca478f87ab473b3a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rcf7E2rdVJqNCyfdRRCN9v4H%2FHTS4pI3PDqlVLBqkkHObjWfqm4oWoc9xzTmdK8iTp1PGfmveVJbpGPNVIbekE9Dr%2FtHGxSUr0Y7btVtOMXfeCdV3LbM8Y%2Ff3jdA49HL5f6pSNkvm%2Bh9ibA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 78648fa7abeb92c9-FRA

GET
H2 200 p.html Show response
guandads.com/r/ Frame A962 10 KB
3 KB 21ms
21ms Document
text/html 99.86.4.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://guandads.com/r/p.html?f=tcmufcve&e=1586314810833
Requested by: Host: guandads.com
URL: https://guandads.com/t.js?i=um9999b5yxgun6nnat2hc&cb=1861751673177006466
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-60.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 462fcc52ef8e307cfd803931192a5e698894d38c6090ce2b030364c1137f1655

Request headers

Referer: https://kresy.pl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34271
content-encoding: gzip
content-type: text/html
date: Sun, 08 Jan 2023 01:56:09 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
x-amz-cf-id: hepcdmkPniuu4Mmz--NBcKJIMUNoyGn5L9FgFHOU-XpUKD_wqpEC2A==
x-amz-cf-pop: FRA6-C1
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
x-cache: Hit from cloudfront

GET
H2 200 p.html Show response
guandads.com/r/ Frame 0DEC 10 KB
3 KB 22ms
21ms Document
text/html 99.86.4.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://guandads.com/r/p.html?f=tbqp&e=1586314810833
Requested by: Host: guandads.com
URL: https://guandads.com/t.js?i=um9999b5yxgun6nnat2hc&cb=1861751673177006466
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-60.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 462fcc52ef8e307cfd803931192a5e698894d38c6090ce2b030364c1137f1655

Request headers

Referer: https://kresy.pl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34271
content-encoding: gzip
content-type: text/html
date: Sun, 08 Jan 2023 01:56:09 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
x-amz-cf-id: V-SAiOwf5FAAencc-S7fMPsDrmbMERTtdJgDFFtOep6xHk9HRyu2wg==
x-amz-cf-pop: FRA6-C1
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
x-cache: Hit from cloudfront

GET
H2 200 p.html Show response
guandads.com/r/ Frame D182 10 KB
3 KB 21ms
21ms Document
text/html 99.86.4.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://guandads.com/r/p.html?f=ygqcyx&e=1586314810833
Requested by: Host: guandads.com
URL: https://guandads.com/t.js?i=um9999b5yxgun6nnat2hc&cb=1861751673177006466
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-60.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 462fcc52ef8e307cfd803931192a5e698894d38c6090ce2b030364c1137f1655

Request headers

Referer: https://kresy.pl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34271
content-encoding: gzip
content-type: text/html
date: Sun, 08 Jan 2023 01:56:09 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
x-amz-cf-id: 4AmuGAf7JQ9KQFP3DsiNf4xYWuMmxu9y-cw_Kker3blAbP7pXT5swA==
x-amz-cf-pop: FRA6-C1
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
x-cache: Hit from cloudfront

GET
H2 200 p.html Show response
guandads.com/r/ Frame 5299 10 KB
3 KB 23ms
23ms Document
text/html 99.86.4.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://guandads.com/r/p.html?f=xdfphtnzg&e=1586314810833
Requested by: Host: guandads.com
URL: https://guandads.com/t.js?i=um9999b5yxgun6nnat2hc&cb=1861751673177006466
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-60.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 462fcc52ef8e307cfd803931192a5e698894d38c6090ce2b030364c1137f1655

Request headers

Referer: https://kresy.pl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34271
content-encoding: gzip
content-type: text/html
date: Sun, 08 Jan 2023 01:56:09 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
x-amz-cf-id: kCWn7FtJj9CEe2-xS8UAt_zYRFIgzAL4kak01AekM32H5dT7PkQXxQ==
x-amz-cf-pop: FRA6-C1
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
x-cache: Hit from cloudfront

GET
H2 200 p.html Show response
guandads.com/r/ Frame F4B7 10 KB
3 KB 25ms
25ms Document
text/html 99.86.4.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://guandads.com/r/p.html?f=iiualeoksp&e=1586314810833
Requested by: Host: guandads.com
URL: https://guandads.com/t.js?i=um9999b5yxgun6nnat2hc&cb=1861751673177006466
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-60.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 462fcc52ef8e307cfd803931192a5e698894d38c6090ce2b030364c1137f1655

Request headers

Referer: https://kresy.pl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34271
content-encoding: gzip
content-type: text/html
date: Sun, 08 Jan 2023 01:56:09 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
x-amz-cf-id: VXiiXmVzu22ILhOumyTtIU22Gnbh3Wy50Fo-s3Ar6rrV4GzwwqKy8Q==
x-amz-cf-pop: FRA6-C1
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
x-cache: Hit from cloudfront

GET
H2 200 p.html Show response
guandads.com/r/ Frame AC8E 10 KB
3 KB 25ms
25ms Document
text/html 99.86.4.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://guandads.com/r/p.html?f=yuptqxg&e=1586314810833
Requested by: Host: guandads.com
URL: https://guandads.com/t.js?i=um9999b5yxgun6nnat2hc&cb=1861751673177006466
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-60.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 462fcc52ef8e307cfd803931192a5e698894d38c6090ce2b030364c1137f1655

Request headers

Referer: https://kresy.pl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34271
content-encoding: gzip
content-type: text/html
date: Sun, 08 Jan 2023 01:56:09 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
x-amz-cf-id: LaGJ2NSF5SUcTTyRZ5nDC-HaxJPrY6pUeV-M2tS0acC2x6oyOBAzcA==
x-amz-cf-pop: FRA6-C1
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
x-cache: Hit from cloudfront

GET
H2 200 p.html Show response
guandads.com/r/ Frame 8278 10 KB
3 KB 24ms
24ms Document
text/html 99.86.4.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://guandads.com/r/p.html?f=ubuvjhejdh&e=1586314810833
Requested by: Host: guandads.com
URL: https://guandads.com/t.js?i=um9999b5yxgun6nnat2hc&cb=1861751673177006466
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-60.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 462fcc52ef8e307cfd803931192a5e698894d38c6090ce2b030364c1137f1655

Request headers

Referer: https://kresy.pl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34271
content-encoding: gzip
content-type: text/html
date: Sun, 08 Jan 2023 01:56:09 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
x-amz-cf-id: tT3z5KjJn5GWHLLysFx7Cri9jPc4gF2EB0koTNnzG5r3cy51kHjh0w==
x-amz-cf-pop: FRA6-C1
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
x-cache: Hit from cloudfront

GET
H2 200 p.html Show response
guandads.com/r/ Frame E4BB 10 KB
3 KB 24ms
23ms Document
text/html 99.86.4.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://guandads.com/r/p.html?f=stgvme&e=1586314810833
Requested by: Host: guandads.com
URL: https://guandads.com/t.js?i=um9999b5yxgun6nnat2hc&cb=1861751673177006466
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-60.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 462fcc52ef8e307cfd803931192a5e698894d38c6090ce2b030364c1137f1655

Request headers

Referer: https://kresy.pl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34271
content-encoding: gzip
content-type: text/html
date: Sun, 08 Jan 2023 01:56:09 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
x-amz-cf-id: TkFgg5lZh8GTBBxK13Kbc1aPF1RI-yvz8Cn8VfMmhZqY3YoykTdyTA==
x-amz-cf-pop: FRA6-C1
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
x-cache: Hit from cloudfront

GET
H2 200 p.html Show response
guandads.com/r/ Frame E5D4 10 KB
3 KB 23ms
22ms Document
text/html 99.86.4.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://guandads.com/r/p.html?f=hpozqtsoj&e=1586314810833
Requested by: Host: guandads.com
URL: https://guandads.com/t.js?i=um9999b5yxgun6nnat2hc&cb=1861751673177006466
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-60.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 462fcc52ef8e307cfd803931192a5e698894d38c6090ce2b030364c1137f1655

Request headers

Referer: https://kresy.pl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34271
content-encoding: gzip
content-type: text/html
date: Sun, 08 Jan 2023 01:56:09 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
x-amz-cf-id: dyg66Btc2gxQcKwjG7fW4-XD2lKAcfvrZVRD2mSeCv1kubaSNvggQA==
x-amz-cf-pop: FRA6-C1
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
x-cache: Hit from cloudfront

GET
H2 200 p.html Show response
guandads.com/r/ Frame FE97 10 KB
3 KB 23ms
22ms Document
text/html 99.86.4.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://guandads.com/r/p.html?f=hcqynxwpr&e=1586314810833
Requested by: Host: guandads.com
URL: https://guandads.com/t.js?i=um9999b5yxgun6nnat2hc&cb=1861751673177006466
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-60.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 462fcc52ef8e307cfd803931192a5e698894d38c6090ce2b030364c1137f1655

Request headers

Referer: https://kresy.pl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34271
content-encoding: gzip
content-type: text/html
date: Sun, 08 Jan 2023 01:56:09 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
x-amz-cf-id: TlEiDdLO2uuIIMJFhpr1lFvNFuRr4FcO7cFMpYUlB89mFHn29PZx7w==
x-amz-cf-pop: FRA6-C1
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
x-cache: Hit from cloudfront

GET
H2 200 p.html Show response
guandads.com/r/ Frame 475A 10 KB
3 KB 35ms
34ms Document
text/html 99.86.4.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://guandads.com/r/p.html?f=pmzablfh&e=1586314810833
Requested by: Host: guandads.com
URL: https://guandads.com/t.js?i=um9999b5yxgun6nnat2hc&cb=1861751673177006466
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-60.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 462fcc52ef8e307cfd803931192a5e698894d38c6090ce2b030364c1137f1655

Request headers

Referer: https://kresy.pl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34271
content-encoding: gzip
content-type: text/html
date: Sun, 08 Jan 2023 01:56:09 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
x-amz-cf-id: -e1nwDa5EHl5Y91g6lYHbijTCbypYoffMu0vvY8rHKTYrEn_iWWUlA==
x-amz-cf-pop: FRA6-C1
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
x-cache: Hit from cloudfront

GET
H2 200 p.html Show response
guandads.com/r/ Frame 0F1D 10 KB
3 KB 34ms
34ms Document
text/html 99.86.4.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://guandads.com/r/p.html?f=elbbkpf&e=1586314810833
Requested by: Host: guandads.com
URL: https://guandads.com/t.js?i=um9999b5yxgun6nnat2hc&cb=1861751673177006466
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-60.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 462fcc52ef8e307cfd803931192a5e698894d38c6090ce2b030364c1137f1655

Request headers

Referer: https://kresy.pl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34271
content-encoding: gzip
content-type: text/html
date: Sun, 08 Jan 2023 01:56:09 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
x-amz-cf-id: fx9wcQkoDMBEAbcPQigMXq7mUg0URSxd9emck-Iay4el2gcXtfIXOg==
x-amz-cf-pop: FRA6-C1
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
x-cache: Hit from cloudfront

GET
H2 200 p.html Show response
guandads.com/r/ Frame 1A70 10 KB
3 KB 34ms
33ms Document
text/html 99.86.4.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://guandads.com/r/p.html?f=hwvfnqo&e=1586314810833
Requested by: Host: guandads.com
URL: https://guandads.com/t.js?i=um9999b5yxgun6nnat2hc&cb=1861751673177006466
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-60.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 462fcc52ef8e307cfd803931192a5e698894d38c6090ce2b030364c1137f1655

Request headers

Referer: https://kresy.pl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34271
content-encoding: gzip
content-type: text/html
date: Sun, 08 Jan 2023 01:56:09 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
x-amz-cf-id: 3DasrayCfvPBZQvTyxJ8U3cktNFCcT2QryOUL8bMO7NFRpEI89jSiw==
x-amz-cf-pop: FRA6-C1
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
x-cache: Hit from cloudfront

GET
H2 200 p.html Show response
guandads.com/r/ Frame 407C 10 KB
3 KB 33ms
33ms Document
text/html 99.86.4.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://guandads.com/r/p.html?f=jkeqtqhp&e=1586314810833
Requested by: Host: guandads.com
URL: https://guandads.com/t.js?i=um9999b5yxgun6nnat2hc&cb=1861751673177006466
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-60.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 462fcc52ef8e307cfd803931192a5e698894d38c6090ce2b030364c1137f1655

Request headers

Referer: https://kresy.pl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34271
content-encoding: gzip
content-type: text/html
date: Sun, 08 Jan 2023 01:56:09 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
x-amz-cf-id: Wl6OR3_wVGu96oGk-qW4dzmlFZ-pq2rHwKRI8U8pF8zYwChoBhDD7A==
x-amz-cf-pop: FRA6-C1
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
x-cache: Hit from cloudfront

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 3038 81 KB
27 KB 116ms
62ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: guandads.com
URL: https://guandads.com/t.js?i=bp0qushabwsvq4suom4yj&cb=8662241673177006465

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e12b873778cd8156e884f100f562fa3335760a1aab35c4924a9200018342eb62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27579
x-xss-protection: 0
server: sffe
etag: "1445 / 146 of 1000 / last-modified: 1673046381"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 08 Jan 2023 11:23:27 GMT

GET
H2 200 prebid7.19.0.js Show response
hb.adpone.com/ Frame 3038 424 KB
122 KB 92ms
69ms Script
application/javascript 2606:4700:20::ac43:49e4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid7.19.0.js
Requested by: Host: guandads.com
URL: https://guandads.com/t.js?i=bp0qushabwsvq4suom4yj&cb=8662241673177006465
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49e4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 470a2429c3042f378756072ec008c3e0988434499cfd8c211f59ffb9ccdbef6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
x-amz-version-id: mrzpmMNa6L0T_nTXd2e.MsW_mFVsXsAR
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: M0KSET0SMARA7YK8
age: 6905
x-amz-id-2: SU++ksxJ4CTdEQ6wj1iJM6RzFjuUmOETtKnC/ADy2ibrsuiDmtTf8Wc8d++l+n4sNvlauGbObSw=
last-modified: Tue, 25 Oct 2022 11:05:38 GMT
server: cloudflare
etag: W/"c5676242a8c3f69dca478f87ab473b3a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j5iKbOrXFQsonb4747uBbj1lSq%2F2nRBoVORvveX8iaCLgPqLCksbW8WJxHlU8OeswEV%2FolXxNadaFwWLjmCBYudePyWx95tLgQVqyjqy0yO52eoZHHGYIWy0sJHXTnjruRn1ILCZwQWgcb4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 78648fa7abed92c9-FRA

GET
H2 200 p.html Show response
guandads.com/r/ Frame 987A 10 KB
3 KB 26ms
22ms Document
text/html 99.86.4.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://guandads.com/r/p.html?f=jojq&e=1250011214715
Requested by: Host: guandads.com
URL: https://guandads.com/t.js?i=bp0qushabwsvq4suom4yj&cb=8662241673177006465
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-60.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 462fcc52ef8e307cfd803931192a5e698894d38c6090ce2b030364c1137f1655

Request headers

Referer: https://kresy.pl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34271
content-encoding: gzip
content-type: text/html
date: Sun, 08 Jan 2023 01:56:09 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
x-amz-cf-id: eBlaGRw6kpHkNtu_zIEFD6wcC6j22MF7bLguDSZ6NMr-8gs-nyTwEg==
x-amz-cf-pop: FRA6-C1
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
x-cache: Hit from cloudfront

GET
H2 200 p.html Show response
guandads.com/r/ Frame B65F 10 KB
3 KB 27ms
22ms Document
text/html 99.86.4.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://guandads.com/r/p.html?f=dtbuvkzau&e=1250011214715
Requested by: Host: guandads.com
URL: https://guandads.com/t.js?i=bp0qushabwsvq4suom4yj&cb=8662241673177006465
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-60.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 462fcc52ef8e307cfd803931192a5e698894d38c6090ce2b030364c1137f1655

Request headers

Referer: https://kresy.pl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34271
content-encoding: gzip
content-type: text/html
date: Sun, 08 Jan 2023 01:56:09 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
x-amz-cf-id: 3it-50bYxFnsBGa-G_mKVq5Q4GXEE9GPoPIgbdaloxuQfKicSbAJKQ==
x-amz-cf-pop: FRA6-C1
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
x-cache: Hit from cloudfront

GET
H2 200 p.html Show response
guandads.com/r/ Frame 9CE5 10 KB
3 KB 27ms
23ms Document
text/html 99.86.4.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://guandads.com/r/p.html?f=xebwvxkv&e=1250011214715
Requested by: Host: guandads.com
URL: https://guandads.com/t.js?i=bp0qushabwsvq4suom4yj&cb=8662241673177006465
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-60.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 462fcc52ef8e307cfd803931192a5e698894d38c6090ce2b030364c1137f1655

Request headers

Referer: https://kresy.pl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34271
content-encoding: gzip
content-type: text/html
date: Sun, 08 Jan 2023 01:56:09 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
x-amz-cf-id: BYn91khQzaOXhHzcIaLBzUb__D5GDKoQOVRJKCyDHD-HsnJ2qUSCmg==
x-amz-cf-pop: FRA6-C1
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
x-cache: Hit from cloudfront

GET
H2 200 p.html Show response
guandads.com/r/ Frame 6FFB 10 KB
3 KB 27ms
23ms Document
text/html 99.86.4.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://guandads.com/r/p.html?f=runvt&e=1250011214715
Requested by: Host: guandads.com
URL: https://guandads.com/t.js?i=bp0qushabwsvq4suom4yj&cb=8662241673177006465
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-60.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 462fcc52ef8e307cfd803931192a5e698894d38c6090ce2b030364c1137f1655

Request headers

Referer: https://kresy.pl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34271
content-encoding: gzip
content-type: text/html
date: Sun, 08 Jan 2023 01:56:09 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
x-amz-cf-id: yOqoIEVTBNjW_RLyXVKG7K3vQ1Lm0mO1CVxp-yZI2Xfo4M00GP9Zkg==
x-amz-cf-pop: FRA6-C1
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
x-cache: Hit from cloudfront

GET
H2 200 p.html Show response
guandads.com/r/ Frame 8E80 10 KB
3 KB 28ms
24ms Document
text/html 99.86.4.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://guandads.com/r/p.html?f=ehgguw&e=1250011214715
Requested by: Host: guandads.com
URL: https://guandads.com/t.js?i=bp0qushabwsvq4suom4yj&cb=8662241673177006465
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-60.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 462fcc52ef8e307cfd803931192a5e698894d38c6090ce2b030364c1137f1655

Request headers

Referer: https://kresy.pl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34271
content-encoding: gzip
content-type: text/html
date: Sun, 08 Jan 2023 01:56:09 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
x-amz-cf-id: 8IBMvv-xqLw5CKW20x1Ltt3yw2jn1izxC8uQVI6nGjLlZK36mBtBag==
x-amz-cf-pop: FRA6-C1
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
x-cache: Hit from cloudfront

GET
H2 200 p.html Show response
guandads.com/r/ Frame 541C 10 KB
3 KB 28ms
24ms Document
text/html 99.86.4.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://guandads.com/r/p.html?f=hifpjvmm&e=1250011214715
Requested by: Host: guandads.com
URL: https://guandads.com/t.js?i=bp0qushabwsvq4suom4yj&cb=8662241673177006465
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-60.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 462fcc52ef8e307cfd803931192a5e698894d38c6090ce2b030364c1137f1655

Request headers

Referer: https://kresy.pl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34271
content-encoding: gzip
content-type: text/html
date: Sun, 08 Jan 2023 01:56:09 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
x-amz-cf-id: yJuJOb_Pdz0IB1gTVyR0uayLRHkMHK3QW2GYqoE6mdrhFiP6rCqvaQ==
x-amz-cf-pop: FRA6-C1
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
x-cache: Hit from cloudfront

GET
H2 200 p.html Show response
guandads.com/r/ Frame 9C00 10 KB
3 KB 28ms
25ms Document
text/html 99.86.4.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://guandads.com/r/p.html?f=auwfxq&e=1250011214715
Requested by: Host: guandads.com
URL: https://guandads.com/t.js?i=bp0qushabwsvq4suom4yj&cb=8662241673177006465
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-60.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 462fcc52ef8e307cfd803931192a5e698894d38c6090ce2b030364c1137f1655

Request headers

Referer: https://kresy.pl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34271
content-encoding: gzip
content-type: text/html
date: Sun, 08 Jan 2023 01:56:09 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
x-amz-cf-id: NlUUmG4Vv3OXnPA77hyl_yEuhL5smSnbo7d0OjBQUzG1s6EFrU5GvQ==
x-amz-cf-pop: FRA6-C1
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
x-cache: Hit from cloudfront

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame F943 81 KB
27 KB 101ms
68ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: guandads.com
URL: https://guandads.com/t.js?i=bp0qushabwsvq4suom4yj&cb=5521721673177006467

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

09a0c453f0a8437e518414059fea2127dc8e5d233f9a112c34dd68ad2e1881e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27578
x-xss-protection: 0
server: sffe
etag: "1445 / 875 of 1000 / last-modified: 1673046307"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 08 Jan 2023 11:23:27 GMT

GET
H2 200 prebid7.19.0.js Show response
hb.adpone.com/ Frame F943 424 KB
122 KB 47ms
45ms Script
application/javascript 2606:4700:20::ac43:49e4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid7.19.0.js
Requested by: Host: guandads.com
URL: https://guandads.com/t.js?i=bp0qushabwsvq4suom4yj&cb=5521721673177006467
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49e4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 470a2429c3042f378756072ec008c3e0988434499cfd8c211f59ffb9ccdbef6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
x-amz-version-id: mrzpmMNa6L0T_nTXd2e.MsW_mFVsXsAR
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: M0KSET0SMARA7YK8
age: 6905
x-amz-id-2: SU++ksxJ4CTdEQ6wj1iJM6RzFjuUmOETtKnC/ADy2ibrsuiDmtTf8Wc8d++l+n4sNvlauGbObSw=
last-modified: Tue, 25 Oct 2022 11:05:38 GMT
server: cloudflare
etag: W/"c5676242a8c3f69dca478f87ab473b3a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R7bihqlVYvVM6CKLnwTHvlLReQbZknXWcz8XcV3cq%2B7fFFAhKEIFKuW1Oibgh5VwnL974HEoT3T%2FN68Ter32hQcKnIgfTxOMiVJI26bYgLLa6Vg%2BVcC%2BwL53LP7D1rvPEXW%2BPT5dQbLhGF4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 78648fa7abf092c9-FRA

GET
H2 200 p.html Show response
guandads.com/r/ Frame 81D4 10 KB
3 KB 22ms
21ms Document
text/html 99.86.4.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://guandads.com/r/p.html?f=hpzswbsj&e=1977672056027
Requested by: Host: guandads.com
URL: https://guandads.com/t.js?i=bp0qushabwsvq4suom4yj&cb=5521721673177006467
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-60.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 462fcc52ef8e307cfd803931192a5e698894d38c6090ce2b030364c1137f1655

Request headers

Referer: https://kresy.pl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34271
content-encoding: gzip
content-type: text/html
date: Sun, 08 Jan 2023 01:56:09 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
x-amz-cf-id: 780ma2lmGbdQ1IFnfL7qVTnYh1_-k0Ald0KpM-vpeM7QTRizA4sMEQ==
x-amz-cf-pop: FRA6-C1
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
x-cache: Hit from cloudfront

GET
H2 200 p.html Show response
guandads.com/r/ Frame A941 10 KB
3 KB 21ms
21ms Document
text/html 99.86.4.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://guandads.com/r/p.html?f=nlmhiwtr&e=1977672056027
Requested by: Host: guandads.com
URL: https://guandads.com/t.js?i=bp0qushabwsvq4suom4yj&cb=5521721673177006467
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-60.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 462fcc52ef8e307cfd803931192a5e698894d38c6090ce2b030364c1137f1655

Request headers

Referer: https://kresy.pl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34271
content-encoding: gzip
content-type: text/html
date: Sun, 08 Jan 2023 01:56:09 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
x-amz-cf-id: ZxMay_Hh9lv1Dx55yRNyT78Cxu5PzFicxPrcFGgwnMYBjeMX3aC-3w==
x-amz-cf-pop: FRA6-C1
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
x-cache: Hit from cloudfront

GET
H2 200 p.html Show response
guandads.com/r/ Frame A610 10 KB
3 KB 21ms
21ms Document
text/html 99.86.4.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://guandads.com/r/p.html?f=lfippz&e=1977672056027
Requested by: Host: guandads.com
URL: https://guandads.com/t.js?i=bp0qushabwsvq4suom4yj&cb=5521721673177006467
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-60.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 462fcc52ef8e307cfd803931192a5e698894d38c6090ce2b030364c1137f1655

Request headers

Referer: https://kresy.pl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34271
content-encoding: gzip
content-type: text/html
date: Sun, 08 Jan 2023 01:56:09 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
x-amz-cf-id: VrSA8ksecbbhXXj_bOWvT7b8M15y4dxQUKYPM8eQ3H41dyK5M_5rmg==
x-amz-cf-pop: FRA6-C1
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
x-cache: Hit from cloudfront

GET
H2 200 p.html Show response
guandads.com/r/ Frame 6E84 10 KB
3 KB 22ms
21ms Document
text/html 99.86.4.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://guandads.com/r/p.html?f=qxnnnps&e=1977672056027
Requested by: Host: guandads.com
URL: https://guandads.com/t.js?i=bp0qushabwsvq4suom4yj&cb=5521721673177006467
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-60.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 462fcc52ef8e307cfd803931192a5e698894d38c6090ce2b030364c1137f1655

Request headers

Referer: https://kresy.pl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34271
content-encoding: gzip
content-type: text/html
date: Sun, 08 Jan 2023 01:56:09 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
x-amz-cf-id: xOldPhUI4EqXjvDyxBjyskU0R6oEhb1oxel6WcE5Cd4SDKIrq39Uvg==
x-amz-cf-pop: FRA6-C1
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
x-cache: Hit from cloudfront

GET
H2 200 p.html Show response
guandads.com/r/ Frame 56AD 10 KB
3 KB 21ms
21ms Document
text/html 99.86.4.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://guandads.com/r/p.html?f=okjsbkm&e=1977672056027
Requested by: Host: guandads.com
URL: https://guandads.com/t.js?i=bp0qushabwsvq4suom4yj&cb=5521721673177006467
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-60.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 462fcc52ef8e307cfd803931192a5e698894d38c6090ce2b030364c1137f1655

Request headers

Referer: https://kresy.pl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34271
content-encoding: gzip
content-type: text/html
date: Sun, 08 Jan 2023 01:56:09 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
x-amz-cf-id: Es3_kQesN10lTd0AdpWPtZ4TekxMOO6jOT7rwtmX_61M8f6HzNANpQ==
x-amz-cf-pop: FRA6-C1
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
x-cache: Hit from cloudfront

GET
H2 200 p.html Show response
guandads.com/r/ Frame 37E9 10 KB
3 KB 21ms
21ms Document
text/html 99.86.4.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://guandads.com/r/p.html?f=ltbniayio&e=1977672056027
Requested by: Host: guandads.com
URL: https://guandads.com/t.js?i=bp0qushabwsvq4suom4yj&cb=5521721673177006467
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-60.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 462fcc52ef8e307cfd803931192a5e698894d38c6090ce2b030364c1137f1655

Request headers

Referer: https://kresy.pl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34271
content-encoding: gzip
content-type: text/html
date: Sun, 08 Jan 2023 01:56:09 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
x-amz-cf-id: LrQpFqn0O1q9kSBi-EkY2DnTgvBDN6-0ZAtDZdvTHCmjpiy8izV-0Q==
x-amz-cf-pop: FRA6-C1
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
x-cache: Hit from cloudfront

GET
H2 200 p.html Show response
guandads.com/r/ Frame 333D 10 KB
3 KB 22ms
22ms Document
text/html 99.86.4.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://guandads.com/r/p.html?f=cgokrjn&e=1977672056027
Requested by: Host: guandads.com
URL: https://guandads.com/t.js?i=bp0qushabwsvq4suom4yj&cb=5521721673177006467
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-60.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 462fcc52ef8e307cfd803931192a5e698894d38c6090ce2b030364c1137f1655

Request headers

Referer: https://kresy.pl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34271
content-encoding: gzip
content-type: text/html
date: Sun, 08 Jan 2023 01:56:09 GMT
etag: W/"1d799671c4d6a9304651b1b9d6a783fb"
last-modified: Tue, 25 Oct 2022 13:58:03 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
x-amz-cf-id: 0-iCbX2jeGm1HJXc3kBeej6XlagYG7zGAjgUMzUTQVrKe_fcHByDeg==
x-amz-cf-pop: FRA6-C1
x-amz-version-id: 6P847P_3pwRq3kg1dbhEI8vZo9rD1MSu
x-cache: Hit from cloudfront

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
25 B 30ms
30ms XHR
text/plain 2a00:1450:400c:c01::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-15290908-1&cid=419236167.1673177007&jid=1189152164&gjid=827925952&_gid=878729205.1673177007&_u=aGDAAUABAAAAAGAAI~&z=1110504043

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c01::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://kresy.pl/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 08 Jan 2023 11:23:27 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://kresy.pl
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 skin.css
kresy.pl/wp-content/plugins/LayerSlider/assets/static/layerslider/skins/v6/ 5 KB
1 KB 49ms
49ms Stylesheet
text/css 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/wp-content/plugins/LayerSlider/assets/static/layerslider/skins/v6/skin.css

Requested by

Host: kresy.pl
URL: https://kresy.pl/wp-includes/js/jquery/jquery.min.js?ver=1663596984

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8400e8a1b689a9eb488a65e5a044ed2a81007609e673b1c15a4d9c6f762232ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1799397
cf-polished: origSize=5706
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sat, 10 Dec 2022 10:30:12 GMT
cf-bgj: minify
server: cloudflare
etag: W/"164a-5ef76c1505500-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b42sLqLFb%2FARa7tHb5byovCTwMo0xegKo7kWjTNEVokkSohXY96sJYd6bL4BvalxACeWQo8lDjUJXK9IfdueUTBwNgvWs4LpKx92eX4IfzVx%2BTF7t7cq3MSEtdEtHv5K%2BC57DuP%2B"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 78648fa7bbfe9b67-FRA
expires: Mon, 18 Dec 2023 15:33:30 GMT

GET
H/1.1 200
OK widget_iframe.644279d1635fd969e87af94a98bd232b.html Show response
platform.twitter.com/widgets/ Frame 723F 320 KB
104 KB 103ms
102ms Document
text/html 2606:2800:220:de:468:2285:c1:4a3
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.644279d1635fd969e87af94a98bd232b.html?origin=https%3A%2F%2Fkresy.pl
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:de:468:2285:c1:4a3 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (bsa/EB13) /
Resource Hash: 8c0531412c543b9bd978e29acb8f5cf330db9891115d1e9924519d9a675b7b74

Request headers

Referer: https://kresy.pl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 1510821
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105445
Content-Type: text/html; charset=utf-8
Date: Sun, 08 Jan 2023 11:23:27 GMT
Etag: "50d73c0b4a4c7e4697b9c6ac6f1ecd75+gzip"
Last-Modified: Wed, 02 Nov 2022 19:36:59 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (bsa/EB13)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ

GET
H2 200 rules-p-gTTKmuwPTuX5B.js Show response
rules.quantcount.com/ 160 B
643 B 91ms
20ms Script
application/javascript 2600:9000:211e:8200:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-gTTKmuwPTuX5B.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211e:8200:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3eb04489c13678776c984362931e30bca49656f0c94c650003add521bae4d214

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 10:43:53 GMT
via: 1.1 3d58896f901dbeed449603f5d2b4d9f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 2434
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 160
last-modified: Thu, 13 Oct 2022 15:29:21 GMT
server: AmazonS3
etag: "916cbb9054b453f11cf02b1a6d8e4b59"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
x-amz-cf-id: pZMEeozvPZnuW53uBG9vp7Ul3zbJ-bj7UVZHkPfof-1SssdcHk_4gQ==

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 83ms
36ms Image
image/gif 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-15290908-1&cid=419236167.1673177007&jid=1189152164&_u=aGDAAUABAAAAAGAAI~&z=171482355

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 140ms
70ms Image
image/gif 2a00:1450:400d:80a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-15290908-1&cid=419236167.1673177007&jid=1189152164&_u=aGDAAUABAAAAAGAAI~&z=171482355

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pubads_impl_2023010405.js Show response
securepubads.g.doubleclick.net/gpt/ Frame C373 384 KB
130 KB 63ms
21ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023010405.js?cb=31071459

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d781e072f4b3d0a9bf988ccf26fea3f39dd524baa8366a0b1bb1cb8b99ebfa2f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 13:51:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 77501
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133065
x-xss-protection: 0
last-modified: Wed, 04 Jan 2023 18:39:54 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 07 Jan 2024 13:51:46 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ Frame C373 491 B
200 B 104ms
59ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=kresy.pl

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1440052d976c5d3847cf68c4ba885b676cc10d28fe5fcedf07a40a88dc89e1f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 175
x-xss-protection: 0
expires: Sun, 08 Jan 2023 11:23:27 GMT

GET
H3 200 pubads_impl_2022120801.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 3038 382 KB
129 KB 56ms
22ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js?cb=31071457

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dcc5f41d1dc04a19dccb2061dc9572cb46c1c19dd89cb5d910752020fa87e791

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:04:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1158
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 132306
x-xss-protection: 0
last-modified: Thu, 08 Dec 2022 09:38:55 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 08 Jan 2024 11:04:09 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ Frame 3038 491 B
200 B 130ms
93ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=kresy.pl

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1440052d976c5d3847cf68c4ba885b676cc10d28fe5fcedf07a40a88dc89e1f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 175
x-xss-protection: 0
expires: Sun, 08 Jan 2023 11:23:27 GMT

GET
H3 200 pubads_impl_2022120801.js Show response
securepubads.g.doubleclick.net/gpt/ Frame F943 382 KB
129 KB 59ms
30ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022120801.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dcc5f41d1dc04a19dccb2061dc9572cb46c1c19dd89cb5d910752020fa87e791

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 09:58:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5123
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 132306
x-xss-protection: 0
last-modified: Thu, 08 Dec 2022 09:38:55 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 08 Jan 2024 09:58:04 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ Frame F943 491 B
200 B 157ms
126ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=kresy.pl

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1440052d976c5d3847cf68c4ba885b676cc10d28fe5fcedf07a40a88dc89e1f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 175
x-xss-protection: 0
expires: Sun, 08 Jan 2023 11:23:27 GMT

GET
H3 200 428362807531989 Show response
connect.facebook.net/signals/config/ 301 KB
86 KB 46ms
22ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/428362807531989?v=2.9.91&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b08554493186fe6b548ef5034ba2cd5e05be504dd8ce31af8071efc4fa10a32e

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sun, 08 Jan 2023 11:23:27 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88127
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: 2mKuqXZtGwmKSAsPeYys7gSHLB+A9ctTa+GoavWnqoF5HQ+wiI8prRY2kFtksu8UEhxd+TAn2moX1u7gTwocrQ==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 prebid7.19.0.js Show response
hb.adpone.com/ Frame A962 424 KB
122 KB 42ms
42ms Script
application/javascript 2606:4700:20::ac43:49e4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid7.19.0.js
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=tcmufcve&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49e4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 470a2429c3042f378756072ec008c3e0988434499cfd8c211f59ffb9ccdbef6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
x-amz-version-id: mrzpmMNa6L0T_nTXd2e.MsW_mFVsXsAR
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: M0KSET0SMARA7YK8
age: 6905
x-amz-id-2: SU++ksxJ4CTdEQ6wj1iJM6RzFjuUmOETtKnC/ADy2ibrsuiDmtTf8Wc8d++l+n4sNvlauGbObSw=
last-modified: Tue, 25 Oct 2022 11:05:38 GMT
server: cloudflare
etag: W/"c5676242a8c3f69dca478f87ab473b3a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8IUIK57bux%2Fg%2Bi7x06yNeZycOMd3I2j1tOs0jRNa8kJu1fCoWV5NsVo11gTyiJYpeHU3SCk9bF%2B0GrIdTRT%2BK%2FIcsFuCYUlpdjNyFqqmhzLROfI0ztocr9AJbkUQtCLWMjhIcj0o9y1k1yk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 78648fa96f4b92c9-FRA

GET
H2 200 prebid7.19.0.js Show response
hb.adpone.com/ Frame 0DEC 424 KB
122 KB 43ms
43ms Script
application/javascript 2606:4700:20::ac43:49e4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid7.19.0.js
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=tbqp&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49e4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 470a2429c3042f378756072ec008c3e0988434499cfd8c211f59ffb9ccdbef6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
x-amz-version-id: mrzpmMNa6L0T_nTXd2e.MsW_mFVsXsAR
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: M0KSET0SMARA7YK8
age: 6905
x-amz-id-2: SU++ksxJ4CTdEQ6wj1iJM6RzFjuUmOETtKnC/ADy2ibrsuiDmtTf8Wc8d++l+n4sNvlauGbObSw=
last-modified: Tue, 25 Oct 2022 11:05:38 GMT
server: cloudflare
etag: W/"c5676242a8c3f69dca478f87ab473b3a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hsJ77Z2V4tm8QQfWFMbzI8%2BYqRTq7xkmZCIqmPh%2Fze3qFcG1D835UoG3FGrih5EQaDBuHftUNtHWoVIKfsqBaIAZsaroP3QiD0MUh70irobCI4vFWYSt%2BeZC%2Fd55Jov4TWUMJM%2BBXE4qtmk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 78648fa97f6792c9-FRA

GET
H2 200 prebid7.19.0.js Show response
hb.adpone.com/ Frame D182 424 KB
122 KB 55ms
54ms Script
application/javascript 2606:4700:20::ac43:49e4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid7.19.0.js
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=ygqcyx&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49e4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 470a2429c3042f378756072ec008c3e0988434499cfd8c211f59ffb9ccdbef6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
x-amz-version-id: mrzpmMNa6L0T_nTXd2e.MsW_mFVsXsAR
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: M0KSET0SMARA7YK8
age: 6905
x-amz-id-2: SU++ksxJ4CTdEQ6wj1iJM6RzFjuUmOETtKnC/ADy2ibrsuiDmtTf8Wc8d++l+n4sNvlauGbObSw=
last-modified: Tue, 25 Oct 2022 11:05:38 GMT
server: cloudflare
etag: W/"c5676242a8c3f69dca478f87ab473b3a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5Xm4oMCdSvE2YGKm9yY4GB%2Fj0uwdQi0F1rW3e9udlXmuP6tQq7konJw9Sp%2BV2hgFVkAsGDeJk%2FTN5RJgREK%2BYtyA7YJSWlj4MXXrfAGJRXu2cwmlX9Id8XRJmkkNEeigdNpjgDp31BSJVkQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 78648fa97f7b92c9-FRA

GET
H2 200 prebid7.19.0.js Show response
hb.adpone.com/ Frame 5299 424 KB
122 KB 40ms
40ms Script
application/javascript 2606:4700:20::ac43:49e4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid7.19.0.js
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=xdfphtnzg&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49e4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 470a2429c3042f378756072ec008c3e0988434499cfd8c211f59ffb9ccdbef6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
x-amz-version-id: mrzpmMNa6L0T_nTXd2e.MsW_mFVsXsAR
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: M0KSET0SMARA7YK8
age: 6905
x-amz-id-2: SU++ksxJ4CTdEQ6wj1iJM6RzFjuUmOETtKnC/ADy2ibrsuiDmtTf8Wc8d++l+n4sNvlauGbObSw=
last-modified: Tue, 25 Oct 2022 11:05:38 GMT
server: cloudflare
etag: W/"c5676242a8c3f69dca478f87ab473b3a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IOB9G0DUfjdY656U6d%2B%2Bi0Mxh%2BNcJygBdhaGJJQMAa0acSbnJRNF3KFXMQi97sb%2B4GKgk5L0IBxMebydZVms5p9iwl89AQ35KjkZCyNZwvhWZOcSh3ni3Njew%2Fz1dU7ZRJlkzORkgVOqdFU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 78648fa98f8692c9-FRA

GET
H2 200 prebid7.19.0.js Show response
hb.adpone.com/ Frame F4B7 424 KB
122 KB 39ms
38ms Script
application/javascript 2606:4700:20::ac43:49e4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid7.19.0.js
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=iiualeoksp&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49e4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 470a2429c3042f378756072ec008c3e0988434499cfd8c211f59ffb9ccdbef6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
x-amz-version-id: mrzpmMNa6L0T_nTXd2e.MsW_mFVsXsAR
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: M0KSET0SMARA7YK8
age: 6905
x-amz-id-2: SU++ksxJ4CTdEQ6wj1iJM6RzFjuUmOETtKnC/ADy2ibrsuiDmtTf8Wc8d++l+n4sNvlauGbObSw=
last-modified: Tue, 25 Oct 2022 11:05:38 GMT
server: cloudflare
etag: W/"c5676242a8c3f69dca478f87ab473b3a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZnC%2FN3cqyd8X5vFhFyYibPIvgXXDh%2FuO3%2FCHapoD6pM2192t9qeL3Vim%2FFv09dQdAz7DThj2oujS0Rpp4aObiRAL2m8SIs0dBoGsmKrTr4s%2BDVqzuSy1YC7YLDGI%2FEEu4cE4YyrymRUX0O0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 78648fa98f9c92c9-FRA

GET
H2 200 prebid7.19.0.js Show response
hb.adpone.com/ Frame AC8E 424 KB
122 KB 43ms
43ms Script
application/javascript 2606:4700:20::ac43:49e4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid7.19.0.js
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=yuptqxg&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49e4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 470a2429c3042f378756072ec008c3e0988434499cfd8c211f59ffb9ccdbef6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
x-amz-version-id: mrzpmMNa6L0T_nTXd2e.MsW_mFVsXsAR
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: M0KSET0SMARA7YK8
age: 6905
x-amz-id-2: SU++ksxJ4CTdEQ6wj1iJM6RzFjuUmOETtKnC/ADy2ibrsuiDmtTf8Wc8d++l+n4sNvlauGbObSw=
last-modified: Tue, 25 Oct 2022 11:05:38 GMT
server: cloudflare
etag: W/"c5676242a8c3f69dca478f87ab473b3a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AH%2Fgp02UaCXbPXVj7x73lwFq3o0H8CAe1cTwqviL%2Fy8yqlxA4XtvxIX%2FUMAUl1bEabq%2F02WhoCOJ5UgKUPlTY%2Fdl6RrQ8dbW%2FX0MZUa7TbvwdtrVPvYLZv3bZVURm1XZGQOMiHHRKaQeuZY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 78648fa99fb892c9-FRA

GET
H2 200 prebid7.19.0.js Show response
hb.adpone.com/ Frame 8278 424 KB
122 KB 44ms
44ms Script
application/javascript 2606:4700:20::ac43:49e4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid7.19.0.js
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=ubuvjhejdh&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49e4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 470a2429c3042f378756072ec008c3e0988434499cfd8c211f59ffb9ccdbef6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
x-amz-version-id: mrzpmMNa6L0T_nTXd2e.MsW_mFVsXsAR
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: M0KSET0SMARA7YK8
age: 6905
x-amz-id-2: SU++ksxJ4CTdEQ6wj1iJM6RzFjuUmOETtKnC/ADy2ibrsuiDmtTf8Wc8d++l+n4sNvlauGbObSw=
last-modified: Tue, 25 Oct 2022 11:05:38 GMT
server: cloudflare
etag: W/"c5676242a8c3f69dca478f87ab473b3a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BD1P59afdF4A3WRyiD4ltqAlSEMNJEhJkKSy0Jh4vRVbmDdPA5aqmEp0PL%2FNe%2B9Vp8gcgZvqgbUy6%2F%2FK2Bmkwgy5UBjGGHuj613Emaa7GzE26ul%2Fp%2FB0Uc3prDsaqNdQrKatICNMwgimLPk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 78648fa9afd092c9-FRA

GET
H2 200 prebid7.19.0.js Show response
hb.adpone.com/ Frame E4BB 424 KB
122 KB 42ms
41ms Script
application/javascript 2606:4700:20::ac43:49e4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid7.19.0.js
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=stgvme&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49e4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 470a2429c3042f378756072ec008c3e0988434499cfd8c211f59ffb9ccdbef6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
x-amz-version-id: mrzpmMNa6L0T_nTXd2e.MsW_mFVsXsAR
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: M0KSET0SMARA7YK8
age: 6905
x-amz-id-2: SU++ksxJ4CTdEQ6wj1iJM6RzFjuUmOETtKnC/ADy2ibrsuiDmtTf8Wc8d++l+n4sNvlauGbObSw=
last-modified: Tue, 25 Oct 2022 11:05:38 GMT
server: cloudflare
etag: W/"c5676242a8c3f69dca478f87ab473b3a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7W6chqr7ZvZTRZ1iTgrh421HiuGaaMNLp0MPqVMEwELfF1uAtGY%2BKFJopirbkt%2FG53xuFlc4NRJ%2B4KavAKKpsMLuxyHWkYDvhoGsDtONgGLHYI%2Fc3Sq8zXxCAsYp9xRIpyYKugXkZxR7Tvw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 78648fa9bfe392c9-FRA

GET
H2 200 prebid7.19.0.js Show response
hb.adpone.com/ Frame E5D4 424 KB
122 KB 44ms
42ms Script
application/javascript 2606:4700:20::ac43:49e4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid7.19.0.js
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=hpozqtsoj&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49e4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 470a2429c3042f378756072ec008c3e0988434499cfd8c211f59ffb9ccdbef6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
x-amz-version-id: mrzpmMNa6L0T_nTXd2e.MsW_mFVsXsAR
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: M0KSET0SMARA7YK8
age: 6905
x-amz-id-2: SU++ksxJ4CTdEQ6wj1iJM6RzFjuUmOETtKnC/ADy2ibrsuiDmtTf8Wc8d++l+n4sNvlauGbObSw=
last-modified: Tue, 25 Oct 2022 11:05:38 GMT
server: cloudflare
etag: W/"c5676242a8c3f69dca478f87ab473b3a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=beaYecDp2CKs40Byr%2BnZ6CUH%2B2k7JLtodDyxYf1xaGhVJZn2%2FNMkqh6A92fYKesaUfu6TctDk2v7orRGiHSJLqQOFEFr9AQ72N%2BepViElxLLRWcDFJPSGXpoTCJqIXbFaSwhApS25vzvk0Y%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 78648fa9bffc92c9-FRA

GET
H2 200 prebid7.19.0.js Show response
hb.adpone.com/ Frame FE97 424 KB
122 KB 41ms
41ms Script
application/javascript 2606:4700:20::ac43:49e4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid7.19.0.js
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=hcqynxwpr&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49e4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 470a2429c3042f378756072ec008c3e0988434499cfd8c211f59ffb9ccdbef6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
x-amz-version-id: mrzpmMNa6L0T_nTXd2e.MsW_mFVsXsAR
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: M0KSET0SMARA7YK8
age: 6905
x-amz-id-2: SU++ksxJ4CTdEQ6wj1iJM6RzFjuUmOETtKnC/ADy2ibrsuiDmtTf8Wc8d++l+n4sNvlauGbObSw=
last-modified: Tue, 25 Oct 2022 11:05:38 GMT
server: cloudflare
etag: W/"c5676242a8c3f69dca478f87ab473b3a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1PK28DMYbhoCopjZGmKJ3XrJa61LiQQCLGtF0EQF0uViaoEciTIYX%2FXqYlQwyjYfsP9hqBDgfUHCyigQGWYvo06kXHCB9oho%2FXjYEl%2FIzB5BewFJtlYGtlcPZ%2BKm%2BZMRJAI0m5AbPVycrIk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 78648fa9c80a92c9-FRA

GET
H2 200 prebid7.19.0.js Show response
hb.adpone.com/ Frame 475A 424 KB
122 KB 51ms
41ms Script
application/javascript 2606:4700:20::ac43:49e4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid7.19.0.js
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=pmzablfh&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49e4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 470a2429c3042f378756072ec008c3e0988434499cfd8c211f59ffb9ccdbef6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
x-amz-version-id: mrzpmMNa6L0T_nTXd2e.MsW_mFVsXsAR
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: M0KSET0SMARA7YK8
age: 6905
x-amz-id-2: SU++ksxJ4CTdEQ6wj1iJM6RzFjuUmOETtKnC/ADy2ibrsuiDmtTf8Wc8d++l+n4sNvlauGbObSw=
last-modified: Tue, 25 Oct 2022 11:05:38 GMT
server: cloudflare
etag: W/"c5676242a8c3f69dca478f87ab473b3a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fR0EGwMKSiUAqUw8%2FKHkr6im2%2FUjQpc903UuO%2BPxZiXoIdK64QkMYdVHEers%2BpcdfMcFgPC4uk24HNV%2FRHpcD%2BcgXiAL3LjgvZQnOvhtgHeJE7qg46Vc88dXBE4D6f7%2BpS4jwYZAWE7%2BD0o%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 78648fa9d83192c9-FRA

GET
H2 200 prebid7.19.0.js Show response
hb.adpone.com/ Frame 0F1D 424 KB
122 KB 45ms
41ms Script
application/javascript 2606:4700:20::ac43:49e4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid7.19.0.js
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=elbbkpf&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49e4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 470a2429c3042f378756072ec008c3e0988434499cfd8c211f59ffb9ccdbef6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
x-amz-version-id: mrzpmMNa6L0T_nTXd2e.MsW_mFVsXsAR
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: M0KSET0SMARA7YK8
age: 6905
x-amz-id-2: SU++ksxJ4CTdEQ6wj1iJM6RzFjuUmOETtKnC/ADy2ibrsuiDmtTf8Wc8d++l+n4sNvlauGbObSw=
last-modified: Tue, 25 Oct 2022 11:05:38 GMT
server: cloudflare
etag: W/"c5676242a8c3f69dca478f87ab473b3a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7LG2bjZ6r8AMZxaST71%2BAugnr52bY%2FrX8%2BlwmHYPEVLuhZZDdzjtQqnX5BkBAXkiGJBsN9VAkbI4E%2BQhGB%2FrGBmcygudnDakGjuW8Or4Y%2FG9JioXICmZLodzC1GweqYIJMnLO1cuDABaPPI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 78648fa9d83e92c9-FRA

GET
H2 200 prebid7.19.0.js Show response
hb.adpone.com/ Frame 1A70 424 KB
122 KB 41ms
41ms Script
application/javascript 2606:4700:20::ac43:49e4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid7.19.0.js
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=hwvfnqo&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49e4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 470a2429c3042f378756072ec008c3e0988434499cfd8c211f59ffb9ccdbef6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
x-amz-version-id: mrzpmMNa6L0T_nTXd2e.MsW_mFVsXsAR
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: M0KSET0SMARA7YK8
age: 6905
x-amz-id-2: SU++ksxJ4CTdEQ6wj1iJM6RzFjuUmOETtKnC/ADy2ibrsuiDmtTf8Wc8d++l+n4sNvlauGbObSw=
last-modified: Tue, 25 Oct 2022 11:05:38 GMT
server: cloudflare
etag: W/"c5676242a8c3f69dca478f87ab473b3a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IZ5qo67Ser5xF7qw9ityQSs291voPTdgulafV72i371kHjJ8WlA7x%2FizuPJLcIG7NtMm3Qu%2BUqPquFJBjTUtUl9HyYc4BPT2uLAzVh6FFy%2FtTLIyDFnahSlGRzx9wSJ6M4Y6ia5SMMzuxH4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 78648fa9e85292c9-FRA

GET
H2 200 prebid7.19.0.js Show response
hb.adpone.com/ Frame 407C 424 KB
122 KB 44ms
35ms Script
application/javascript 2606:4700:20::ac43:49e4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid7.19.0.js
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=jkeqtqhp&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49e4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 470a2429c3042f378756072ec008c3e0988434499cfd8c211f59ffb9ccdbef6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
x-amz-version-id: mrzpmMNa6L0T_nTXd2e.MsW_mFVsXsAR
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: M0KSET0SMARA7YK8
age: 6905
x-amz-id-2: SU++ksxJ4CTdEQ6wj1iJM6RzFjuUmOETtKnC/ADy2ibrsuiDmtTf8Wc8d++l+n4sNvlauGbObSw=
last-modified: Tue, 25 Oct 2022 11:05:38 GMT
server: cloudflare
etag: W/"c5676242a8c3f69dca478f87ab473b3a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3%2BAXgByJBdScWNXEjfKWl9eUo5MbpIkiWmFdkYMFtRdwCZVfb23YOFjo8acNEac68DUv%2B%2Bgif2lS4tEDg%2BXgycxZlT%2FR07E6BACA%2FE8psCWu5RQXteHOJ0Wp0CK2KK045fuZ3iz9rigvxLU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 78648fa9f87992c9-FRA

GET
H2 200 prebid7.19.0.js Show response
hb.adpone.com/ Frame 987A 424 KB
122 KB 42ms
38ms Script
application/javascript 2606:4700:20::ac43:49e4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid7.19.0.js
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=jojq&e=1250011214715
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49e4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 470a2429c3042f378756072ec008c3e0988434499cfd8c211f59ffb9ccdbef6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
x-amz-version-id: mrzpmMNa6L0T_nTXd2e.MsW_mFVsXsAR
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: M0KSET0SMARA7YK8
age: 6905
x-amz-id-2: SU++ksxJ4CTdEQ6wj1iJM6RzFjuUmOETtKnC/ADy2ibrsuiDmtTf8Wc8d++l+n4sNvlauGbObSw=
last-modified: Tue, 25 Oct 2022 11:05:38 GMT
server: cloudflare
etag: W/"c5676242a8c3f69dca478f87ab473b3a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tm18o%2B1Uil0VqKEhEy4AJKLf2%2FGpA7H243%2F6MZdA%2BWxJOJANC3jsynQ23qSgwdpyLTtyIfAa7YxjjGWsW5QUiDVx4Q4bqrTd4Zy1LcmCa2%2FbXjXwto6ssA5LI0cc7H7hJyvxxfPq2VoLk9o%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 78648faa088692c9-FRA

GET
H2 200 prebid7.19.0.js Show response
hb.adpone.com/ Frame B65F 424 KB
122 KB 44ms
38ms Script
application/javascript 2606:4700:20::ac43:49e4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid7.19.0.js
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=dtbuvkzau&e=1250011214715
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49e4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 470a2429c3042f378756072ec008c3e0988434499cfd8c211f59ffb9ccdbef6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
x-amz-version-id: mrzpmMNa6L0T_nTXd2e.MsW_mFVsXsAR
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: M0KSET0SMARA7YK8
age: 6905
x-amz-id-2: SU++ksxJ4CTdEQ6wj1iJM6RzFjuUmOETtKnC/ADy2ibrsuiDmtTf8Wc8d++l+n4sNvlauGbObSw=
last-modified: Tue, 25 Oct 2022 11:05:38 GMT
server: cloudflare
etag: W/"c5676242a8c3f69dca478f87ab473b3a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bF7pwWaxRNe4htit9BtFb0PKXdkVheV5jxbNBMSXXsGVlWUpy8SfqJxODxXL%2BnSWUKKAZLMVvvsM0Lf4WlmQ0rqcaexD8G19wCQgO78oJ1ly061K3YVOvGjp4TjFIUlb9ww4j0MfCaRggtc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 78648faa18ac92c9-FRA

GET
H2 200 prebid7.19.0.js Show response
hb.adpone.com/ Frame 9CE5 424 KB
122 KB 42ms
41ms Script
application/javascript 2606:4700:20::ac43:49e4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid7.19.0.js
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=xebwvxkv&e=1250011214715
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49e4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 470a2429c3042f378756072ec008c3e0988434499cfd8c211f59ffb9ccdbef6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
x-amz-version-id: mrzpmMNa6L0T_nTXd2e.MsW_mFVsXsAR
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: M0KSET0SMARA7YK8
age: 6905
x-amz-id-2: SU++ksxJ4CTdEQ6wj1iJM6RzFjuUmOETtKnC/ADy2ibrsuiDmtTf8Wc8d++l+n4sNvlauGbObSw=
last-modified: Tue, 25 Oct 2022 11:05:38 GMT
server: cloudflare
etag: W/"c5676242a8c3f69dca478f87ab473b3a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rg%2BST3uc74R0SPCY7lhp5oAu6Fxdsg3lBW5HOlHutyvAvBaBIzBPZnMJbkMJFSI3hl7EL1Ue4AYdMId%2Fx35%2FMmMZs35tBmq0DtcdoWc39%2BL%2FLTRqP%2By%2F2tDP0lBidPhaGd7%2B1Ua8i8%2Bni4Y%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 78648faa18af92c9-FRA

GET
H2 200 prebid7.19.0.js Show response
hb.adpone.com/ Frame 6FFB 424 KB
122 KB 41ms
40ms Script
application/javascript 2606:4700:20::ac43:49e4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid7.19.0.js
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=runvt&e=1250011214715
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49e4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 470a2429c3042f378756072ec008c3e0988434499cfd8c211f59ffb9ccdbef6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
x-amz-version-id: mrzpmMNa6L0T_nTXd2e.MsW_mFVsXsAR
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: M0KSET0SMARA7YK8
age: 6905
x-amz-id-2: SU++ksxJ4CTdEQ6wj1iJM6RzFjuUmOETtKnC/ADy2ibrsuiDmtTf8Wc8d++l+n4sNvlauGbObSw=
last-modified: Tue, 25 Oct 2022 11:05:38 GMT
server: cloudflare
etag: W/"c5676242a8c3f69dca478f87ab473b3a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eC4LW6BMX4gN8pcYVENAG1Qi4C8CdnjfIwIgNDkGG3MxlfLrOvFhzYQ9b21r9MoojVj0HTUmLoJ%2Bfxz0P8lI6M7cugvg9np%2FzyKlL%2FQYNeZjBJ%2BZw9MnI64iU2xrWrfHK5F3oC0j4Z%2FcIQg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 78648faa18be92c9-FRA

POST
H2 200 / Show response
shb.richaudience.com/hb/ Frame 3038 4 B
231 B 513ms
172ms XHR
text/html 208.115.232.150
LIMESTONENETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://shb.richaudience.com/hb/
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 208.115.232.150 , United States, ASN46475 (LIMESTONENETWORKS, US),
Reverse DNS: 150-232-115-208.static.reverse.lstn.net
Software: nginx/1.14.2 /
Resource Hash: d6dffe998d4d52601dd56a1666bbd09f6926bc110429c434402ca7a814080808

Request headers

Referer: https://kresy.pl/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: gzip
server: nginx/1.14.2
vary: Accept-Encoding, Accept-Encoding
access-control-max-age: 86400
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://kresy.pl
access-control-allow-credentials: true

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 3038 171 B
550 B 214ms
98ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://kresy.pl/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://kresy.pl
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 3038 144 B
1 KB 247ms
200ms XHR
application/json 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

d36820c3fbf93397166b73c524cbd7fecfc48bbe8cb28154a867c6e9a1c04ec1

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://kresy.pl/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:27 GMT
AN-X-Request-Uuid: 3ff5f8a7-3c09-4b66-9127-008abe801473
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://kresy.pl
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 144
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 3038 448 B
772 B 292ms
187ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=389854&zone_id=2179160&size_id=15&p_pos=atf&us_privacy=1---&rp_schain=1.0,1!adpone.com,3537bcb0f9becc705b34,1,,,&rf=kresy.pl&tg_i.page=https%3A%2F%2Fkresy.pl%2Fwydarzenia%2Fwegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall%2F&tg_i.domain=kresy.pl&tg_i.pbadslot=%2F21671350435%2C22684505004%2F300x250-kresy.pl&tk_flint=pbjs_lite_v7.19.0&x_source.tid=634d7aa3-7812-46d1-9588-2c6b7c456d2f&l_pb_bid_id=84ca8fc98c10d8&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.22927921625830483
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 851df1e77053b267c4fea90a25cb9bc3c7b76ea46fe73b09b9ec4369adfb3207

Request headers

Referer: https://kresy.pl/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:27 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://kresy.pl
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 448
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 3038 0
55 B 616ms
256ms XHR
text/plain 204.237.133.116
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.116 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://kresy.pl/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://kresy.pl
date: Sun, 08 Jan 2023 11:23:26 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 3038 171 B
550 B 241ms
131ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://kresy.pl/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:26 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://kresy.pl
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame 3038 0
404 B 218ms
114ms XHR
text/plain 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://kresy.pl/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://kresy.pl
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame 3038 18 B
305 B 216ms
120ms XHR
application/json 2a02:2638:1::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=7589392011&lsavail=0

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://kresy.pl/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://kresy.pl
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 44

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame C373 18 B
306 B 144ms
51ms XHR
application/json 2a02:2638:1::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=59022196416&lsavail=0

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://kresy.pl/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://kresy.pl
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 44

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame C373 20 KB
13 KB 245ms
203ms XHR
application/json 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

605822d05bc1c4865f2d187977c950f8d95c4f78ea246c13cd0ac767a43f184b

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://kresy.pl/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sun, 08 Jan 2023 11:23:27 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 0cbb2857-7e74-4674-8778-b47ac325a8ef
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://kresy.pl
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame C373 171 B
555 B 318ms
207ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://kresy.pl/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://kresy.pl
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame C373 0
403 B 219ms
123ms XHR
text/plain 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://kresy.pl/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://kresy.pl
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H2 204 / Show response
shb.richaudience.com/hb/ Frame C373 0
129 B 504ms
179ms XHR
text/plain 208.115.232.150
LIMESTONENETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://shb.richaudience.com/hb/
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 208.115.232.150 , United States, ASN46475 (LIMESTONENETWORKS, US),
Reverse DNS: 150-232-115-208.static.reverse.lstn.net
Software: nginx/1.14.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://kresy.pl/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://kresy.pl
date: Sun, 08 Jan 2023 11:23:28 GMT
access-control-allow-credentials: true
server: nginx/1.14.2
access-control-max-age: 86400

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame C373 448 B
994 B 220ms
125ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=389854&zone_id=2179160&size_id=57&p_pos=atf&us_privacy=1---&rp_schain=1.0,1!adpone.com,3537bcb0f9becc705b34,1,,,&rf=kresy.pl&tg_i.page=https%3A%2F%2Fkresy.pl%2Fwydarzenia%2Fwegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall%2F&tg_i.domain=kresy.pl&tg_i.pbadslot=%2F21671350435%2C22684505004%2F970x250-kresy.pl&tk_flint=pbjs_lite_v7.19.0&x_source.tid=521c8ed9-01ff-4ff8-948b-043aad247e8e&l_pb_bid_id=12f181bf4fdcb18&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.7742801335042782
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 42d482c7c58ae16220c008377b524229aeccc29dda9ce36a8729000891b90529

Request headers

Referer: https://kresy.pl/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:27 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://kresy.pl
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 448
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame C373 0
111 B 595ms
245ms XHR
text/plain 204.237.133.116
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.116 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://kresy.pl/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://kresy.pl
date: Sun, 08 Jan 2023 11:23:27 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H2 200 prebid7.19.0.js Show response
hb.adpone.com/ Frame 8E80 424 KB
122 KB 54ms
50ms Script
application/javascript 2606:4700:20::ac43:49e4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid7.19.0.js
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=ehgguw&e=1250011214715
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49e4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 470a2429c3042f378756072ec008c3e0988434499cfd8c211f59ffb9ccdbef6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
x-amz-version-id: mrzpmMNa6L0T_nTXd2e.MsW_mFVsXsAR
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: M0KSET0SMARA7YK8
age: 6905
x-amz-id-2: SU++ksxJ4CTdEQ6wj1iJM6RzFjuUmOETtKnC/ADy2ibrsuiDmtTf8Wc8d++l+n4sNvlauGbObSw=
last-modified: Tue, 25 Oct 2022 11:05:38 GMT
server: cloudflare
etag: W/"c5676242a8c3f69dca478f87ab473b3a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gCJr0kN43yYeqfxCEH9EtLRbwZdgE9qu0hjzIoN5SuLfWG8wy9qq%2FSproeBRMaUV2zT46l51TVVz1pPqDof21%2B%2FpQetxTCETS%2FYtbmXE9QLQAD3SNrVT6BI2e9mYTw2aK30GEGV39WEY4ZA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 78648faa594092c9-FRA

GET
H2 200 prebid7.19.0.js Show response
hb.adpone.com/ Frame 541C 424 KB
122 KB 38ms
37ms Script
application/javascript 2606:4700:20::ac43:49e4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid7.19.0.js
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=hifpjvmm&e=1250011214715
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49e4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 470a2429c3042f378756072ec008c3e0988434499cfd8c211f59ffb9ccdbef6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
x-amz-version-id: mrzpmMNa6L0T_nTXd2e.MsW_mFVsXsAR
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: M0KSET0SMARA7YK8
age: 6905
x-amz-id-2: SU++ksxJ4CTdEQ6wj1iJM6RzFjuUmOETtKnC/ADy2ibrsuiDmtTf8Wc8d++l+n4sNvlauGbObSw=
last-modified: Tue, 25 Oct 2022 11:05:38 GMT
server: cloudflare
etag: W/"c5676242a8c3f69dca478f87ab473b3a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Eq6ex99N7HDS5sz7XN4AGJVNrb7%2F9YNfNk5J%2FPY7r6WOl4zX9PPQPqrNjBwGkXTDAqpw5KUA%2B7GUhP7PXA7nIXpT5e21MvQsmtOYddeKq%2F8MkGZFfnxrn2JrRpGA7Zr2RUIQCgkj182gr6M%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 78648faa694f92c9-FRA

GET
H2 200 prebid7.19.0.js Show response
hb.adpone.com/ Frame 9C00 424 KB
122 KB 36ms
36ms Script
application/javascript 2606:4700:20::ac43:49e4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid7.19.0.js
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=auwfxq&e=1250011214715
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49e4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 470a2429c3042f378756072ec008c3e0988434499cfd8c211f59ffb9ccdbef6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
x-amz-version-id: mrzpmMNa6L0T_nTXd2e.MsW_mFVsXsAR
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: M0KSET0SMARA7YK8
age: 6905
x-amz-id-2: SU++ksxJ4CTdEQ6wj1iJM6RzFjuUmOETtKnC/ADy2ibrsuiDmtTf8Wc8d++l+n4sNvlauGbObSw=
last-modified: Tue, 25 Oct 2022 11:05:38 GMT
server: cloudflare
etag: W/"c5676242a8c3f69dca478f87ab473b3a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ziAzKgPzBVEwi5RsJUYXyXbJ1SOCqkQ8l9DYg%2Fbz3KtmE3N2LZaQDYL0%2Ba1tpMmPbB9nAt4UWwAmcz54Xfu9ta8Q5i55EwEnJ95qYlutIZ6o3ghW444gbacb1B0nJn1ZR7qyX0sfH4qEblU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 78648faa696292c9-FRA

GET
H2 200 prebid7.19.0.js Show response
hb.adpone.com/ Frame 81D4 424 KB
122 KB 37ms
37ms Script
application/javascript 2606:4700:20::ac43:49e4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid7.19.0.js
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=hpzswbsj&e=1977672056027
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49e4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 470a2429c3042f378756072ec008c3e0988434499cfd8c211f59ffb9ccdbef6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
x-amz-version-id: mrzpmMNa6L0T_nTXd2e.MsW_mFVsXsAR
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: M0KSET0SMARA7YK8
age: 6905
x-amz-id-2: SU++ksxJ4CTdEQ6wj1iJM6RzFjuUmOETtKnC/ADy2ibrsuiDmtTf8Wc8d++l+n4sNvlauGbObSw=
last-modified: Tue, 25 Oct 2022 11:05:38 GMT
server: cloudflare
etag: W/"c5676242a8c3f69dca478f87ab473b3a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=usatIHH3AjhyrzFlJN1ERpugI5aYb7x6I5Wdi9YL3rAQcyneK%2FGwS4VQz8DRPjhJP1%2FU2HzH3C%2B26JP7aDXMdX%2F7KimMI0xMZBzV9zwSY34w8aW%2FAILM88fiTz3iqKJtjRgyQah2uokfHFM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 78648faa797d92c9-FRA

GET
H2 200 prebid7.19.0.js Show response
hb.adpone.com/ Frame A941 424 KB
122 KB 39ms
38ms Script
application/javascript 2606:4700:20::ac43:49e4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid7.19.0.js
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=nlmhiwtr&e=1977672056027
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49e4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 470a2429c3042f378756072ec008c3e0988434499cfd8c211f59ffb9ccdbef6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
x-amz-version-id: mrzpmMNa6L0T_nTXd2e.MsW_mFVsXsAR
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: M0KSET0SMARA7YK8
age: 6905
x-amz-id-2: SU++ksxJ4CTdEQ6wj1iJM6RzFjuUmOETtKnC/ADy2ibrsuiDmtTf8Wc8d++l+n4sNvlauGbObSw=
last-modified: Tue, 25 Oct 2022 11:05:38 GMT
server: cloudflare
etag: W/"c5676242a8c3f69dca478f87ab473b3a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0XInHuUUwsLKgsZbPv6y2228fpAnfzFvlyH%2BBRxj9TOvHkCvTBmcd5lPqJsHlcfNzhTvESAgaIxREKX43SvOOC6cBHv8eLgdHYunMzDwF62ktaDtJ%2FTOUiRIXcqCvoOxNWYB3sr96aWP2tc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 78648faa898c92c9-FRA

GET
H2 200 prebid7.19.0.js Show response
hb.adpone.com/ Frame A610 424 KB
122 KB 37ms
37ms Script
application/javascript 2606:4700:20::ac43:49e4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid7.19.0.js
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=lfippz&e=1977672056027
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49e4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 470a2429c3042f378756072ec008c3e0988434499cfd8c211f59ffb9ccdbef6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
x-amz-version-id: mrzpmMNa6L0T_nTXd2e.MsW_mFVsXsAR
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: M0KSET0SMARA7YK8
age: 6905
x-amz-id-2: SU++ksxJ4CTdEQ6wj1iJM6RzFjuUmOETtKnC/ADy2ibrsuiDmtTf8Wc8d++l+n4sNvlauGbObSw=
last-modified: Tue, 25 Oct 2022 11:05:38 GMT
server: cloudflare
etag: W/"c5676242a8c3f69dca478f87ab473b3a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FlMEovmLC70oHlTbhJO9EpW8SItKAdtXQeZ%2Bbwp8O%2FFjYVW38mX0NegXSkq%2FOOMvgq3572uc14bZvizldiCA6oZ%2F0ZOu8kwSOYlbnSTvDysleT8yR1ilO96VTH3rTH3OFlNRGge4dgkI%2BmU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 78648faa89a092c9-FRA

GET
H2 200 prebid7.19.0.js Show response
hb.adpone.com/ Frame 6E84 424 KB
122 KB 39ms
39ms Script
application/javascript 2606:4700:20::ac43:49e4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid7.19.0.js
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=qxnnnps&e=1977672056027
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49e4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 470a2429c3042f378756072ec008c3e0988434499cfd8c211f59ffb9ccdbef6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
x-amz-version-id: mrzpmMNa6L0T_nTXd2e.MsW_mFVsXsAR
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: M0KSET0SMARA7YK8
age: 6905
x-amz-id-2: SU++ksxJ4CTdEQ6wj1iJM6RzFjuUmOETtKnC/ADy2ibrsuiDmtTf8Wc8d++l+n4sNvlauGbObSw=
last-modified: Tue, 25 Oct 2022 11:05:38 GMT
server: cloudflare
etag: W/"c5676242a8c3f69dca478f87ab473b3a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EH0qPQzibcIZNbWu5wj%2Fl8SL7Deimx2rbw0tTUSsf6sIYYff9iU45c7BsUZub2OsRuHwQ2KbfpH7%2FNQS3Vnp3l0uFj88ExgWbQfJP5VhdgI0Z9nPH1ldReGQMPQjxWLRvpJjKHn%2FPf%2FsLCA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 78648faa99b292c9-FRA

GET
H2 200 prebid7.19.0.js Show response
hb.adpone.com/ Frame 56AD 424 KB
122 KB 41ms
40ms Script
application/javascript 2606:4700:20::ac43:49e4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid7.19.0.js
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=okjsbkm&e=1977672056027
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49e4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 470a2429c3042f378756072ec008c3e0988434499cfd8c211f59ffb9ccdbef6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
x-amz-version-id: mrzpmMNa6L0T_nTXd2e.MsW_mFVsXsAR
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: M0KSET0SMARA7YK8
age: 6905
x-amz-id-2: SU++ksxJ4CTdEQ6wj1iJM6RzFjuUmOETtKnC/ADy2ibrsuiDmtTf8Wc8d++l+n4sNvlauGbObSw=
last-modified: Tue, 25 Oct 2022 11:05:38 GMT
server: cloudflare
etag: W/"c5676242a8c3f69dca478f87ab473b3a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TDDEzVM3qtj16CVq5DDzO1yk4CZaJQBIJuGgQNVDkf3yfTGHUx636SSoTkFJKuUIE041%2FQ%2FS2PI42DTAOSKzgLg3hEMM71vuXBhyFwnJq6I1m110qhRtgIhODx7ovxBDtxWce8JIcoIyA9k%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 78648faaa9c792c9-FRA

GET
H2 200 prebid7.19.0.js Show response
hb.adpone.com/ Frame 37E9 424 KB
122 KB 38ms
37ms Script
application/javascript 2606:4700:20::ac43:49e4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid7.19.0.js
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=ltbniayio&e=1977672056027
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49e4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 470a2429c3042f378756072ec008c3e0988434499cfd8c211f59ffb9ccdbef6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
x-amz-version-id: mrzpmMNa6L0T_nTXd2e.MsW_mFVsXsAR
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: M0KSET0SMARA7YK8
age: 6905
x-amz-id-2: SU++ksxJ4CTdEQ6wj1iJM6RzFjuUmOETtKnC/ADy2ibrsuiDmtTf8Wc8d++l+n4sNvlauGbObSw=
last-modified: Tue, 25 Oct 2022 11:05:38 GMT
server: cloudflare
etag: W/"c5676242a8c3f69dca478f87ab473b3a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p2J4qhi31HJiKP7oB7fRJPwfiGwJKsvGvjecjNTQwGpCQHNKEuTwB0o25nC%2BDFEfBvbD%2BD7wRx8bxnWLmqaffHssQUALcvog%2Bdv1WTsiCnuDpN6ZtOwDpgm26o2P8%2B6TRGDWSzdm9pHuJ%2Fs%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 78648faab9e592c9-FRA

GET
H2 200 prebid7.19.0.js Show response
hb.adpone.com/ Frame 333D 424 KB
122 KB 38ms
37ms Script
application/javascript 2606:4700:20::ac43:49e4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid7.19.0.js
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=cgokrjn&e=1977672056027
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49e4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 470a2429c3042f378756072ec008c3e0988434499cfd8c211f59ffb9ccdbef6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
x-amz-version-id: mrzpmMNa6L0T_nTXd2e.MsW_mFVsXsAR
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: M0KSET0SMARA7YK8
age: 6905
x-amz-id-2: SU++ksxJ4CTdEQ6wj1iJM6RzFjuUmOETtKnC/ADy2ibrsuiDmtTf8Wc8d++l+n4sNvlauGbObSw=
last-modified: Tue, 25 Oct 2022 11:05:38 GMT
server: cloudflare
etag: W/"c5676242a8c3f69dca478f87ab473b3a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ADG6FAGdFo6IphzxYVEUp%2BxLVwIL0Tocm19bes4Ct7f024ia7nu2qTr1J9xkHaPDiBy1iqja2XvA0Dk9itbc%2FP9HkiRhSsJvmOuWPAmSw7pr%2FWS6m2XuLRCNXGomYK5vfWzWx93OtfmsLSM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 78648faab9f892c9-FRA

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 723F 1 KB
753 B 181ms
128ms Fetch
application/json 104.244.42.8
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=a7a765009b96f2032d76fdee69ccc86113a76f46

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.644279d1635fd969e87af94a98bd232b.html?origin=https%3A%2F%2Fkresy.pl

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.8 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

0a767d8e7343df8923f30d1ecc40f0acd0a98fdc4a9e1f62761c9ffdb7e9e0e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-response-time: 107
date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: gzip
strict-transport-security: max-age=631138519
last-modified: Sun, 08 Jan 2023 11:23:28 GMT
server: tsa_o
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
x-transaction-id: ec6f2040382949ea
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
perf: 7626143928
x-connection-hash: 634db1306dc3c04859266387a1c2a49f111f3df82631e6dfb6edfa62b339943d
content-length: 432

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame F943 171 B
550 B 101ms
100ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://kresy.pl/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://kresy.pl
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H2 204 / Show response
shb.richaudience.com/hb/ Frame F943 0
129 B 452ms
332ms XHR
text/plain 208.115.232.150
LIMESTONENETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://shb.richaudience.com/hb/
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 208.115.232.150 , United States, ASN46475 (LIMESTONENETWORKS, US),
Reverse DNS: 150-232-115-208.static.reverse.lstn.net
Software: nginx/1.14.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://kresy.pl/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://kresy.pl
date: Sun, 08 Jan 2023 11:23:28 GMT
access-control-allow-credentials: true
server: nginx/1.14.2
access-control-max-age: 86400

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame F943 0
403 B 109ms
109ms XHR
text/plain 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://kresy.pl/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://kresy.pl
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame F943 448 B
796 B 150ms
150ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=389854&zone_id=2179160&size_id=15&p_pos=atf&us_privacy=1---&rp_schain=1.0,1!adpone.com,3537bcb0f9becc705b34,1,,,&rf=kresy.pl&tg_i.page=https%3A%2F%2Fkresy.pl%2Fwydarzenia%2Fwegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall%2F&tg_i.domain=kresy.pl&tg_i.pbadslot=%2F21671350435%2C22684505004%2F300x250-kresy.pl&tk_flint=pbjs_lite_v7.19.0&x_source.tid=b12e2e6f-51a9-4251-9cc8-b19bc25ea473&l_pb_bid_id=84a4e29491482b&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.2904098406456239
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: cc864abb41c86e49e704fec2863474e486d512d4bce9eafd9bbe38e0a1e4f8ad

Request headers

Referer: https://kresy.pl/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://kresy.pl
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 448
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame F943 0
55 B 392ms
248ms XHR
text/plain 204.237.133.116
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.116 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://kresy.pl/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://kresy.pl
date: Sun, 08 Jan 2023 11:23:27 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame F943 18 B
305 B 46ms
46ms XHR
application/json 2a02:2638:1::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=6650391220&lsavail=0

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://kresy.pl/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://kresy.pl
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 44

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame F943 171 B
550 B 225ms
200ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://kresy.pl/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://kresy.pl
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame F943 145 B
1 KB 208ms
182ms XHR
application/json 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4139378476c62d20c3db92a32758ea163ffdacee84448d13d6b4253ed9c42e99

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://kresy.pl/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:28 GMT
AN-X-Request-Uuid: 38247472-2858-40f9-8ebc-ac6ca515ee7e
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://kresy.pl
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 71ms
21ms Image
text/plain 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=428362807531989&ev=PageView&dl=https%3A%2F%2Fkresy.pl%2Fwydarzenia%2Fwegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall%2F&rl=&if=false&ts=1673177007952&sw=1600&sh=1200&v=2.9.91&r=stable&ec=0&o=30&fbp=fb.1.1673177007951.1954678104&it=1673177007555&coo=false&rqm=GET

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Sun, 08 Jan 2023 11:23:28 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame A962 171 B
554 B 189ms
189ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://guandads.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame A962 0
406 B 109ms
108ms XHR
text/plain 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://guandads.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame A962 18 B
309 B 47ms
46ms XHR
application/json 2a02:2638:1::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=72514432101&lsavail=0

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://guandads.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 44

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame A962 328 B
379 B 88ms
88ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=389854&zone_id=2179160&size_id=57&p_pos=atf&rp_schain=1.0,1!adpone.com,3537bcb0f9becc705b34,1,,,&rf=kresy.pl&tg_i.page=https%3A%2F%2Fkresy.pl%2F&tg_i.domain=kresy.pl&tg_i.pbadslot=adpn-adtag-1673177007575&tk_flint=pbjs_lite_v7.19.0&x_source.tid=69df59bb-374f-48bd-9d0e-2733600a0e3f&l_pb_bid_id=84a42d8e05535e&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.06997377437354135
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 854e6ba65ab8f285ced9f00c27605a864c5b4ae0e1fafef8510dcb3e58b1b5dc

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://guandads.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 328
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame A962 0
58 B 366ms
366ms XHR
text/plain 204.237.133.116
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.116 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://guandads.com
date: Sun, 08 Jan 2023 11:23:28 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame A962 21 KB
13 KB 206ms
206ms XHR
application/json 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

cd185bb0d2973a323eebf06dfac5a506a76dcdbcf23e3a423e0dbe23e6260413

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sun, 08 Jan 2023 11:23:28 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: e1d69c96-d9bd-431e-987f-19b0d68daf5b
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 0DEC 328 B
363 B 162ms
161ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=389854&zone_id=2179160&size_id=57&p_pos=atf&rp_schain=1.0,1!adpone.com,3537bcb0f9becc705b34,1,,,&rf=kresy.pl&tg_i.page=https%3A%2F%2Fkresy.pl%2F&tg_i.domain=kresy.pl&tg_i.pbadslot=adpn-adtag-1673177007582&tk_flint=pbjs_lite_v7.19.0&x_source.tid=0624099f-8d7f-413a-87e5-6c89f0e327b7&l_pb_bid_id=2efedb4df5647c&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.46332500436057655
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 09739f9e5310422a6adabfd3ff2f02ff8521ab4b9d7f8b350b05124de8a784a1

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://guandads.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 328
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 0DEC 0
58 B 335ms
335ms XHR
text/plain 204.237.133.116
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.116 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://guandads.com
date: Sun, 08 Jan 2023 11:23:27 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 0DEC 143 B
1 KB 163ms
163ms XHR
application/json 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

2c8b8edd0c6cf5fc640dbb8eaadb46ba305bedc6509d3572a0d954e5c2401258

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:28 GMT
AN-X-Request-Uuid: 911596bf-70a9-47cd-bb13-12fe407afcfb
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 143
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame 0DEC 0
406 B 112ms
112ms XHR
text/plain 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://guandads.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame 0DEC 18 B
309 B 46ms
46ms XHR
application/json 2a02:2638:1::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=72098244644&lsavail=0

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://guandads.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 44

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 0DEC 171 B
554 B 113ms
113ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://guandads.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame F4B7 18 B
309 B 49ms
49ms XHR
application/json 2a02:2638:1::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=65582404237&lsavail=0

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://guandads.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 44

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame F4B7 0
406 B 105ms
105ms XHR
text/plain 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://guandads.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame F4B7 0
58 B 316ms
315ms XHR
text/plain 204.237.133.116
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.116 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://guandads.com
date: Sun, 08 Jan 2023 11:23:27 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame F4B7 144 B
1 KB 91ms
91ms XHR
application/json 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e60b46a0572a4ec2d8af50c44ad404d5b6b0209709192bcaefde910c61030856

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:28 GMT
AN-X-Request-Uuid: 02da88b6-3799-4848-8354-c2a1499ef428
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 144
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame F4B7 328 B
363 B 112ms
112ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=389854&zone_id=2179160&size_id=57&p_pos=atf&rp_schain=1.0,1!adpone.com,3537bcb0f9becc705b34,1,,,&rf=kresy.pl&tg_i.page=https%3A%2F%2Fkresy.pl%2F&tg_i.domain=kresy.pl&tg_i.pbadslot=adpn-adtag-1673177007599&tk_flint=pbjs_lite_v7.19.0&x_source.tid=f6afaca4-1b21-4765-8b06-b7165143b154&l_pb_bid_id=1080f19a9e3c713&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.5253197354388355
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 62457d638be3e06c580ad7b9d6bf7c311cc9b860c690c8fb4e865184300af074

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://guandads.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 328
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame F4B7 171 B
554 B 177ms
177ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://guandads.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 5299 144 B
1 KB 188ms
148ms XHR
application/json 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

2d331aa6b828c62a1f54eff3bbad45c06409ef97723ab2c2f2c8782c4945d1bb

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:28 GMT
AN-X-Request-Uuid: 0d9fc9a3-b81e-47e7-8694-007e4776e8cd
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 144
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame 5299 0
406 B 93ms
93ms XHR
text/plain 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://guandads.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 5299 0
58 B 313ms
313ms XHR
text/plain 204.237.133.116
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.116 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://guandads.com
date: Sun, 08 Jan 2023 11:23:27 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame 5299 18 B
309 B 52ms
52ms XHR
application/json 2a02:2638:1::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=8627052629&lsavail=0

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://guandads.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 44

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 5299 328 B
363 B 97ms
96ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=389854&zone_id=2179160&size_id=57&p_pos=atf&rp_schain=1.0,1!adpone.com,3537bcb0f9becc705b34,1,,,&rf=kresy.pl&tg_i.page=https%3A%2F%2Fkresy.pl%2F&tg_i.domain=kresy.pl&tg_i.pbadslot=adpn-adtag-1673177007593&tk_flint=pbjs_lite_v7.19.0&x_source.tid=147e0e5b-8f12-46a8-8ac3-3ee7d06477a7&l_pb_bid_id=1054241f1a9d428&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.2853145552416343
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 4ec827de5fdfbe0be725d2c49017ca62623f23e7e62ec7551773879734b2c2da

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://guandads.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 328
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 5299 171 B
554 B 107ms
107ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://guandads.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame D182 328 B
363 B 98ms
98ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=389854&zone_id=2179160&size_id=57&p_pos=atf&rp_schain=1.0,1!adpone.com,3537bcb0f9becc705b34,1,,,&rf=kresy.pl&tg_i.page=https%3A%2F%2Fkresy.pl%2F&tg_i.domain=kresy.pl&tg_i.pbadslot=adpn-adtag-1673177007588&tk_flint=pbjs_lite_v7.19.0&x_source.tid=34e50414-4cd7-4a5f-b177-84f84431af23&l_pb_bid_id=2fd9bd1d8d7581&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.8312035756643603
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 9911b5bbb1576ae78b88bc49968db2cf50ceb05657cd6c5cbc36b5ccc31c693a

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://guandads.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 328
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame D182 0
58 B 302ms
302ms XHR
text/plain 204.237.133.116
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.116 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://guandads.com
date: Sun, 08 Jan 2023 11:23:27 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame D182 20 KB
8 KB 351ms
312ms XHR
application/json 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

cea811df3afc0aacf5e9c953fdb662ec3ec8b7cbd230a734b75c3bec97cdf936

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sun, 08 Jan 2023 11:23:28 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 600f60df-45d2-40a4-9e23-4b5910ba2783
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame D182 18 B
309 B 49ms
49ms XHR
application/json 2a02:2638:1::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=33027119094&lsavail=0

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://guandads.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 44

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame D182 171 B
554 B 151ms
99ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://guandads.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame D182 0
406 B 107ms
107ms XHR
text/plain 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://guandads.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame AC8E 328 B
363 B 101ms
101ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=389854&zone_id=2179160&size_id=57&p_pos=atf&rp_schain=1.0,1!adpone.com,3537bcb0f9becc705b34,1,,,&rf=kresy.pl&tg_i.page=https%3A%2F%2Fkresy.pl%2F&tg_i.domain=kresy.pl&tg_i.pbadslot=adpn-adtag-1673177007607&tk_flint=pbjs_lite_v7.19.0&x_source.tid=581b6d9d-42cb-446b-8f09-b01fe79e62f6&l_pb_bid_id=2ec81720ac9795&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.027237844360187724
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: c6c03997b64ca05535011e8abd41b7b8ac33489180822461ae86416ef50c1374

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://guandads.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 328
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame AC8E 171 B
554 B 159ms
104ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://guandads.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame AC8E 0
406 B 99ms
99ms XHR
text/plain 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://guandads.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame AC8E 0
58 B 294ms
293ms XHR
text/plain 204.237.133.116
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.116 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://guandads.com
date: Sun, 08 Jan 2023 11:23:27 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame AC8E 18 KB
8 KB 289ms
249ms XHR
application/json 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

defeeb5e7e24d45d30656b2749ce472b32d8dc6db7b7c1c606559a728565e3bf

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sun, 08 Jan 2023 11:23:28 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: a16ead90-f266-48d4-8a29-357687f88cd6
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame AC8E 18 B
309 B 48ms
47ms XHR
application/json 2a02:2638:1::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=52608252072&lsavail=0

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://guandads.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 44

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame 8278 0
406 B 115ms
115ms XHR
text/plain 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://guandads.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 8278 171 B
554 B 147ms
94ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://guandads.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame 8278 18 B
309 B 49ms
49ms XHR
application/json 2a02:2638:1::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=15031381803&lsavail=0

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://guandads.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 44

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 8278 328 B
363 B 98ms
96ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=389854&zone_id=2179160&size_id=57&p_pos=atf&rp_schain=1.0,1!adpone.com,3537bcb0f9becc705b34,1,,,&rf=kresy.pl&tg_i.page=https%3A%2F%2Fkresy.pl%2F&tg_i.domain=kresy.pl&tg_i.pbadslot=adpn-adtag-1673177007614&tk_flint=pbjs_lite_v7.19.0&x_source.tid=423fdf37-e27d-4df4-9df8-31ed38e70152&l_pb_bid_id=87b6de03a0c248&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.21787180875566592
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: d3f2ca6c3d5bc6862a06c7cf8936ca743aa8fd58e3a280a6234b22d639d406c9

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://guandads.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 328
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 8278 0
58 B 262ms
262ms XHR
text/plain 204.237.133.116
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.116 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://guandads.com
date: Sun, 08 Jan 2023 11:23:28 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 8278 21 KB
13 KB 229ms
192ms XHR
application/json 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

f5b842d8bfed36cd7911dbd129c49eb8fea5ce4ac4a6f34de804c9cb30983c4d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sun, 08 Jan 2023 11:23:28 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 5d6261d6-e2ae-4ee9-9a31-81c4bee4c642
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 407C 0
58 B 259ms
259ms XHR
text/plain 204.237.133.116
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.116 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://guandads.com
date: Sun, 08 Jan 2023 11:23:28 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame 407C 18 B
309 B 49ms
49ms XHR
application/json 2a02:2638:1::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=96289362823&lsavail=0

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://guandads.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 44

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 407C 144 B
1 KB 281ms
186ms XHR
application/json 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

18ed71e06dafb26fc5115e6a5a7144715bf8695acdd1ec587ec59fca8e0befb3

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:28 GMT
AN-X-Request-Uuid: 3c4597de-1d1e-41a0-9da0-b607e559580b
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 144
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame 407C 0
406 B 102ms
101ms XHR
text/plain 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://guandads.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 407C 328 B
363 B 150ms
149ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=389854&zone_id=2179160&size_id=57&p_pos=atf&rp_schain=1.0,1!adpone.com,3537bcb0f9becc705b34,1,,,&rf=kresy.pl&tg_i.page=https%3A%2F%2Fkresy.pl%2F&tg_i.domain=kresy.pl&tg_i.pbadslot=adpn-adtag-1673177007661&tk_flint=pbjs_lite_v7.19.0&x_source.tid=57a73aea-9b4d-474d-8a25-8872ba92f136&l_pb_bid_id=1080b708797d23a&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.7545919230895648
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: b9c429d865518a5a7c85643a7b1210c7bdeacd0443139dd6529bdaaba51971c2

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://guandads.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 328
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 407C 171 B
554 B 156ms
98ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://guandads.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame E5D4 171 B
554 B 198ms
96ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://guandads.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame E5D4 0
406 B 103ms
102ms XHR
text/plain 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://guandads.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame E5D4 0
58 B 340ms
259ms XHR
text/plain 204.237.133.116
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.116 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://guandads.com
date: Sun, 08 Jan 2023 11:23:27 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame E5D4 138 B
1 KB 161ms
38ms XHR
application/json 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

099393def145d10bec4a133f92e7450c2cfa817a683b484f331aed7048a24f0c

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:28 GMT
AN-X-Request-Uuid: 36376aab-e1ce-47c3-8b28-3585e9c2b4f7
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 138
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame E5D4 328 B
363 B 102ms
101ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=389854&zone_id=2179160&size_id=57&p_pos=atf&rp_schain=1.0,1!adpone.com,3537bcb0f9becc705b34,1,,,&rf=kresy.pl&tg_i.page=https%3A%2F%2Fkresy.pl%2F&tg_i.domain=kresy.pl&tg_i.pbadslot=adpn-adtag-1673177007627&tk_flint=pbjs_lite_v7.19.0&x_source.tid=33a70623-9485-4ca8-99ca-6703b15b206b&l_pb_bid_id=10bd31aaa98f9c8&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.9261187370237363
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: cc7cb4870d124b6917f9dd5d7b96d35152e969f625167c6514ca46c882c9f867

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://guandads.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 328
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame E5D4 18 B
309 B 52ms
51ms XHR
application/json 2a02:2638:1::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=50926696789&lsavail=0

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://guandads.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 44

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 0F1D 328 B
363 B 136ms
135ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=389854&zone_id=2179160&size_id=57&p_pos=atf&rp_schain=1.0,1!adpone.com,3537bcb0f9becc705b34,1,,,&rf=kresy.pl&tg_i.page=https%3A%2F%2Fkresy.pl%2F&tg_i.domain=kresy.pl&tg_i.pbadslot=adpn-adtag-1673177007646&tk_flint=pbjs_lite_v7.19.0&x_source.tid=37c1882c-bc71-49bf-9e25-bd81493f56f0&l_pb_bid_id=233bd2ec631211&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.905591675212444
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 0532d8ebdb3ed965758e9f33611d6388f377d6d426ecdc7806379a44b0e66c02

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://guandads.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 328
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 0F1D 0
58 B 343ms
259ms XHR
text/plain 204.237.133.116
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.116 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://guandads.com
date: Sun, 08 Jan 2023 11:23:27 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame 0F1D 18 B
309 B 48ms
48ms XHR
application/json 2a02:2638:1::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=66739483590&lsavail=0

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://guandads.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 44

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame 0F1D 0
406 B 122ms
121ms XHR
text/plain 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://guandads.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 0F1D 171 B
554 B 198ms
99ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://guandads.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 0F1D 18 KB
8 KB 286ms
166ms XHR
application/json 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

911a9cf2ee5779d966509e54292e77feaa5c5b3159208ae7e366bf035abf0c72

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sun, 08 Jan 2023 11:23:28 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: e33d05a8-bf72-40a6-83a3-21108aa63828
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame 475A 0
406 B 103ms
101ms XHR
text/plain 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://guandads.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 475A 144 B
1 KB 339ms
197ms XHR
application/json 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

df897769764af3805b237a24b3d08a66cef363207c1c8feab17fb019105938fe

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:28 GMT
AN-X-Request-Uuid: 94d39764-ccc9-4c96-b875-8367b5982673
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 144
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame 475A 18 B
309 B 49ms
47ms XHR
application/json 2a02:2638:1::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=90235967004&lsavail=0

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://guandads.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 44

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 475A 0
58 B 476ms
253ms XHR
text/plain 204.237.133.116
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.116 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://guandads.com
date: Sun, 08 Jan 2023 11:23:28 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 475A 328 B
363 B 93ms
92ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=389854&zone_id=2179160&size_id=57&p_pos=atf&rp_schain=1.0,1!adpone.com,3537bcb0f9becc705b34,1,,,&rf=kresy.pl&tg_i.page=https%3A%2F%2Fkresy.pl%2F&tg_i.domain=kresy.pl&tg_i.pbadslot=adpn-adtag-1673177007638&tk_flint=pbjs_lite_v7.19.0&x_source.tid=e40ffef1-78c3-4921-ab8c-d6b22851736c&l_pb_bid_id=10f6f5872672b85&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.2095650555256443
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 13f52b20623e9b562884355be844f2bf00a9f23eb45c5322552a9ca2c6f2121b

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://guandads.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 328
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 475A 171 B
554 B 177ms
90ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://guandads.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame 1A70 18 B
309 B 49ms
49ms XHR
application/json 2a02:2638:1::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=18789619766&lsavail=0

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://guandads.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 44

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 1A70 328 B
363 B 98ms
98ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=389854&zone_id=2179160&size_id=57&p_pos=atf&rp_schain=1.0,1!adpone.com,3537bcb0f9becc705b34,1,,,&rf=kresy.pl&tg_i.page=https%3A%2F%2Fkresy.pl%2F&tg_i.domain=kresy.pl&tg_i.pbadslot=adpn-adtag-1673177007655&tk_flint=pbjs_lite_v7.19.0&x_source.tid=38c91432-aabc-4bfb-81d3-92d6bcc73ffe&l_pb_bid_id=4e9cc8452c38b2&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.19561806971619355
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 228f68a2042a0a497328a8dacc35a7599e5c252751ef2d78d61415c79b253475

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://guandads.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 328
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 1A70 0
58 B 468ms
249ms XHR
text/plain 204.237.133.116
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.116 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://guandads.com
date: Sun, 08 Jan 2023 11:23:28 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame 1A70 0
406 B 100ms
100ms XHR
text/plain 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://guandads.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 1A70 171 B
554 B 204ms
118ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://guandads.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 1A70 18 KB
8 KB 354ms
169ms XHR
application/json 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

40cd7df68cbe856d56b555175a9b3ba5382cbf14252d3d92dc93b4ac5e553a8a

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sun, 08 Jan 2023 11:23:28 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 26405387-ed8b-473f-ad5c-033815ec19e3
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame FE97 0
58 B 477ms
262ms XHR
text/plain 204.237.133.116
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.116 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://guandads.com
date: Sun, 08 Jan 2023 11:23:28 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame FE97 0
406 B 117ms
117ms XHR
text/plain 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://guandads.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame FE97 18 B
309 B 49ms
49ms XHR
application/json 2a02:2638:1::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=84492162318&lsavail=0

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://guandads.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 44

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame FE97 328 B
363 B 105ms
104ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=389854&zone_id=2179160&size_id=57&p_pos=atf&rp_schain=1.0,1!adpone.com,3537bcb0f9becc705b34,1,,,&rf=kresy.pl&tg_i.page=https%3A%2F%2Fkresy.pl%2F&tg_i.domain=kresy.pl&tg_i.pbadslot=adpn-adtag-1673177007632&tk_flint=pbjs_lite_v7.19.0&x_source.tid=1dd1f374-48ac-424c-83f1-bf8d67195523&l_pb_bid_id=8dbc86f0d2d05&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.47614793903283803
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 06943fcd448a5f3fadcfd2e4b258559bda97ce5e24a569f3d5f89b044e0ad511

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://guandads.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 328
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame FE97 171 B
559 B 203ms
110ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://guandads.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame FE97 20 KB
12 KB 389ms
176ms XHR
application/json 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

46115bf32967000fdd7f073e21ca5559126a7c078635eaf29ae4b68e929e94b8

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sun, 08 Jan 2023 11:23:28 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: a5897f82-497a-4c5c-8d29-5a7e430242ce
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 987A 171 B
554 B 265ms
162ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://guandads.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame 987A 18 B
309 B 55ms
55ms XHR
application/json 2a02:2638:1::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=26309139767&lsavail=0

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://guandads.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 44

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 987A 171 B
554 B 248ms
98ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://guandads.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 987A 328 B
363 B 121ms
121ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=389854&zone_id=2179160&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,3537bcb0f9becc705b34,1,,,&rf=kresy.pl&tg_i.page=https%3A%2F%2Fkresy.pl%2F&tg_i.domain=kresy.pl&tg_i.pbadslot=adpn-adtag-1673177007668&tk_flint=pbjs_lite_v7.19.0&x_source.tid=188259e6-f131-4b60-85b6-75b31172a613&l_pb_bid_id=8a677dbf99c561&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.5650696039326117
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: af879c7b3bf87c37b7d021d03b6a9fd22162d5e5f1e1104a2725c20d9354c56c

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://guandads.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 328
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame 987A 0
406 B 95ms
94ms XHR
text/plain 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://guandads.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 987A 0
58 B 717ms
251ms XHR
text/plain 204.237.133.116
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.116 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://guandads.com
date: Sun, 08 Jan 2023 11:23:28 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 987A 144 B
1 KB 364ms
141ms XHR
application/json 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

30506caf1384d5351f6b9935ccc9a413ecb55085d4436942a0831da922cc5858

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:28 GMT
AN-X-Request-Uuid: 554d4b47-31b2-4111-9827-199b1ed0d1f6
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 144
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame B65F 328 B
363 B 124ms
124ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=389854&zone_id=2179160&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,3537bcb0f9becc705b34,1,,,&rf=kresy.pl&tg_i.page=https%3A%2F%2Fkresy.pl%2F&tg_i.domain=kresy.pl&tg_i.pbadslot=adpn-adtag-1673177007676&tk_flint=pbjs_lite_v7.19.0&x_source.tid=127b2dff-2021-465e-9741-d0291bbd32af&l_pb_bid_id=2cda4c9e8bd0d5&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.6193039405642471
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: acef6297194531ba63e430d42bac9c8eeecb04f77635e26bd7d56a422b00f224

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://guandads.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 328
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame B65F 18 KB
8 KB 434ms
230ms XHR
application/json 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

1d00088c97c264d27b72f3dfdff229d3b5b82d1934715f24cb69caf0f9e0e186

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sun, 08 Jan 2023 11:23:28 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 37e666fb-6d48-43df-b85f-85e502f1c3d7
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame B65F 0
58 B 404ms
244ms XHR
text/plain 204.237.133.116
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.116 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://guandads.com
date: Sun, 08 Jan 2023 11:23:28 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame B65F 0
406 B 103ms
103ms XHR
text/plain 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://guandads.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame B65F 171 B
554 B 199ms
92ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://guandads.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame B65F 171 B
554 B 228ms
116ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://guandads.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame B65F 18 B
309 B 50ms
50ms XHR
application/json 2a02:2638:1::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=21217465087&lsavail=0

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://guandads.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 44

POST
H/1.1 200
OK get_info Show response
bot.webpushr.com/prompt/ 25 KB
7 KB 534ms
175ms Fetch
text/html 64.225.42.52
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://bot.webpushr.com/prompt/get_info
Requested by: Host: cdn.webpushr.com
URL: https://cdn.webpushr.com/app.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.225.42.52 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 80cf8f4cf211404c565236ae54121f8e349a62a14b2062792148d22b3e92a2aa

Request headers

Referer: https://kresy.pl/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Sun, 08 Jan 2023 11:23:28 GMT
Content-Encoding: gzip
Server: nginx/1.14.0 (Ubuntu)
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Content-Type: text/html; charset=UTF-8
X-Fastcgi-Cache: HIT
Access-Control-Allow-Origin: https://kresy.pl
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
server_name: lookup4

POST
H/1.1 200
OK session Show response
analytics.webpushr.com/impression/ 0
531 B 526ms
175ms Fetch
text/html 64.227.50.180
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webpushr.com/impression/session
Requested by: Host: cdn.webpushr.com
URL: https://cdn.webpushr.com/app.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.227.50.180 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://kresy.pl/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Sun, 08 Jan 2023 11:23:28 GMT
Content-Encoding: gzip
Server: nginx/1.14.0 (Ubuntu)
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: https://kresy.pl
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 6FFB 328 B
363 B 125ms
124ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=389854&zone_id=2179160&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,3537bcb0f9becc705b34,1,,,&rf=kresy.pl&tg_i.page=https%3A%2F%2Fkresy.pl%2F&tg_i.domain=kresy.pl&tg_i.pbadslot=adpn-adtag-1673177007686&tk_flint=pbjs_lite_v7.19.0&x_source.tid=091b966f-9bbf-4a68-a3d3-f4dab8e4a7a1&l_pb_bid_id=2237945bbbec58&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.22333054984231016
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: e026a04742259a11a959495ef37bd9c278a0c8ffe757e8ded89eda1ed2fed77f

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://guandads.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 328
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 6FFB 171 B
554 B 241ms
114ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://guandads.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 6FFB 0
58 B 403ms
255ms XHR
text/plain 204.237.133.116
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.116 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://guandads.com
date: Sun, 08 Jan 2023 11:23:28 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 6FFB 21 KB
12 KB 375ms
179ms XHR
application/json 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

fbc0764ff4cfdc05a298981d9fa4495c9ab18a6067df5b568a737d7bc113d229

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sun, 08 Jan 2023 11:23:28 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 8393b2c5-b318-4564-8e4d-a2b46d75d483
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 6FFB 171 B
554 B 246ms
116ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://guandads.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame 6FFB 0
406 B 140ms
140ms XHR
text/plain 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://guandads.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame 6FFB 18 B
309 B 69ms
69ms XHR
application/json 2a02:2638:1::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=38750059648&lsavail=0

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://guandads.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 44

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 9CE5 0
58 B 391ms
247ms XHR
text/plain 204.237.133.116
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.116 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://guandads.com
date: Sun, 08 Jan 2023 11:23:28 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 9CE5 171 B
554 B 290ms
111ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://guandads.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 9CE5 171 B
554 B 301ms
120ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://guandads.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame 9CE5 0
406 B 114ms
113ms XHR
text/plain 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://guandads.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 9CE5 328 B
363 B 140ms
139ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=389854&zone_id=2179160&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,3537bcb0f9becc705b34,1,,,&rf=kresy.pl&tg_i.page=https%3A%2F%2Fkresy.pl%2F&tg_i.domain=kresy.pl&tg_i.pbadslot=adpn-adtag-1673177007682&tk_flint=pbjs_lite_v7.19.0&x_source.tid=0fb3c4d6-2d0a-4c59-9e53-cc95563d0a80&l_pb_bid_id=100e7e8b3213ea1&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.08271669640587587
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 3aad7d21f3d77a1ae3264f8832c657b647297ae5842e1b39770ffab44b43f0fd

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://guandads.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 328
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame 9CE5 18 B
309 B 125ms
125ms XHR
application/json 2a02:2638:1::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=60821730151&lsavail=0

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://guandads.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 44

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 9CE5 18 KB
8 KB 408ms
165ms XHR
application/json 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

542832cfe6fde46c5035eee85d3812500e328658c4a44d82e0b1205f19f54c65

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sun, 08 Jan 2023 11:23:28 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 8ccbbf3a-2ab8-48e9-856e-d3cc1a899114
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame E4BB 0
406 B 104ms
104ms XHR
text/plain 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://guandads.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame E4BB 144 B
1 KB 409ms
150ms XHR
application/json 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

18fc5c46a9499aec4202ff46abc68a29e2d551ef6607eec3016a886649d7bb9f

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:28 GMT
AN-X-Request-Uuid: 3bc2045f-6e65-47a9-80ae-94a49b8c6505
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 144
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame E4BB 18 B
309 B 82ms
81ms XHR
application/json 2a02:2638:1::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=16024436996&lsavail=0

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://guandads.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 44

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame E4BB 328 B
363 B 115ms
115ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=389854&zone_id=2179160&size_id=57&p_pos=atf&rp_schain=1.0,1!adpone.com,3537bcb0f9becc705b34,1,,,&rf=kresy.pl&tg_i.page=https%3A%2F%2Fkresy.pl%2F&tg_i.domain=kresy.pl&tg_i.pbadslot=adpn-adtag-1673177007621&tk_flint=pbjs_lite_v7.19.0&x_source.tid=d321a844-73ab-48ac-a27c-48437f6ca5b7&l_pb_bid_id=8ac335f9afb4de&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.7293921822896088
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 5d73c629a08a3faad22380ac41516802da20b56d68ea713fc42260d7fae46b8a

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://guandads.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 328
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame E4BB 171 B
554 B 292ms
109ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://guandads.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame E4BB 0
58 B 378ms
249ms XHR
text/plain 204.237.133.116
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.116 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://guandads.com
date: Sun, 08 Jan 2023 11:23:28 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 541C 328 B
363 B 139ms
138ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=389854&zone_id=2179160&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,3537bcb0f9becc705b34,1,,,&rf=kresy.pl&tg_i.page=https%3A%2F%2Fkresy.pl%2F&tg_i.domain=kresy.pl&tg_i.pbadslot=adpn-adtag-1673177007731&tk_flint=pbjs_lite_v7.19.0&x_source.tid=8ca940aa-8a0d-4cc0-97ae-bae76006357c&l_pb_bid_id=28300d5e1107dd&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.6781751215646674
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 60f50c44fa576f1fde6d9c7b2f23683f357805c4362374fe050f45cbe24057d6

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://guandads.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 328
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 541C 171 B
559 B 400ms
211ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://guandads.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 541C 0
58 B 641ms
262ms XHR
text/plain 204.237.133.116
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.116 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://guandads.com
date: Sun, 08 Jan 2023 11:23:28 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame 541C 18 B
309 B 49ms
49ms XHR
application/json 2a02:2638:1::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=24874375868&lsavail=0

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://guandads.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 44

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 541C 171 B
554 B 334ms
118ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://guandads.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame 541C 0
406 B 111ms
111ms XHR
text/plain 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://guandads.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 541C 21 KB
12 KB 451ms
171ms XHR
application/json 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

be9f2d9cb8482e1c499eced37fddb8d10f8436640c0d6d2637cce900448000e0

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sun, 08 Jan 2023 11:23:28 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: c0d2310e-37ee-48e2-8ac1-86d7bd88a628
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 9C00 171 B
554 B 385ms
167ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://guandads.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 9C00 21 KB
12 KB 438ms
151ms XHR
application/json 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e77fe4d9c5ee6008ab476748220e440339dcb26b81235cb0193f19c60cbb9a5c

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sun, 08 Jan 2023 11:23:28 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 9c4400a5-e9a6-4f2a-867d-6ca964b385e3
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 9C00 328 B
363 B 95ms
95ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=389854&zone_id=2179160&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,3537bcb0f9becc705b34,1,,,&rf=kresy.pl&tg_i.page=https%3A%2F%2Fkresy.pl%2F&tg_i.domain=kresy.pl&tg_i.pbadslot=adpn-adtag-1673177007739&tk_flint=pbjs_lite_v7.19.0&x_source.tid=8f8a2b35-df90-4209-bbf9-5f782f4b6369&l_pb_bid_id=68ba9ebbb9ff5&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.16815280207395622
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 9607004f71880b31a3217599ecadae6214e7e1b00af94cf0fa6849f4a23b0f04

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://guandads.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 328
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 9C00 0
58 B 626ms
252ms XHR
text/plain 204.237.133.116
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.116 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://guandads.com
date: Sun, 08 Jan 2023 11:23:27 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame 9C00 18 B
309 B 49ms
49ms XHR
application/json 2a02:2638:1::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=46660970351&lsavail=0

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://guandads.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 44

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame 9C00 0
406 B 121ms
120ms XHR
text/plain 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://guandads.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 9C00 171 B
554 B 371ms
108ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://guandads.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame A941 171 B
554 B 536ms
261ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://guandads.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame A941 0
406 B 99ms
98ms XHR
text/plain 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://guandads.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame A941 18 B
309 B 48ms
47ms XHR
application/json 2a02:2638:1::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=88416566773&lsavail=0

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://guandads.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 44

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame A941 144 B
1 KB 662ms
321ms XHR
application/json 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

ae60e3eb6ce04cb0da1776381836fe2b2f490170108a48804d5ee1c96a17bcc5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:29 GMT
AN-X-Request-Uuid: b59837ef-ed0e-45f1-b333-f57ea4f41116
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 144
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame A941 0
58 B 637ms
268ms XHR
text/plain 204.237.133.116
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.116 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://guandads.com
date: Sun, 08 Jan 2023 11:23:27 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame A941 171 B
554 B 381ms
104ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://guandads.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame A941 328 B
363 B 168ms
168ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=389854&zone_id=2179160&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,3537bcb0f9becc705b34,1,,,&rf=kresy.pl&tg_i.page=https%3A%2F%2Fkresy.pl%2F&tg_i.domain=kresy.pl&tg_i.pbadslot=adpn-adtag-1673177007754&tk_flint=pbjs_lite_v7.19.0&x_source.tid=c585f9ef-cde1-489c-85c4-cd3d6c4f7520&l_pb_bid_id=14f69962da20f9c&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.9330995055467857
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: d6991279eae2871ed40b1bd28e6d8abf361884b417ebaca3b8f6d4fa2859f657

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://guandads.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 328
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 8E80 4 KB
2 KB 138ms
137ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=389854&zone_id=2179160&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,3537bcb0f9becc705b34,1,,,&rf=kresy.pl&tg_i.page=https%3A%2F%2Fkresy.pl%2F&tg_i.domain=kresy.pl&tg_i.pbadslot=adpn-adtag-1673177007724&tk_flint=pbjs_lite_v7.19.0&x_source.tid=70cb5ef2-6fc0-44f8-903e-6c2dff353a46&l_pb_bid_id=22fdd64cf80d52&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.10059069809678078
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 22138756955be64bbacc416258c5c88ec051f9946476eb53ae7adf3cfbc2d7c7

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: gzip
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://guandads.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 8E80 171 B
554 B 430ms
111ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://guandads.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame 8E80 18 B
309 B 47ms
46ms XHR
application/json 2a02:2638:1::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=11168357937&lsavail=0

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://guandads.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 44

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame 8E80 0
406 B 104ms
104ms XHR
text/plain 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://guandads.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 8E80 145 B
1 KB 565ms
191ms XHR
application/json 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

1c6155147565f6eec86ba75becbde33f1c4583b87fd45a9eb5feb802059aaf96

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:28 GMT
AN-X-Request-Uuid: 8fd9de73-9f8c-4fc2-a38f-9b6d3e9e8139
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 8E80 171 B
559 B 485ms
124ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://guandads.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 8E80 0
58 B 369ms
242ms XHR
text/plain 204.237.133.116
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.116 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://guandads.com
date: Sun, 08 Jan 2023 11:23:28 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame 81D4 18 B
309 B 53ms
53ms XHR
application/json 2a02:2638:1::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=90180253865&lsavail=0

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://guandads.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 44

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 81D4 171 B
559 B 493ms
133ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://guandads.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 81D4 21 KB
12 KB 547ms
185ms XHR
application/json 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

6d9dec603c435256d247bb380d52ef6ba15886ef05f83b9c9db71c16ae2bd13f

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sun, 08 Jan 2023 11:23:28 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 3ba04776-035e-4d3a-b3bc-13b9bf7f22b7
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 81D4 171 B
554 B 529ms
168ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://guandads.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 81D4 328 B
363 B 99ms
99ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=389854&zone_id=2179160&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,3537bcb0f9becc705b34,1,,,&rf=kresy.pl&tg_i.page=https%3A%2F%2Fkresy.pl%2F&tg_i.domain=kresy.pl&tg_i.pbadslot=adpn-adtag-1673177007748&tk_flint=pbjs_lite_v7.19.0&x_source.tid=585d40fd-5073-479a-93b3-eadcc62b5cea&l_pb_bid_id=10b02a1be56e21f&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.8413176973343715
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: b195577a9102781d4aaed936306a92b20d5cb9097a04f275d0127fa21c77fe16

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://guandads.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 328
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 81D4 0
58 B 422ms
249ms XHR
text/plain 204.237.133.116
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.116 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://guandads.com
date: Sun, 08 Jan 2023 11:23:27 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame 81D4 0
406 B 96ms
96ms XHR
text/plain 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://guandads.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame 6E84 0
406 B 107ms
107ms XHR
text/plain 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://guandads.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 6E84 21 KB
12 KB 575ms
209ms XHR
application/json 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

520dfb8da3b0c4e6de46e4a0fb2cc5f0cf1e4d57d7543a901ae7af3aea561742

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sun, 08 Jan 2023 11:23:28 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: b2396d27-5052-4c00-b0bb-f0f6b1265f9d
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 6E84 171 B
554 B 473ms
109ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://guandads.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 6E84 328 B
363 B 141ms
141ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=389854&zone_id=2179160&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,3537bcb0f9becc705b34,1,,,&rf=kresy.pl&tg_i.page=https%3A%2F%2Fkresy.pl%2F&tg_i.domain=kresy.pl&tg_i.pbadslot=adpn-adtag-1673177007765&tk_flint=pbjs_lite_v7.19.0&x_source.tid=4d263ad2-30c3-4020-825f-45e387cac1d9&l_pb_bid_id=85819fe02cb503&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.32952347651894054
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: c7de156d4be91e2d9bee459c8c591203e2dc095c8fe4ea755f90ca81b7adbc68

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://guandads.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 328
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 6E84 171 B
554 B 653ms
241ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://guandads.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 6E84 0
58 B 426ms
247ms XHR
text/plain 204.237.133.116
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.116 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://guandads.com
date: Sun, 08 Jan 2023 11:23:28 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame 6E84 18 B
309 B 49ms
49ms XHR
application/json 2a02:2638:1::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=63463619932&lsavail=0

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://guandads.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 44

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame A610 0
406 B 110ms
109ms XHR
text/plain 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://guandads.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame A610 171 B
559 B 565ms
102ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://guandads.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame A610 18 B
309 B 52ms
52ms XHR
application/json 2a02:2638:1::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=18260299087&lsavail=0

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://guandads.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 44

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame A610 171 B
554 B 576ms
108ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://guandads.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame A610 0
58 B 581ms
253ms XHR
text/plain 204.237.133.116
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.116 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://guandads.com
date: Sun, 08 Jan 2023 11:23:26 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame A610 21 KB
12 KB 661ms
258ms XHR
application/json 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

6da64a45aa3469716a012b7799faf461d75eddd9bd5b5ee2d3772e9f5470108c

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sun, 08 Jan 2023 11:23:29 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 93b09f23-b58b-49f8-bfc0-d4e741277272
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame A610 328 B
363 B 147ms
147ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=389854&zone_id=2179160&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,3537bcb0f9becc705b34,1,,,&rf=kresy.pl&tg_i.page=https%3A%2F%2Fkresy.pl%2F&tg_i.domain=kresy.pl&tg_i.pbadslot=adpn-adtag-1673177007760&tk_flint=pbjs_lite_v7.19.0&x_source.tid=a3c3af1d-6b61-4c79-bfb9-0661563d8185&l_pb_bid_id=1462793acb7aa4d&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.48860850270192957
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: a817136f337f55a6d5f791b8e0fa20fd212997c84c2c959bbcaacf43aabd30dd

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://guandads.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 328
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame 56AD 18 B
309 B 83ms
82ms XHR
application/json 2a02:2638:1::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=25972166187&lsavail=0

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://guandads.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 44

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 56AD 328 B
363 B 130ms
129ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=389854&zone_id=2179160&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,3537bcb0f9becc705b34,1,,,&rf=kresy.pl&tg_i.page=https%3A%2F%2Fkresy.pl%2F&tg_i.domain=kresy.pl&tg_i.pbadslot=adpn-adtag-1673177007771&tk_flint=pbjs_lite_v7.19.0&x_source.tid=53dbaed7-6d5e-4945-a694-29aba597049c&l_pb_bid_id=41eab7b152f3e&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.6284134754104245
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 9b76d3239fa83b5518e0dce52b9a66ccd369a5917c2b3c69a6b7cb7650fd8f59

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://guandads.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 328
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 56AD 171 B
554 B 575ms
97ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://guandads.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 56AD 21 KB
12 KB 596ms
187ms XHR
application/json 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

633cf87dbd91a8d5fe843d891ef03e3353441011c7991ee0dfc200edcf05cdad

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sun, 08 Jan 2023 11:23:29 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 5a645621-7d83-402c-8868-3d55836114d1
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 56AD 171 B
554 B 653ms
156ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://guandads.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame 56AD 0
406 B 98ms
97ms XHR
text/plain 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://guandads.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 56AD 0
58 B 578ms
256ms XHR
text/plain 204.237.133.116
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.116 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://guandads.com
date: Sun, 08 Jan 2023 11:23:27 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 37E9 13 KB
7 KB 673ms
164ms XHR
application/json 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

40abb455c5f030c169100350607c18b9ee33c9e3a80b43280f82f02c53da7d09

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sun, 08 Jan 2023 11:23:29 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 397f7d1f-00fa-4775-bbd8-a5c8e78f358e
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 37E9 328 B
363 B 139ms
139ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=389854&zone_id=2179160&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,3537bcb0f9becc705b34,1,,,&rf=kresy.pl&tg_i.page=https%3A%2F%2Fkresy.pl%2F&tg_i.domain=kresy.pl&tg_i.pbadslot=adpn-adtag-1673177007781&tk_flint=pbjs_lite_v7.19.0&x_source.tid=06b17169-2a52-4a0d-bba9-c99701d93e77&l_pb_bid_id=41ee45e8cc7381&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.536157664498842
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 20f29f5fd1ac3d3351bc392cac3035810704c575d533b1b572280ec3b1023c10

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://guandads.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 328
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 37E9 0
58 B 543ms
245ms XHR
text/plain 204.237.133.116
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.116 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://guandads.com
date: Sun, 08 Jan 2023 11:23:28 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 37E9 171 B
554 B 578ms
89ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://guandads.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame 37E9 0
406 B 123ms
123ms XHR
text/plain 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://guandads.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 37E9 171 B
554 B 640ms
107ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://guandads.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame 37E9 18 B
309 B 50ms
49ms XHR
application/json 2a02:2638:1::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=56149191629&lsavail=0

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://guandads.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 44

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 333D 171 B
554 B 627ms
94ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://guandads.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 333D 328 B
363 B 251ms
251ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=389854&zone_id=2179160&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,3537bcb0f9becc705b34,1,,,&rf=kresy.pl&tg_i.page=https%3A%2F%2Fkresy.pl%2F&tg_i.domain=kresy.pl&tg_i.pbadslot=adpn-adtag-1673177007788&tk_flint=pbjs_lite_v7.19.0&x_source.tid=672af453-6887-4a4c-b85c-093b2b57386e&l_pb_bid_id=4ef2bc9aeb0418&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.14292600316758142
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: c2a9b113240cab2e986cbf450d9e6ac905e25f87367a5f1ea1006e4093321858

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://guandads.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 328
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame 333D 0
406 B 105ms
104ms XHR
text/plain 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://guandads.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H2 200 cdb Show response
bidder.criteo.com/ Frame 333D 18 B
309 B 48ms
48ms XHR
application/json 2a02:2638:1::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=7.19.0&cb=54468919886&lsavail=0

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 08 Jan 2023 11:23:27 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://guandads.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 44

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 333D 139 B
1 KB 539ms
39ms XHR
application/json 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e8d1e46ea1468f8e26db5ed0036db0bc60742367cd810a23aec189f24b95ef4b

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:28 GMT
AN-X-Request-Uuid: d782ea7c-3bd0-445e-be8f-da7b2dacd633
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 139
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 333D 171 B
559 B 724ms
189ms XHR
application/json 81.17.55.98
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.98 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://guandads.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 333D 0
58 B 553ms
252ms XHR
text/plain 204.237.133.116
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.116 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://guandads.com
date: Sun, 08 Jan 2023 11:23:28 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H3 204 rum Show response
kresy.pl/cdn-cgi/ 0
136 B 49ms
23ms XHR
text/plain 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
content-type: application/json

Response headers

date: Sun, 08 Jan 2023 11:23:28 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://kresy.pl
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 78648faf09c39b67-FRA

POST
H3 204 rum Show response
kresy.pl/cdn-cgi/ 0
136 B 29ms
22ms XHR
text/plain 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kresy.pl/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
content-type: application/json

Response headers

date: Sun, 08 Jan 2023 11:23:28 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://kresy.pl
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 78648faf09df9b67-FRA

GET
H/1.1 200
OK tweet.495a42551da1e5c4c5171224e18a5a07.js Show response
platform.twitter.com/js/ 7 KB
3 KB 102ms
102ms Script
application/javascript 2606:2800:220:de:468:2285:c1:4a3
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/tweet.495a42551da1e5c4c5171224e18a5a07.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:220:de:468:2285:c1:4a3 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (bsa/EB14) /
Resource Hash: 251feee5dacd7cd6acb23ff9f266b3a4a5407369b24a56b97dc041ccf918adc6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:28 GMT
Content-Encoding: gzip
Age: 1510822
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 2619
Last-Modified: Wed, 02 Nov 2022 19:36:52 GMT
Server: ECS (bsa/EB14)
Etag: "090b14bdcf073940eb641311b50eb08d+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=315360000

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 415C 0
18 B 43ms
20ms Document
text/plain 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://kresy.pl
Referer: https://kresy.pl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://kresy.pl
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Sun, 08 Jan 2023 11:23:28 GMT
priority: u=0
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H3 200 render_post_ads_v1.html Show response
googleads.g.doubleclick.net/pagead/ Frame 124C 13 KB
5 KB 109ms
40ms Document
text/html 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

04f5d63c75f9fabede423b3d013e6efd9a448190898a34499a4010a59014a8d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 54624
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: br
content-length: 4767
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 07 Jan 2023 20:13:04 GMT
etag: 12223946614886178233
expires: Sun, 08 Jan 2023 20:13:04 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 xbfe_backfill.js Show response
googleads.g.doubleclick.net/pagead/ Frame 6D7C 7 KB
3 KB 103ms
34ms Script
text/javascript 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/xbfe_backfill.js

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2154b34bc0f6a1eb89ee530e36dfe7ed28abec06fa931e1838a00ea8bb2ee7db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:01:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1290
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3003
x-xss-protection: 0
server: cafe
etag: 2660866305706646737
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Sun, 08 Jan 2023 12:01:58 GMT

GET
H/1.1 200
OK trk.js Show response
cdn.adnxs.com/v/s/231/ Frame 6D7C 80 KB
27 KB 84ms
22ms Script
application/x-javascript 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adnxs.com/v/s/231/trk.js
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: a6014f6b98eaeb6078b9e1c953c61f33af95d5f4866d89a416d01b74a0dd6c27

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Expires: Wed, 06 Dec 2023 04:35:13 GMT
Date: Sun, 08 Jan 2023 11:23:28 GMT
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Age: 2875695
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 27455
X-Served-By: cache-lga13620-LGA, cache-hhn-etou8220051-HHN
Last-Modified: Wed, 30 Nov 2022 10:07:25 GMT
Server: AkamaiNetStorage
X-Timer: S1673177009.619048,VS0,VE0
ETag: "48b9fe7fe4120aea6f95a30f505d7b35:1669802845.0694"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *, *
Cache-Control: max-age=31536000
Accept-Ranges: bytes
X-Cache-Hits: 17, 1786374

GET
H/1.1 200
OK it
fra1-ib.adnxs.com/ Frame 6D7C 0
934 B 85ms
37ms Image
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fra1-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252Fkresy.pl%252F&e=wqT_3QL1BfBM9QIAAAMA1gAFAQiwz-qdBhD8gMyim7GYonYYrtKEspaDxZIcKjYJWDuKc9TRkT8R0KXWAEcwjT8ZAAAAoEfhyj8h0KXWAEcwjT8pWDsJJNAxAAAA4FG4nj8wrev0CjiYUEDlHkhlUK2iyyVY8tOXAWAAaPT7tAF47tAEgAEBigEDVVNEkgUG8FWYAcoHoAH6AagBAbABALgBAcABBcgBAtABANgBAOABAPABANgCAOACm4VO6gIRaHR0cHM6Ly9rcmVzeS5wbC-AAwCIAwGQAwCYAxegAwGqA-cBCr8BaA0ncHBhZ2VhZDIuZ29vZ2xlc3luZGljYXRpb24uY29tDR5EL2dlbl8yMDQ_aWQ9YXdiaWQmBQb0BQFfYj1BS0FtZi1BdU1OLXM0VEpRZ0Q5UTlQM0lnZ1ZkSXlrVjl1c3RkcUk5enMtN2ZKdTJ3bF92eldpRk90dmltaUphZjZIeGhvdGJ0dGthRXUzN3BjN0FHSDZhS3ZHRThMaXBRdyZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhM4NTIyMDQzNjM4OTU1NTczMzcyIgg3ODgyNzgyMSoEMzk0McADrALIAwDYA5HWUuADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBA4yMTcuMTE0LjIxOC4yN6gEALIEEAgAEAEYygcg-gEoADAAOAK4BADABADIBADaBAIIAeAEAfAEIcFYiAUBmAUAoAWv0rTYpobT2T7ABQDJBQAFARTwP9IFCQkFC3wAAADYBQHgBQHwBcnqK_oFBAgAEACQBgCYBgC4BgDBBgEhNAAA8D_QBu6PAdoGFgoQCRIZAbAQABgA4AYB8gYCCACABwGIBwCgBwGqBwwxMzg5OTQxOTI1MzjIB-7QBNIHDQkRNwE1CNoHBgFtcBgA4AcA6gcCCADwB-fZAooIAhAAlQgAAIA_mAgB&s=286d6942f39cfae69770476ffa0fb0e9c06ff839

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:28 GMT
AN-X-Request-Uuid: 317167bb-96c5-4596-bd30-875c68cda3d9
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6D7C 0
20 B 122ms
121ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=awbid&awbid_b=AKAmf-CSLcX6YlMAZ4er0ki-eHfyGBfqZ0z0oE9IC1xOy54cVEmc1OwDxAL-oZcJQDMwdZIQejdUrj6uV22OUjKSThd82bcvCQ

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

placement.js Show response
assets.scoota.co/serving/31880/ Frame 55AC
Redirect Chain

https://track.scoota.co/serve?bid_id=1951772018706946693&delivery_id=a4063513-e4df-4114-b27e-eb96b5221ee8&domain=kresy.pl&cachebuster=279801505&event=serve&placement_id=31880&runtime_version=19.5.1...
https://assets.scoota.co/serving/31880/placement.js?ts=1673177008550

68 KB
23 KB

103ms
20ms

Script
application/javascript

65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31880/placement.js?ts=1673177008550
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=yuptqxg&e=1586314810833
Protocol: H2
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 86b1c8feb9ea31f91943cff27e9e9015c7a0589ccb9dfaaabe0d6589d8b8b16b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:13 GMT
content-encoding: gzip
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
last-modified: Tue, 03 Jan 2023 14:53:54 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 84076
etag: W/"5b44d2acc01d2ba224b233396573926a"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: 1OVTdZPy_ESjGyxuc9HJCbyW6sgqE22GPgWxvUOHHlwCRSelpApKsw==

Redirect headers

location: https://assets.scoota.co/serving/31880/placement.js?ts=1673177008550
x-cloud-trace-context: 9229a98a9589b44c579cb750e703cdb4
date: Sun, 08 Jan 2023 11:23:28 GMT
server: Google Frontend
content-length: 343
content-type: text/html; charset=utf-8

GET
H2 200 durly.js Show response
c.evidon.com/ Frame 55AC 4 KB
2 KB 102ms
29ms Script
application/x-javascript 23.2.214.109
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/durly.js?;coid=1267;nid=153615;ad_w=970;ad_h=250
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.2.214.109 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-214-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: f9699b9f521b1c637bb698eab0017f2670dddbc21660ca74bb204a52b34e68b2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: gzip
last-modified: Thu, 06 Oct 2022 20:22:56 GMT
server: AkamaiNetStorage
etag: "5e1b47a064619e731abffc27f0b21f4e:1665087776.418884"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: application/x-javascript
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
accept-ranges: bytes
access-control-allow-headers: *
content-length: 1606

GET
H2 200 tfav_adl_68.js Show response
j.adlooxtracking.com/ads/js/ Frame 55AC 64 KB
23 KB 86ms
26ms Script
application/javascript 2606:4700:10::ac43:2415
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://j.adlooxtracking.com/ads/js/tfav_adl_68.js
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:2415 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2ebd8f4b206d3cc70d859e3b0c7dfb47e21f79b0d925a50a94353334e8c72e5d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 14 Dec 2021 10:09:54 GMT
server: cloudflare
age: 257
etag: W/"61b86d72-ffba"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 78648fafdced2c4f-FRA

GET
H2

200

px Show response
go.affec.tv/ Frame 55AC
Redirect Chain

https://go.affec.tv/i/611cd427bc326a56c7c4e2d1?auction_id=1951772018706946693&tag_id=22885805&creative_id=409830601&creative_size=970x250&reserve_price=0&price_paid=0.00739&bid_price=0.00739&ecp=0....
https://map.go.affec.tv/map/af/?gdpr=&gdpr_consent=&redirect_url=%2F%2Fgo.affec.tv%2Fpx
https://secure.adnxs.com/getuid?https%3A%2F%2Fmap.go.affec.tv%2Fmap%2Fan%2F%24UID%3Fch%3D63baa7b1dd6505000163dd51%26chc%3Daf%26gdpr%3D%26gdpr_consent%3D%26redirect_url%3D%252F%252Fgo.affec.tv%252Fpx
https://map.go.affec.tv/map/an/2028049306522560814?ch=63baa7b1dd6505000163dd51&chc=af&gdpr=&gdpr_consent=&redirect_url=%2F%2Fgo.affec.tv%2Fpx
https://go.affec.tv/px

43 B
265 B

77ms
74ms

Script
image/gif

65.9.66.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://go.affec.tv/px
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=yuptqxg&e=1586314810833
Protocol: H2
Server: 65.9.66.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-6.fra56.r.cloudfront.net
Software: /
Resource Hash: 4842e7f28ce31b8044560bb63762638d957dae394c1b18b24808a2d459886d4c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
via: 1.1 36d9e1bd4f00d39c57a56679dc44e264.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
content-length: 43
x-amz-cf-id: GFbwpM-KbUXPn1cfBWT7nEqeL5NUPOrOk_DXp2yC3pvBNwF-g_lJzA==
x-cache: Miss from cloudfront
content-type: image/gif

Redirect headers

location: //go.affec.tv/px
date: Sun, 08 Jan 2023 11:23:29 GMT
content-encoding: gzip
content-length: 71
vary: Accept-Encoding
content-type: text/html; charset=utf-8

GET
H/1.1 200
OK trk.js Show response
cdn.adnxs.com/v/s/231/ Frame 55AC 80 KB
27 KB 88ms
31ms Script
application/x-javascript 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adnxs.com/v/s/231/trk.js
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: a6014f6b98eaeb6078b9e1c953c61f33af95d5f4866d89a416d01b74a0dd6c27

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Expires: Wed, 06 Dec 2023 04:35:13 GMT
Date: Sun, 08 Jan 2023 11:23:28 GMT
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Age: 2875695
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 27455
X-Served-By: cache-lga13620-LGA, cache-hhn-etou8220030-HHN
Last-Modified: Wed, 30 Nov 2022 10:07:25 GMT
Server: AkamaiNetStorage
X-Timer: S1673177009.628851,VS0,VE0
ETag: "48b9fe7fe4120aea6f95a30f505d7b35:1669802845.0694"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *, *
Cache-Control: max-age=31536000
Accept-Ranges: bytes
X-Cache-Hits: 17, 3184546

GET
H/1.1 200
OK it
fra1-ib.adnxs.com/ Frame 55AC 0
934 B 66ms
24ms Image
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fra1-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252Fkresy.pl%252F&e=wqT_3QKbDPBMGwYAAAMA1gAFAQiwz-qdBhCFtcyM9smFixsYrtKEspaDxZIcKjYJ9jsUBfpEfj8RQKJoqtfQdT8ZAAAAoEfhyj8hQKJoqtfQdT8p-DsJJNgxAAAA4FG4nj8wrev0CjiYUEDRB0gCUMmJtsMBWPLTlwFgAGj0-7QBeLrZBYABAYoBA1VTRJIBAQbwTJgBygegAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEAigJpdWYoJ2EnLCAzNjcxOTYzLCAwKTt1ZignaScsIDc3NzY4MzMsIDApBRQsZycsIDE5NTQwMjMxFSkwcycsIDI3OTkwNDQ4NxUWLHInLCA0MDk4MzA2MAks8LCSAu0EIWxIcjRsUWlCNFA4WkVNbUp0c01CR0FBZzh0T1hBVEFCT0FCQUFFalJCMUN0Nl9RS1dBQmdyZ1pvQUhBQWVBQ0FBUUNJQVFDUUFRR1lBUUdnQVFLb0FRS3dBUUM1QVpfRF9iZ0tCWGtfd1FFWmVFd19ZVUYtUDhrQkFBQUFBQUFBOERfWkFaLXJyZGhmZHVvXzRBSEIxTm9EOVFITnpNdy1tQUlBb0FJQ3RRSUEBMwh2UUkBB_BYQXdBSUF5QUlBMEFJQTJBSUE0QUlBNkFJQS1BSUFnQU1CbUFNQm9nTU9DS3FiOUNjUUJCZ0JMVy1zM2pxaUF4TUk2dlBzSnhBS0dBRXRBQUNBUURJRGRXNXIFNDBKYXZ1Q1lRQ3hnQ0xRAW_wQ0M2QXdsR1VrRXhPalUzTnpiZ0E1Y3dnQVRJaE5FSmlBVGduX3dKa0FRQm1BUUVzZ1FLQ05EMDV3a1F5NFdtRGNFRUFBAUgBAQhESkIBBw0BFDJBUUE4UQVlCQFcSWdGa0MyUUJmRzhNWmdGNTRHOGhRR3BCESMUUEFfc1FVCSwBAQhNRUYBBwkBBERKBSgcRUFUby1jXzAuKAAETmsVKPBDOERfZ0JlTUY4QVdIMHFnSi1BV2JqLUFCZ2dZRFIwSlFpQVlBa0FZQm1BWUFvUWFhbVptWm1ablpQNmdHQkxJR0pBa0EJcAxBQUFCHdsEQmsBEgkBAEMdGEBMZ0dDZy4umgKZASFqaGw5Vz5xAjRQTFRsd0VnQUNnQU1acQVvFG1ka19PZy51AURaQWx6QkpuNnV0MkY5MjZqOVIJagEBBEJaAQYJAQRCaAkIAQEEQnABBgkBBEJ4CQgBARBCNEFJazWI8NA4RDgu2AIA4AKbhU7qAhFodHRwczovL2tyZXN5LnBsL4ADAIgDAZADAJgDF6ADAaoDAMADrALIAwDYA5HWUuADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBA4yMTcuMTE0LjIxOC4yN6gEALIEEAgAEAEYygcg-gEoADAAOAK4BADABADIBADSBA05NzcjRlJBMTo1Nzc22gQCCAHgBAHwBMmJtsMBiAUBmAUAoAX___________8BwAUAyQUAAAAAAADwP9IFCQkAAAkOsNgFAeAFAfAFJ_oFBAgAEACQBgCYBgCiBg8xMDI2NCNGUkExOjU2ODe4BgDBBgkzKPA_0AblAtoGFgoQCREZAVgQABgA4AYB8gaCAQjxvDESfFNCT0ZDbCXz2ERBQWtDQlFFSW41alFCUkRzZ000QkdLMnhZQ0FIS0FCQW9OUzVBa2pjOWZRRFVKY3dXTGNzY1EhigkBEGVBQ0JBUeNYQUFBaUFFQWtBRUFtZ0VDQ0FDb0FRQ3guIABEgAcBiAcAoAcByAe62QXSBw0JEakBpwjaBwYB8HAYAOAHAOoHAggA8Afn2QKKCAIQAJUIAACAP5gIAQ..&s=053fdf31124fa940a902e7edb2ef919684c63695

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:28 GMT
AN-X-Request-Uuid: ebcb7f4a-d15d-46cc-a059-deca6a1b3ad3
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK script.js Show response
acdn.adnxs-simple.com/strikeforce/ Frame 1060 122 KB
43 KB 133ms
73ms Script
application/javascript 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs-simple.com/strikeforce/script.js
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 336e9badb32b4ce8c15616c6001d6a21640864ddbcfad231b9ed5dce1a323134

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Expires: Thu, 15 Dec 2022 04:54:10 GMT
Date: Sun, 08 Jan 2023 11:23:28 GMT
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Age: 23309
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 43824
X-Served-By: cache-lga13622-LGA, cache-hhn-etou8220081-HHN
Last-Modified: Tue, 13 Dec 2022 17:30:57 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Timer: S1673177009.688703,VS0,VE0
ETag: W/"6398b6d1-1e79f"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=86402
Accept-Ranges: bytes
X-Cache-Hits: 3, 57978

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1060 0
20 B 123ms
122ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=awbid&awbid_b=AKAmf-Bg1jQe7yz6pf_tQFYNyUvTKWRv1ocLSSMEL5Voj8CltltZglZR6gAueSfK7qwU9BRkXvXeWsieyEwz8FcikEziPQgrRg

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 xbfe_backfill.js Show response
googleads.g.doubleclick.net/pagead/ Frame 1060 7 KB
3 KB 83ms
35ms Script
text/javascript 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/xbfe_backfill.js

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2154b34bc0f6a1eb89ee530e36dfe7ed28abec06fa931e1838a00ea8bb2ee7db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:01:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1290
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3003
x-xss-protection: 0
server: cafe
etag: 2660866305706646737
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Sun, 08 Jan 2023 12:01:58 GMT

GET
H/1.1 200
OK trk.js Show response
cdn.adnxs.com/v/s/231/ Frame 1060 80 KB
27 KB 74ms
22ms Script
application/x-javascript 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adnxs.com/v/s/231/trk.js
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: a6014f6b98eaeb6078b9e1c953c61f33af95d5f4866d89a416d01b74a0dd6c27

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Expires: Wed, 06 Dec 2023 04:35:13 GMT
Date: Sun, 08 Jan 2023 11:23:28 GMT
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Age: 2875695
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 27455
X-Served-By: cache-lga13620-LGA, cache-hhn-etou8220040-HHN
Last-Modified: Wed, 30 Nov 2022 10:07:25 GMT
Server: AkamaiNetStorage
X-Timer: S1673177009.629712,VS0,VE0
ETag: "48b9fe7fe4120aea6f95a30f505d7b35:1669802845.0694"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *, *
Cache-Control: max-age=31536000
Accept-Ranges: bytes
X-Cache-Hits: 17, 2301155

GET
H/1.1 200
OK it
fra1-ib.adnxs.com/ Frame 1060 0
934 B 65ms
21ms Image
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fra1-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252Fkresy.pl%252F&e=wqT_3QL1BfBM9QIAAAMA1gAFAQiwz-qdBhCsmbDmwNqF5WIYrtKEspaDxZIcKjYJwJfCg2bXjT8RJmFqQatwiD8ZAAAAoEfhyj8hJmFqQatwiD8pwJcJJNAxAAAA4FG4nj8wrev0CjiYUEDlHkhlUK2iyyVY8tOXAWAAaPT7tAF4x4gGgAEBigEDVVNEkgUG8FWYAcoHoAH6AagBAbABALgBAcABBcgBAtABANgBAOABAPABANgCAOACm4VO6gIRaHR0cHM6Ly9rcmVzeS5wbC-AAwCIAwGQAwCYAxegAwGqA-cBCr8BaA0ncHBhZ2VhZDIuZ29vZ2xlc3luZGljYXRpb24uY29tDR5EL2dlbl8yMDQ_aWQ9YXdiaWQmBQb0BQFfYj1BS0FtZi1EYl9HZFJoSFpwMUhhVndoMXp6bmxWM0ZPU01SazVaSlZsS1RoX1ZKYVB3ckhQU05BaFpqNDBJTDFGUXBHS1BaRFlYUUJMYnBRMUlrX2ozUFJqLVdXN1kzamFTQSZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhM3MTE4NTI3MjYxMDE2MDY3MjQ0Igg3ODgyNzgyMSoEMzk0McADrALIAwDYA5HWUuADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBA4yMTcuMTE0LjIxOC4yN6gEALIEEAgAEAEYygcg-gEoADAAOAK4BADABADIBADaBAIIAeAEAfAEIcFYiAUBmAUAoAWL5Y6C6t3dvx3ABQDJBQAFARTwP9IFCQkFC3wAAADYBQHgBQHwBcnqK_oFBAgAEACQBgCYBgC4BgDBBgEhNAAA8D_QBu6PAdoGFgoQCRIZAbAQABgA4AYB8gYCCACABwGIBwCgBwGqBwwxMzg5OTQxOTI1MzjIB8eIBtIHDQkRNwE1CNoHBgFtcBgA4AcA6gcCCADwB-fZAooIAhAAlQgAAIA_mAgB&s=a7f106881fac161bfea4ffb7694d00acee2f3e24

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:28 GMT
AN-X-Request-Uuid: 27af3902-7604-47b3-be2f-8d59cbd1859a
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

placement.js Show response
assets.scoota.co/serving/31880/ Frame BC77
Redirect Chain

https://track.scoota.co/serve?bid_id=8666453536827556983&delivery_id=5f6e1fb6-b0ed-4657-b676-7fb29b5006ae&domain=kresy.pl&cachebuster=1600130912&event=serve&placement_id=31880&runtime_version=19.5....
https://assets.scoota.co/serving/31880/placement.js?ts=1673177008584

68 KB
23 KB

100ms
18ms

Script
application/javascript

65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31880/placement.js?ts=1673177008584
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=ygqcyx&e=1586314810833
Protocol: H2
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 86b1c8feb9ea31f91943cff27e9e9015c7a0589ccb9dfaaabe0d6589d8b8b16b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:13 GMT
content-encoding: gzip
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
last-modified: Tue, 03 Jan 2023 14:53:54 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 84076
etag: W/"5b44d2acc01d2ba224b233396573926a"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: OFTZcKYiOhqjUtE0bZVTrs4Edmjw8xjkbQdyeZbyojraPD0z7xcc2A==

Redirect headers

location: https://assets.scoota.co/serving/31880/placement.js?ts=1673177008584
x-cloud-trace-context: 47137337770e72fdbb319e90a9cb6bef
date: Sun, 08 Jan 2023 11:23:28 GMT
server: Google Frontend
content-length: 343
content-type: text/html; charset=utf-8

GET
H2 200 durly.js Show response
c.evidon.com/ Frame BC77 4 KB
2 KB 64ms
28ms Script
application/x-javascript 23.2.214.109
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/durly.js?;coid=1267;nid=153615;ad_w=970;ad_h=250
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.2.214.109 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-214-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: f9699b9f521b1c637bb698eab0017f2670dddbc21660ca74bb204a52b34e68b2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: gzip
last-modified: Thu, 06 Oct 2022 20:22:56 GMT
server: AkamaiNetStorage
etag: "5e1b47a064619e731abffc27f0b21f4e:1665087776.418884"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: application/x-javascript
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
accept-ranges: bytes
access-control-allow-headers: *
content-length: 1606

GET
H2 200 tfav_adl_68.js Show response
j.adlooxtracking.com/ads/js/ Frame BC77 64 KB
23 KB 71ms
48ms Script
application/javascript 2606:4700:10::ac43:2415
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://j.adlooxtracking.com/ads/js/tfav_adl_68.js
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:2415 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2ebd8f4b206d3cc70d859e3b0c7dfb47e21f79b0d925a50a94353334e8c72e5d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 14 Dec 2021 10:09:54 GMT
server: cloudflare
age: 257
etag: W/"61b86d72-ffba"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 78648fafdcf42c4f-FRA

GET
H2

200

px Show response
go.affec.tv/ Frame BC77
Redirect Chain

https://go.affec.tv/i/611cd427bc326a56c7c4e2d1?auction_id=8666453536827556983&tag_id=22885805&creative_id=409830601&creative_size=970x250&reserve_price=0&price_paid=0.00739&bid_price=0.00739&ecp=0....
https://map.go.affec.tv/map/af/?gdpr=&gdpr_consent=&redirect_url=%2F%2Fgo.affec.tv%2Fpx
https://secure.adnxs.com/getuid?https%3A%2F%2Fmap.go.affec.tv%2Fmap%2Fan%2F%24UID%3Fch%3D63baa7b1dd6505000163dd52%26chc%3Daf%26gdpr%3D%26gdpr_consent%3D%26redirect_url%3D%252F%252Fgo.affec.tv%252Fpx
https://map.go.affec.tv/map/an/2028049306522560814?ch=63baa7b1dd6505000163dd52&chc=af&gdpr=&gdpr_consent=&redirect_url=%2F%2Fgo.affec.tv%2Fpx
https://go.affec.tv/px

43 B
264 B

73ms
70ms

Script
image/gif

65.9.66.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://go.affec.tv/px
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=ygqcyx&e=1586314810833
Protocol: H2
Server: 65.9.66.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-6.fra56.r.cloudfront.net
Software: /
Resource Hash: 4842e7f28ce31b8044560bb63762638d957dae394c1b18b24808a2d459886d4c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
via: 1.1 36d9e1bd4f00d39c57a56679dc44e264.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
content-length: 43
x-amz-cf-id: 275YpUGV-g5CdHyPmB9OAfy0f8Ut-hAXgwHA39ZEgSdDGJajVglupA==
x-cache: Miss from cloudfront
content-type: image/gif

Redirect headers

location: //go.affec.tv/px
date: Sun, 08 Jan 2023 11:23:29 GMT
content-encoding: gzip
content-length: 71
vary: Accept-Encoding
content-type: text/html; charset=utf-8

GET
H/1.1 200
OK trk.js Show response
cdn.adnxs.com/v/s/231/ Frame BC77 80 KB
27 KB 83ms
36ms Script
application/x-javascript 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adnxs.com/v/s/231/trk.js
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: a6014f6b98eaeb6078b9e1c953c61f33af95d5f4866d89a416d01b74a0dd6c27

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Expires: Wed, 06 Dec 2023 04:35:13 GMT
Date: Sun, 08 Jan 2023 11:23:28 GMT
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Age: 2875695
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 27455
X-Served-By: cache-lga13620-LGA, cache-hhn-etou8220058-HHN
Last-Modified: Wed, 30 Nov 2022 10:07:25 GMT
Server: AkamaiNetStorage
X-Timer: S1673177009.661617,VS0,VE0
ETag: "48b9fe7fe4120aea6f95a30f505d7b35:1669802845.0694"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *, *
Cache-Control: max-age=31536000
Accept-Ranges: bytes
X-Cache-Hits: 17, 1869125

GET
H/1.1 200
OK it
fra1-ib.adnxs.com/ Frame BC77 0
934 B 50ms
20ms Image
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fra1-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252Fkresy.pl%252F&e=wqT_3QKHFvBMBwsAAAMA1gAFAQiwz-qdBhD3iKPosrLbongYrtKEspaDxZIcKjYJ9jsUBfpEfj8RQKJoqtfQdT8ZAAAAoEfhyj8hQKJoqtfQdT8p-DsJJNgxAAAA4FG4nj8wrev0CjiYUEDRB0gCUMmJtsMBWPLTlwFgAGj0-7QBeNXXBYABAYoBA1VTRJIBAQbwTJgBygegAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEAigJpdWYoJ2EnLCAzNjcxOTYzLCAwKTt1ZignaScsIDc3NzY4MzMsIDApBRQsZycsIDE5NTQwMjMxFSkwcycsIDI3OTkwNDQ4NxUWLHInLCA0MDk4MzA2MAks8LCSAtkOIW5YSzNLd2lCNFA4WkVNbUp0c01CR0FBZzh0T1hBVEFCT0FCQUFFalJCMUN0Nl9RS1dBQmdyZ1pvQUhBQWVBQ0FBUUNJQVFDUUFRR1lBUUdnQVFLb0FRS3dBUUM1QVpfRF9iZ0tCWGtfd1FFWmVFd19ZVUYtUDhrQkFBQUFBQUFBOERfWkFaLXJyZGhmZHVvXzRBSEIxTm9EOVFITnpNdy1tQUlBb0FJQ3RRSUEBMwh2UUkBB_BYQXdBSUF5QUlBMEFJQTJBSUE0QUlBNkFJQS1BSUFnQU1CbUFNQm9nTU9DS3FiOUNjUUJCZ0JMVy1zM2pxaUF4TUk2dlBzSnhBS0dBRXRBQUNBUURJRGRXNXIFNDBKYXZ1Q1lRQ3hnQ0xRAW_YQzZBd2xHVWtFeE9qVXpNVGZnQTVjd2dBVEloTkVKaUFUZ25fd0prQVFCbUFRRXFnU3VCd2pfXxUCDDhCRVAVDRBfX3dFWR0ODF9BU0QdDxQ4QktBZ3cdEQxfQVRqHQ8IOEJRMkwABEZJHR0IX0FWNkwAAFc2LAAAZzIsAABXNlgAAGM2LAAQNEFZQUIyMAAEWWc2EAAAWjogACRaZ0JrZFpTb0FIHTcIOEJxOhAAAHM6EAAAdToQAAB3OhAAAHk6EAAMMEFHdEGMADI6GAAANDoQAAA2OhAAADg6EAAcLUFHX0JvQUMdrQxfQVlnNhAAAFo6IAAAWjogAABhOiAAAGE6IAAAYjogAABiOiAAAGM6IAAAYzogAABkOiAAAGQ6IAAAZTogAABlOiAAAGY6IAAAZjogAARZQS4xAiEANhAAAFo6IAAAWjogAABhOiAAAGE6IAAAYjogAABiOiAAAGM6IAAAYzogAABkOiAAAGQ6IAAAZTogAABlOiAAAGY6IAAAZjogAAhZQUU6AAI2EAAAWjogAABaOiAAAGE6IAAAYTogAABiOiAAAGI6IAAAYzogAABjOiAAAGQ6IAAAZDogAABlOiAAAGU6IAAAZjogAABmOiAACFlBRjoAATYQAABaOiAAAFo6IABMYklFQ2dqUTlPY0pFTXVGcGczQkKhMw0BBHlRpUEJARhOZ0VBUEVFCQ0BAWBDSUJjVXBrQVh4dkRHWUJlZUJ2SVVCcVFVAR0gQUFBRHdQN0VGAQoJAQhEQkIdTwB5BSgcQkFFNlBuUDkyKAAAWhUoyFBBXzRBWGpCZkFGaDlLb0NmZ0ZtNF9nQVlJR0EwZENVSWdHQUpBR0FaZ0dBS0VHbXBtWgECLDJULW9CZ1N5QmlRSgl8BQEAUgUGCQEAWgkHBQEAaAUGBQFIQzRCZ28umgKZASFoUm41VmdpQjJdBzhQTFRsd0VnQUNnQU1acVoBbRRtZGtfT2cuYQZAZEFsekJKbjZ1dDJGOTI2ajkdeQBCHXkAQh15BEJwBYAFAQRCeAUHBQEQQjRBSWs1lPDQOEQ4LtgCAOACm4VO6gIRaHR0cHM6Ly9rcmVzeS5wbC-AAwCIAwGQAwCYAxegAwGqAwDAA6wCyAMA2AOR1lLgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQOMjE3LjExNC4yMTguMjeoBACyBBAIABABGMoHIPoBKAAwADgCuAQAwAQAyAQA0gQNOTc3I0ZSQTE6NTMxN9oEAggB4AQB8ATJibbDAYgFAZgFAKAF____________AcAFAMkFAAAAAAAA8D_SBQkJAAAJDrDYBQHgBQHwBSf6BQQIABAAkAYAmAYAogYPMTAyNjQjRlJBMTo1MTk3uAYAwQYJMyjwP9AG5QLaBhYKEAkRGQFcEAAYAOAGAfIGggEI8bwxEnxXaFBYRFZrIVDYREFBa0NCUUVJbjVqUUJSRHNnTTRCR0syeFlDQUhLQUJBb05TNUFramM5ZlFEVUpjd1dNMG9jUQE7CQEQZUFDQkFdx0xpQUVBa0FFQW1nRUNDQUNvQVFDeC4gAESABwGIBwCgBwHIB9XXBdIHDQkRqQGnCNoHBgHwcBgA4AcA6gcCCADwB-fZAooIAhAAlQgAAIA_mAgB&s=2f3fb7b57055cc61a6c2685b69f644baa1a76028

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:28 GMT
AN-X-Request-Uuid: 98dc14eb-eb94-403f-b8ad-23577b2692d3
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

placement.js Show response
assets.scoota.co/serving/31880/ Frame 3382
Redirect Chain

https://track.scoota.co/serve?bid_id=7379796288815871095&delivery_id=fad5fb22-6ac2-4ccf-97ea-6eb12e46c096&domain=kresy.pl&cachebuster=671432163&event=serve&placement_id=31880&runtime_version=19.5.1...
https://assets.scoota.co/serving/31880/placement.js?ts=1673177008606

68 KB
23 KB

101ms
18ms

Script
application/javascript

65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31880/placement.js?ts=1673177008606
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=elbbkpf&e=1586314810833
Protocol: H2
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 86b1c8feb9ea31f91943cff27e9e9015c7a0589ccb9dfaaabe0d6589d8b8b16b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:13 GMT
content-encoding: gzip
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
last-modified: Tue, 03 Jan 2023 14:53:54 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 84076
etag: W/"5b44d2acc01d2ba224b233396573926a"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: Atj9UKfpQAKgiU32rZqtDZyktygh9ENy8t-3DQQ9xjgjA-1tkLHoTw==

Redirect headers

location: https://assets.scoota.co/serving/31880/placement.js?ts=1673177008606
x-cloud-trace-context: 4315b7a9cd80d0b9c132d5d43ee3f2a3
date: Sun, 08 Jan 2023 11:23:28 GMT
server: Google Frontend
content-length: 343
content-type: text/html; charset=utf-8

GET
H2 200 durly.js Show response
c.evidon.com/ Frame 3382 4 KB
2 KB 47ms
30ms Script
application/x-javascript 23.2.214.109
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/durly.js?;coid=1267;nid=153615;ad_w=970;ad_h=250
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.2.214.109 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-214-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: f9699b9f521b1c637bb698eab0017f2670dddbc21660ca74bb204a52b34e68b2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: gzip
last-modified: Thu, 06 Oct 2022 20:22:56 GMT
server: AkamaiNetStorage
etag: "5e1b47a064619e731abffc27f0b21f4e:1665087776.418884"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: application/x-javascript
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
accept-ranges: bytes
access-control-allow-headers: *
content-length: 1606

GET
H2 200 tfav_adl_68.js Show response
j.adlooxtracking.com/ads/js/ Frame 3382 64 KB
23 KB 34ms
30ms Script
application/javascript 2606:4700:10::ac43:2415
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://j.adlooxtracking.com/ads/js/tfav_adl_68.js
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:2415 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2ebd8f4b206d3cc70d859e3b0c7dfb47e21f79b0d925a50a94353334e8c72e5d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 14 Dec 2021 10:09:54 GMT
server: cloudflare
age: 257
etag: W/"61b86d72-ffba"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 78648fafdcf02c4f-FRA

GET
H2

200

px Show response
go.affec.tv/ Frame 3382
Redirect Chain

https://go.affec.tv/i/611cd427bc326a56c7c4e2d1?auction_id=7379796288815871095&tag_id=22885805&creative_id=409830601&creative_size=970x250&reserve_price=0&price_paid=0.00739&bid_price=0.00739&ecp=0....
https://map.go.affec.tv/map/af/?gdpr=&gdpr_consent=&redirect_url=%2F%2Fgo.affec.tv%2Fpx
https://secure.adnxs.com/getuid?https%3A%2F%2Fmap.go.affec.tv%2Fmap%2Fan%2F%24UID%3Fch%3D63baa7b18d451b00013ce235%26chc%3Daf%26gdpr%3D%26gdpr_consent%3D%26redirect_url%3D%252F%252Fgo.affec.tv%252Fpx
https://map.go.affec.tv/map/an/2028049306522560814?ch=63baa7b18d451b00013ce235&chc=af&gdpr=&gdpr_consent=&redirect_url=%2F%2Fgo.affec.tv%2Fpx
https://go.affec.tv/px

43 B
265 B

53ms
52ms

Script
image/gif

65.9.66.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://go.affec.tv/px
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=elbbkpf&e=1586314810833
Protocol: H2
Server: 65.9.66.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-6.fra56.r.cloudfront.net
Software: /
Resource Hash: 4842e7f28ce31b8044560bb63762638d957dae394c1b18b24808a2d459886d4c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:30 GMT
via: 1.1 36d9e1bd4f00d39c57a56679dc44e264.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
content-length: 43
x-amz-cf-id: X4MmdVOPnpEEWecUINDZM4rg97gV8i0kItQLbI7GbAXCX8C7-xLZzg==
x-cache: Miss from cloudfront
content-type: image/gif

Redirect headers

location: //go.affec.tv/px
date: Sun, 08 Jan 2023 11:23:29 GMT
content-encoding: gzip
content-length: 71
vary: Accept-Encoding
content-type: text/html; charset=utf-8

GET
H/1.1 200
OK trk.js Show response
cdn.adnxs.com/v/s/231/ Frame 3382 80 KB
27 KB 54ms
25ms Script
application/x-javascript 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adnxs.com/v/s/231/trk.js
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: a6014f6b98eaeb6078b9e1c953c61f33af95d5f4866d89a416d01b74a0dd6c27

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Expires: Wed, 06 Dec 2023 04:35:13 GMT
Date: Sun, 08 Jan 2023 11:23:28 GMT
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Age: 2875695
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 27455
X-Served-By: cache-lga13620-LGA, cache-hhn-etou8220051-HHN
Last-Modified: Wed, 30 Nov 2022 10:07:25 GMT
Server: AkamaiNetStorage
X-Timer: S1673177009.650069,VS0,VE0
ETag: "48b9fe7fe4120aea6f95a30f505d7b35:1669802845.0694"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *, *
Cache-Control: max-age=31536000
Accept-Ranges: bytes
X-Cache-Hits: 17, 1786375

GET
H/1.1 200
OK it
fra1-ib.adnxs.com/ Frame 3382 0
934 B 44ms
20ms Image
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fra1-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252Fkresy.pl%252F&e=wqT_3QKbDPBMGwYAAAMA1gAFAQiwz-qdBhD36Pas_7OTtWYYrtKEspaDxZIcKjYJ9jsUBfpEfj8RQKJoqtfQdT8ZAAAAoEfhyj8hQKJoqtfQdT8p-DsJJNgxAAAA4FG4nj8wrev0CjiYUEDRB0gCUMmJtsMBWPLTlwFgAGj0-7QBeK3YBYABAYoBA1VTRJIBAQbwTJgBygegAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEAigJpdWYoJ2EnLCAzNjcxOTYzLCAwKTt1ZignaScsIDc3NzY4MzMsIDApBRQsZycsIDE5NTQwMjMxFSkwcycsIDI3OTkwNDQ4NxUWLHInLCA0MDk4MzA2MAks8LCSAu0EIWpYcmVrUWlCNFA4WkVNbUp0c01CR0FBZzh0T1hBVEFCT0FCQUFFalJCMUN0Nl9RS1dBQmdyZ1pvQUhBQWVBQ0FBUUNJQVFDUUFRR1lBUUdnQVFLb0FRS3dBUUM1QVpfRF9iZ0tCWGtfd1FFWmVFd19ZVUYtUDhrQkFBQUFBQUFBOERfWkFaLXJyZGhmZHVvXzRBSEIxTm9EOVFITnpNdy1tQUlBb0FJQ3RRSUEBMwh2UUkBB_BYQXdBSUF5QUlBMEFJQTJBSUE0QUlBNkFJQS1BSUFnQU1CbUFNQm9nTU9DS3FiOUNjUUJCZ0JMVy1zM2pxaUF4TUk2dlBzSnhBS0dBRXRBQUNBUURJRGRXNXIFNDBKYXZ1Q1lRQ3hnQ0xRAW_wQ0M2QXdsR1VrRXhPalUzTmpqZ0E1Y3dnQVRJaE5FSmlBVGduX3dKa0FRQm1BUUVzZ1FLQ05EMDV3a1F5NFdtRGNFRUFBAUgBAQhESkIBBw0BFDJBUUE4UQVlCQFcSWdGaUMyUUJmRzhNWmdGNTRHOGhRR3BCESMUUEFfc1FVCSwBAQhNRUYBBwkBBERKBSgcRUFUby1jXzAuKAAETmsVKPBDOERfZ0JlTUY4QVdIMHFnSi1BV2JqLUFCZ2dZRFIwSlFpQVlBa0FZQm1BWUFvUWFhbVptWm1ablpQNmdHQkxJR0pBa0EJcAxBQUFCHdsEQmsBEgkBAEMdGEBMZ0dDZy4umgKZASFqeG5DVz5xAjRQTFRsd0VnQUNnQU1acQVvFG1ka19PZy51AURoQWx6QkpuNnV0MkY5MjZqOVIJagEBBEJaAQYJAQRCaAkIAQEEQnABBgkBBEJ4CQgBARBCNEFJazWI8NA4RDgu2AIA4AKbhU7qAhFodHRwczovL2tyZXN5LnBsL4ADAIgDAZADAJgDF6ADAaoDAMADrALIAwDYA5HWUuADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBA4yMTcuMTE0LjIxOC4yN6gEALIEEAgAEAEYygcg-gEoADAAOAK4BADABADIBADSBA05NzcjRlJBMTo1NzY42gQCCAHgBAHwBMmJtsMBiAUBmAUAoAX___________8BwAUAyQUAAAAAAADwP9IFCQkAAAkOsNgFAeAFAfAFJ_oFBAgAEACQBgCYBgCiBg8xMDI2NCNGUkExOjU3Nzm4BgDBBgkzKPA_0AblAtoGFgoQCREZAVgQABgA4AYB8gaCAQjxvDESfEpSTVhCRiXz2ERBQWtDQlFFSW41alFCUkRzZ000QkdLMnhZQ0FIS0FCQW9OUzVBa2pjOWZRRFVKY3dXSk10Y1EhigkBEGVBQ0JBUeNYQUFBaUFFQWtBRUFtZ0VDQ0FDb0FRQ3guIABEgAcBiAcAoAcByAet2AXSBw0JEakBpwjaBwYB8HAYAOAHAOoHAggA8Afn2QKKCAIQAJUIAACAP5gIAQ..&s=9a9ffd2fc78cc6074e9467d90033b9d0475ad25f

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:28 GMT
AN-X-Request-Uuid: 1883f041-5a3b-4d2c-8cc1-ec4e96562538
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame F2B5 52 KB
17 KB 87ms
22ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=2030592
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=ubuvjhejdh&e=1586314810833
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 17770
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Sun, 08 Jan 2023 11:23:28 GMT
ETag: W/"623de86a-cf34"
Expires: Sun, 01 Jan 2023 17:03:48 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 7, 236582
X-Served-By: cache-lga13626-LGA, cache-hhn-etou8220061-HHN
X-Timer: S1673177009.728750,VS0,VE0

GET
H/1.1 200
OK rd_log Show response
fra1-ib.adnxs.com/ Frame 6D7C 0
934 B 33ms
31ms Script
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QKRMfBMkRgAAAMA1gAFAQiwz-qdBhD8gMyim7GYonYYrtKEspaDxZIcKjYJWDuKc9TRkT8R0KXWAEcwjT8ZAAAAoEfhyj8h0KXWAEcwjT8pWDsJJNAxAAAA4FG4nj8wrev0CjiYUEDlHkhlUK2iyyVY8tOXAWAAaPT7tAF47tAEgAEBigEDVVNEkgUG9JAEmAHKB6AB-gGoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQDYAgDgApuFTuoCEWh0dHBzOi8va3Jlc3kucGwv8gINCgZIRUlHSFQSAzI1MPICDAoFV0lEVEgSAzk3MPICIQoGTE9BREVSEhdyZW5kZXJfcG9zdF9hZHNfdjEuaHRtbPICGAoKSUZSQU1FX0tFWRIKMTYyNTMxNTgwMfICyBUKC1BSRV9TQ1JJUFRTErgVPHNjcmlwdD4oZnVuY3Rpb24oKXsvKgoKIENvcHlyaWdodCBUaGUgQ2xvc3VyZSBMaWJyYXJ5IEF1dGhvcnMuCiBTUERYLUxpY2Vuc2UtSWRlbnRpZmllcjogQXBhY2hlLTIuMAoqLwp2YXIgaz10aGlzfHxzZWxmO3ZhciBsPUFycmF5LnByb3RvdHlwZS5pbmRleE9mP2Z1bmN0aW9uKGEsYyl7cmV0dXJuIEFycmF5LnByb3RvdHlwZS5pbmRleE9mLmNhbGwoYSxjLHZvaWQgMCl9OmZ1bmN0aW9uKGEsYyl7aWYoInN0cmluZyI9PT10eXBlb2YgYSlyZXR1cm4ic3RyaW5nIiE9PXR5cGVvZiBjfHwxIT1jLmxlbmd0aD8tMTphLmluZGV4T2YoYywwKTtmb3IodmFyIGU9MDtlPGEubGVuZ3RoO2UrKylpZihlIGluIGEmJmFbZV09PT1jKXJldHVybiBlO3JldHVybi0xfTtmdW5jdGlvbiBtKGEpe21bIiAiXShhKTtyZXR1cm4gYX1tWyIgIl09ZnVuY3Rpb24oKXt9O2Z1bmN0aW9uIG4oYSl7YT12b2lkIDA9PT1hP2RvY3VtZW50OmE7cmV0dXJuIGEuY3JlYXRlRWxlbWVudCgiaW1nIil9O2Z1bmN0aW9uIHAoYSxjLGUpe3ZhciBiPSExO2I9dm9pZCAwPT09Yj8hMTpiO2EuZ29vZ2xlX2ltYWdlX3JlcXVlc3RzfHwoYS5nb29nbGVfaW1hZ2VfcmVxdWVzdHM9W10pO3ZhciBkPW4oYS5kb2N1bWVudCk7aWYoZSl7dmFyIGY9ZnVuY3Rpb24oKXtpZihlKXt2YXIgZz1hLmdvb2dsZV9pbWFnZV9yZXF1ZXN0cyxoPWwoZyxkKTswPD1oJiZBcnJheS5wcm90b3R5cGUuc3BsaWNlLmNhbGwoZyxoLDEpfWQucmVtb3ZlRXZlbnRMaXN0ZW5lciYmZC5yZW1vdmVFdmVudExpc3RlbmVyKCJsb2FkIixmLCExKTtkLnJlbW92ZUV2ZW50TGlzdGVuZXImJmQucmVtb3ZlRXZlbnRMaXN0ZW5lcigiZXJyb3IiLGYsITEpfTtkLmFkZEV2ZW50TGlzdGVuZXImJmQuYWRkRXZlbnRMaXN0ZW5lcigibG9hZCIsZiwhMSk7ZC5hZGRFdmVudExpc3RlbmVyJiZkLmFkZEV2ZW50TGlzdGVuZXIoImVycm9yIixmLCExKX1iJiYoZC5hdHRyaWJ1dGlvbnNyYz0iIik7ZC5zcmM9YzthLmdvb2dsZV9pbWE9tygucHVzaChkKX0KO1VLgHEoKXt2YXIgYT1kb2N1bWVudC5jdXJyZW50U2NyaXB0O0m9FChhPXZvaVFuXG51bGw6YSkmJiI3NyI9PT1hLmdldEF0dAWQOGUoImRhdGEtamMiKT9hOhVXPHF1ZXJ5U2VsZWN0b3IoJ1sNJQA9AUQQXScpfTsBhyxyPVJlZ0V4cCgiXmihHOA_Oi8vKFxcd3wtKStcXC5jZG5cXC5hbXBwcm9qZWN0XFwuKG5ldHxvcmcpKFxcP3wvfCQpIik7CmaNPwQgdBXgAGsFYQxjPVtdBQkEZT0Bxgg7ZG8F_xhiPWE7dHJ5BQwsZDtpZihkPSEhYiYmASRQIT1iLmxvY2F0aW9uLmhyZWYpYjp7AS2QbShiLmZvbyk7ZD0hMDticmVhayBifWNhdGNoKGgpe31kPSExfQHWCGY9ZBkXAGYBFgxpZihmKXkAZz5eABA7ZT1iLjE2BCYmGQwoLnJlZmVycmVyfHwBlyR9ZWxzZSBnPWUsDcsAYyngMG5ldyB1KGd8fCIiKSkF1RRhPWIucGEh1BmGAGEF__BAfX13aGlsZShhJiZiIT1hKTtiPTA7Zm9yKGE9Yy5sZW5ndGgtMTtiPD1hOysrYiljW2JdLmRlcHRoPWEtYjtiPWshKzkeAa41KjhhbmNlc3Rvck9yaWdpbnNuHAANawA9HXUAKQmGDDE7YTwRikw7KythKWc9Y1thXSxnLnVybHx8KAUILkIBOnYAFFthLQoxXSEMGCxnLmg9ITAB4ykiAGsZqyHVFCwhMSk7ZyUWJQIEZT0yBAEgMDw9ZTstLWUpIbpEPWNbZV0sIWcmJnIudGVzdChmAY8gKSYmKGc9ZiksBQ4sJiYhZi5oKXtiPWY7RRsAfQ1dAGUV5gQmJgHMATsEOzBBZQBkIVoIJiZlBUgBGwgpO2MFrRR2KGIsZyltixggYy5nP2MuBfoMOmMuaQFAAH110AB2yfIUdGhpcy5pQdUBCQhnPWMZIgB1HSIIdXJsESQUaD0hIWM7BS8FiCUK3akAd3VJGHQoKSxjPWHxq0AoIj8iKTtzZXRUaW1lb3V0KBGMDTEAZZk6GGU_LjAxOmVBNUQhKE1hdGgucmFuZG9tKCk-ZSlpDwxiPXEoIaQAImX_NDovLyIrKGImJiJ0cnVlgWsAYlZrBDgtcmNkIik_InBhZ2VhZDLNShBzeW5kaWm5IC1jbi5jb20iOmYjAAUgDCkrIi8JRXgvZ2VuXzIwND9pZD1qY2EmamM9NzcmdmVyc2lvbj0ihUUMZD0oZAGxDCkmJmRamQANMTAiKXx8InVua25vd24iYeNcK2QrIiZzYW1wbGU9IitlO2I9d2luZG93BVgAZjk0FGY_ITE6ZiEzNGQ9Yi5uYXZpZ2F0b3IpMg4AUC51c2VyQWdlbnQsZD0vQ2hyb21lL0mbIGQpJiYhL0VkZxkRHD8hMDohMTtkYZMVUTAuc2VuZEJlYWNvbj8KHWkdGCQoZSk6cChiLGUs1QwJnhApfX0sMFWgXDA8PWM_YS5zdWJzdHJpbmcoMCxjKTphfQngEC5yZmw9XSPJYHQgZW5jb2RlVVJJQ29tcG9uZW50KHcoKSl9O30pLmMO3wlBmhQpOwo8L3PFmGw-8gLJAgoKRVhUUkFfVEFHUxK6AjxkaXYgc3R5IVIMcG9zaaGxZDogYWJzb2x1dGU7IGxlZnQ6IDBweDsgdG9wDQpwdmlzaWJpbGl0eTogaGlkZGVuOyI-PGltZyBzcmNZh0kUSlkCQTYNHi4yAhRhd2JpZCYFBvCGX2I9QUtBbWYtQ1NMY1g2WWxNQVo0ZXIwa2ktZUhmeUdCZnFaMHowb0U5SUMxeE95NTRjVkVtYzFPd0R4QUwtb1pjSlFETXdkWklRZWpkVXJqNnVWMjJPVWpLU1RoZDgyYmN2Q1EiIGJvcmRlcj0wIHdpZHRoPTEgaGVpZ2h0PTEgYWx0PSIiMRqIZGlzcGxheTpub25lIj48L2Rpdj7yApoBCgxQT1NUX1NDUkkOGgwEiQEaGgw2CAFoZ29vZ2xlYWRzLmcuZG91YmxlY2xpY2submV0MQY8eGJmZV9iYWNrZmlsbC5qcwFlLbUNUwA-nSQoIHtyM3B4KCcxNjIapgwcJyk7fSkoKTs96xDrEgoQSAGeNFBPUlRfUEFSQU1TEtYSkSSKlQDwfWFkZmV0Y2g_YWRrPTQxMjIwNDM2MDUmYWRzYWZlPW1lZGl1bSZjbGllbnQ9Y2EtcHViLTMwNzY4OTAwMTI3NDE0NjcmZm9ybWF0PTk3MHgyNTBfYXMmaXA9MjE3LjExNC4yMTguMjcmb3V0cHV0PWh0bWwmdW52aWV3ZWRfcE2NIF9zdGFydD0xJqF4Eb0Aax78DRAmc3ViXw2DAGJBivB9ci01NzQzMDU4JmhsPWRlJmFjZWlkPU1Kb1d0QUJkSExRQWxYQTBBZmx3TkFGT2ZEUUJYb0EwQVdxQU5BRjFnalFCaklJMEFldUNOQUVZZ3pRQkk0TTBBVG1ETkFHYWd6UUJtNE0wQWEtRE5BSExnelFCMUlNMEFkV0ROQUhhARAsM0lNMEFmT0ROQUg0ARAALQFA9CQCVVZ6UVFGX0hsd0NzdmVJQW1mNWlBSW5RcW9DS0VLcUFpdENxZ0s0WmFvQ0VtaXFBaVJzcWdMZ2Y2b0NSWmFxQW9DYnFnS0JtNm9DZ3B1cUFxS29xZ0xYc2FvQzhOcXFBc25pcWdLZzVhb0NPT21xQXRmeHFnS2k4cW9DOVBXcUFsMzRxZ0lsLTZvQ1FmdXFBcllicXdKaUhLc0NmQnlyQXRVZXF3SkFINnNDV2lHckFqd2pxd0xPSktzQ0RpYXJBaWttcXdMeUo2c0NOaWlyQWxRb3F3TFNLcXNDLXl1ckF1Z3Zxd0otTUtzQ2dqU3JBcHcwcXdJNU9Lc0NQRGlyQW8wNHF3S2dPS3NDNERtckFoSTZxd0prT3FzQ2FqcXJBblU3cXdLOU82c0NEVHlyQWlNOHF3SnhQYXNDeWoyckFxay1xd0wyUHFzQ0h6LXJBbkJCcXdLVFE2c0M1VU9yQWhsRnF3SWpScXNDakVhckFqMUlxd0xCU2FzQzRFbXJBdUpKcXdLb1Nxc0NJMHlyQXB4TXF3S3ZUS3NDZFUyckFtRk9xd0lxN1FVRG0zUWtCSGNILVFnRHJQc1N6ZEg3RXRiaC14S0U5X3NTUGZqN0V2NEFfQkxiQXZ3U3RnZjhFaUlKX0JLVkNmd1N0Z244RWtZS19CTGtDdndTT0F2OEVuWUxfQkpibi1vVXhQVURGZmhXYXhvJmV4az0xNjI1MzE1ODAxjfsAY4378LBCeDQ1MWhObnhlT1hXX0NYOVV0VndQUm1NWlNyclJRUzB3a2JuWlFEdURtTEo5THlrVzN0UTRLZGZxbUxRamhXMW5qc1VCM1p5VnNpaHV6Y3BEcUNnbUx1ckNpYWdDT1BEYlVOQWdzc2gwcnZiZlVnODZKSkJPU1M0TEdrVU83WjluMDY1S0tpRVdkeUVyMS1TZUZFb19qLUZRdVBWazZoNU45UWdLTlBiRmlmWEw2RmMNwABkDcD0KwVDQU1JOU5Xa19yUnZMQ005dWhFWFB5bVUySGtxNWZ0Y0xoRV82amVsQUdWb1BEeUVyemZOWmREMWVwVTcyOGJrbVRxUWdTSjJqVW5HS1JwOVhFN1FtR0pjNDctc2hCdjVUQmpob3Y2YTltY1pZQUJXOEpKLTNOaFZzeEFneW16b3dMTHpHY0RnOXpUNmphNkZ0RzNtOVU5Qm1rV0J2SzdEU2h3bEgwT2VLYmhBeU4wY2l6VU1aYl91UFpmbXpveU5GWUJjY1JnNTRDNlBzRGVjeHdOejd6VDhBNDR6cEtlR205ajJFOWFXR0pNMWRLa21JbXR5RUd2RVBQMW9mMVRGQkFmWWUzY3NZZjV4dzAtTVVDSENCaC0wN0xVbWtPRVM0MmVEeVN0TzQ3aUhqWHJ4OTZNMHFYMmpOR29xLTNIN2Z2cVdES044ZkVUZDgzNU54d2FxRl8zWU5FTG5kdS1ZR0pDWjROSE1PSVQ1T0hoaHh1d0EwLU9uUDZMeE1fbXpWQ3lQajNtQ18wd3pIRk9FMEQ5aFZOQnkwaUo4aWRtdl91a0g3MVlnemRKYXFYTVkwYzRIZlBQNXlGZWdidVl5SUtlUnl1QmpremtleExGY0loYzBGT3dDY3kxSTVjWm0tbmVNWnI4Z191MWZLUTFtYlF0a1VsWXNLZWNsSmNyR3FUc3F1aWd6SVFGNzFHSnViZlBOeWNvcmgyTHpGS0dHdnN0dWZ0Um4yNHZTRWtDeUY4ZGxST2poZWdGay1xQkF4YjE1UG5YcGxuYmF1dGtEaWpGaU5wZllKMDdlcHNua1NNeWNXbEhjcF9rSnNsRkRINmJHQVlWQjV5VmVlSTRDX201V2IxaVJfSGFqM2MxMnZrVVl1d2piNk1SZVRFV1dJWU9vd19PVzAtcXpNY0pKY0tBUHNCN29jTkg3aVdkS2JiS1phQWNCY2ZkVWNiM0ExUnhEVjFTQ0RBQkZvaldKYVNCejYyMkhtYk02MUpBLWxobGJoSlBlQ0NjWVpuaDhRM3pZN3NIbGJ0MnBZSDI5ZGRoOVBlaEUyNjBvWWFaMHpWVkIxc0ZTSDR2QTdXa2xvUWt5SV9kSXptNF9PUEVSajZSOEtRWGlzU0d6SVRvUEpOTmY1ODlnNl9nUHJkemY2OV9fZGR4NjZUTHFqSVhaQnc4ZDY1Yi1LZHQ4Q0laZUl3UERHYUpodVlMdUFkUS00ZlhIekxROVlfR2JucHh1bTAzbDl0SWRGMXdfOGNEcFBfSjNWNjZndmxCOTE4RDcwNWxLMzhtUm1SeWpYMGJKT2pCQUdtajVQVEtrSEl2NmdTLUJ4NExvX1pZb1lsMU00cklhRktvejliSGoyeUlUTWVPekotWlRKSWZlcnNsdWZuWVo3SjAwU3ZrZjN5azdpaEFLR0VwMFpEeTZhc1R4cjFWbF9yak5vdzVBaUstUVA2Vmk5MEN5TF9GWC1Ba1hKdW9wbVhvMGRCMWRwVFlHcEVTSHQ3QUpiM0JZbGkweldJQWQ2VTZmVTRfR0xPWjZuZlEyQ09fcXhUc1NoSmltT21yLUFob3VvaURrNXc0LWNsc0YtaS1BSmlzbmplN1BNJmNpZD1DQVFTR3dEcTI2TjlOb2VRcHVwcC1OMGZTUDV0Q3lRV0thRUVncG53NkJnQklBbyZhX2NpZD2AAwCIAwGQAwCYAxegAwGqAwDAA6wCyAMA2AOR1lLgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQONhIJoKgEALIEEAgAEAEYygcg-gEoADAAOAK4BADABADIBADaBAIIAeAEAfAEDl0XWIgFAZgFAKAFr9K02KaG09k-wAUAyQUABQEU8D_SBQkJBQt8AAAA2AUB4AUB8AXJ6iv6BQQIABAAkAYAmAYAuAYAwQYBITQAAPA_0AbujwHaBhYKEAkSGQGwEAAYAOAGAfIGAggAgAcBiAcAoAcBqgcMMTM4OTk0MTkyNTM4yAfu0ATSBw0JETcBNQjaBwYBbXAYAOAHAOoHAggA8Afn2QKKCAIQAJUIAACAP5gIAQ..&s=53e29e128e4b81c9ff7d541239d44ccbf31b6404&bdref=https%3A%2F%2Fkresy.pl%2F&bdtop=true&bdifs=2&bstk=https%3A%2F%2Fkresy.pl%2F,https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Dubuvjhejdh%26e%3D1586314810833,https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Dubuvjhejdh%26e%3D1586314810833&

Requested by

Host: guandads.com
URL: https://guandads.com/r/p.html?f=ubuvjhejdh&e=1586314810833

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:28 GMT
AN-X-Request-Uuid: 10791afb-cd1e-4812-8a32-dcc60fd8b6d3
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 ba.js Show response
c.evidon.com/geo/ Frame BC77 41 KB
12 KB 30ms
30ms Script
application/x-javascript 23.2.214.109
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/geo/ba.js?r221006
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/durly.js?;coid=1267;nid=153615;ad_w=970;ad_h=250
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.2.214.109 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-214-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: a28b9871dc80175bbb6cbaadf100abc925d5e106f0254c8f8a13d34141d90bfa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: gzip
last-modified: Thu, 06 Oct 2022 20:22:19 GMT
server: AkamaiNetStorage
etag: "1e1cf06df2b98e267c5e511e819fb810:1665087739.27933"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: application/x-javascript
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
cache-control: max-age=86400
accept-ranges: bytes
access-control-allow-headers: *
content-length: 12426

GET
H2 200 4.gif
c.evidon.com/a/ Frame BC77 43 B
335 B 36ms
36ms Image
image/gif 23.2.214.109
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.evidon.com/a/4.gif
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=ygqcyx&e=1586314810833
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.2.214.109 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-214-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: de3a7ca2f8ae592aae2652335b755b0d0b65df663dda8776387cae7339b76d64

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: gzip
last-modified: Thu, 15 Apr 2010 17:07:29 GMT
server: AkamaiNetStorage
etag: "65786c291a4603aa5150a1884452838d:1271351254"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: image/gif
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
cache-control: max-age=432000
accept-ranges: bytes
access-control-allow-headers: *
content-length: 53

GET
H2 200 4.gif
c.evidon.com/a/ Frame 55AC 43 B
335 B 36ms
36ms Image
image/gif 23.2.214.109
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.evidon.com/a/4.gif
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/durly.js?;coid=1267;nid=153615;ad_w=970;ad_h=250
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.2.214.109 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-214-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: de3a7ca2f8ae592aae2652335b755b0d0b65df663dda8776387cae7339b76d64

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: gzip
last-modified: Thu, 15 Apr 2010 17:07:29 GMT
server: AkamaiNetStorage
etag: "65786c291a4603aa5150a1884452838d:1271351254"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: image/gif
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
cache-control: max-age=432000
accept-ranges: bytes
access-control-allow-headers: *
content-length: 53

GET
H2 200 ba.js Show response
c.evidon.com/geo/ Frame 55AC 41 KB
12 KB 36ms
36ms Script
application/x-javascript 23.2.214.109
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/geo/ba.js?r221006
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/durly.js?;coid=1267;nid=153615;ad_w=970;ad_h=250
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.2.214.109 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-214-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: a28b9871dc80175bbb6cbaadf100abc925d5e106f0254c8f8a13d34141d90bfa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: gzip
last-modified: Thu, 06 Oct 2022 20:22:19 GMT
server: AkamaiNetStorage
etag: "1e1cf06df2b98e267c5e511e819fb810:1665087739.27933"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: application/x-javascript
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
cache-control: max-age=86400
accept-ranges: bytes
access-control-allow-headers: *
content-length: 12426

GET
H2 200 4.gif
c.evidon.com/a/ Frame 3382 43 B
335 B 58ms
57ms Image
image/gif 23.2.214.109
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.evidon.com/a/4.gif
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/durly.js?;coid=1267;nid=153615;ad_w=970;ad_h=250
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.2.214.109 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-214-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: de3a7ca2f8ae592aae2652335b755b0d0b65df663dda8776387cae7339b76d64

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: gzip
last-modified: Thu, 15 Apr 2010 17:07:29 GMT
server: AkamaiNetStorage
etag: "65786c291a4603aa5150a1884452838d:1271351254"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: image/gif
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
cache-control: max-age=432000
accept-ranges: bytes
access-control-allow-headers: *
content-length: 53

GET
H2 200 ba.js Show response
c.evidon.com/geo/ Frame 3382 41 KB
12 KB 30ms
30ms Script
application/x-javascript 23.2.214.109
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/geo/ba.js?r221006
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/durly.js?;coid=1267;nid=153615;ad_w=970;ad_h=250
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.2.214.109 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-214-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: a28b9871dc80175bbb6cbaadf100abc925d5e106f0254c8f8a13d34141d90bfa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: gzip
last-modified: Thu, 06 Oct 2022 20:22:19 GMT
server: AkamaiNetStorage
etag: "1e1cf06df2b98e267c5e511e819fb810:1665087739.27933"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: application/x-javascript
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
cache-control: max-age=86400
accept-ranges: bytes
access-control-allow-headers: *
content-length: 12426

POST
H3 200 adfetch Show response
googleads.g.doubleclick.net/pagead/ Frame 124C 99 KB
34 KB 114ms
114ms XHR
text/html 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adfetch

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

035df4674c9e3a99c79e9f1aad6db5292f3c3992c1a73b885b03408c54ab917f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35051
x-xss-protection: 0

POST
H/1.1 200
OK vevent
fra1-ib.adnxs.com/ Frame 6D7C 0
953 B 20ms
20ms Ping
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QL1BfBM9QIAAAMA1gAFAQiwz-qdBhD8gMyim7GYonYYrtKEspaDxZIcKjYJWDuKc9TRkT8R0KXWAEcwjT8ZAAAAoEfhyj8h0KXWAEcwjT8pWDsJJNAxAAAA4FG4nj8wrev0CjiYUEDlHkhlUK2iyyVY8tOXAWAAaPT7tAF47tAEgAEBigEDVVNEkgUG8FWYAcoHoAH6AagBAbABALgBAcABBcgBAtABANgBAOABAPABANgCAOACm4VO6gIRaHR0cHM6Ly9rcmVzeS5wbC-AAwCIAwGQAwCYAxegAwGqA-cBCr8BaA0ncHBhZ2VhZDIuZ29vZ2xlc3luZGljYXRpb24uY29tDR5EL2dlbl8yMDQ_aWQ9YXdiaWQmBQb0BQFfYj1BS0FtZi1BdU1OLXM0VEpRZ0Q5UTlQM0lnZ1ZkSXlrVjl1c3RkcUk5enMtN2ZKdTJ3bF92eldpRk90dmltaUphZjZIeGhvdGJ0dGthRXUzN3BjN0FHSDZhS3ZHRThMaXBRdyZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhM4NTIyMDQzNjM4OTU1NTczMzcyIgg3ODgyNzgyMSoEMzk0McADrALIAwDYA5HWUuADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBA4yMTcuMTE0LjIxOC4yN6gEALIEEAgAEAEYygcg-gEoADAAOAK4BADABADIBADaBAIIAeAEAfAEIcFYiAUBmAUAoAWv0rTYpobT2T7ABQDJBQAFARTwP9IFCQkFC3wAAADYBQHgBQHwBcnqK_oFBAgAEACQBgCYBgC4BgDBBgEhNAAA8D_QBu6PAdoGFgoQCRIZAbAQABgA4AYB8gYCCACABwGIBwCgBwGqBwwxMzg5OTQxOTI1MzjIB-7QBNIHDQkRNwE1CNoHBgFtcBgA4AcA6gcCCADwB-fZAooIAhAAlQgAAIA_mAgB&s=286d6942f39cfae69770476ffa0fb0e9c06ff839&type=nv&nvt=5&jm=1003&px=0&py=0&bw=970&bh=250&sid=7403146411521057559&vd=ct~0|rr~0&sv=231&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=22885805&sw=1600&sh=1200&pw=970&ph=250&ww=970&wh=250&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/231/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:28 GMT
AN-X-Request-Uuid: ed1975a9-71bc-46df-a7f8-c8d90af9c860
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 153615.js Show response
c.evidon.com/a/n/1267/ Frame BC77 3 KB
1 KB 30ms
30ms Script
application/x-javascript 23.2.214.109
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/a/n/1267/153615.js
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/geo/ba.js?r221006
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.2.214.109 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-214-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 94e8b99f224b394ce1a5031b2f1742c551f635eed13a813716a475d8275f46c5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: gzip
last-modified: Thu, 08 Oct 2020 14:46:33 GMT
server: AkamaiNetStorage
etag: "6824cb2ff4568d14eda7aff13744195c:1602168393.36391"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: application/x-javascript
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
cache-control: max-age=600
accept-ranges: bytes
access-control-allow-headers: *
content-length: 867

OPTIONS
H2 204 1a
i.clean.gg/ Frame 0
0 170ms
108ms Preflight
text/plain 34.95.69.49
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clean.gg/1a
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.95.69.49 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 49.69.95.34.bc.googleusercontent.com
Software: nginx/1.21.6 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://guandads.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Origin,Accept,X-API-Key
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1728000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/plain; charset=utf-8
date: Sun, 08 Jan 2023 11:23:28 GMT
server: nginx/1.21.6
via: 1.1 google

POST
H3 200 1a Show response
i.clean.gg/ Frame 1060 0
15 B 163ms
113ms XHR
application/octet-stream 34.95.69.49
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clean.gg/1a
Requested by: Host: acdn.adnxs-simple.com
URL: https://acdn.adnxs-simple.com/strikeforce/script.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.95.69.49 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 49.69.95.34.bc.googleusercontent.com
Software: nginx/1.21.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
via: 1.1 google
server: nginx/1.21.6
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/octet-stream
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Origin,Accept,X-API-Key
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3 200 render_post_ads_v1.html Show response
googleads.g.doubleclick.net/pagead/ Frame 9940 13 KB
5 KB 50ms
40ms Document
text/html 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Requested by

Host: guandads.com
URL: https://guandads.com/r/p.html?f=tcmufcve&e=1586314810833

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

04f5d63c75f9fabede423b3d013e6efd9a448190898a34499a4010a59014a8d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 54624
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: br
content-length: 4767
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 07 Jan 2023 20:13:04 GMT
etag: 12223946614886178233
expires: Sun, 08 Jan 2023 20:13:04 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 5423 52 KB
17 KB 32ms
20ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=2030592
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=tcmufcve&e=1586314810833
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 17770
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Sun, 08 Jan 2023 11:23:28 GMT
ETag: W/"623de86a-cf34"
Expires: Sun, 01 Jan 2023 17:03:48 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 7, 236583
X-Served-By: cache-lga13626-LGA, cache-hhn-etou8220061-HHN
X-Timer: S1673177009.762021,VS0,VE0

GET
H/1.1 200
OK rd_log Show response
fra1-ib.adnxs.com/ Frame 1060 0
934 B 26ms
19ms Script
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QLGMfBMxhgAAAMA1gAFAQiwz-qdBhCsmbDmwNqF5WIYrtKEspaDxZIcKjYJwJfCg2bXjT8RJmFqQatwiD8ZAAAAoEfhyj8hJmFqQatwiD8pwJcJJNAxAAAA4FG4nj8wrev0CjiYUEDlHkhlUK2iyyVY8tOXAWAAaPT7tAF4x4gGgAEBigEDVVNEkgUG9JAEmAHKB6AB-gGoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQDYAgDgApuFTuoCEWh0dHBzOi8va3Jlc3kucGwv8gINCgZIRUlHSFQSAzI1MPICDAoFV0lEVEgSAzk3MPICIQoGTE9BREVSEhdyZW5kZXJfcG9zdF9hZHNfdjEuaHRtbPICGAoKSUZSQU1FX0tFWRIKMjA1MzQ0MzA1NvICyBUKC1BSRV9TQ1JJUFRTErgVPHNjcmlwdD4oZnVuY3Rpb24oKXsvKgoKIENvcHlyaWdodCBUaGUgQ2xvc3VyZSBMaWJyYXJ5IEF1dGhvcnMuCiBTUERYLUxpY2Vuc2UtSWRlbnRpZmllcjogQXBhY2hlLTIuMAoqLwp2YXIgaz10aGlzfHxzZWxmO3ZhciBsPUFycmF5LnByb3RvdHlwZS5pbmRleE9mP2Z1bmN0aW9uKGEsYyl7cmV0dXJuIEFycmF5LnByb3RvdHlwZS5pbmRleE9mLmNhbGwoYSxjLHZvaWQgMCl9OmZ1bmN0aW9uKGEsYyl7aWYoInN0cmluZyI9PT10eXBlb2YgYSlyZXR1cm4ic3RyaW5nIiE9PXR5cGVvZiBjfHwxIT1jLmxlbmd0aD8tMTphLmluZGV4T2YoYywwKTtmb3IodmFyIGU9MDtlPGEubGVuZ3RoO2UrKylpZihlIGluIGEmJmFbZV09PT1jKXJldHVybiBlO3JldHVybi0xfTtmdW5jdGlvbiBtKGEpe21bIiAiXShhKTtyZXR1cm4gYX1tWyIgIl09ZnVuY3Rpb24oKXt9O2Z1bmN0aW9uIG4oYSl7YT12b2lkIDA9PT1hP2RvY3VtZW50OmE7cmV0dXJuIGEuY3JlYXRlRWxlbWVudCgiaW1nIil9O2Z1bmN0aW9uIHAoYSxjLGUpe3ZhciBiPSExO2I9dm9pZCAwPT09Yj8hMTpiO2EuZ29vZ2xlX2ltYWdlX3JlcXVlc3RzfHwoYS5nb29nbGVfaW1hZ2VfcmVxdWVzdHM9W10pO3ZhciBkPW4oYS5kb2N1bWVudCk7aWYoZSl7dmFyIGY9ZnVuY3Rpb24oKXtpZihlKXt2YXIgZz1hLmdvb2dsZV9pbWFnZV9yZXF1ZXN0cyxoPWwoZyxkKTswPD1oJiZBcnJheS5wcm90b3R5cGUuc3BsaWNlLmNhbGwoZyxoLDEpfWQucmVtb3ZlRXZlbnRMaXN0ZW5lciYmZC5yZW1vdmVFdmVudExpc3RlbmVyKCJsb2FkIixmLCExKTtkLnJlbW92ZUV2ZW50TGlzdGVuZXImJmQucmVtb3ZlRXZlbnRMaXN0ZW5lcigiZXJyb3IiLGYsITEpfTtkLmFkZEV2ZW50TGlzdGVuZXImJmQuYWRkRXZlbnRMaXN0ZW5lcigibG9hZCIsZiwhMSk7ZC5hZGRFdmVudExpc3RlbmVyJiZkLmFkZEV2ZW50TGlzdGVuZXIoImVycm9yIixmLCExKX1iJiYoZC5hdHRyaWJ1dGlvbnNyYz0iIik7ZC5zcmM9YzthLmdvb2dsZV9pbWE9tygucHVzaChkKX0KO1VLgHEoKXt2YXIgYT1kb2N1bWVudC5jdXJyZW50U2NyaXB0O0m9FChhPXZvaVFuXG51bGw6YSkmJiI3NyI9PT1hLmdldEF0dAWQOGUoImRhdGEtamMiKT9hOhVXPHF1ZXJ5U2VsZWN0b3IoJ1sNJQA9AUQQXScpfTsBhyxyPVJlZ0V4cCgiXmihHOA_Oi8vKFxcd3wtKStcXC5jZG5cXC5hbXBwcm9qZWN0XFwuKG5ldHxvcmcpKFxcP3wvfCQpIik7CmaNPwQgdBXgAGsFYQxjPVtdBQkEZT0Bxgg7ZG8F_xhiPWE7dHJ5BQwsZDtpZihkPSEhYiYmASRQIT1iLmxvY2F0aW9uLmhyZWYpYjp7AS2QbShiLmZvbyk7ZD0hMDticmVhayBifWNhdGNoKGgpe31kPSExfQHWCGY9ZBkXAGYBFgxpZihmKXkAZz5eABA7ZT1iLjE2BCYmGQwoLnJlZmVycmVyfHwBlyR9ZWxzZSBnPWUsDcsAYyngMG5ldyB1KGd8fCIiKSkF1RRhPWIucGEh1BmGAGEF__BAfX13aGlsZShhJiZiIT1hKTtiPTA7Zm9yKGE9Yy5sZW5ndGgtMTtiPD1hOysrYiljW2JdLmRlcHRoPWEtYjtiPWshKzkeAa41KjhhbmNlc3Rvck9yaWdpbnNuHAANawA9HXUAKQmGDDE7YTwRikw7KythKWc9Y1thXSxnLnVybHx8KAUILkIBOnYAFFthLQoxXSEMGCxnLmg9ITAB4ykiAGsZqyHVFCwhMSk7ZyUWJQIEZT0yBAEgMDw9ZTstLWUpIbpEPWNbZV0sIWcmJnIudGVzdChmAY8gKSYmKGc9ZiksBQ4sJiYhZi5oKXtiPWY7RRsAfQ1dAGUV5gQmJgHMATsEOzBBZQBkIVoIJiZlBUgBGwgpO2MFrRR2KGIsZyltixggYy5nP2MuBfoMOmMuaQFAAH110AB2yfIUdGhpcy5pQdUBCQhnPWMZIgB1HSIIdXJsESQUaD0hIWM7BS8FiCUK3akAd3VJGHQoKSxjPWHxq0AoIj8iKTtzZXRUaW1lb3V0KBGMDTEAZZk6GGU_LjAxOmVBNUQhKE1hdGgucmFuZG9tKCk-ZSlpDwxiPXEoIaQAImX_NDovLyIrKGImJiJ0cnVlgWsAYlZrBDgtcmNkIik_InBhZ2VhZDLNShBzeW5kaWm5IC1jbi5jb20iOmYjAAUgDCkrIi8JRXgvZ2VuXzIwND9pZD1qY2EmamM9NzcmdmVyc2lvbj0ihUUMZD0oZAGxDCkmJmRamQANMTAiKXx8InVua25vd24iYeNcK2QrIiZzYW1wbGU9IitlO2I9d2luZG93BVgAZjk0FGY_ITE6ZiEzNGQ9Yi5uYXZpZ2F0b3IpMg4AUC51c2VyQWdlbnQsZD0vQ2hyb21lL0mbIGQpJiYhL0VkZxkRHD8hMDohMTtkYZMVUTAuc2VuZEJlYWNvbj8KHWkdGCQoZSk6cChiLGUs1QwJnhApfX0sMFWgXDA8PWM_YS5zdWJzdHJpbmcoMCxjKTphfQngEC5yZmw9XSPJYHQgZW5jb2RlVVJJQ29tcG9uZW50KHcoKSl9O30pLmMO3wlBmhQpOwo8L3PFmGw-8gLJAgoKRVhUUkFfVEFHUxK6AjxkaXYgc3R5IVIMcG9zaaGxZDogYWJzb2x1dGU7IGxlZnQ6IDBweDsgdG9wDQpwdmlzaWJpbGl0eTogaGlkZGVuOyI-PGltZyBzcmNZh0kUSlkCQTYNHi4yAhRhd2JpZCYFBvCGX2I9QUtBbWYtQmcxalFlN3l6NnBmX3RRRllOeVV2VEtXUnYxb2NMU1NNRUw1Vm9qOENsdGx0WmdsWlI2Z0F1ZVNmSzdxd1U5QlJrWHZYZVdzaWV5RXd6OEZjaWtFemlQUWdyUmciIGJvcmRlcj0wIHdpZHRoPTEgaGVpZ2h0PTEgYWx0PSIiMRqIZGlzcGxheTpub25lIj48L2Rpdj7yApoBCgxQT1NUX1NDUkkOGgwEiQEaGgw2CAFoZ29vZ2xlYWRzLmcuZG91YmxlY2xpY2submV0MQY8eGJmZV9iYWNrZmlsbC5qcwFlLbUNUwA-nSRkIHtyM3B4KCcyMDUzNDQzMDU2Jyk7fSkoKTs96xCgEwoQSAGeNFBPUlRfUEFSQU1TEosTkSSKlQDwlWFkZmV0Y2g_YWRrPTQxMjIwNDM2MDUmYWRzYWZlPW1lZGl1bSZjbGllbnQ9Y2EtcHViLTMwNzY4OTAwMTI3NDE0NjcmZm9ybWF0PTk3MHgyNTBfYXMmaXA9MjE3LjExNC4yMTguMjcmb3V0cHV0PWh0bWwmdW52aWV3ZWRfcG9zaXRpb25fc3RhcnQ9MSZ1cmw9aHR0cIHhAGse_A0QJnN1Yl8NgwBiQYoMci01NyES8GU4JmhsPWRlJmFjZWlkPU1KSmdOQUdPWVRRQlRYdzBBVlNBTkFGZWdEUUJIb0UwQVQ2Q05BRjFnalFCNjRJMEFSaUROQUVqZ3pRQk9ZTTBBWnFETkFHYmd6UUJ5NE0wQWRTRE5BSFYBEAQybwEQFHlETkFIegEQ9FsCLUlNMEFmdUROQUZMYzBFQlUzTkJBUklZMmdHREgxd0N6X3VJQWlkQ3FnSW9RcW9DS1VLcUFzQk9xZ0lnV3FvQ3QyV3FBbHVHcWdLQW02b0NnWnVxQW9LYnFnSk5vS29DOGFTcUFxS29xZ0t5cTZvQ1JiMnFBakxKcWdMUHphb0NvT1dxQWw3cHFnS3g4Nm9DOF9XcUFtNzRxZ0tfLXFvQ0p2dXFBa0w3cWdKTF9hb0M5d2VyQXNNTXF3TFREYXNDMWcyckFzMFNxd0tRRTZzQ1l4eXJBcXdjcXdKNUlLc0NEaUdyQWxvaHF3THJKNnNDS3lpckFsUW9xd0pkS0tzQ2VDcXJBc0VxcXdMU0txc0MteXVyQWs4c3F3STlMcXNDNFM2ckF1Z3Zxd0o3TktzQ1dUaXJBcmM1cXdMOU9hc0NuVHFyQWdjN3F3SkJPNnNDRFR5ckFpTThxd0tvUEtzQ3REeXJBdWc4cXdKd1Bhc0NsRDJyQWpJLXF3TEtQcXNDOXo2ckFnOUFxd0kzUUtzQ1pVQ3JBbWRBcXdJWFE2c0NZMFdyQWpSR3F3SThScXNDWVVtckFuTkpxd0tGU2FzQ3VVbXJBczFLcXdMY1Nxc0NYMHlyQWludEJRTUMxZkFKd3RpaERzLVQteElLcVBzUzA3bjdFcmJXLXhJejR2c1Njdjc3RXRBR19CTGpCX3dTZVFuOEVwY0pfQkl5Q3Z3U1J3cjhFa3dLX0JJSkNfd1NQUXY4RW1DaTZoVDZWbXNhbWJ6X0k4ckx0UzQmZXhrPTIwNTM0NDMwNTYmYaEhBF9jsRvwsFctT1pCYl8ySm1OVXdiM3hwOFpkVTVTcFFVSGM0NXZGeExsWEczUDE2ZWtJa2RkNEtRem5XbEtQRTRMVGV0Q2hqUHN5Tmp3ZlBpSW9DSUFwdU9hbjhaN2Yza08wU3pQdFdzQW1UaHZlek9XLWxrMlE3SWJfRzVsbUJDOXpfZVZzbnY1RWs2cF9ILTNiSHJFcmk0Uk5UbS0yRlJZWHdfMVlHWTBxaXJ3SjgzVFZ3WU1ZJqnbAGQNwPRBBkF1QkJWQVhwNG83NkNTM1JNSjVmTF9qMTJCak5YSlRwQ1lqRWJvTUZlTlV5MF9QSDlXZU1BOWJ3UW5pNlgxLS15YldiSlVqaUhkZ1VPd0laNzJweGxKRVJOWF9YdmZES0NJTzBxTWo0c1VtYTducXotMVlJSUVnaHlRNkN2Rmh3VWNHVFVQU01sSXMzLXh4RnpsTVV4dGRMeGxqcFpwVXRzN3J2aXpBUHNEYXpvLTUwMTJsX2lVempzTTB6NVhCSTB6NjR3OHhQU0J6NzRESjRRM19kUVpMTk1IWXhzR0k0Ri1GTzB3S2pvaUFzTlhLWXR6aE1VVDV6N0UtUk5UcFFaUFJjUDMxbTFtTkdxaDFHSkVnM28wMEVzSG8xMHgxdDhjOWhReFZIVmxqdlNubm5IRHFWVm83VDAyX1kzUUZzUzZZVWtFUzRIS3RyMFQ5aW5STTluTTREODF2N2llQ280ODk2NUhGcUpkbGV1b0lNdVJKdmxQMnc5R2VQd3NCOHYxSzBYMlFDWUxXVngwakQyd2dJVWZ0TFZWQlloVDhiakJyTzlOMEhQb085bVkwZ0VWLWE5V3ktdlM4eUdnOHBDVU16cUxqTFVTbld3ZnBjcHRXZG9TYnJHcXV4UHhLTEp5dXJINFZSTXc4TDVhLWxGLXZTQ0tjXy1fdml1dUdOOS05dDVQZHNsYzlTR2JMY3dueFdWWTE2MmRhUXZrQVJfVlV3MnV4Q2V6aHhvV0RCMW5ObFEwaVBrZFc3aFRpbkh4ek5maG5QeVc5aTctZHNjV0gzUmlNLVl1SVpEZXJaTzFUWUNPV1BycmNfOGdlLS1IODBQUmFsVFg4eThkQ2pkMkxQUTA4YUFLeUxiWHBxN0tuLWNZSXo4Z21ITE4yYlBTN1ltQlFha0ZJdDNHQ0ZuS1hSZVpwZzZ0aHhnbzNHU183Tjc5djNvSE1zOWw0VmZIRWNENHhodG5SMlE1RnJXejlyTDdCWG9qN0JJdmV0cWl6SEdVSUZmNzlZSTNWR1RSYnE4RHJ0eXVNMTZqMHM3VS1BdWkzUEJ0NFZzNlN3QTVYeFdiQndqRnBYZmxrY1FhQUdpNDF4YmhaWlRkNjBPbnlSMTB1eVYtRkx5d0RKMk1RRDR0YTcwZS16ZmtMNl9QZ1BvUjlPaUFyTlRzRVFWYVdSYzlONzlRNWlKLXRvYmIyb2pZWU1BdjhERTRzcnBHSTI2a2RmVlFuNXRJYW5mWnYyWkEtUVRINGFGaXdTX3o1Z2tQNFNGaGNMekw4U2hwbjNuX29GSk10NXJ4WmI2b0dEeEEyRmZ6MDZNOTlQRWdqeURMdDFnUEVlMnYxZVdqcjFONHB1cU1DbWQ4TmJMWDZGbGgwM0dTS1NBRzd4bFJmY1lTYTBIeTlfZ2RKQUxNLVNsd3lxNTBRM1JTb0hzSTZGR1otbzJXd2M0eUxseGtfcHlxd0NnSTZPSTNzeXg0MENPcFc2a1BoLS1DczlXUjF0YkNmUlZjRHlRdHJLZEdpME5UeVlzc2xsN2s3SVlUZW9qME9SSnFpMUNvMHlOTXcwZlFUb3I4UVZvOXVBOGhROFBQcEdoT2w3T2xCOVZZUmlOS2pzREh5a2hjZG94YjA2ZWImY2lkPUNBUVNHd0RxMjZOOTR6aWJya2FTX2ctelZTU0Q5NkVSVjZDOTY3ZU03aGdCSUFvJmFfY2lkPYADAIgDAZADAJgDF6ADAaoDAMADrALIAwDYA5HWUuADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBA4yMTcuMTE0LjIxOC4yN6gEALIEEAgAEAEYygcg-gEoADAAOAK4BADABADIBADaBAIIAeAEAfAEraLLJYgFAZgFAKAFi-WOgurd3b8dwAUAyQUAAAAAAADwP9IFCQkAAAAAAAAAANgFAeAFAfAFyeor-gUECAAQAJAGAJgGALgGAMEGAAAAAAAA8D_QBu6PAdoGFgoQAAAAAAAAAAAAAAAAAAAAABAAGADgBgHyBgIIAIAHAYgHAKAHAaoHDDEzODk5NDE5MjUzOMgHx4gG0gcNCQAAAAAAAAAAEAAYANoHBggAEAAYAOAHAOoHAggA8Afn2QKKCAIQAJUIAACAP5gIAQ..&s=e3f963895403549b828742a53906312db06a0d56&bdref=https%3A%2F%2Fkresy.pl%2F&bdtop=true&bdifs=2&bstk=https%3A%2F%2Fkresy.pl%2F,https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Dtcmufcve%26e%3D1586314810833,https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Dtcmufcve%26e%3D1586314810833&

Requested by

Host: acdn.adnxs-simple.com
URL: https://acdn.adnxs-simple.com/strikeforce/script.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:28 GMT
AN-X-Request-Uuid: 1d3852e9-6aef-4199-9548-c4e754c729d6
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 153615.js Show response
c.evidon.com/a/n/1267/ Frame 55AC 3 KB
1 KB 42ms
33ms Script
application/x-javascript 23.2.214.109
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/a/n/1267/153615.js
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/geo/ba.js?r221006
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.2.214.109 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-214-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 94e8b99f224b394ce1a5031b2f1742c551f635eed13a813716a475d8275f46c5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: gzip
last-modified: Thu, 08 Oct 2020 14:46:33 GMT
server: AkamaiNetStorage
etag: "6824cb2ff4568d14eda7aff13744195c:1602168393.36391"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: application/x-javascript
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
cache-control: max-age=600
accept-ranges: bytes
access-control-allow-headers: *
content-length: 867

GET
H2

200

placement.js Show response
assets.scoota.co/serving/31880/ Frame 5C97
Redirect Chain

https://track.scoota.co/serve?bid_id=2207446029686697550&delivery_id=db5e5970-dd4f-405f-b471-8d265112bec7&domain=kresy.pl&cachebuster=122896422&event=serve&placement_id=31880&runtime_version=19.5.1...
https://assets.scoota.co/serving/31880/placement.js?ts=1673177008756

68 KB
23 KB

23ms
23ms

Script
application/javascript

65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31880/placement.js?ts=1673177008756
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=hwvfnqo&e=1586314810833
Protocol: H2
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 86b1c8feb9ea31f91943cff27e9e9015c7a0589ccb9dfaaabe0d6589d8b8b16b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:13 GMT
content-encoding: gzip
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
last-modified: Tue, 03 Jan 2023 14:53:54 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 84076
etag: W/"5b44d2acc01d2ba224b233396573926a"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: 9mpBI20oO75g3tnPvNEcqHt7jmxbH1jssT3b7PB0-olOO-Ge8QGpjQ==

Redirect headers

location: https://assets.scoota.co/serving/31880/placement.js?ts=1673177008756
x-cloud-trace-context: 786ec88c56b5536cdf881e8af85bc47f
date: Sun, 08 Jan 2023 11:23:28 GMT
server: Google Frontend
content-length: 343
content-type: text/html; charset=utf-8

GET
H2 200 durly.js Show response
c.evidon.com/ Frame 5C97 4 KB
2 KB 32ms
30ms Script
application/x-javascript 23.2.214.109
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/durly.js?;coid=1267;nid=153615;ad_w=970;ad_h=250
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.2.214.109 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-214-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: f9699b9f521b1c637bb698eab0017f2670dddbc21660ca74bb204a52b34e68b2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: gzip
last-modified: Thu, 06 Oct 2022 20:22:56 GMT
server: AkamaiNetStorage
etag: "5e1b47a064619e731abffc27f0b21f4e:1665087776.418884"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: application/x-javascript
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
accept-ranges: bytes
access-control-allow-headers: *
content-length: 1606

GET
H2 200 tfav_adl_68.js Show response
j.adlooxtracking.com/ads/js/ Frame 5C97 64 KB
23 KB 33ms
32ms Script
application/javascript 2606:4700:10::ac43:2415
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://j.adlooxtracking.com/ads/js/tfav_adl_68.js
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:2415 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2ebd8f4b206d3cc70d859e3b0c7dfb47e21f79b0d925a50a94353334e8c72e5d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 14 Dec 2021 10:09:54 GMT
server: cloudflare
age: 257
etag: W/"61b86d72-ffba"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 78648fb0cee42c4f-FRA

GET
H2

200

px Show response
go.affec.tv/ Frame 5C97
Redirect Chain

https://go.affec.tv/i/611cd427bc326a56c7c4e2d1?auction_id=2207446029686697550&tag_id=22885805&creative_id=409830601&creative_size=970x250&reserve_price=0&price_paid=0.00739&bid_price=0.00739&ecp=0....
https://map.go.affec.tv/map/af/?gdpr=&gdpr_consent=&redirect_url=%2F%2Fgo.affec.tv%2Fpx
https://secure.adnxs.com/getuid?https%3A%2F%2Fmap.go.affec.tv%2Fmap%2Fan%2F%24UID%3Fch%3D63baa7b18d451b00013ce236%26chc%3Daf%26gdpr%3D%26gdpr_consent%3D%26redirect_url%3D%252F%252Fgo.affec.tv%252Fpx
https://map.go.affec.tv/map/an/2028049306522560814?ch=63baa7b18d451b00013ce236&chc=af&gdpr=&gdpr_consent=&redirect_url=%2F%2Fgo.affec.tv%2Fpx
https://go.affec.tv/px

43 B
263 B

72ms
70ms

Script
image/gif

65.9.66.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://go.affec.tv/px
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=hwvfnqo&e=1586314810833
Protocol: H2
Server: 65.9.66.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-6.fra56.r.cloudfront.net
Software: /
Resource Hash: 4842e7f28ce31b8044560bb63762638d957dae394c1b18b24808a2d459886d4c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
via: 1.1 36d9e1bd4f00d39c57a56679dc44e264.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
content-length: 43
x-amz-cf-id: sfY9rbxRpJyScudZ1himfUAarPT7b_Ktz_0hfGMY1nOleWk5MUZg1w==
x-cache: Miss from cloudfront
content-type: image/gif

Redirect headers

location: //go.affec.tv/px
date: Sun, 08 Jan 2023 11:23:29 GMT
content-encoding: gzip
content-length: 71
vary: Accept-Encoding
content-type: text/html; charset=utf-8

GET
H/1.1 200
OK trk.js Show response
cdn.adnxs.com/v/s/231/ Frame 5C97 80 KB
27 KB 29ms
28ms Script
application/x-javascript 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adnxs.com/v/s/231/trk.js
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: a6014f6b98eaeb6078b9e1c953c61f33af95d5f4866d89a416d01b74a0dd6c27

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Expires: Wed, 06 Dec 2023 04:35:13 GMT
Date: Sun, 08 Jan 2023 11:23:28 GMT
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Age: 2875696
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 27455
X-Served-By: cache-lga13620-LGA, cache-hhn-etou8220058-HHN
Last-Modified: Wed, 30 Nov 2022 10:07:25 GMT
Server: AkamaiNetStorage
X-Timer: S1673177009.769162,VS0,VE0
ETag: "48b9fe7fe4120aea6f95a30f505d7b35:1669802845.0694"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *, *
Cache-Control: max-age=31536000
Accept-Ranges: bytes
X-Cache-Hits: 17, 1869126

GET
H/1.1 200
OK it
fra1-ib.adnxs.com/ Frame 5C97 0
934 B 30ms
30ms Image
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fra1-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252Fkresy.pl%252F&e=wqT_3QKbDPBMGwYAAAMA1gAFAQiwz-qdBhDO3Mni_o6b0R4YrtKEspaDxZIcKjYJ9jsUBfpEfj8RQKJoqtfQdT8ZAAAAoEfhyj8hQKJoqtfQdT8p-DsJJNgxAAAA4FG4nj8wrev0CjiYUEDRB0gCUMmJtsMBWPLTlwFgAGj0-7QBePrXBYABAYoBA1VTRJIBAQbwTJgBygegAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEAigJpdWYoJ2EnLCAzNjcxOTYzLCAwKTt1ZignaScsIDc3NzY4MzMsIDApBRQsZycsIDE5NTQwMjMxFSkwcycsIDI3OTkwNDQ4NxUWLHInLCA0MDk4MzA2MAks8LCSAu0EIXVYcm1xQWlCNFA4WkVNbUp0c01CR0FBZzh0T1hBVEFCT0FCQUFFalJCMUN0Nl9RS1dBQmdyZ1pvQUhBQWVBQ0FBUUNJQVFDUUFRR1lBUUdnQVFLb0FRS3dBUUM1QVpfRF9iZ0tCWGtfd1FFWmVFd19ZVUYtUDhrQkFBQUFBQUFBOERfWkFaLXJyZGhmZHVvXzRBSEIxTm9EOVFITnpNdy1tQUlBb0FJQ3RRSUEBMwh2UUkBB_BYQXdBSUF5QUlBMEFJQTJBSUE0QUlBNkFJQS1BSUFnQU1CbUFNQm9nTU9DS3FiOUNjUUJCZ0JMVy1zM2pxaUF4TUk2dlBzSnhBS0dBRXRBQUNBUURJRGRXNXIFNDBKYXZ1Q1lRQ3hnQ0xRAW_wQ0M2QXdsR1VrRXhPalV6TWpEZ0E1Y3dnQVRJaE5FSmlBVGduX3dKa0FRQm1BUUVzZ1FLQ05EMDV3a1F5NFdtRGNFRUFBAUgBAQhESkIBBw0BFDJBUUE4UQVlCQFcSWdGeUNtUUJmRzhNWmdGNTRHOGhRR3BCESMUUEFfc1FVCSwBAQhNRUYBBwkBBERKBSgcRUFUby1jXzAuKAAETmsVKPBDOERfZ0JlTUY4QVdIMHFnSi1BV2JqLUFCZ2dZRFIwSlFpQVlBa0FZQm1BWUFvUWFhbVptWm1ablpQNmdHQkxJR0pBa0EJcAxBQUFCHdsEQmsBEgkBAEMdGERMZ0dDZy4umgKZASFmeGxXVlE6cQI0UExUbHdFZ0FDZ0FNWnEFbxRtZGtfT2cudQFEQkFsekJKbjZ1dDJGOTI2ajlSCWoBAQRCWgEGCQEEQmgJCAEBBEJwAQYJAQRCeAkIAQEQQjRBSWs1iPDQOEQ4LtgCAOACm4VO6gIRaHR0cHM6Ly9rcmVzeS5wbC-AAwCIAwGQAwCYAxegAwGqAwDAA6wCyAMA2AOR1lLgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQOMjE3LjExNC4yMTguMjeoBACyBBAIABABGMoHIPoBKAAwADgCuAQAwAQAyAQA0gQNOTc3I0ZSQTE6NTMyMNoEAggB4AQB8ATJibbDAYgFAZgFAKAF____________AcAFAMkFAAAAAAAA8D_SBQkJAAAJDrDYBQHgBQHwBSf6BQQIABAAkAYAmAYAogYPMTAyNjQjRlJBMTo1Njc1uAYAwQYJMyjwP9AG5QLaBhYKEAkRGQFYEAAYAOAGAfIGggEI8bwxEnxQQk5SQ0Yl89hEQUFrQ0JRRUluNWpRQlJEc2dNNEJHSzJ4WUNBSEtBQkFvTlM1QWtqYzlmUURVSmN3V0tzc2NRIYoJARBlQUNCQVHjWEFBQWlBRUFrQUVBbWdFQ0NBQ29BUUN4LiAARIAHAYgHAKAHAcgH-tcF0gcNCRGpAacI2gcGAfBwGADgBwDqBwIIAPAH59kCiggCEACVCAAAgD-YCAE.&s=06b9ccbd3bd7af4286475cf6ce7e8fcbf93cb736

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:28 GMT
AN-X-Request-Uuid: 6ada6f82-fea8-4a9e-9d60-46ceea2de0b1
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 153615.js Show response
c.evidon.com/a/n/1267/ Frame 3382 3 KB
1 KB 29ms
28ms Script
application/x-javascript 23.2.214.109
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/a/n/1267/153615.js
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/geo/ba.js?r221006
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.2.214.109 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-214-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 94e8b99f224b394ce1a5031b2f1742c551f635eed13a813716a475d8275f46c5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: gzip
last-modified: Thu, 08 Oct 2020 14:46:33 GMT
server: AkamaiNetStorage
etag: "6824cb2ff4568d14eda7aff13744195c:1602168393.36391"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: application/x-javascript
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
cache-control: max-age=600
accept-ranges: bytes
access-control-allow-headers: *
content-length: 867

GET
H3 200 render_post_ads_v1.html Show response
googleads.g.doubleclick.net/pagead/ Frame B8BA 13 KB
5 KB 39ms
37ms Document
text/html 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

04f5d63c75f9fabede423b3d013e6efd9a448190898a34499a4010a59014a8d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 54624
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: br
content-length: 4767
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 07 Jan 2023 20:13:04 GMT
etag: 12223946614886178233
expires: Sun, 08 Jan 2023 20:13:04 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 xbfe_backfill.js Show response
googleads.g.doubleclick.net/pagead/ Frame ADB6 7 KB
3 KB 40ms
39ms Script
text/javascript 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/xbfe_backfill.js

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2154b34bc0f6a1eb89ee530e36dfe7ed28abec06fa931e1838a00ea8bb2ee7db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:01:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1290
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3003
x-xss-protection: 0
server: cafe
etag: 2660866305706646737
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Sun, 08 Jan 2023 12:01:58 GMT

GET
H/1.1 200
OK trk.js Show response
cdn.adnxs.com/v/s/231/ Frame ADB6 80 KB
27 KB 31ms
30ms Script
application/x-javascript 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adnxs.com/v/s/231/trk.js
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: a6014f6b98eaeb6078b9e1c953c61f33af95d5f4866d89a416d01b74a0dd6c27

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Expires: Wed, 06 Dec 2023 04:35:13 GMT
Date: Sun, 08 Jan 2023 11:23:28 GMT
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Age: 2875695
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 27455
X-Served-By: cache-lga13620-LGA, cache-hhn-etou8220051-HHN
Last-Modified: Wed, 30 Nov 2022 10:07:25 GMT
Server: AkamaiNetStorage
X-Timer: S1673177009.799767,VS0,VE0
ETag: "48b9fe7fe4120aea6f95a30f505d7b35:1669802845.0694"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *, *
Cache-Control: max-age=31536000
Accept-Ranges: bytes
X-Cache-Hits: 17, 1786376

GET
H/1.1 200
OK it
fra1-ib.adnxs.com/ Frame ADB6 0
934 B 24ms
24ms Image
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fra1-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252Fkresy.pl%252F&e=wqT_3QL1BfBM9QIAAAMA1gAFAQiwz-qdBhD_lMr0p-Ts2C8YrtKEspaDxZIcKjYJ7SjOUUfHdT8R_krxNSfWcT8ZAAAAoEfhyj8h_krxNSfWcT8p7SgJJNAxAAAA4FG4nj8wrev0CjiYUEDlHkhlUK2iyyVY8tOXAWAAaPT7tAF4s9gFgAEBigEDVVNEkgUG8FWYAcoHoAH6AagBAbABALgBAcABBcgBAtABANgBAOABAPABANgCAOACm4VO6gIRaHR0cHM6Ly9rcmVzeS5wbC-AAwCIAwGQAwCYAxegAwGqA-cBCr8BaA0ncHBhZ2VhZDIuZ29vZ2xlc3luZGljYXRpb24uY29tDR5EL2dlbl8yMDQ_aWQ9YXdiaWQmBQb0BQFfYj1BS0FtZi1CRnpkSVpEaHpBVVhlU3NrVGFXM2E1bWlnbXNPVlIzVEN1RlJmaUVNVjlCR19QWWRJcGJtdlNvNkNnTFQzczFTUHp2OW9Sa0ZjTlVMdUM5Z1NpZXFmNG1XZmxjQSZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhMzNDM2NzI0OTUxMzk0MTkxOTk5Igg3ODgyNzgyMSoEMzk0McADrALIAwDYA5HWUuADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBA4yMTcuMTE0LjIxOC4yN6gEALIEEAgAEAEYygcg-gEoADAAOAK4BADABADIBADaBAIIAeAEAfAEIcFYiAUBmAUAoAW6neW-1caqixzABQDJBQAFARTwP9IFCQkFC3wAAADYBQHgBQHwBdGUO_oFBAgAEACQBgCYBgC4BgDBBgEhNAAA8D_QBu6PAdoGFgoQCRIZAbAQABgA4AYB8gYCCACABwGIBwCgBwGqBwwxNDAzODExMzA0NzbIB7PYBdIHDQkRNwE1CNoHBgFtcBgA4AcA6gcCCADwB-fZAooIAhAAlQgAAIA_mAgB&s=6c38a5221d46b1132686d2e093c22c3935c6850f

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:28 GMT
AN-X-Request-Uuid: 088d5aa0-18ac-4805-a690-48bbff9762aa
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame ADB6 0
20 B 125ms
125ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=awbid&awbid_b=AKAmf-BhOoqqRqxF02n-h74ldCAZ5kB8v8ipExra-UtvsJr3UOZccCBoIZ9Sp8-QzYcMOV5-nuEy-_MjBX8ZLUbRtUQGAqhn0g

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 58B1 0
19 B 73ms
72ms Document
text/html 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ64bnAhiI64rdATAB&v=APEucNWmNJccUi4kOl2MDpSc86qhoYnN078rLI-rlHb_1EY11vY7wGBi3YyZkVdgD7M26rBMBDinHlJssQfXVefY0A5u8fHUEJefquXWIYSTjpCqZHRWxLpEa68BuiNtupW-jpluooP8d2s6C2wg56BedKX2ORa9dw_RdNvcziiWSXAskfpJfjD_GiMe3LLu9-kCE3VE7Die6zcrOfU4_zYFQ9WpOcXGYJF7WE7R4J0SHPDG-T5Ip2Q

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 08 Jan 2023 11:23:28 GMT
expires: Sun, 08 Jan 2023 11:23:28 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 85AA 68 KB
32 KB 92ms
88ms Script
text/javascript 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D6Hv1BpIW1gcKhxkYzfa6zYjoXCnSMM_kkCYKSAWoKjLsQqwW7_03zUs-CemDzCDq_TAPYttQDA84BAdzd_u-VIqsZvLQjWAO8Zesb1YzAjxIgLal2gEuGN8Ak-UGdgu_g2r7Apvg_z2N2SVYkjN7jBPktKYcNB0hErHCJ1pfM0o32UGs&cry=1&dbm_d=AKAmf-DLKZQ-UQCA-4ovMToSPUDU_xE3FaRliIbYUNZWm28seFoHmfH7yxbZhWVCDEOZqNKrqbpWisUrVororbkVFRIyopaXE6X-8kJfd-ybum3BnuwyT9gSDywKpqD9IH3QO_AV1JUisqQnWyk5lAmTEyim8en5Cn1OCBJBNX_5_XafvH01t8TEdtVruLWKCEeaKUEymVAMaVo-Mgp78Huf9ir83oHrZHo_PHDSKN0ZTFbEeGohWz2mi6NsFAKOLSWf1veAi6iaiC99a0fETmtpf7c2pxmbaMWGW7dHJvqH0uoPDFjQ_qf79JhVdCaFURm6lphN5odJEl3FSOZqDVi6V-gIhm9qYIgNxE6YTvgaQLcHS4FSlZqRAe_Qy4EedL0GOAzNvdbIffkqBV2ppS9ZeYYPUKD6N4I72eY61YZNrSpcShruVM2pIEggwbaut3afxBlSooxZyiLSJRa1T41BpbiN2KTikgXwEjam10QXriT2_nPrUYwdoTd1QfqglhuT2XGLeQOxvj_jFQ4X87tZxFJQ2t-EwgYyjcRwbo9kqPaA6jXGnQGhHDvXv6eAO6QfmroRN9x3xulqJeqiVLKayy0lYxKsmSOk42PYq6VROHQS7WVReuSfq6Iage3XELvMQOq30lkYWgepKBGWBcjY9Dr-a7QcFHzCChD7UARRX7svbTHJSnwdZypqbLPeclbPCzgqki8sNp7oJOwHxptK7tRDmkJ56b7jp8u3sA9q63xMdekZ-c5tSL6gsdZNTr2RhBdXzgqW50Es_zdQCD-Gqt6AdCLiyfseQxHRs6SCgkLkuu1uusRq9nDPLAab5JLaKXGFXM-k-IIn80wVBl5iSTjEkAzqGfK2bT8IJ7NWw8GwUBHyt2mdtv2_HkX79-2WRokai7oZwjf_2qnKCXa_EIdLrAFUD2pN6FMlcX7p8v1V2YCfzT6IKhlPGu-Qxvqn8Q6tKo-IuapOGeVYfjtiWxHD47ZP8cbYa33_0Vy_NJP-Yr-sBEIM2l8EMeAnoUSYfUVuN9MSBI3EMyZ_U5ifVwYT8tbu-EGVFq5HUuRrhOYhODHTpSael0ARs5U69cLj6h6lAbKOEFIoE0Om5FxuUSnKPF9Cj_qUN3Thi05lWzlea3Ujmbb3m_ROSrp5cLlLQ7EgXj--ErSx0iglr64YZ5Et1PcUGetDUO16HSvjG-mEnZKKFksDrVj8wtE-cOJIstkXhD_wIPRvQGCIwgo9xi3bnogogKA7DcPVncY8w-GvjqNUb3NXERLAVx1l23r9xjrykwbtxY7yCTamUaYw2YjRSaqDMTJUoSqyD7y3ZdXQY28DlCPZ-_GuU1xnONMdazqYlQXbrA-pfv_mYSvXj1JGIXMEGuWRcYOSNXAPSuL4uC4oEsVpovHXwol3uETToWLud8jkBnVu9TrmkE-lYysB24195RMLXCqraYdU8PT2jWSJMUvQhnw2rYIzBVd3KKALH-2svctbvEPtwe_McEKM21a2K8H-DtrTW9v6zNRAV2FauIj8M4uECIJws_P-kWnk_Vov_AJNQrbfrG4UkrP0ezqpW9OZPM8RDxXPWF_QMairoCXRMc1cFvLT0E57GTB-dUG9wHlIwVHZkoxk5iSH_yZYq8xVb85Ja5rA3A0Jc1LmkWA-wvBhNXBSkReDWTkADtqNILnXR8gh-ai438ob3-fy2uvaHrW_3F3XVvF20h_aXDJM7pWh7Z2jIVXVqcU2HmvKLSE6L6PUOPmuC1UW9RNX8nuqN5G3e_9O65TSN_bfRKfvf1I161exumOq9JP3DGsitofKInCPwxQDoYBEm-SjUnJGUywG3Pv-SF5Rr8D5LNqLwGuGkG4tcX9h0qZ8qZSQu9yxPjYJAl3_DJcRzQhKNpd74MP-7RqyBzrvWh8YLvBUUz1SClRmoKJyLfXgXq4Zo8ZIc8jm6yQ_CQY--2K4eoY0kJ5cjVSL_3pIoNSSfxwr_lWUckjsNeV1NF2rpArPwG1TfAV0CxYd2ZAASvU5kxRpa690c0RJ3T8k3GkXbARKIWyNu_2Zn7f_Vb7y5Dqy49dfkUJTOn13htYD4P8l2Q0EWyCy6rmaAZ1_j3P5GynTvRozHlfOhgurTIhePKhc3G1z5fQPhZ-8Chml-c-lbx-6VZPzqlqMpw4GUNm0tPX_U0_Bbk62D41MOcuT8UYfiuvdYqeCwxiRzEAspF23L7SoLCerPbRT74zAVofwI68aEcSvHJ62M73CXmsMRmrOndBierTUUCjsLycHnJnE42H3RJJD2GQPo_4KVzA81I6KD7tiYMj_tr1Z5RsUF7IpzcmvutPGnHSdgHXuZTud1TltAmz2Jf7vndn-5QCCagSFBu4Ifan2A0-ob_q-CBqLhn1MGT-8_OGf7vepopqZekv98y7GDGLMW9YR6nvL63bIMxNceWojes-GPLiGz3iayWQtavwhOcoZCYwJkIMg6XPz7asjNbzd0zRq81og149DKAH4B6UzyxCJu17RovtFO5Ysq62wOpRnalJlQeiZY_1iw88GOPvRMZWAJeWTdvP6-NSrIi5OFT0tNh2vECbvljfDSC8m-0vEoB2zbjEm8-djFQkYnaipvR2SBZIG_sR1RK0o13KyUNHoGnRwC-ltqNOVwpd5lpA_E_dOoMev_ELuGsjXze5Xsjy0UYkDu1zz_yTD5-GnenGqKsmVc9v6sUyozP-ibhMu900vy5Ir3mja0m1PBbffTh9U4uJ3dlYJ6sslhNim3rTK8N_GaoPkD7loOFSIVKnKnbp7WmFjO_A_un9WOktcIurojLli3nMJA6-ltgnLqVAaPUZVS3v0bo-Ig2h6x1qWPFj5Rl7y00uAPZNcQ4vSbo2my7MoMNVKtX69oAi-seD7ixghgsQrbyMKIv49qb09stMUMtaAaAlLMH3XWO_8ji8brpHlAST5L6FGddXBnHBqfNlKaAeuRPn-9Tsiz9ZSeUknYbZECMoO4wyLqdP9lIlmbmqQH-YIi0Yj360tAOTxlIZpflhwDMVs_9fcxqnJTEtFcRjFlXnswGdWINOXTatvEDPElvg467wZ7QiC2pjmKP2ZWTI4y2odsoVWHKhH7Jd9HzSqX42ultOW5Vi9EV15cNWbewOdZDiEdqZPvsDYdfnLK0kaW8lxlzSAfJQQaPNOHiqmbRToM42PI7eLueqVRLXSvRSuXoMONQHwgoFDxMei2TemgHxz1RtwYxrHfrutje4qg9omMOj_dsTR6wqZ3znmQYrVgMGKnkEJWEuFzwle2oUBkRjqkS28HB3sRoKJ81hTpsrIJyMnukpjvQjPZx6lyKYSFc74dtSI8IguSY0Lo-trYZbCVjPmP5LMYp3QPRsoSbk4-wVaYOkwl1qDfD3Xun7oCqqvo6SEiiNyNf8Vhtv8shQTbe7ceYSOCaAPuUMbAAFxbANXCojT_5VllgrnZ6G_RElyZNl_IYOKY6JzwEsICqq_z1vZ6kfRbQpKRL_1WuWdbuAAK5Rt8jTaMaaLVkQZGnM5pPLH4lQRUgd-Tb6zSvarMTld1Jba353J2TyPIw&cid=CAQSGwDq26N92x_8tYBwdDqfKEkGKpWLhWzJ5TvHxRgBIAo&rfl=2%2Chttps%253A%252F%252Fkresy.pl%252F%240

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a41015d8c03b237c61164f25186a13e6db4184d0520763884a0bae3ee051f54c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33121
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK trk.js Show response
cdn.adnxs.com/v/s/231/ Frame 85AA 80 KB
27 KB 30ms
23ms Script
application/x-javascript 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adnxs.com/v/s/231/trk.js
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: a6014f6b98eaeb6078b9e1c953c61f33af95d5f4866d89a416d01b74a0dd6c27

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Expires: Wed, 06 Dec 2023 04:35:13 GMT
Date: Sun, 08 Jan 2023 11:23:28 GMT
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Age: 2875696
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 27455
X-Served-By: cache-lga13620-LGA, cache-hhn-etou8220040-HHN
Last-Modified: Wed, 30 Nov 2022 10:07:25 GMT
Server: AkamaiNetStorage
X-Timer: S1673177009.804872,VS0,VE0
ETag: "48b9fe7fe4120aea6f95a30f505d7b35:1669802845.0694"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *, *
Cache-Control: max-age=31536000
Accept-Ranges: bytes
X-Cache-Hits: 17, 2301157

GET
H/1.1 200
OK it
fra1-ib.adnxs.com/ Frame 85AA 0
934 B 29ms
22ms Image
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fra1-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252Fkresy.pl%252F&e=wqT_3QKYC_BMmAUAAAMA1gAFAQiwz-qdBhD8kIL9vcLbrHsYrtKEspaDxZIcKjYJjPM3oRABlz8RzyBw6iTXkj8ZAAAAgOtRyD8hzyBw6iTXkj8pjPMJJNgxAAAAQOF6lD8w4-v0CjiYUEC8CUhlUNbCqsMBWPLTlwFgAGj0-7QBeJuIBoABAYoBA1VTRJIBAQbwVZgBrAKgAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKbhU7qAhFodHRwczovL2tyZXN5LnBsL4ADAIgDAZADAJgDF6ADAaoDiQcK0gZoDSf0rARhZHguZy5kb3VibGVjbGljay5uZXQvcGFnZWFkL2Fkdmlldz9haT1DeVdnaXNLZTZZOFhZSlliQnpRYmdyN3JJRE5lcmthRnVvSW5uOVpzUi1DNFFBU0RtbDlZbFlKV0NnSUNzQjhnQkFxa0NQSk5GQk1yYnNUNm9Bd0hJQTVrRXFnU0NBa19ROTA3cVk2QmdiUDhjUFc3YkZrQVNCUVZ3VHJ3ZVZZNGUydUVmVmMwNnFFMFhfcmNjZzRNa1dGZ0dYaWhCODBwXzBCZFN4NUxsaTVZZDdTcVlCb0RoZEVWZ1NCSndzdm8wSlNjT3Z0MUFmNVRDTW5YcnAtSEtrcC16aUQxclRxT2dJSXp2OGpadG9RTkRZR3dKWTlTZkQwY2VxblRPRmJIejYwOXJtcEhrVWNzSTdBMjhZUDM3T1Njai12anUxZ282SmZ3cmlJYVRsQnVpem5VSEFla2NxTHdHbUhjdXQ0aXpPVnhxcHhrLU5wOFQzLXNoS3FJMU9BaWVnQy1QRmlWOENBemx3Wlp5d0RmQXZLVzZwb013Zkd0YkhOMTFOQVpYRDFaRUtkUm9RQjdjT0xyYmZ0ZGtoN0l4WGtydGx1a1JzNXpKNDdyNUhxTTg4Uzl5RHFUeVRNQUVxSlNoOFlvRTRBUURpQVhrX19lYlFaSUZCZ2dkRUFRWUFaSUZCZ2dkRUFFWUFaSUZCZ2dlRUFFWUFaQUdBYUFHQW9BSDE3dTB4QUdvQjQ3T0c2Z0hrOWdicUFmdWxyRUNxQWYtbnJFQ3FBZWtvN0VDcUFmVnlSdW9CNmEtRzlnSEFQSUhDaERCcndFWWlPdUszUUhTQ0JFSWdPR0FFQkFCR0Y4eUFxb0NPZ0tBUVBJSURtSnBaR1JsY2kwMU56UXpNRFU0Z0FvRXlBc0JzQk9janVZUnlCUGxnOFBnQTlBVEFOZ1RFTmdVQWRBVkFZQVhBYklYQ0FvR0NBQVNBQmdBJnNpZ2g9dzhnTEFGbXR5ZWsmdWFjaF9tPVtVQUNIXSZjaWQ9Q0FRU0d3RHEyNk45MnhfOHRZQndkRHFmS0VrR0twV0xoV3pKNVR2SHhSZ0JJQW8mcHI9MTA6JHtBVUNUSU9OX1BSSUNFfRoTODg4ODI1NjM3MTIyNzY1ODM2NCIJNDA5NjQxMzAyKgc1NjI1MDMzOgk0NjM2NDgxMzbAA6wCyAMA2AOR1lLgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQOMjE3LjExNC4yMTguMjeoBACyBBAIABABGKwCIPoBKAAwADgCuAQAwAQAyAQA2gQCCAHgBAHwBNbCqsMBiAUBmAUAoAXZ7vqj4Lq_6RXABQDJBQAAAAAAAPA_0gUJCQAAAAAAAAAA2AUB4AUB8AXThQH6BQQIABAAkAYAmAYAuAYAwQYAAAAAAADwP9AGwosB2gYWChAAAAAAAAAAAAAAAAAAAAAAEAAYAOAGAfIGAggAgAcBiAcAoAcBqgcLMTc1MDY4OTM3OTbIB5uIBtIHDQkAAAAAAAAAABAAGADaBwYIABAAGADgBwDqBwIIAPAH59kCiggCEACVCAAAgD-YCAE.&s=e11c525eedabbb78b4435ee3c3b9d79624c4e07d

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:28 GMT
AN-X-Request-Uuid: 21d95a75-ffca-4a1f-806d-0042fb6d0708
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 85AA 42 B
63 B 126ms
119ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BOabvBGRVJKRB49NBzqYdcz-k8MUYQdTYhp6g4OpWtUqhx6YaSYe29MKJsnD-ZreWOPfc4gkTtHAaFUJ5FzNwFxM5jtVp5pm_HdVv8Qiu2_PLdRnE

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

placement.js Show response
assets.scoota.co/serving/31881/ Frame D424
Redirect Chain

https://track.scoota.co/serve?bid_id=7202460214858058873&delivery_id=3fdc4e55-f72c-4b5f-87e0-94ccff97d0e9&domain=kresy.pl&cachebuster=985648012&event=serve&placement_id=31881&runtime_version=19.5.1...
https://assets.scoota.co/serving/31881/placement.js?ts=1673177008795

68 KB
23 KB

22ms
21ms

Script
application/javascript

65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31881/placement.js?ts=1673177008795
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=xebwvxkv&e=1250011214715
Protocol: H2
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3e494c4e50d57258c05828976a2e2227fd3642a49014f99c4424f24fc745cea6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:34 GMT
content-encoding: gzip
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
last-modified: Tue, 03 Jan 2023 14:53:53 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 84112
etag: W/"596306a946e4db6ebfeb76b0aa486e0d"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: dKC3cgfG0ElFYttSNl2GeTBbNhp-eHo3A7gC0ZlNwYe6wLF-HCP5tQ==

Redirect headers

location: https://assets.scoota.co/serving/31881/placement.js?ts=1673177008795
x-cloud-trace-context: 7ea85f69a6fa88c55df3206d43030230
date: Sun, 08 Jan 2023 11:23:28 GMT
server: Google Frontend
content-length: 343
content-type: text/html; charset=utf-8

GET
H2 200 durly.js Show response
c.evidon.com/ Frame D424 4 KB
2 KB 31ms
28ms Script
application/x-javascript 23.2.214.109
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/durly.js?;coid=1267;nid=153615;ad_w=300;ad_h=250
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.2.214.109 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-214-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: f9699b9f521b1c637bb698eab0017f2670dddbc21660ca74bb204a52b34e68b2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: gzip
last-modified: Thu, 06 Oct 2022 20:22:56 GMT
server: AkamaiNetStorage
etag: "5e1b47a064619e731abffc27f0b21f4e:1665087776.418884"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: application/x-javascript
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
accept-ranges: bytes
access-control-allow-headers: *
content-length: 1606

GET
H2 200 tfav_adl_68.js Show response
j.adlooxtracking.com/ads/js/ Frame D424 64 KB
23 KB 33ms
31ms Script
application/javascript 2606:4700:10::ac43:2415
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://j.adlooxtracking.com/ads/js/tfav_adl_68.js
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:2415 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2ebd8f4b206d3cc70d859e3b0c7dfb47e21f79b0d925a50a94353334e8c72e5d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 14 Dec 2021 10:09:54 GMT
server: cloudflare
age: 257
etag: W/"61b86d72-ffba"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 78648fb10f582c4f-FRA

GET
H2

200

px Show response
go.affec.tv/ Frame D424
Redirect Chain

https://go.affec.tv/i/611cd427bc326a56c7c4e2d1?auction_id=7202460214858058873&tag_id=22885859&creative_id=409831045&creative_size=300x250&reserve_price=0&price_paid=0.00739&bid_price=0.00739&ecp=0....
https://map.go.affec.tv/map/af/?gdpr=&gdpr_consent=&redirect_url=%2F%2Fgo.affec.tv%2Fpx
https://secure.adnxs.com/getuid?https%3A%2F%2Fmap.go.affec.tv%2Fmap%2Fan%2F%24UID%3Fch%3D63baa7b18d451b00013ce237%26chc%3Daf%26gdpr%3D%26gdpr_consent%3D%26redirect_url%3D%252F%252Fgo.affec.tv%252Fpx
https://map.go.affec.tv/map/an/2028049306522560814?ch=63baa7b18d451b00013ce237&chc=af&gdpr=&gdpr_consent=&redirect_url=%2F%2Fgo.affec.tv%2Fpx
https://go.affec.tv/px

43 B
264 B

74ms
72ms

Script
image/gif

65.9.66.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://go.affec.tv/px
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=xebwvxkv&e=1250011214715
Protocol: H2
Server: 65.9.66.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-6.fra56.r.cloudfront.net
Software: /
Resource Hash: 4842e7f28ce31b8044560bb63762638d957dae394c1b18b24808a2d459886d4c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
via: 1.1 36d9e1bd4f00d39c57a56679dc44e264.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
content-length: 43
x-amz-cf-id: _zuybFVAB8BoRo9ulZyEyPZYRL_qId7ucMH_as5RCg1cGzC17wOyCw==
x-cache: Miss from cloudfront
content-type: image/gif

Redirect headers

location: //go.affec.tv/px
date: Sun, 08 Jan 2023 11:23:29 GMT
content-encoding: gzip
content-length: 71
vary: Accept-Encoding
content-type: text/html; charset=utf-8

GET
H/1.1 200
OK trk.js Show response
cdn.adnxs.com/v/s/231/ Frame D424 80 KB
27 KB 23ms
21ms Script
application/x-javascript 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adnxs.com/v/s/231/trk.js
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: a6014f6b98eaeb6078b9e1c953c61f33af95d5f4866d89a416d01b74a0dd6c27

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Expires: Wed, 06 Dec 2023 04:35:13 GMT
Date: Sun, 08 Jan 2023 11:23:28 GMT
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Age: 2875696
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 27455
X-Served-By: cache-lga13620-LGA, cache-hhn-etou8220058-HHN
Last-Modified: Wed, 30 Nov 2022 10:07:25 GMT
Server: AkamaiNetStorage
X-Timer: S1673177009.810084,VS0,VE0
ETag: "48b9fe7fe4120aea6f95a30f505d7b35:1669802845.0694"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *, *
Cache-Control: max-age=31536000
Accept-Ranges: bytes
X-Cache-Hits: 17, 1869127

GET
H/1.1 200
OK it
fra1-ib.adnxs.com/ Frame D424 0
934 B 23ms
21ms Image
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fra1-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252Fkresy.pl%252F&e=wqT_3QKbDPBMGwYAAAMA1gAFAQiwz-qdBhD5mP67--yR-mMYrtKEspaDxZIcKjYJ9jsUBfpEfj8RQKJoqtfQdT8ZAAAAgOtRyD8hQKJoqtfQdT8p-DsJJNgxAAAAQOF6lD8w4-v0CjiYUEDRB0gCUIWNtsMBWPLTlwFgAGj0-7QBeN6HBoABAYoBA1VTRJIBAQbwTJgBrAKgAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEAigJpdWYoJ2EnLCAzNjcxOTYzLCAwKTt1ZignaScsIDc3NzY4MzMsIDApBRQsZycsIDE5NTQwMjMxFSkwcycsIDI3OTkwNDQ4NxUWMHInLCA0MDk4MzEwNDUFFvCwkgLtBCFMSG96QlFpQjRQOFpFSVdOdHNNQkdBQWc4dE9YQVRBQk9BQkFBRWpSQjFEajZfUUtXQUJncmdab0FIQUFlQUNBQVFDSUFRQ1FBUUdZQVFHZ0FRS29BUUt3QVFDNUFaX0RfYmdLQlhrX3dRRVplRXdfWVVGLVA4a0JBQUFBQUFBQThEX1pBWi1ycmRoZmR1b180QUhCMU5vRDlRSE56TXctbUFJQW9BSUN0UUlBATMIdlFJAQfwWEF3QUlBeUFJQTBBSUEyQUlBNEFJQTZBSUEtQUlBZ0FNQm1BTUJvZ01PQ0txYjlDY1FCQmdCTGFhQlRUcWlBeE1JNnZQc0p4QUtHQUV0QUFDQVFESURkVzVyBTQwSmF2dUNZUUN4Z0NMUQFv8ENDNkF3bEdVa0V4T2pZMU56ZmdBNWN3Z0FUSWhORUppQVRnbl93SmtBUUJtQVFFc2dRS0NORDA1d2tReTRXbURjRUVBQQFIAQEIREpCAQcNARQyQVFBOFEFZQkBXElnRnNUT1FCZkc4TVpnRjU0RzhoUUdwQhEjFFBBX3NRVQksAQEITUVGAQcJAQRESgUoHEVBVG8tY18wLigABE5rFSjwQzhEX2dCZU1GOEFXSDBxZ0otQVdiai1BQmdnWURSMEpRaUFZQWtBWUJtQVlBb1FhYW1abVptWm5aUDZnR0JMSUdKQWtBCXAMQUFBQh3bBEJrARIJAQBDHRhETGdHQ2cuLpoCmQEhVGhtNFB3OnECNFBMVGx3RWdBQ2dBTVpxBW8UbWRrX09nLnUBRGRBbHpCSm42dXQyRjkyNmo5UglqAQEEQloBBgkBBEJoCQgBAQRCcAEGCQEEQngJCAEBEEI0QUlrNYjw0DhEOC7YAgDgApuFTuoCEWh0dHBzOi8va3Jlc3kucGwvgAMAiAMBkAMAmAMXoAMBqgMAwAOsAsgDANgDkdZS4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDjIxNy4xMTQuMjE4LjI3qAQAsgQQCAAQARisAiD6ASgAMAA4ArgEAMAEAMgEANIEDTk3NyNGUkExOjY1NzfaBAIIAeAEAfAEhY22wwGIBQGYBQCgBf___________wHABQDJBQAAAAAAAPA_0gUJCQAACQ6w2AUB4AUB8AUn-gUECAAQAJAGAJgGAKIGDzEwMjY0I0ZSQTE6NTE5OLgGAMEGCTMo8D_QBuUC2gYWChAJERkBWBAAGADgBgHyBoIBCPG8MRJ8YnhQZUVsJfPYREFBa0NCUUVJbjVqUUJSRHNnTTRCR0syeFlDQUhLQlJBb05TNUFramM5ZlFEVUpjd1dNNG9jUSGKCQEQZUFDQkFR41hBQUFpQUVBa0FFQW1nRUNDQUNvQVFDeC4gAESABwGIBwCgBwHIB96HBtIHDQkRqQGnCNoHBgHwcBgA4AcA6gcCCADwB-fZAooIAhAAlQgAAIA_mAgB&s=6fd020c5c480762bb953fb79d8996c6d164ea2d8

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:28 GMT
AN-X-Request-Uuid: 77a9f1a7-f5ab-44b9-b64f-4acb35377080
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

placement.js Show response
assets.scoota.co/serving/31881/ Frame 0ABF
Redirect Chain

https://track.scoota.co/serve?bid_id=3605273051021679518&delivery_id=9fb09995-9bdb-4590-9bdc-da93d9cb4c8f&domain=kresy.pl&cachebuster=2070341175&event=serve&placement_id=31881&runtime_version=19.5....
https://assets.scoota.co/serving/31881/placement.js?ts=1673177008799

68 KB
23 KB

22ms
22ms

Script
application/javascript

65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31881/placement.js?ts=1673177008799
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=dtbuvkzau&e=1250011214715
Protocol: H2
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3e494c4e50d57258c05828976a2e2227fd3642a49014f99c4424f24fc745cea6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:34 GMT
content-encoding: gzip
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
last-modified: Tue, 03 Jan 2023 14:53:53 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 84112
etag: W/"596306a946e4db6ebfeb76b0aa486e0d"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: HzyDJ58UzFDGxSkL9r8NPaVSrxFxb2g4VUQsiLGOqGKfqIOlr79AVA==

Redirect headers

location: https://assets.scoota.co/serving/31881/placement.js?ts=1673177008799
x-cloud-trace-context: 402094ef2705f473a9fc4543196b8d31
date: Sun, 08 Jan 2023 11:23:28 GMT
server: Google Frontend
content-length: 343
content-type: text/html; charset=utf-8

GET
H2 200 durly.js Show response
c.evidon.com/ Frame 0ABF 4 KB
2 KB 29ms
27ms Script
application/x-javascript 23.2.214.109
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/durly.js?;coid=1267;nid=153615;ad_w=300;ad_h=250
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.2.214.109 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-214-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: f9699b9f521b1c637bb698eab0017f2670dddbc21660ca74bb204a52b34e68b2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: gzip
last-modified: Thu, 06 Oct 2022 20:22:56 GMT
server: AkamaiNetStorage
etag: "5e1b47a064619e731abffc27f0b21f4e:1665087776.418884"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: application/x-javascript
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
accept-ranges: bytes
access-control-allow-headers: *
content-length: 1606

GET
H2 200 tfav_adl_68.js Show response
j.adlooxtracking.com/ads/js/ Frame 0ABF 64 KB
23 KB 35ms
34ms Script
application/javascript 2606:4700:10::ac43:2415
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://j.adlooxtracking.com/ads/js/tfav_adl_68.js
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:2415 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2ebd8f4b206d3cc70d859e3b0c7dfb47e21f79b0d925a50a94353334e8c72e5d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 14 Dec 2021 10:09:54 GMT
server: cloudflare
age: 257
etag: W/"61b86d72-ffba"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 78648fb10f612c4f-FRA

GET
H2

200

px Show response
go.affec.tv/ Frame 0ABF
Redirect Chain

https://go.affec.tv/i/611cd427bc326a56c7c4e2d1?auction_id=3605273051021679518&tag_id=22885859&creative_id=409831045&creative_size=300x250&reserve_price=0&price_paid=0.00739&bid_price=0.00739&ecp=0....
https://map.go.affec.tv/map/af/?gdpr=&gdpr_consent=&redirect_url=%2F%2Fgo.affec.tv%2Fpx
https://secure.adnxs.com/getuid?https%3A%2F%2Fmap.go.affec.tv%2Fmap%2Fan%2F%24UID%3Fch%3D63baa7b1dd6505000163dd53%26chc%3Daf%26gdpr%3D%26gdpr_consent%3D%26redirect_url%3D%252F%252Fgo.affec.tv%252Fpx
https://map.go.affec.tv/map/an/2028049306522560814?ch=63baa7b1dd6505000163dd53&chc=af&gdpr=&gdpr_consent=&redirect_url=%2F%2Fgo.affec.tv%2Fpx
https://go.affec.tv/px

43 B
265 B

77ms
77ms

Script
image/gif

65.9.66.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://go.affec.tv/px
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=dtbuvkzau&e=1250011214715
Protocol: H2
Server: 65.9.66.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-6.fra56.r.cloudfront.net
Software: /
Resource Hash: 4842e7f28ce31b8044560bb63762638d957dae394c1b18b24808a2d459886d4c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:30 GMT
via: 1.1 36d9e1bd4f00d39c57a56679dc44e264.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
content-length: 43
x-amz-cf-id: 2Q0CIR98ddU38D8L6h9skZcSdYCZoTaXNfeqZEpXjxOIDqUzxiMgMQ==
x-cache: Miss from cloudfront
content-type: image/gif

Redirect headers

location: //go.affec.tv/px
date: Sun, 08 Jan 2023 11:23:29 GMT
content-encoding: gzip
content-length: 71
vary: Accept-Encoding
content-type: text/html; charset=utf-8

GET
H/1.1 200
OK trk.js Show response
cdn.adnxs.com/v/s/231/ Frame 0ABF 80 KB
27 KB 23ms
22ms Script
application/x-javascript 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adnxs.com/v/s/231/trk.js
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: a6014f6b98eaeb6078b9e1c953c61f33af95d5f4866d89a416d01b74a0dd6c27

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Expires: Wed, 06 Dec 2023 04:35:13 GMT
Date: Sun, 08 Jan 2023 11:23:28 GMT
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Age: 2875695
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 27455
X-Served-By: cache-lga13620-LGA, cache-hhn-etou8220030-HHN
Last-Modified: Wed, 30 Nov 2022 10:07:25 GMT
Server: AkamaiNetStorage
X-Timer: S1673177009.812822,VS0,VE0
ETag: "48b9fe7fe4120aea6f95a30f505d7b35:1669802845.0694"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *, *
Cache-Control: max-age=31536000
Accept-Ranges: bytes
X-Cache-Hits: 17, 3184548

GET
H/1.1 200
OK it
fra1-ib.adnxs.com/ Frame 0ABF 0
934 B 23ms
22ms Image
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fra1-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252Fkresy.pl%252F&e=wqT_3QKfDPBMHwYAAAMA1gAFAQiwz-qdBhCet76j0JeghDIYrtKEspaDxZIcKjYJ9jsUBfpEfj8RQKJoqtfQdT8ZAAAAgOtRyD8hQKJoqtfQdT8p-DsJJNgxAAAAQOF6lD8w4-v0CjiYUEDRB0gCUIWNtsMBWPLTlwFgAGj0-7QBeL3YBYABAYoBA1VTRJIBAQbwTJgBrAKgAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEAigJpdWYoJ2EnLCAzNjcxOTYzLCAwKTt1ZignaScsIDc3NzY4MzMsIDApBRQsZycsIDE5NTQwMjMxFSkwcycsIDI3OTkwNDQ4NxUWMHInLCA0MDk4MzEwNDUFFvCwkgLxBCEwM29RZXdpQjRQOFpFSVdOdHNNQkdBQWc4dE9YQVRBQk9BQkFBRWpSQjFEajZfUUtXQUJncmdab0FIQUFlQUNBQVFDSUFRQ1FBUUdZQVFHZ0FRS29BUUt3QVFDNUFaX0RfYmdLQlhrX3dRRVplRXdfWVVGLVA4a0JBQUFBQUFBQThEX1pBWi1ycmRoZmR1b180QUhCMU5vRDlRSE56TXctbUFJQW9BSUN0UUlBATMIdlFJAQfwWEF3QUlBeUFJQTBBSUEyQUlBNEFJQTZBSUEtQUlBZ0FNQm1BTUJvZ01PQ0txYjlDY1FCQmdCTGFhQlRUcWlBeE1JNnZQc0p4QUtHQUV0QUFDQVFESURkVzVyBTQwSmF2dUNZUUN4Z0NMUQFv8EZDNkF3bEdVa0V4T2pVMk56VGdBNWN3Z0FUSWhORUppQVRnbl93SmtBUUJtQVFFb0FRVXNnUUtDTkQwNXdrUXk0V21EY0VFQQFLBQEIREpCBQgJARQyQVFBOFEFaQkBXElnRnFpeVFCZkc4TVpnRjU0RzhoUUdwQhEjFFBBX3NRVQksAQEITUVGAQcJAQRESgUoHEVBVG8tY18wLigABE5rFSjwQzhEX2dCZU1GOEFXSDBxZ0otQVdiai1BQmdnWURSMEpRaUFZQWtBWUJtQVlBb1FhYW1abVptWm5aUDZnR0JMSUdKQWtBCXAQQUFBQkUBBgkBBEJrCQgBAQBDHRhETGdHQ2cuLpoCmQEhU3hubFBnOnUCNFBMVGx3RWdBQ2dBTVpxBW8UbWRrX09nLnkBRFJBbHpCSm42dXQyRjkyNmo5UgFoCQEEQloJCAEBBEJoAQYJAQRCcAkIAQEEQngBBgkBEEI0QUlrNYjw0DhEOC7YAgDgApuFTuoCEWh0dHBzOi8va3Jlc3kucGwvgAMAiAMBkAMAmAMXoAMBqgMAwAOsAsgDANgDkdZS4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDjIxNy4xMTQuMjE4LjI3qAQAsgQQCAAQARisAiD6ASgAMAA4ArgEAMAEAMgEANIEDTk3NyNGUkExOjU2NzTaBAIIAeAEAfAEhY22wwGIBQGYBQCgBf___________wHABQDJBQAAAAAAAPA_0gUJCQAACQ6w2AUB4AUB8AUn-gUECAAQAJAGAJgGAKIGDzEwMjY0I0ZSQTE6NjYyNrgGAMEGCTMo8D_QBuUC2gYWChAJERkBWBAAGADgBgHyBoIBCPG8MRJ8ZWhPc0UxJfPYREFBa0NCUUVJbjVqUUJSRHNnTTRCR0syeFlDQUhLQUJBb05TNUFramM5ZlFEVUpjd1dPSXpjUSmMAQEQZUFDQkFR41hBQUFpQUVBa0FFQW1nRUNDQUNvQVFDeC4gAESABwGIBwCgBwHIB73YBdIHDQkRqQGnCNoHBgHwcBgA4AcA6gcCCADwB-fZAooIAhAAlQgAAIA_mAgB&s=154e3905282e0c287fd27cf50bf34f9e96daa2a8

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:28 GMT
AN-X-Request-Uuid: 3079f836-8809-48b0-be5d-724f91b8369b
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 124C 6 KB
672 B 129ms
56ms Stylesheet
text/css 2a00:1450:400d:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 08 Jan 2023 11:03:22 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 08 Jan 2023 11:23:28 GMT

GET
H2 200 load_preloaded_resource.js Show response
tpc.googlesyndication.com/pagead/js/r20230104/r20110914/client/ Frame 124C 2 KB
1 KB 97ms
48ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230104/r20110914/client/load_preloaded_resource.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2178de4e69e10d3105666c8a33d1f2f046594c48cd0140d5bba102e357d38d82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 01:47:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34586
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1079
x-xss-protection: 0
server: cafe
etag: 11127005899800245401
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 22 Jan 2023 01:47:02 GMT

GET
H2 200 abg_lite.js Show response
tpc.googlesyndication.com/pagead/js/r20230104/r20110914/ Frame 124C 28 KB
11 KB 68ms
21ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230104/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6dc0e3aead945b6160bc87da5f4d8fbb043dde5d0bece2aa426fa01895c9e358

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 01:47:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34586
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10849
x-xss-protection: 0
server: cafe
etag: 7485935580621256062
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 22 Jan 2023 01:47:02 GMT

GET
H2 200 window_focus.js Show response
tpc.googlesyndication.com/pagead/js/r20230104/r20110914/client/ Frame 124C 3 KB
1 KB 93ms
47ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230104/r20110914/client/window_focus.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dcc84ca2069873bf863e0b36e587fd75731d689301e628c13156550f61689722

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 01:47:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34586
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1305
x-xss-protection: 0
server: cafe
etag: 12828169674928258300
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 22 Jan 2023 01:47:02 GMT

GET
H2 200 qs_click_protection.js Show response
tpc.googlesyndication.com/pagead/js/r20230104/r20110914/client/ Frame 124C 26 KB
10 KB 70ms
24ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230104/r20110914/client/qs_click_protection.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

af96fb1022b60847be7efb9f7b474be73fe1078e0d1983c03f12dc559ccd7900

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 01:47:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34586
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10210
x-xss-protection: 0
server: cafe
etag: 17586515056264111834
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 22 Jan 2023 01:47:02 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 124C 156 KB
48 KB 105ms
36ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e7e65f5432de604cdf476d9ad55a2af5a933c715c639e4c36847023a3446f1ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48907
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1672933789069018"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 08 Jan 2023 11:23:28 GMT

GET
H3 200 e3f51b200de87688fe09b5fabf25a934.js Show response
www.gstatic.com/mysidia/ Frame 124C 48 KB
18 KB 23ms
20ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/e3f51b200de87688fe09b5fabf25a934.js?tag=mysidia_one_click_handler_one_afma

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b3a54a424fdbf1c9d52c4fbac6d4af3c6121c7e43fe7ffe3f181d926935fecc3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 05 Jan 2023 18:08:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 234879
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18682
x-xss-protection: 0
last-modified: Fri, 09 Dec 2022 19:06:26 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 05 Apr 2023 18:08:49 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 124C 0
20 B 73ms
70ms Image
text/html 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cdz8ksKe6Y6ewFIWUkdUP5bWA8Aml1ImlbuGwm5HWEIfgor3AARABIOaX1iVglYKAgKwHoAH75N-YA8gBCakCPJNFBMrbsT6oAwHIA8sEqgTCAU_QADYsT56I6Nibqa1s2S7kaRzCEBnahmo_7mkhdzF9atm-PjaTPN-9InWBOR6P9i1s5Ia8TfxcC_maRONH9BkIUKeHlZDPkmmNaQIJ8qi4sd9asU2-5O2q1mg8ZSgDJ4LSbY88tsvRIoBSbvX6pcBaIw0Q_q4P7gnGXa1lNzXscnEXlwNQIj1GD5IS2PZO_xsU-KR2JJNIhKK5KCMeT_exDkZzdHlW4ARvvSDKG8MQmW18FO8bexE_0ZeyZNE2gjfIwASaoczlhQSSBQQIBBgBkgUECAUYBKAGLoAH7ZqgZ6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA0ggRCIDhgBAQARgAMgKqAjoCgEDyCA5iaWRkZXItNTc0MzA1OIAKBMgLAbgT5APYEwyIFAHQFQGYFgGAFwGyFwgKBggAEgAYAA&sigh=X5nZ_9SLlrk&uach_m=[UACH]&pr=10:0.017402&cid=CAQSGwDq26N9hJPvX525jG2qdmc99wf1oMTwXdpYvRgBIAo&template_id=484&vis=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 08 Jan 2023 11:23:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 08 Jan 2023 11:23:28 GMT

POST
H/1.1 200
OK vevent
fra1-ib.adnxs.com/ Frame 1060 0
953 B 21ms
21ms Ping
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QL1BfBM9QIAAAMA1gAFAQiwz-qdBhCsmbDmwNqF5WIYrtKEspaDxZIcKjYJwJfCg2bXjT8RJmFqQatwiD8ZAAAAoEfhyj8hJmFqQatwiD8pwJcJJNAxAAAA4FG4nj8wrev0CjiYUEDlHkhlUK2iyyVY8tOXAWAAaPT7tAF4x4gGgAEBigEDVVNEkgUG8FWYAcoHoAH6AagBAbABALgBAcABBcgBAtABANgBAOABAPABANgCAOACm4VO6gIRaHR0cHM6Ly9rcmVzeS5wbC-AAwCIAwGQAwCYAxegAwGqA-cBCr8BaA0ncHBhZ2VhZDIuZ29vZ2xlc3luZGljYXRpb24uY29tDR5EL2dlbl8yMDQ_aWQ9YXdiaWQmBQb0BQFfYj1BS0FtZi1EYl9HZFJoSFpwMUhhVndoMXp6bmxWM0ZPU01SazVaSlZsS1RoX1ZKYVB3ckhQU05BaFpqNDBJTDFGUXBHS1BaRFlYUUJMYnBRMUlrX2ozUFJqLVdXN1kzamFTQSZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhM3MTE4NTI3MjYxMDE2MDY3MjQ0Igg3ODgyNzgyMSoEMzk0McADrALIAwDYA5HWUuADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBA4yMTcuMTE0LjIxOC4yN6gEALIEEAgAEAEYygcg-gEoADAAOAK4BADABADIBADaBAIIAeAEAfAEIcFYiAUBmAUAoAWL5Y6C6t3dvx3ABQDJBQAFARTwP9IFCQkFC3wAAADYBQHgBQHwBcnqK_oFBAgAEACQBgCYBgC4BgDBBgEhNAAA8D_QBu6PAdoGFgoQCRIZAbAQABgA4AYB8gYCCACABwGIBwCgBwGqBwwxMzg5OTQxOTI1MzjIB8eIBtIHDQkRNwE1CNoHBgFtcBgA4AcA6gcCCADwB-fZAooIAhAAlQgAAIA_mAgB&s=a7f106881fac161bfea4ffb7694d00acee2f3e24&type=nv&nvt=5&jm=1003&px=0&py=0&bw=970&bh=250&sid=7403146411521057559&vd=ct~0|rr~0&sv=231&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=22885805&sw=1600&sh=1200&pw=970&ph=250&ww=970&wh=250&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/231/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:28 GMT
AN-X-Request-Uuid: d700b46e-e3bd-4426-a276-e0720c429063
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/10252940186316907237/ Frame 124C 21 KB
21 KB 61ms
39ms Image
image/jpeg 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10252940186316907237/14763004658117789537?w=400&h=209

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

283cb92b36724bf98757e865d294d5c654f40790bf787bd54d075dbde382ed52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 22:23:47 GMT
x-content-type-options: nosniff
age: 46781
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21584
x-xss-protection: 0
last-modified: Thu, 05 Jan 2023 13:56:11 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 07 Jan 2024 22:23:47 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/13152501010958922041/ Frame 124C 703 B
1 KB 60ms
38ms Image
image/png 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13152501010958922041/14763004658117789537?w=100&h=100

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4cb6acf0bf8e1fd34a8d0c858218f0437ea5a200dc62f6e5032655063fac4396

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 08:26:16 GMT
x-content-type-options: nosniff
age: 10632
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 703
x-xss-protection: 0
last-modified: Tue, 18 Oct 2022 15:23:10 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 08 Jan 2024 08:26:16 GMT

GET
H2 200 4.gif
c.evidon.com/a/ Frame 5C97 43 B
335 B 33ms
32ms Image
image/gif 23.2.214.109
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.evidon.com/a/4.gif
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/durly.js?;coid=1267;nid=153615;ad_w=970;ad_h=250
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.2.214.109 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-214-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: de3a7ca2f8ae592aae2652335b755b0d0b65df663dda8776387cae7339b76d64

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: gzip
last-modified: Thu, 15 Apr 2010 17:07:29 GMT
server: AkamaiNetStorage
etag: "65786c291a4603aa5150a1884452838d:1271351254"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: image/gif
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
cache-control: max-age=432000
accept-ranges: bytes
access-control-allow-headers: *
content-length: 53

GET
H2 200 ba.js Show response
c.evidon.com/geo/ Frame 5C97 41 KB
12 KB 31ms
30ms Script
application/x-javascript 23.2.214.109
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/geo/ba.js?r221006
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/durly.js?;coid=1267;nid=153615;ad_w=970;ad_h=250
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.2.214.109 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-214-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: a28b9871dc80175bbb6cbaadf100abc925d5e106f0254c8f8a13d34141d90bfa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: gzip
last-modified: Thu, 06 Oct 2022 20:22:19 GMT
server: AkamaiNetStorage
etag: "1e1cf06df2b98e267c5e511e819fb810:1665087739.27933"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: application/x-javascript
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
cache-control: max-age=86400
accept-ranges: bytes
access-control-allow-headers: *
content-length: 12426

GET
H2 200 env
track.scoota.co/ Frame BC77 42 B
124 B 45ms
45ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/env?ts=1673177008881&bid_id=8666453536827556983&delivery_id=5f6e1fb6-b0ed-4657-b676-7fb29b5006ae&placement_id=31880&ssp=appnexus_10264&environment_type=access&environment_name=local
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=ygqcyx&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: ed0656de3468b3f2fc6115bdc77b3dd8
date: Sun, 08 Jan 2023 11:23:28 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 env
track.scoota.co/ Frame BC77 42 B
135 B 44ms
44ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/env?ts=1673177008881&bid_id=8666453536827556983&delivery_id=5f6e1fb6-b0ed-4657-b676-7fb29b5006ae&placement_id=31880&ssp=appnexus_10264&environment_type=serving&environment_name=iframe
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=ygqcyx&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: d752245d22b00295856d497db75e382f
date: Sun, 08 Jan 2023 11:23:28 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 3fff7be8725b4f55d65f.1.js Show response
assets.scoota.co/serving/31880/ Frame BC77 2 KB
1 KB 24ms
24ms Script
application/javascript 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31880/3fff7be8725b4f55d65f.1.js?placement_id=31880
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=8666453536827556983&delivery_id=5f6e1fb6-b0ed-4657-b676-7fb29b5006ae&domain=kresy.pl&cachebuster=1600130912&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008584&ts=1673177008584&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008584
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 955696319cd574b432a5a7c91fcd831f4019438e0190360df97d80a4ba72d423

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:14 GMT
content-encoding: gzip
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
last-modified: Tue, 03 Jan 2023 14:53:54 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 84075
etag: W/"4ea5b44cc90c279b74d49cd29b27a261"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: BZfWNxuhtUNB7YuZWmDtrgunGq_eD9uePh22QWOMEEBtfMJkzjsuYQ==

GET
H2 200 12.json Show response
assets.scoota.co/creative/manifests/hoy4lk3/ Frame BC77 4 KB
1 KB 67ms
23ms XHR
application/json 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/creative/manifests/hoy4lk3/12.json?placement_id=31880
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=8666453536827556983&delivery_id=5f6e1fb6-b0ed-4657-b676-7fb29b5006ae&domain=kresy.pl&cachebuster=1600130912&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008584&ts=1673177008584&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008584
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 881fe15e3ca0d042c4f4cd33a54368fd5967f823caa3dcc54bdc2e40e882d5a4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:14 GMT
content-encoding: gzip
via: 1.1 cae542650fb32c773cc494fc6e7e71e6.cloudfront.net (CloudFront)
last-modified: Wed, 14 Dec 2022 18:55:53 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 84075
etag: W/"87370df37edadf2fd3ebd30b8a7c8160"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: GhWUjfORxXStSDbgv-1iG9N2pGkpEeGt9AHiCUZ4aSI3dn9lGkxC4g==

GET
H2 200 view
track.scoota.co/ Frame BC77 42 B
123 B 44ms
44ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/view?ts=1673177008883&bid_id=8666453536827556983&delivery_id=5f6e1fb6-b0ed-4657-b676-7fb29b5006ae&placement_id=31880&ssp=appnexus_10264
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=ygqcyx&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 57770650b0e2b167ffc5e253c7d6ddf5
date: Sun, 08 Jan 2023 11:23:28 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H/1.1 204
No Content visit.jpg
tps.doubleverify.com/ Frame BC77 0
162 B 225ms
30ms Image
text/plain 34.149.12.213
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tps.doubleverify.com/visit.jpg?ctx=3758893&cmp=28820081&sid=6603073&plc=354377800&adsrv=1&btreg=&btadsrv=&crt=&tagtype=&dvtagver=6.1.img&
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=ygqcyx&e=1586314810833
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.12.213 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 213.12.149.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:29 GMT
Cache-Control: max-age=0
Connection: keep-alive
Expires: 01/07/2023 11:23:29

GET
H3

200

B28820081.354377800;dc_pre=CJz4j4rut_wCFY3luwgdpPYE6g;dc_trk_aid=545270457;dc_trk_cid=183240913;ord=1673177008883;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_cons...
ad.doubleclick.net/ddm/trackimp/N1153793.3855423HYBRIDTHEORY/ Frame BC77
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N1153793.3855423HYBRIDTHEORY/B28820081.354377800;dc_trk_aid=545270457;dc_trk_cid=183240913;ord=1673177008883;dc_lat=;dc_rdid=;tag_for_child_directed_treatmen...
https://ad.doubleclick.net/ddm/trackimp/N1153793.3855423HYBRIDTHEORY/B28820081.354377800;dc_pre=CJz4j4rut_wCFY3luwgdpPYE6g;dc_trk_aid=545270457;dc_trk_cid=183240913;ord=1673177008883;dc_lat=;dc_rdi...

42 B
65 B

58ms
42ms

Image
image/gif

142.250.181.230
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N1153793.3855423HYBRIDTHEORY/B28820081.354377800;dc_pre=CJz4j4rut_wCFY3luwgdpPYE6g;dc_trk_aid=545270457;dc_trk_cid=183240913;ord=1673177008883;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ltd=?

Requested by

Host: guandads.com
URL: https://guandads.com/r/p.html?f=ygqcyx&e=1586314810833

Protocol

Server

142.250.181.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad.doubleclick.net/ddm/trackimp/N1153793.3855423HYBRIDTHEORY/B28820081.354377800;dc_pre=CJz4j4rut_wCFY3luwgdpPYE6g;dc_trk_aid=545270457;dc_trk_cid=183240913;ord=1673177008883;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ltd=?
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 env
track.scoota.co/ Frame BC77 42 B
123 B 44ms
44ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/env?ts=1673177008884&bid_id=8666453536827556983&delivery_id=5f6e1fb6-b0ed-4657-b676-7fb29b5006ae&placement_id=31880&ssp=appnexus_10264&runtime_version=19.5.1&placement_version=1&referer_initial=https%3A%2F%2Fkresy.pl%2F
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=ygqcyx&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: b0e5793e80b2bfec5a83057c93dd4fcd
date: Sun, 08 Jan 2023 11:23:28 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 env
track.scoota.co/ Frame 3382 42 B
123 B 48ms
48ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/env?ts=1673177008887&bid_id=7379796288815871095&delivery_id=fad5fb22-6ac2-4ccf-97ea-6eb12e46c096&placement_id=31880&ssp=appnexus_10264&environment_type=access&environment_name=local
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=elbbkpf&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 5851dd0e97f7e99430c2597d2238d693
date: Sun, 08 Jan 2023 11:23:28 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 env
track.scoota.co/ Frame 3382 42 B
123 B 49ms
48ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/env?ts=1673177008888&bid_id=7379796288815871095&delivery_id=fad5fb22-6ac2-4ccf-97ea-6eb12e46c096&placement_id=31880&ssp=appnexus_10264&environment_type=serving&environment_name=iframe
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=elbbkpf&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 05291ad13a7f005717f0dfe90eeb4f03
date: Sun, 08 Jan 2023 11:23:28 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 3fff7be8725b4f55d65f.1.js Show response
assets.scoota.co/serving/31880/ Frame 3382 2 KB
1 KB 21ms
21ms Script
application/javascript 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31880/3fff7be8725b4f55d65f.1.js?placement_id=31880
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=7379796288815871095&delivery_id=fad5fb22-6ac2-4ccf-97ea-6eb12e46c096&domain=kresy.pl&cachebuster=671432163&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008606&ts=1673177008606&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008606
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 955696319cd574b432a5a7c91fcd831f4019438e0190360df97d80a4ba72d423

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:14 GMT
content-encoding: gzip
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
last-modified: Tue, 03 Jan 2023 14:53:54 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 84075
etag: W/"4ea5b44cc90c279b74d49cd29b27a261"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: YWdJhMTyyg0-d7pntpvatTJsYGt9N-2hICoDMBt-nuZ7l93ZTSHTOA==

GET
H2 200 12.json Show response
assets.scoota.co/creative/manifests/hoy4lk3/ Frame 3382 4 KB
1 KB 64ms
25ms XHR
application/json 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/creative/manifests/hoy4lk3/12.json?placement_id=31880
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=7379796288815871095&delivery_id=fad5fb22-6ac2-4ccf-97ea-6eb12e46c096&domain=kresy.pl&cachebuster=671432163&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008606&ts=1673177008606&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008606
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 881fe15e3ca0d042c4f4cd33a54368fd5967f823caa3dcc54bdc2e40e882d5a4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: gzip
via: 1.1 cae542650fb32c773cc494fc6e7e71e6.cloudfront.net (CloudFront)
last-modified: Wed, 14 Dec 2022 18:55:53 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 84075
etag: W/"87370df37edadf2fd3ebd30b8a7c8160"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: luVYq7jldMaAn8V6g2gdIeR0Qo6Hd1h46WfXXEJV8TEeuPjzW4KIIA==

GET
H/1.1 204
No Content visit.jpg
tps.doubleverify.com/ Frame 3382 0
162 B 220ms
30ms Image
text/plain 34.149.12.213
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tps.doubleverify.com/visit.jpg?ctx=3758893&cmp=28820081&sid=6603073&plc=354377800&adsrv=1&btreg=&btadsrv=&crt=&tagtype=&dvtagver=6.1.img&
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=7379796288815871095&delivery_id=fad5fb22-6ac2-4ccf-97ea-6eb12e46c096&domain=kresy.pl&cachebuster=671432163&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008606&ts=1673177008606&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008606
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.12.213 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 213.12.149.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:29 GMT
Cache-Control: max-age=0
Connection: keep-alive
Expires: 01/07/2023 11:23:29

GET
H2 200 view
track.scoota.co/ Frame 3382 42 B
123 B 44ms
43ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/view?ts=1673177008889&bid_id=7379796288815871095&delivery_id=fad5fb22-6ac2-4ccf-97ea-6eb12e46c096&placement_id=31880&ssp=appnexus_10264
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=elbbkpf&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 37330a2771b2cb2b57e6f3dfd117992d
date: Sun, 08 Jan 2023 11:23:28 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H3

200

B28820081.354377800;dc_pre=CMn4j4rut_wCFcDiuwgdBYsNBg;dc_trk_aid=545270457;dc_trk_cid=183240913;ord=1673177008889;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_cons...
ad.doubleclick.net/ddm/trackimp/N1153793.3855423HYBRIDTHEORY/ Frame 3382
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N1153793.3855423HYBRIDTHEORY/B28820081.354377800;dc_trk_aid=545270457;dc_trk_cid=183240913;ord=1673177008889;dc_lat=;dc_rdid=;tag_for_child_directed_treatmen...
https://ad.doubleclick.net/ddm/trackimp/N1153793.3855423HYBRIDTHEORY/B28820081.354377800;dc_pre=CMn4j4rut_wCFcDiuwgdBYsNBg;dc_trk_aid=545270457;dc_trk_cid=183240913;ord=1673177008889;dc_lat=;dc_rdi...

42 B
65 B

61ms
44ms

Image
image/gif

142.250.181.230
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N1153793.3855423HYBRIDTHEORY/B28820081.354377800;dc_pre=CMn4j4rut_wCFcDiuwgdBYsNBg;dc_trk_aid=545270457;dc_trk_cid=183240913;ord=1673177008889;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ltd=?

Requested by

Host: guandads.com
URL: https://guandads.com/r/p.html?f=elbbkpf&e=1586314810833

Protocol

Server

142.250.181.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad.doubleclick.net/ddm/trackimp/N1153793.3855423HYBRIDTHEORY/B28820081.354377800;dc_pre=CMn4j4rut_wCFcDiuwgdBYsNBg;dc_trk_aid=545270457;dc_trk_cid=183240913;ord=1673177008889;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ltd=?
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 env
track.scoota.co/ Frame 3382 42 B
123 B 43ms
42ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/env?ts=1673177008890&bid_id=7379796288815871095&delivery_id=fad5fb22-6ac2-4ccf-97ea-6eb12e46c096&placement_id=31880&ssp=appnexus_10264&runtime_version=19.5.1&placement_version=1&referer_initial=https%3A%2F%2Fkresy.pl%2F
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=elbbkpf&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 1dd74f40eaaf228af9444a962ea9c33b
date: Sun, 08 Jan 2023 11:23:28 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 env
track.scoota.co/ Frame 55AC 42 B
123 B 51ms
46ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/env?ts=1673177008894&bid_id=1951772018706946693&delivery_id=a4063513-e4df-4114-b27e-eb96b5221ee8&placement_id=31880&ssp=appnexus_10264&environment_type=access&environment_name=local
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=yuptqxg&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 618d35b0d98f2fe95197d1756d789a20
date: Sun, 08 Jan 2023 11:23:28 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 env
track.scoota.co/ Frame 55AC 42 B
123 B 43ms
39ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/env?ts=1673177008895&bid_id=1951772018706946693&delivery_id=a4063513-e4df-4114-b27e-eb96b5221ee8&placement_id=31880&ssp=appnexus_10264&environment_type=serving&environment_name=iframe
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=yuptqxg&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 84a2cfca69fca581d9d970bfad624395
date: Sun, 08 Jan 2023 11:23:28 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 3fff7be8725b4f55d65f.1.js Show response
assets.scoota.co/serving/31880/ Frame 55AC 2 KB
1 KB 25ms
20ms Script
application/javascript 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31880/3fff7be8725b4f55d65f.1.js?placement_id=31880
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=1951772018706946693&delivery_id=a4063513-e4df-4114-b27e-eb96b5221ee8&domain=kresy.pl&cachebuster=279801505&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008550&ts=1673177008550&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008550
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 955696319cd574b432a5a7c91fcd831f4019438e0190360df97d80a4ba72d423

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:14 GMT
content-encoding: gzip
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
last-modified: Tue, 03 Jan 2023 14:53:54 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 84075
etag: W/"4ea5b44cc90c279b74d49cd29b27a261"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: sEFsp-wIib09RE0AvK1h6Z-EJ3Tm3r5HPpeM8_zrDrDfBdNNh5WQPQ==

GET
H2 200 12.json Show response
assets.scoota.co/creative/manifests/hoy4lk3/ Frame 55AC 4 KB
1 KB 56ms
24ms XHR
application/json 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/creative/manifests/hoy4lk3/12.json?placement_id=31880
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=1951772018706946693&delivery_id=a4063513-e4df-4114-b27e-eb96b5221ee8&domain=kresy.pl&cachebuster=279801505&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008550&ts=1673177008550&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008550
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 881fe15e3ca0d042c4f4cd33a54368fd5967f823caa3dcc54bdc2e40e882d5a4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:14 GMT
content-encoding: gzip
via: 1.1 cae542650fb32c773cc494fc6e7e71e6.cloudfront.net (CloudFront)
last-modified: Wed, 14 Dec 2022 18:55:53 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 84075
etag: W/"87370df37edadf2fd3ebd30b8a7c8160"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: 8fyfVx5UMmLSoSU6HR2Yp1YGi6ngpS08rEDZNkEAF28ruyRQ49ylyg==

GET
H/1.1 204
No Content visit.jpg
tps.doubleverify.com/ Frame 55AC 0
162 B 213ms
30ms Image
text/plain 34.149.12.213
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tps.doubleverify.com/visit.jpg?ctx=3758893&cmp=28820081&sid=6603073&plc=354377800&adsrv=1&btreg=&btadsrv=&crt=&tagtype=&dvtagver=6.1.img&
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=1951772018706946693&delivery_id=a4063513-e4df-4114-b27e-eb96b5221ee8&domain=kresy.pl&cachebuster=279801505&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008550&ts=1673177008550&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008550
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.12.213 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 213.12.149.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:29 GMT
Cache-Control: max-age=0
Connection: keep-alive
Expires: 01/07/2023 11:23:29

GET
H2 200 view
track.scoota.co/ Frame 55AC 42 B
123 B 45ms
40ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/view?ts=1673177008896&bid_id=1951772018706946693&delivery_id=a4063513-e4df-4114-b27e-eb96b5221ee8&placement_id=31880&ssp=appnexus_10264
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=yuptqxg&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: ad8babf5f4a5d10430356ab3abda2c8e
date: Sun, 08 Jan 2023 11:23:28 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H3

200

B28820081.354377800;dc_pre=CMv_j4rut_wCFdTsEQgdU0MIKQ;dc_trk_aid=545270457;dc_trk_cid=183240913;ord=1673177008897;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_cons...
ad.doubleclick.net/ddm/trackimp/N1153793.3855423HYBRIDTHEORY/ Frame 55AC
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N1153793.3855423HYBRIDTHEORY/B28820081.354377800;dc_trk_aid=545270457;dc_trk_cid=183240913;ord=1673177008897;dc_lat=;dc_rdid=;tag_for_child_directed_treatmen...
https://ad.doubleclick.net/ddm/trackimp/N1153793.3855423HYBRIDTHEORY/B28820081.354377800;dc_pre=CMv_j4rut_wCFdTsEQgdU0MIKQ;dc_trk_aid=545270457;dc_trk_cid=183240913;ord=1673177008897;dc_lat=;dc_rdi...

42 B
65 B

54ms
41ms

Image
image/gif

142.250.181.230
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N1153793.3855423HYBRIDTHEORY/B28820081.354377800;dc_pre=CMv_j4rut_wCFdTsEQgdU0MIKQ;dc_trk_aid=545270457;dc_trk_cid=183240913;ord=1673177008897;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ltd=?

Requested by

Host: guandads.com
URL: https://guandads.com/r/p.html?f=yuptqxg&e=1586314810833

Protocol

Server

142.250.181.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad.doubleclick.net/ddm/trackimp/N1153793.3855423HYBRIDTHEORY/B28820081.354377800;dc_pre=CMv_j4rut_wCFdTsEQgdU0MIKQ;dc_trk_aid=545270457;dc_trk_cid=183240913;ord=1673177008897;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ltd=?
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 env
track.scoota.co/ Frame 55AC 42 B
123 B 45ms
41ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/env?ts=1673177008897&bid_id=1951772018706946693&delivery_id=a4063513-e4df-4114-b27e-eb96b5221ee8&placement_id=31880&ssp=appnexus_10264&runtime_version=19.5.1&placement_version=1&referer_initial=https%3A%2F%2Fkresy.pl%2F
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=yuptqxg&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 1c88f6e8f06e8bcd11d011bf8d93cf22
date: Sun, 08 Jan 2023 11:23:28 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 44D0 52 KB
17 KB 30ms
30ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=2030592
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=hcqynxwpr&e=1586314810833
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 17771
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Sun, 08 Jan 2023 11:23:28 GMT
ETag: W/"623de86a-cf34"
Expires: Sun, 01 Jan 2023 17:03:48 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 7, 236586
X-Served-By: cache-lga13626-LGA, cache-hhn-etou8220061-HHN
X-Timer: S1673177009.927391,VS0,VE0

GET
H/1.1 200
OK rd_log Show response
fra1-ib.adnxs.com/ Frame ADB6 0
934 B 23ms
22ms Script
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QLXLfBM1xYAAAMA1gAFAQiwz-qdBhD_lMr0p-Ts2C8YrtKEspaDxZIcKjYJ7SjOUUfHdT8R_krxNSfWcT8ZAAAAoEfhyj8h_krxNSfWcT8p7SgJJNAxAAAA4FG4nj8wrev0CjiYUEDlHkhlUK2iyyVY8tOXAWAAaPT7tAF4s9gFgAEBigEDVVNEkgUG9JAEmAHKB6AB-gGoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQDYAgDgApuFTuoCEWh0dHBzOi8va3Jlc3kucGwv8gINCgZIRUlHSFQSAzI1MPICDAoFV0lEVEgSAzk3MPICIQoGTE9BREVSEhdyZW5kZXJfcG9zdF9hZHNfdjEuaHRtbPICGAoKSUZSQU1FX0tFWRIKMTMwOTcyNzQ1NfICyBUKC1BSRV9TQ1JJUFRTErgVPHNjcmlwdD4oZnVuY3Rpb24oKXsvKgoKIENvcHlyaWdodCBUaGUgQ2xvc3VyZSBMaWJyYXJ5IEF1dGhvcnMuCiBTUERYLUxpY2Vuc2UtSWRlbnRpZmllcjogQXBhY2hlLTIuMAoqLwp2YXIgaz10aGlzfHxzZWxmO3ZhciBsPUFycmF5LnByb3RvdHlwZS5pbmRleE9mP2Z1bmN0aW9uKGEsYyl7cmV0dXJuIEFycmF5LnByb3RvdHlwZS5pbmRleE9mLmNhbGwoYSxjLHZvaWQgMCl9OmZ1bmN0aW9uKGEsYyl7aWYoInN0cmluZyI9PT10eXBlb2YgYSlyZXR1cm4ic3RyaW5nIiE9PXR5cGVvZiBjfHwxIT1jLmxlbmd0aD8tMTphLmluZGV4T2YoYywwKTtmb3IodmFyIGU9MDtlPGEubGVuZ3RoO2UrKylpZihlIGluIGEmJmFbZV09PT1jKXJldHVybiBlO3JldHVybi0xfTtmdW5jdGlvbiBtKGEpe21bIiAiXShhKTtyZXR1cm4gYX1tWyIgIl09ZnVuY3Rpb24oKXt9O2Z1bmN0aW9uIG4oYSl7YT12b2lkIDA9PT1hP2RvY3VtZW50OmE7cmV0dXJuIGEuY3JlYXRlRWxlbWVudCgiaW1nIil9O2Z1bmN0aW9uIHAoYSxjLGUpe3ZhciBiPSExO2I9dm9pZCAwPT09Yj8hMTpiO2EuZ29vZ2xlX2ltYWdlX3JlcXVlc3RzfHwoYS5nb29nbGVfaW1hZ2VfcmVxdWVzdHM9W10pO3ZhciBkPW4oYS5kb2N1bWVudCk7aWYoZSl7dmFyIGY9ZnVuY3Rpb24oKXtpZihlKXt2YXIgZz1hLmdvb2dsZV9pbWFnZV9yZXF1ZXN0cyxoPWwoZyxkKTswPD1oJiZBcnJheS5wcm90b3R5cGUuc3BsaWNlLmNhbGwoZyxoLDEpfWQucmVtb3ZlRXZlbnRMaXN0ZW5lciYmZC5yZW1vdmVFdmVudExpc3RlbmVyKCJsb2FkIixmLCExKTtkLnJlbW92ZUV2ZW50TGlzdGVuZXImJmQucmVtb3ZlRXZlbnRMaXN0ZW5lcigiZXJyb3IiLGYsITEpfTtkLmFkZEV2ZW50TGlzdGVuZXImJmQuYWRkRXZlbnRMaXN0ZW5lcigibG9hZCIsZiwhMSk7ZC5hZGRFdmVudExpc3RlbmVyJiZkLmFkZEV2ZW50TGlzdGVuZXIoImVycm9yIixmLCExKX1iJiYoZC5hdHRyaWJ1dGlvbnNyYz0iIik7ZC5zcmM9YzthLmdvb2dsZV9pbWE9tygucHVzaChkKX0KO1VLgHEoKXt2YXIgYT1kb2N1bWVudC5jdXJyZW50U2NyaXB0O0m9FChhPXZvaVFuXG51bGw6YSkmJiI3NyI9PT1hLmdldEF0dAWQOGUoImRhdGEtamMiKT9hOhVXPHF1ZXJ5U2VsZWN0b3IoJ1sNJQA9AUQQXScpfTsBhyxyPVJlZ0V4cCgiXmihHOA_Oi8vKFxcd3wtKStcXC5jZG5cXC5hbXBwcm9qZWN0XFwuKG5ldHxvcmcpKFxcP3wvfCQpIik7CmaNPwQgdBXgAGsFYQxjPVtdBQkEZT0Bxgg7ZG8F_xhiPWE7dHJ5BQwsZDtpZihkPSEhYiYmASRQIT1iLmxvY2F0aW9uLmhyZWYpYjp7AS2QbShiLmZvbyk7ZD0hMDticmVhayBifWNhdGNoKGgpe31kPSExfQHWCGY9ZBkXAGYBFgxpZihmKXkAZz5eABA7ZT1iLjE2BCYmGQwoLnJlZmVycmVyfHwBlyR9ZWxzZSBnPWUsDcsAYyngMG5ldyB1KGd8fCIiKSkF1RRhPWIucGEh1BmGAGEF__BAfX13aGlsZShhJiZiIT1hKTtiPTA7Zm9yKGE9Yy5sZW5ndGgtMTtiPD1hOysrYiljW2JdLmRlcHRoPWEtYjtiPWshKzkeAa41KjhhbmNlc3Rvck9yaWdpbnNuHAANawA9HXUAKQmGDDE7YTwRikw7KythKWc9Y1thXSxnLnVybHx8KAUILkIBOnYAFFthLQoxXSEMGCxnLmg9ITAB4ykiAGsZqyHVFCwhMSk7ZyUWJQIEZT0yBAEgMDw9ZTstLWUpIbpEPWNbZV0sIWcmJnIudGVzdChmAY8gKSYmKGc9ZiksBQ4sJiYhZi5oKXtiPWY7RRsAfQ1dAGUV5gQmJgHMATsEOzBBZQBkIVoIJiZlBUgBGwgpO2MFrRR2KGIsZyltixggYy5nP2MuBfoMOmMuaQFAAH110AB2yfIUdGhpcy5pQdUBCQhnPWMZIgB1HSIIdXJsESQUaD0hIWM7BS8FiCUK3akAd3VJGHQoKSxjPWHxq0AoIj8iKTtzZXRUaW1lb3V0KBGMDTEAZZk6GGU_LjAxOmVBNUQhKE1hdGgucmFuZG9tKCk-ZSlpDwxiPXEoIaQAImX_NDovLyIrKGImJiJ0cnVlgWsAYlZrBDgtcmNkIik_InBhZ2VhZDLNShBzeW5kaWm5IC1jbi5jb20iOmYjAAUgDCkrIi8JRXgvZ2VuXzIwND9pZD1qY2EmamM9NzcmdmVyc2lvbj0ihUUMZD0oZAGxDCkmJmRamQANMTAiKXx8InVua25vd24iYeNcK2QrIiZzYW1wbGU9IitlO2I9d2luZG93BVgAZjk0FGY_ITE6ZiEzNGQ9Yi5uYXZpZ2F0b3IpMg4AUC51c2VyQWdlbnQsZD0vQ2hyb21lL0mbIGQpJiYhL0VkZxkRHD8hMDohMTtkYZMVUTAuc2VuZEJlYWNvbj8KHWkdGCQoZSk6cChiLGUs1QwJnhApfX0sMFWgXDA8PWM_YS5zdWJzdHJpbmcoMCxjKTphfQngEC5yZmw9XSPJYHQgZW5jb2RlVVJJQ29tcG9uZW50KHcoKSl9O30pLmMO3wlBmhQpOwo8L3PFmGw-8gLJAgoKRVhUUkFfVEFHUxK6AjxkaXYgc3R5IVIMcG9zaaGxZDogYWJzb2x1dGU7IGxlZnQ6IDBweDsgdG9wDQpwdmlzaWJpbGl0eTogaGlkZGVuOyI-PGltZyBzcmNZh0kUSlkCQTYNHi4yAhRhd2JpZCYFBvCGX2I9QUtBbWYtQmhPb3FxUnF4RjAybi1oNzRsZENBWjVrQjh2OGlwRXhyYS1VdHZzSnIzVU9aY2NDQm9JWjlTcDgtUXpZY01PVjUtbnVFeS1fTWpCWDhaTFViUnRVUUdBcWhuMGciIGJvcmRlcj0wIHdpZHRoPTEgaGVpZ2h0PTEgYWx0PSIiMRqIZGlzcGxheTpub25lIj48L2Rpdj7yApoBCgxQT1NUX1NDUkkOGgwEiQEaGgw2CAFoZ29vZ2xlYWRzLmcuZG91YmxlY2xpY2submV0MQY8eGJmZV9iYWNrZmlsbC5qcwFlLbUNUwA-nSQoIHtyM3B4KCcxMzAapgwcJyk7fSkoKTs96xCxDwoQSAGeNFBPUlRfUEFSQU1TEpwPkSSKlQDwfWFkZmV0Y2g_YWRrPTQxMjIwNDM2MDUmYWRzYWZlPW1lZGl1bSZjbGllbnQ9Y2EtcHViLTMwNzY4OTAwMTI3NDE0NjcmZm9ybWF0PTk3MHgyNTBfYXMmaXA9MjE3LjExNC4yMTguMjcmb3V0cHV0PWh0bWwmdW52aWV3ZWRfcE2NIF9zdGFydD0xJqF4Eb0Aax78DRAmc3ViXw2DAGJBivB9ci01NzQzMDU4JmhsPWRlJmFjZWlkPU1EWWN0QUM5ZmpRQlhvQTBBUjJCTkFFaWdUUUJUSUkwQVhXQ05BSHJnalFCR0lNMEFTT0ROQUU1Z3pRQm1vTTBBWnVETkFHd2d6UUJ5NE0wQWRTRE5BSFZnelFCMm9NMEFkeUROQUh6ARD0DgctSU0wQWZ1RE5BRkxjMEVCVTNOQkFWZ2VYQUxRSGx3Q1RoOWNBdGYyaUFMaS1ZZ0NyX3VJQWhiOGlBSW5RcW9DS0VLcUFpbENxZ0xSWWFvQ2ZtS3FBb0NicWdLQm02b0NncHVxQXZpZHFnS2lxS29DZGRxcUFvemRxZ0xKNHFvQ29PV3FBbFBxcWdLSDdLb0NwUFNxQXZUMXFnSlUtS29DSnZ1cUFrSDdxZ0pzQXFzQ1NBeXJBaDRRcXdLR0dLc0NZaHlyQXFrZnF3SVBJYXNDU0NPckFpRWtxd0p5SmFzQ0RpYXJBbFFvcXdLWktxc0MweXFyQWs0cnF3TDdLNnNDNXktckF1c3Zxd0xZTUtzQzBUR3JBaEUwcXdKZE5Lc0NmalNyQXZvMHF3Sk9OcXNDb1RpckFyVTVxd0prT3FzQ0RUeXJBaU04cXdLMVBLc0NjRDJyQXNJOXF3SWVQcXNDOWo2ckFsOUJxd0tUUWFzQ3FFR3JBcFJEcXdLMlJLc0NXMGFyQXFaR3F3SWJTS3NDZFVpckFvaEpxd0lKU3FzQzBFcXJBdHhLcXdLd1Rhc0NKMDZyQXVkT3F3S3hUNnNDS3UwRkE3NTFKQVFDMWZBSjk1VDdFZ21vLXhKVXl2c1NjTXo3RXJiVy14SmEzdnNTQ2VqN0VwcnkteEk5LVBzUzJ3TDhFdFVIX0JLNENmd1NIUXI4RXNJS19CTG5DdndTdGd2OEV2SmIwQk93OVFNVm5Nc2NHUGRXYXhwR0g2d2JXUUNTS1EmZXhrPTEzMDk3Mjc0NTUmYXdiaWRfYz1BS0FtZi1CV0l2aFZfZHpDUlpVd25oNzRJaXY0bF9NUnZsU0JRNFRLaHp6eThUNFV0WERLRlBMdnhaQ2otX2VOcVh2d1pJQjlQWHp4NVhLelJhUkU1Nm94TlZBUXI1Z0M4a0RFRkJCVmJtQnZOSll6VmtURzlEM3Raa1B5SkpLc1hYaTdZUXF1UktPLVRTNkNJWjhZYW50QXNaTDJfYUI4QU5LU2FuSk9kZl9ZVzZkbjZJNW9OUE0mYXdiaWRfZD1BS0FtZi1CYmNxRE4wZjZ6eTZKWGF4WGt5RGF3NHdGWEJibVFJTGVCdUEzM1dyd3RpbTdObzF6d2dURFIycmlaYlJUZmo0clA5VURDOHgzaW9DaUVWSDV5YjJoTkltYlIzTjRFMWkzX1BQYlF3UjVIMGFCT1MyOGRNMlJBay10NEJuNG11aUFrVmNUZDRHY2hLOXY4VUJ4VHRkRld5bXc2OWJoMTdxaWg1RVVudHpscTBTUXZhWHVwRGJRd0NQdmJ4c1U2R1d1RFhIMk5oYXo1NEU1RFliTXRMUlg5WFFINlJPdXk5TV9YSG1kVzIwV214SU5YWkliSkwzbG1TWVljbHBIM3IxSnZRYjVmQVBlYmNTSEFCeHVvby1sNXpuQnlsSkNvTm5MSmVqdmEyTGtxWW01bVEwZndfVTNQUzNTbzVYNUdCSC1HWElJanFPaVl6YkxaVEYzY0NSWndtS1dpajlGQ2VmR0Q1X2hyYjhEYmZrZE9aSjRUWkRuR2R6NHA3M1Zxd0JGVnU5Q0llU3Z6NlVhZ19sZURPRUw0R1pKcUR3RDNoYmgwdUtFUXMzWWNQYjdQbHEzTWZFSjlsNzZBMnpnTnUtXzBieEFCaFAxdHRfZzVlam01NTdYbUdPeVBWZFdPWVAyQ2tCU1drdnRMd3N6YlJFMDRGMUlOenZvOTFSeEF2b3N5WnNISmtPbDJqRkduWXFqT2xRal9WQVlWSDBNbXljazVNZ00tS3dRVFllVzZxTld1MHdic2YzRUpDWHM5ejV2WHY0SzBXeXpPMUhvZ2dhU2hNM2xqZ3ZiTGliT2RjbVlhTkJnQzc2a1A2ZWM3Unk4Y3FMUWp2LXp5VmJwci1DREw4WHJfZm45V0NfOTFZbmFNMWlWdFo5U0N2WFotRk9yc1RvOXpENHhGWWNFTENhbnNIRXMxZi1sTkR4VHVRcWhuQmNuejF2amYzbzNpaTh0c0Etd1o2R2xiWkEmY2lkPUNBUVNHd0RxMjZOOWg0amY2bFVGdHczeTVwSzk1UUNhYXFLeTNGdC0xaGdCSUFvJmFfY2lkPYADAIgDAZADAJgDF6ADAaoDAMADrALIAwDYA5HWUuADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBA4yMTcuMTE0LjIxOC4yN6gEALIEEAgAEAEYygcg-gEoADAAOAK4BADABADIBADaBAIIAeAEAfAEraLLJYgFAZgFAKAFup3lvtXGqoscwAUAyQUAAAAAAADwP9IFCQkAAAAAAAAAANgFAeAFAfAF0ZQ7-gUECAAQAJAGAJgGALgGAMEGAAAAAAAA8D_QBu6PAdoGFgoQETcRAbAQABgA4AYB8gYCCACABwGIBwCgBwGqBwwxNDAzODExMzA0NzbIB7PYBdIHDQkuNQAM2gcGCAk-ZAcA6gcCCADwB-fZAooIAhAAlQgAAIA_mAgB&s=5ace3b99a3530f7fc2e3ac321a4907c0c6e9c55a&bdref=https%3A%2F%2Fkresy.pl%2F&bdtop=true&bdifs=2&bstk=https%3A%2F%2Fkresy.pl%2F,https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Dhcqynxwpr%26e%3D1586314810833,https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Dhcqynxwpr%26e%3D1586314810833&

Requested by

Host: guandads.com
URL: https://guandads.com/r/p.html?f=hcqynxwpr&e=1586314810833

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:28 GMT
AN-X-Request-Uuid: 598a79b3-0c6f-482b-be9c-3519b800dd3f
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 200 adfetch Show response
googleads.g.doubleclick.net/pagead/ Frame 9940 99 KB
34 KB 117ms
116ms XHR
text/html 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adfetch

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d3d9371f391f9903560f7c55967fe26f0cc514baf4e5bedc9e147a92076f623

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35228
x-xss-protection: 0

GET
H2 200 4.gif
c.evidon.com/a/ Frame D424 43 B
335 B 33ms
33ms Image
image/gif 23.2.214.109
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.evidon.com/a/4.gif
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/durly.js?;coid=1267;nid=153615;ad_w=300;ad_h=250
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.2.214.109 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-214-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: de3a7ca2f8ae592aae2652335b755b0d0b65df663dda8776387cae7339b76d64

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: gzip
last-modified: Thu, 15 Apr 2010 17:07:29 GMT
server: AkamaiNetStorage
etag: "65786c291a4603aa5150a1884452838d:1271351254"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: image/gif
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
cache-control: max-age=432000
accept-ranges: bytes
access-control-allow-headers: *
content-length: 53

GET
H2 200 ba.js Show response
c.evidon.com/geo/ Frame D424 41 KB
12 KB 31ms
31ms Script
application/x-javascript 23.2.214.109
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/geo/ba.js?r221006
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/durly.js?;coid=1267;nid=153615;ad_w=300;ad_h=250
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.2.214.109 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-214-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: a28b9871dc80175bbb6cbaadf100abc925d5e106f0254c8f8a13d34141d90bfa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: gzip
last-modified: Thu, 06 Oct 2022 20:22:19 GMT
server: AkamaiNetStorage
etag: "1e1cf06df2b98e267c5e511e819fb810:1665087739.27933"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: application/x-javascript
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
cache-control: max-age=86400
accept-ranges: bytes
access-control-allow-headers: *
content-length: 12426

GET
H2 200 4.gif
c.evidon.com/a/ Frame 0ABF 43 B
335 B 34ms
34ms Image
image/gif 23.2.214.109
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.evidon.com/a/4.gif
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/durly.js?;coid=1267;nid=153615;ad_w=300;ad_h=250
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.2.214.109 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-214-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: de3a7ca2f8ae592aae2652335b755b0d0b65df663dda8776387cae7339b76d64

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: gzip
last-modified: Thu, 15 Apr 2010 17:07:29 GMT
server: AkamaiNetStorage
etag: "65786c291a4603aa5150a1884452838d:1271351254"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: image/gif
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
cache-control: max-age=432000
accept-ranges: bytes
access-control-allow-headers: *
content-length: 53

GET
H2 200 ba.js Show response
c.evidon.com/geo/ Frame 0ABF 41 KB
12 KB 35ms
34ms Script
application/x-javascript 23.2.214.109
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/geo/ba.js?r221006
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/durly.js?;coid=1267;nid=153615;ad_w=300;ad_h=250
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.2.214.109 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-214-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: a28b9871dc80175bbb6cbaadf100abc925d5e106f0254c8f8a13d34141d90bfa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: gzip
last-modified: Thu, 06 Oct 2022 20:22:19 GMT
server: AkamaiNetStorage
etag: "1e1cf06df2b98e267c5e511e819fb810:1665087739.27933"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: application/x-javascript
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
cache-control: max-age=86400
accept-ranges: bytes
access-control-allow-headers: *
content-length: 12426

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230104/r20110914/ Frame 85AA 28 KB
11 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230104/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D6Hv1BpIW1gcKhxkYzfa6zYjoXCnSMM_kkCYKSAWoKjLsQqwW7_03zUs-CemDzCDq_TAPYttQDA84BAdzd_u-VIqsZvLQjWAO8Zesb1YzAjxIgLal2gEuGN8Ak-UGdgu_g2r7Apvg_z2N2SVYkjN7jBPktKYcNB0hErHCJ1pfM0o32UGs&cry=1&dbm_d=AKAmf-DLKZQ-UQCA-4ovMToSPUDU_xE3FaRliIbYUNZWm28seFoHmfH7yxbZhWVCDEOZqNKrqbpWisUrVororbkVFRIyopaXE6X-8kJfd-ybum3BnuwyT9gSDywKpqD9IH3QO_AV1JUisqQnWyk5lAmTEyim8en5Cn1OCBJBNX_5_XafvH01t8TEdtVruLWKCEeaKUEymVAMaVo-Mgp78Huf9ir83oHrZHo_PHDSKN0ZTFbEeGohWz2mi6NsFAKOLSWf1veAi6iaiC99a0fETmtpf7c2pxmbaMWGW7dHJvqH0uoPDFjQ_qf79JhVdCaFURm6lphN5odJEl3FSOZqDVi6V-gIhm9qYIgNxE6YTvgaQLcHS4FSlZqRAe_Qy4EedL0GOAzNvdbIffkqBV2ppS9ZeYYPUKD6N4I72eY61YZNrSpcShruVM2pIEggwbaut3afxBlSooxZyiLSJRa1T41BpbiN2KTikgXwEjam10QXriT2_nPrUYwdoTd1QfqglhuT2XGLeQOxvj_jFQ4X87tZxFJQ2t-EwgYyjcRwbo9kqPaA6jXGnQGhHDvXv6eAO6QfmroRN9x3xulqJeqiVLKayy0lYxKsmSOk42PYq6VROHQS7WVReuSfq6Iage3XELvMQOq30lkYWgepKBGWBcjY9Dr-a7QcFHzCChD7UARRX7svbTHJSnwdZypqbLPeclbPCzgqki8sNp7oJOwHxptK7tRDmkJ56b7jp8u3sA9q63xMdekZ-c5tSL6gsdZNTr2RhBdXzgqW50Es_zdQCD-Gqt6AdCLiyfseQxHRs6SCgkLkuu1uusRq9nDPLAab5JLaKXGFXM-k-IIn80wVBl5iSTjEkAzqGfK2bT8IJ7NWw8GwUBHyt2mdtv2_HkX79-2WRokai7oZwjf_2qnKCXa_EIdLrAFUD2pN6FMlcX7p8v1V2YCfzT6IKhlPGu-Qxvqn8Q6tKo-IuapOGeVYfjtiWxHD47ZP8cbYa33_0Vy_NJP-Yr-sBEIM2l8EMeAnoUSYfUVuN9MSBI3EMyZ_U5ifVwYT8tbu-EGVFq5HUuRrhOYhODHTpSael0ARs5U69cLj6h6lAbKOEFIoE0Om5FxuUSnKPF9Cj_qUN3Thi05lWzlea3Ujmbb3m_ROSrp5cLlLQ7EgXj--ErSx0iglr64YZ5Et1PcUGetDUO16HSvjG-mEnZKKFksDrVj8wtE-cOJIstkXhD_wIPRvQGCIwgo9xi3bnogogKA7DcPVncY8w-GvjqNUb3NXERLAVx1l23r9xjrykwbtxY7yCTamUaYw2YjRSaqDMTJUoSqyD7y3ZdXQY28DlCPZ-_GuU1xnONMdazqYlQXbrA-pfv_mYSvXj1JGIXMEGuWRcYOSNXAPSuL4uC4oEsVpovHXwol3uETToWLud8jkBnVu9TrmkE-lYysB24195RMLXCqraYdU8PT2jWSJMUvQhnw2rYIzBVd3KKALH-2svctbvEPtwe_McEKM21a2K8H-DtrTW9v6zNRAV2FauIj8M4uECIJws_P-kWnk_Vov_AJNQrbfrG4UkrP0ezqpW9OZPM8RDxXPWF_QMairoCXRMc1cFvLT0E57GTB-dUG9wHlIwVHZkoxk5iSH_yZYq8xVb85Ja5rA3A0Jc1LmkWA-wvBhNXBSkReDWTkADtqNILnXR8gh-ai438ob3-fy2uvaHrW_3F3XVvF20h_aXDJM7pWh7Z2jIVXVqcU2HmvKLSE6L6PUOPmuC1UW9RNX8nuqN5G3e_9O65TSN_bfRKfvf1I161exumOq9JP3DGsitofKInCPwxQDoYBEm-SjUnJGUywG3Pv-SF5Rr8D5LNqLwGuGkG4tcX9h0qZ8qZSQu9yxPjYJAl3_DJcRzQhKNpd74MP-7RqyBzrvWh8YLvBUUz1SClRmoKJyLfXgXq4Zo8ZIc8jm6yQ_CQY--2K4eoY0kJ5cjVSL_3pIoNSSfxwr_lWUckjsNeV1NF2rpArPwG1TfAV0CxYd2ZAASvU5kxRpa690c0RJ3T8k3GkXbARKIWyNu_2Zn7f_Vb7y5Dqy49dfkUJTOn13htYD4P8l2Q0EWyCy6rmaAZ1_j3P5GynTvRozHlfOhgurTIhePKhc3G1z5fQPhZ-8Chml-c-lbx-6VZPzqlqMpw4GUNm0tPX_U0_Bbk62D41MOcuT8UYfiuvdYqeCwxiRzEAspF23L7SoLCerPbRT74zAVofwI68aEcSvHJ62M73CXmsMRmrOndBierTUUCjsLycHnJnE42H3RJJD2GQPo_4KVzA81I6KD7tiYMj_tr1Z5RsUF7IpzcmvutPGnHSdgHXuZTud1TltAmz2Jf7vndn-5QCCagSFBu4Ifan2A0-ob_q-CBqLhn1MGT-8_OGf7vepopqZekv98y7GDGLMW9YR6nvL63bIMxNceWojes-GPLiGz3iayWQtavwhOcoZCYwJkIMg6XPz7asjNbzd0zRq81og149DKAH4B6UzyxCJu17RovtFO5Ysq62wOpRnalJlQeiZY_1iw88GOPvRMZWAJeWTdvP6-NSrIi5OFT0tNh2vECbvljfDSC8m-0vEoB2zbjEm8-djFQkYnaipvR2SBZIG_sR1RK0o13KyUNHoGnRwC-ltqNOVwpd5lpA_E_dOoMev_ELuGsjXze5Xsjy0UYkDu1zz_yTD5-GnenGqKsmVc9v6sUyozP-ibhMu900vy5Ir3mja0m1PBbffTh9U4uJ3dlYJ6sslhNim3rTK8N_GaoPkD7loOFSIVKnKnbp7WmFjO_A_un9WOktcIurojLli3nMJA6-ltgnLqVAaPUZVS3v0bo-Ig2h6x1qWPFj5Rl7y00uAPZNcQ4vSbo2my7MoMNVKtX69oAi-seD7ixghgsQrbyMKIv49qb09stMUMtaAaAlLMH3XWO_8ji8brpHlAST5L6FGddXBnHBqfNlKaAeuRPn-9Tsiz9ZSeUknYbZECMoO4wyLqdP9lIlmbmqQH-YIi0Yj360tAOTxlIZpflhwDMVs_9fcxqnJTEtFcRjFlXnswGdWINOXTatvEDPElvg467wZ7QiC2pjmKP2ZWTI4y2odsoVWHKhH7Jd9HzSqX42ultOW5Vi9EV15cNWbewOdZDiEdqZPvsDYdfnLK0kaW8lxlzSAfJQQaPNOHiqmbRToM42PI7eLueqVRLXSvRSuXoMONQHwgoFDxMei2TemgHxz1RtwYxrHfrutje4qg9omMOj_dsTR6wqZ3znmQYrVgMGKnkEJWEuFzwle2oUBkRjqkS28HB3sRoKJ81hTpsrIJyMnukpjvQjPZx6lyKYSFc74dtSI8IguSY0Lo-trYZbCVjPmP5LMYp3QPRsoSbk4-wVaYOkwl1qDfD3Xun7oCqqvo6SEiiNyNf8Vhtv8shQTbe7ceYSOCaAPuUMbAAFxbANXCojT_5VllgrnZ6G_RElyZNl_IYOKY6JzwEsICqq_z1vZ6kfRbQpKRL_1WuWdbuAAK5Rt8jTaMaaLVkQZGnM5pPLH4lQRUgd-Tb6zSvarMTld1Jba353J2TyPIw&cid=CAQSGwDq26N92x_8tYBwdDqfKEkGKpWLhWzJ5TvHxRgBIAo&rfl=2%2Chttps%253A%252F%252Fkresy.pl%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6dc0e3aead945b6160bc87da5f4d8fbb043dde5d0bece2aa426fa01895c9e358

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 01:38:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35127
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10849
x-xss-protection: 0
server: cafe
etag: 7485935580621256062
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 22 Jan 2023 01:38:01 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 85AA 156 KB
48 KB 79ms
38ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e7e65f5432de604cdf476d9ad55a2af5a933c715c639e4c36847023a3446f1ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48907
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1672933789069018"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 08 Jan 2023 11:23:29 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230104/r20110914/elements/html/ Frame 85AA 8 KB
3 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230104/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 01:37:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35138
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 22 Jan 2023 01:37:50 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 85AA 0
0 201ms
55ms Fetch
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssx5UU4pYHkcfKqtj6XvNLNpP1fHBObfQ4O6qIz_rxenMMgG081r8NEW-fJtZ6RU5-iS3izl0e89GXuhgVU_8gdUwBHKYuOeN4e3CImrx__3HZCG_RMKRCvFWjcWFCzNgXX3p8&sai=AMfl-YSF_1NPBig5l_2nx8kX_WAw_swL1UTHPlTuPZPXCHvrjzH4YN0BIp1ucz_rtnEfDo04-2Zm_ojglQ1uUchdZQ&sig=Cg0ArKJSzPOPeq53kKfZEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20230104.16736&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 08 Jan 2023 11:23:29 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 85AA 41 KB
15 KB 164ms
24ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 06 Jan 2023 22:28:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 132906
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Jan 2024 22:28:23 GMT

GET
H2 200 15226198413995535885
s0.2mdn.net/simgad/ Frame 85AA 128 KB
128 KB 165ms
20ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/15226198413995535885

Requested by

Host: guandads.com
URL: https://guandads.com/r/p.html?f=runvt&e=1250011214715

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a82d78a7fdaece20ceebee19121e6442cbd352153c0cca236efa6c63492a636f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 22:01:23 GMT
x-content-type-options: nosniff
age: 48126
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 130850
x-xss-protection: 0
last-modified: Thu, 22 Dec 2022 12:59:23 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 07 Jan 2024 22:01:23 GMT

GET
H2 200 env
track.scoota.co/ Frame 5C97 42 B
123 B 42ms
42ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/env?ts=1673177008945&bid_id=2207446029686697550&delivery_id=db5e5970-dd4f-405f-b471-8d265112bec7&placement_id=31880&ssp=appnexus_10264&environment_type=access&environment_name=local
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=hwvfnqo&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 798cd0517967015a6941229b5eff1b38
date: Sun, 08 Jan 2023 11:23:28 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 env
track.scoota.co/ Frame 5C97 42 B
123 B 43ms
43ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/env?ts=1673177008945&bid_id=2207446029686697550&delivery_id=db5e5970-dd4f-405f-b471-8d265112bec7&placement_id=31880&ssp=appnexus_10264&environment_type=serving&environment_name=iframe
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=hwvfnqo&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 42a0703f391ee2c3884df8dd6dffaad1
date: Sun, 08 Jan 2023 11:23:28 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 3fff7be8725b4f55d65f.1.js Show response
assets.scoota.co/serving/31880/ Frame 5C97 2 KB
1 KB 22ms
21ms Script
application/javascript 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31880/3fff7be8725b4f55d65f.1.js?placement_id=31880
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=2207446029686697550&delivery_id=db5e5970-dd4f-405f-b471-8d265112bec7&domain=kresy.pl&cachebuster=122896422&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008756&ts=1673177008756&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008756
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 955696319cd574b432a5a7c91fcd831f4019438e0190360df97d80a4ba72d423

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:14 GMT
content-encoding: gzip
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
last-modified: Tue, 03 Jan 2023 14:53:54 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 84075
etag: W/"4ea5b44cc90c279b74d49cd29b27a261"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: viLPq6tfhyEOFZX9bkf58rLh21kua9AiZFgDVBoviHXub_NNejpDwQ==

GET
H2 200 12.json Show response
assets.scoota.co/creative/manifests/hoy4lk3/ Frame 5C97 4 KB
1 KB 22ms
20ms XHR
application/json 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/creative/manifests/hoy4lk3/12.json?placement_id=31880
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=2207446029686697550&delivery_id=db5e5970-dd4f-405f-b471-8d265112bec7&domain=kresy.pl&cachebuster=122896422&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008756&ts=1673177008756&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008756
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 881fe15e3ca0d042c4f4cd33a54368fd5967f823caa3dcc54bdc2e40e882d5a4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:28 GMT
content-encoding: gzip
via: 1.1 cae542650fb32c773cc494fc6e7e71e6.cloudfront.net (CloudFront)
last-modified: Wed, 14 Dec 2022 18:55:53 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 84075
etag: W/"87370df37edadf2fd3ebd30b8a7c8160"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: Qy5vnEKwn8EyXJHOFbKxUgczsMOmd_HnP6DBOLEsk5LQjuWFt1AJ2A==

GET
H/1.1 204
No Content visit.jpg
tps.doubleverify.com/ Frame 5C97 0
162 B 163ms
30ms Image
text/plain 34.149.12.213
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tps.doubleverify.com/visit.jpg?ctx=3758893&cmp=28820081&sid=6603073&plc=354377800&adsrv=1&btreg=&btadsrv=&crt=&tagtype=&dvtagver=6.1.img&
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=2207446029686697550&delivery_id=db5e5970-dd4f-405f-b471-8d265112bec7&domain=kresy.pl&cachebuster=122896422&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008756&ts=1673177008756&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008756
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.12.213 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 213.12.149.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:29 GMT
Cache-Control: max-age=0
Connection: keep-alive
Expires: 01/07/2023 11:23:29

GET
H2 200 view
track.scoota.co/ Frame 5C97 42 B
123 B 41ms
40ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/view?ts=1673177008947&bid_id=2207446029686697550&delivery_id=db5e5970-dd4f-405f-b471-8d265112bec7&placement_id=31880&ssp=appnexus_10264
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=hwvfnqo&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: f4e3fc136a5627b23a322bfb454860f6
date: Sun, 08 Jan 2023 11:23:28 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H3

200

B28820081.354377800;dc_pre=CLv-j4rut_wCFVm4ewod2CMDmw;dc_trk_aid=545270457;dc_trk_cid=183240913;ord=1673177008947;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_cons...
ad.doubleclick.net/ddm/trackimp/N1153793.3855423HYBRIDTHEORY/ Frame 5C97
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N1153793.3855423HYBRIDTHEORY/B28820081.354377800;dc_trk_aid=545270457;dc_trk_cid=183240913;ord=1673177008947;dc_lat=;dc_rdid=;tag_for_child_directed_treatmen...
https://ad.doubleclick.net/ddm/trackimp/N1153793.3855423HYBRIDTHEORY/B28820081.354377800;dc_pre=CLv-j4rut_wCFVm4ewod2CMDmw;dc_trk_aid=545270457;dc_trk_cid=183240913;ord=1673177008947;dc_lat=;dc_rdi...

42 B
65 B

58ms
42ms

Image
image/gif

142.250.181.230
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N1153793.3855423HYBRIDTHEORY/B28820081.354377800;dc_pre=CLv-j4rut_wCFVm4ewod2CMDmw;dc_trk_aid=545270457;dc_trk_cid=183240913;ord=1673177008947;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ltd=?

Requested by

Host: guandads.com
URL: https://guandads.com/r/p.html?f=hwvfnqo&e=1586314810833

Protocol

Server

142.250.181.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:28 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad.doubleclick.net/ddm/trackimp/N1153793.3855423HYBRIDTHEORY/B28820081.354377800;dc_pre=CLv-j4rut_wCFVm4ewod2CMDmw;dc_trk_aid=545270457;dc_trk_cid=183240913;ord=1673177008947;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ltd=?
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 env
track.scoota.co/ Frame 5C97 42 B
123 B 41ms
41ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/env?ts=1673177008948&bid_id=2207446029686697550&delivery_id=db5e5970-dd4f-405f-b471-8d265112bec7&placement_id=31880&ssp=appnexus_10264&runtime_version=19.5.1&placement_version=1&referer_initial=https%3A%2F%2Fkresy.pl%2F
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=hwvfnqo&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 73ed20be7b0f2fe98f42b4ba2d4f1d24
date: Sun, 08 Jan 2023 11:23:28 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
DATA 200
OK truncated
/ Frame 124C 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e1b4320ebe529057a2d44d4da1ab9cfd5f41c53d0287c0710b852737f3730d82

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 200 adfetch Show response
googleads.g.doubleclick.net/pagead/ Frame B8BA 83 KB
33 KB 101ms
100ms XHR
text/html 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adfetch

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

412c87761949b5617d6e60ecce2c0123ac80b61659d9e78693716a4f352ac8a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33318
x-xss-protection: 0

GET
DATA 200
OK truncated
/ 643 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 059c45fadebd86e27405b0d5a65e992aaaae8f7a3d2b84427ccd490ccb4ee651

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 h1dYGoOUVZ.jpg
cdn.webpushr.com/wordpressimages/ 44 KB
45 KB 170ms
169ms Image
image/jpeg 138.68.13.4
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.webpushr.com/wordpressimages/h1dYGoOUVZ.jpg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 138.68.13.4 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: a075f70fded517fd0e6d19d0d3211391cf19706633eb386eee5dfce5e80258b8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
last-modified: Sun, 08 Jan 2023 10:21:54 GMT
server: nginx/1.16.1
etag: "63ba9942-b152"
content-type: image/jpeg
access-control-allow-origin: *
x-gg-cache-status: HIT
accept-ranges: bytes
content-length: 45394

GET
H2 200 26a1.svg
s.w.org/images/core/emoji/14.0.0/svg/ 451 B
684 B 110ms
19ms Image
image/svg+xml 192.0.77.48
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.w.org/images/core/emoji/14.0.0/svg/26a1.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

s.w.org

Software

nginx /

Resource Hash

d3a6d0c18f6887f771aa3cd51db375e7a9588e1af63801cc100cd9bcc5bccaac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sun, 08 Jan 2023 11:23:29 GMT
x-content-type-options: nosniff
last-modified: Tue, 12 Apr 2022 03:53:44 GMT
server: nginx
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, HEAD
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 451
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 153615.js Show response
c.evidon.com/a/n/1267/ Frame 5C97 3 KB
1 KB 28ms
28ms Script
application/x-javascript 23.2.214.109
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/a/n/1267/153615.js
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/geo/ba.js?r221006
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.2.214.109 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-214-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 94e8b99f224b394ce1a5031b2f1742c551f635eed13a813716a475d8275f46c5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
content-encoding: gzip
last-modified: Thu, 08 Oct 2020 14:46:33 GMT
server: AkamaiNetStorage
etag: "6824cb2ff4568d14eda7aff13744195c:1602168393.36391"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: application/x-javascript
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
cache-control: max-age=600
accept-ranges: bytes
access-control-allow-headers: *
content-length: 867

GET
H2 200 env
track.scoota.co/ Frame D424 42 B
124 B 48ms
47ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/env?ts=1673177009008&bid_id=7202460214858058873&delivery_id=3fdc4e55-f72c-4b5f-87e0-94ccff97d0e9&placement_id=31881&ssp=appnexus_10264&environment_type=access&environment_name=local
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=xebwvxkv&e=1250011214715
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 6f7b493b638b416ba7773863b339496c
date: Sun, 08 Jan 2023 11:23:29 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 env
track.scoota.co/ Frame D424 42 B
122 B 48ms
48ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/env?ts=1673177009008&bid_id=7202460214858058873&delivery_id=3fdc4e55-f72c-4b5f-87e0-94ccff97d0e9&placement_id=31881&ssp=appnexus_10264&environment_type=serving&environment_name=iframe
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=xebwvxkv&e=1250011214715
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 85c10f4bdc52101c55082c8d5caecbc3
date: Sun, 08 Jan 2023 11:23:29 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 553318563c80587d408e.1.js Show response
assets.scoota.co/serving/31881/ Frame D424 2 KB
1 KB 21ms
21ms Script
application/javascript 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31881/553318563c80587d408e.1.js?placement_id=31881
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=7202460214858058873&delivery_id=3fdc4e55-f72c-4b5f-87e0-94ccff97d0e9&domain=kresy.pl&cachebuster=985648012&event=serve&placement_id=31881&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008795&ts=1673177008795&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31881%2Fplacement.js%3Fts%3D1673177008795
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 28c8390954a2d8b9c56bc487aaa483654f95de53774f768f5f71f9f696747763

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:35 GMT
content-encoding: gzip
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
last-modified: Tue, 03 Jan 2023 14:53:53 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 84110
etag: W/"977ea8c5097efe5364395fb0b1769a7c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: 8r7JyH5SL9WHkEWuXtQoJmsweMGK_i3JIc-MiDMNc4BsMKbXahVWXA==

GET
H2 200 17.json Show response
assets.scoota.co/creative/manifests/oet0lk2/ Frame D424 5 KB
1 KB 21ms
21ms XHR
application/json 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/creative/manifests/oet0lk2/17.json?placement_id=31881
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=7202460214858058873&delivery_id=3fdc4e55-f72c-4b5f-87e0-94ccff97d0e9&domain=kresy.pl&cachebuster=985648012&event=serve&placement_id=31881&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008795&ts=1673177008795&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31881%2Fplacement.js%3Fts%3D1673177008795
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 529ef3ccb612c290f158a145e690b46ec44ac05cb500a03af084e2783e5a7b9b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 04:24:39 GMT
content-encoding: gzip
via: 1.1 cae542650fb32c773cc494fc6e7e71e6.cloudfront.net (CloudFront)
last-modified: Wed, 14 Dec 2022 18:14:14 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 25131
etag: W/"07c2edac11a4a41a4836a5a8fa344325"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: d4EJwp2GPz0trUM2UNfXEpe1xPjvWUa1hsC6LEfDFGKpK3JNouaBIg==

GET
H/1.1 204
No Content visit.jpg
tps.doubleverify.com/ Frame D424 0
162 B 101ms
31ms Image
text/plain 34.149.12.213
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tps.doubleverify.com/visit.jpg?ctx=3758893&cmp=28820081&sid=6603073&plc=354377800&adsrv=1&btreg=&btadsrv=&crt=&tagtype=&dvtagver=6.1.img&
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=7202460214858058873&delivery_id=3fdc4e55-f72c-4b5f-87e0-94ccff97d0e9&domain=kresy.pl&cachebuster=985648012&event=serve&placement_id=31881&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008795&ts=1673177008795&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31881%2Fplacement.js%3Fts%3D1673177008795
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.12.213 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 213.12.149.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:29 GMT
Cache-Control: max-age=0
Connection: keep-alive
Expires: 01/07/2023 11:23:29

GET
H2 200 view
track.scoota.co/ Frame D424 42 B
123 B 47ms
46ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/view?ts=1673177009010&bid_id=7202460214858058873&delivery_id=3fdc4e55-f72c-4b5f-87e0-94ccff97d0e9&placement_id=31881&ssp=appnexus_10264
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=xebwvxkv&e=1250011214715
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: e1854f3ca2ad612b75e39e976383aa88
date: Sun, 08 Jan 2023 11:23:29 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H3

200

B28820081.354377800;dc_pre=CMDTlorut_wCFWiTdwodxwYJBw;dc_trk_aid=545270457;dc_trk_cid=183240913;ord=1673177009010;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_cons...
ad.doubleclick.net/ddm/trackimp/N1153793.3855423HYBRIDTHEORY/ Frame D424
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N1153793.3855423HYBRIDTHEORY/B28820081.354377800;dc_trk_aid=545270457;dc_trk_cid=183240913;ord=1673177009010;dc_lat=;dc_rdid=;tag_for_child_directed_treatmen...
https://ad.doubleclick.net/ddm/trackimp/N1153793.3855423HYBRIDTHEORY/B28820081.354377800;dc_pre=CMDTlorut_wCFWiTdwodxwYJBw;dc_trk_aid=545270457;dc_trk_cid=183240913;ord=1673177009010;dc_lat=;dc_rdi...

42 B
63 B

49ms
47ms

Image
image/gif

142.250.181.230
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N1153793.3855423HYBRIDTHEORY/B28820081.354377800;dc_pre=CMDTlorut_wCFWiTdwodxwYJBw;dc_trk_aid=545270457;dc_trk_cid=183240913;ord=1673177009010;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ltd=?

Requested by

Host: guandads.com
URL: https://guandads.com/r/p.html?f=xebwvxkv&e=1250011214715

Protocol

Server

142.250.181.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:29 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad.doubleclick.net/ddm/trackimp/N1153793.3855423HYBRIDTHEORY/B28820081.354377800;dc_pre=CMDTlorut_wCFWiTdwodxwYJBw;dc_trk_aid=545270457;dc_trk_cid=183240913;ord=1673177009010;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ltd=?
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 env
track.scoota.co/ Frame D424 42 B
124 B 45ms
45ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/env?ts=1673177009010&bid_id=7202460214858058873&delivery_id=3fdc4e55-f72c-4b5f-87e0-94ccff97d0e9&placement_id=31881&ssp=appnexus_10264&runtime_version=19.5.1&placement_version=1&referer_initial=https%3A%2F%2Fkresy.pl%2F
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=xebwvxkv&e=1250011214715
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 361893ddb828468f77b837a2fbfe1dfe
date: Sun, 08 Jan 2023 11:23:29 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 0cdb1bbf3bd2202e0841.1.js Show response
assets.scoota.co/serving/31880/ Frame BC77 20 KB
7 KB 23ms
22ms Script
application/javascript 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31880/0cdb1bbf3bd2202e0841.1.js?placement_id=31880
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=8666453536827556983&delivery_id=5f6e1fb6-b0ed-4657-b676-7fb29b5006ae&domain=kresy.pl&cachebuster=1600130912&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008584&ts=1673177008584&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008584
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 529f379c0603cf67345295a28ed81a391f9ee4d6539a12dda9006218a6c7ea4e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:14 GMT
content-encoding: gzip
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
last-modified: Tue, 03 Jan 2023 14:53:54 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 84076
etag: W/"3b33339ebee2852fbcd21940fef4f54a"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: 68TgrsisUx3UYoxYALY8kuRtF6_Xb7DaWc-4liJZD2VjT2oxyvTeTw==

GET
H2 200 89812b76af29bc5f27a6.1.js Show response
assets.scoota.co/serving/31880/ Frame BC77 53 KB
17 KB 23ms
23ms Script
application/javascript 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31880/89812b76af29bc5f27a6.1.js?placement_id=31880
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=8666453536827556983&delivery_id=5f6e1fb6-b0ed-4657-b676-7fb29b5006ae&domain=kresy.pl&cachebuster=1600130912&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008584&ts=1673177008584&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008584
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0aac96f25dce7953a47fb6b4c096634eef3ff12a1daf057e331933dc418aa4b4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:14 GMT
content-encoding: gzip
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
last-modified: Tue, 03 Jan 2023 14:53:54 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 84076
etag: W/"35a3d6a8928d937c1f71163827a9509f"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: EH18hhSBX3wAQd4SPnMAxMD0GHYE0d8YZQ-lL6cagWE0uTiEWn7Gsg==

GET
H2 200 e82b3284352589468355.1.js Show response
assets.scoota.co/serving/31880/ Frame BC77 771 B
1 KB 24ms
23ms Script
application/javascript 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31880/e82b3284352589468355.1.js?placement_id=31880
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=8666453536827556983&delivery_id=5f6e1fb6-b0ed-4657-b676-7fb29b5006ae&domain=kresy.pl&cachebuster=1600130912&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008584&ts=1673177008584&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008584
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c9f3f1de749ebdc661397061a1d8c0680bc294c67d3da4ac3b96f731b7f3a6ba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:14 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 84076
x-cache: Hit from cloudfront
content-length: 771
last-modified: Tue, 03 Jan 2023 14:53:54 GMT
server: AmazonS3
etag: "06f022c6c4d7f97d23d19503002dfdf0"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: v2vxFDkZ2Nhc3y_aLQR4GHNtsZP8oZXgbD6JUr9e_7tbHnapCGOi8w==

GET
H2 200 env
track.scoota.co/ Frame 0ABF 42 B
123 B 44ms
44ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/env?ts=1673177009015&bid_id=3605273051021679518&delivery_id=9fb09995-9bdb-4590-9bdc-da93d9cb4c8f&placement_id=31881&ssp=appnexus_10264&environment_type=access&environment_name=local
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=dtbuvkzau&e=1250011214715
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: bddcedb0c1dc4c4c412cf74d4c29e18d
date: Sun, 08 Jan 2023 11:23:29 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 env
track.scoota.co/ Frame 0ABF 42 B
123 B 44ms
44ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/env?ts=1673177009015&bid_id=3605273051021679518&delivery_id=9fb09995-9bdb-4590-9bdc-da93d9cb4c8f&placement_id=31881&ssp=appnexus_10264&environment_type=serving&environment_name=iframe
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=dtbuvkzau&e=1250011214715
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 19df6d5679f459ce565bf90edc621e40
date: Sun, 08 Jan 2023 11:23:29 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 553318563c80587d408e.1.js Show response
assets.scoota.co/serving/31881/ Frame 0ABF 2 KB
1 KB 24ms
24ms Script
application/javascript 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31881/553318563c80587d408e.1.js?placement_id=31881
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=3605273051021679518&delivery_id=9fb09995-9bdb-4590-9bdc-da93d9cb4c8f&domain=kresy.pl&cachebuster=2070341175&event=serve&placement_id=31881&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008799&ts=1673177008799&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31881%2Fplacement.js%3Fts%3D1673177008799
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 28c8390954a2d8b9c56bc487aaa483654f95de53774f768f5f71f9f696747763

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:35 GMT
content-encoding: gzip
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
last-modified: Tue, 03 Jan 2023 14:53:53 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 84110
etag: W/"977ea8c5097efe5364395fb0b1769a7c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: 01zAb3zGVURn0ZXnboO3ABZUDPya5-6vFS3_LbcYcncFTFn6yZR1mg==

GET
H2 200 17.json Show response
assets.scoota.co/creative/manifests/oet0lk2/ Frame 0ABF 5 KB
1 KB 25ms
23ms XHR
application/json 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/creative/manifests/oet0lk2/17.json?placement_id=31881
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=3605273051021679518&delivery_id=9fb09995-9bdb-4590-9bdc-da93d9cb4c8f&domain=kresy.pl&cachebuster=2070341175&event=serve&placement_id=31881&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008799&ts=1673177008799&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31881%2Fplacement.js%3Fts%3D1673177008799
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 529ef3ccb612c290f158a145e690b46ec44ac05cb500a03af084e2783e5a7b9b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 04:24:39 GMT
content-encoding: gzip
via: 1.1 cae542650fb32c773cc494fc6e7e71e6.cloudfront.net (CloudFront)
last-modified: Wed, 14 Dec 2022 18:14:14 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 25131
etag: W/"07c2edac11a4a41a4836a5a8fa344325"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: oBivXLjaSJ_Ur6xo64uy4646SAJxbXOIyNasSBCtwPsp1CfnnIssrQ==

GET
H/1.1 204
No Content visit.jpg
tps.doubleverify.com/ Frame 0ABF 0
162 B 95ms
32ms Image
text/plain 34.149.12.213
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tps.doubleverify.com/visit.jpg?ctx=3758893&cmp=28820081&sid=6603073&plc=354377800&adsrv=1&btreg=&btadsrv=&crt=&tagtype=&dvtagver=6.1.img&
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=3605273051021679518&delivery_id=9fb09995-9bdb-4590-9bdc-da93d9cb4c8f&domain=kresy.pl&cachebuster=2070341175&event=serve&placement_id=31881&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008799&ts=1673177008799&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31881%2Fplacement.js%3Fts%3D1673177008799
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.12.213 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 213.12.149.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:29 GMT
Cache-Control: max-age=0
Connection: keep-alive
Expires: 01/07/2023 11:23:29

GET
H2 200 view
track.scoota.co/ Frame 0ABF 42 B
123 B 51ms
48ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/view?ts=1673177009017&bid_id=3605273051021679518&delivery_id=9fb09995-9bdb-4590-9bdc-da93d9cb4c8f&placement_id=31881&ssp=appnexus_10264
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=dtbuvkzau&e=1250011214715
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: fc4d7590fe1993159e020de40b6a660d
date: Sun, 08 Jan 2023 11:23:29 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H3

200

B28820081.354377800;dc_pre=CJ_Ulorut_wCFfLhuwgdTuANdQ;dc_trk_aid=545270457;dc_trk_cid=183240913;ord=1673177009017;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_cons...
ad.doubleclick.net/ddm/trackimp/N1153793.3855423HYBRIDTHEORY/ Frame 0ABF
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N1153793.3855423HYBRIDTHEORY/B28820081.354377800;dc_trk_aid=545270457;dc_trk_cid=183240913;ord=1673177009017;dc_lat=;dc_rdid=;tag_for_child_directed_treatmen...
https://ad.doubleclick.net/ddm/trackimp/N1153793.3855423HYBRIDTHEORY/B28820081.354377800;dc_pre=CJ_Ulorut_wCFfLhuwgdTuANdQ;dc_trk_aid=545270457;dc_trk_cid=183240913;ord=1673177009017;dc_lat=;dc_rdi...

42 B
63 B

51ms
49ms

Image
image/gif

142.250.181.230
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N1153793.3855423HYBRIDTHEORY/B28820081.354377800;dc_pre=CJ_Ulorut_wCFfLhuwgdTuANdQ;dc_trk_aid=545270457;dc_trk_cid=183240913;ord=1673177009017;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ltd=?

Requested by

Host: guandads.com
URL: https://guandads.com/r/p.html?f=dtbuvkzau&e=1250011214715

Protocol

Server

142.250.181.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:29 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad.doubleclick.net/ddm/trackimp/N1153793.3855423HYBRIDTHEORY/B28820081.354377800;dc_pre=CJ_Ulorut_wCFfLhuwgdTuANdQ;dc_trk_aid=545270457;dc_trk_cid=183240913;ord=1673177009017;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ltd=?
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 env
track.scoota.co/ Frame 0ABF 42 B
123 B 52ms
49ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/env?ts=1673177009018&bid_id=3605273051021679518&delivery_id=9fb09995-9bdb-4590-9bdc-da93d9cb4c8f&placement_id=31881&ssp=appnexus_10264&runtime_version=19.5.1&placement_version=1&referer_initial=https%3A%2F%2Fkresy.pl%2F
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=dtbuvkzau&e=1250011214715
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 214f6828ab21b08ebbc94ad63d06aa6e
date: Sun, 08 Jan 2023 11:23:29 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 0cdb1bbf3bd2202e0841.1.js Show response
assets.scoota.co/serving/31880/ Frame 55AC 20 KB
7 KB 24ms
22ms Script
application/javascript 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31880/0cdb1bbf3bd2202e0841.1.js?placement_id=31880
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=1951772018706946693&delivery_id=a4063513-e4df-4114-b27e-eb96b5221ee8&domain=kresy.pl&cachebuster=279801505&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008550&ts=1673177008550&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008550
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 529f379c0603cf67345295a28ed81a391f9ee4d6539a12dda9006218a6c7ea4e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:14 GMT
content-encoding: gzip
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
last-modified: Tue, 03 Jan 2023 14:53:54 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 84076
etag: W/"3b33339ebee2852fbcd21940fef4f54a"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: CmQV1c75tXu7bg31tHJgJgIVleqHxC8Q4luS1dFuL8FHSapn4JVEkA==

GET
H2 200 89812b76af29bc5f27a6.1.js Show response
assets.scoota.co/serving/31880/ Frame 55AC 53 KB
17 KB 26ms
24ms Script
application/javascript 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31880/89812b76af29bc5f27a6.1.js?placement_id=31880
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=1951772018706946693&delivery_id=a4063513-e4df-4114-b27e-eb96b5221ee8&domain=kresy.pl&cachebuster=279801505&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008550&ts=1673177008550&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008550
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0aac96f25dce7953a47fb6b4c096634eef3ff12a1daf057e331933dc418aa4b4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:14 GMT
content-encoding: gzip
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
last-modified: Tue, 03 Jan 2023 14:53:54 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 84076
etag: W/"35a3d6a8928d937c1f71163827a9509f"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: sCDLwLHlRqUKlU1RJuSJA3DpgGtpWTtwAFfQXgFdcQ1hYKBM547v6w==

GET
H2 200 e82b3284352589468355.1.js Show response
assets.scoota.co/serving/31880/ Frame 55AC 771 B
1 KB 27ms
25ms Script
application/javascript 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31880/e82b3284352589468355.1.js?placement_id=31880
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=1951772018706946693&delivery_id=a4063513-e4df-4114-b27e-eb96b5221ee8&domain=kresy.pl&cachebuster=279801505&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008550&ts=1673177008550&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008550
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c9f3f1de749ebdc661397061a1d8c0680bc294c67d3da4ac3b96f731b7f3a6ba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:14 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 84076
x-cache: Hit from cloudfront
content-length: 771
last-modified: Tue, 03 Jan 2023 14:53:54 GMT
server: AmazonS3
etag: "06f022c6c4d7f97d23d19503002dfdf0"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: xMu2lsupBtbdzNLSdkHDmC7EVTKmpcUU5h60wIgclfxVeipXF-Z9Kg==

GET
H2 200 0cdb1bbf3bd2202e0841.1.js Show response
assets.scoota.co/serving/31880/ Frame 3382 20 KB
7 KB 28ms
27ms Script
application/javascript 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31880/0cdb1bbf3bd2202e0841.1.js?placement_id=31880
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=7379796288815871095&delivery_id=fad5fb22-6ac2-4ccf-97ea-6eb12e46c096&domain=kresy.pl&cachebuster=671432163&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008606&ts=1673177008606&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008606
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 529f379c0603cf67345295a28ed81a391f9ee4d6539a12dda9006218a6c7ea4e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:14 GMT
content-encoding: gzip
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
last-modified: Tue, 03 Jan 2023 14:53:54 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 84076
etag: W/"3b33339ebee2852fbcd21940fef4f54a"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: zOsQp3T3-qQ9tNijSnVvXnc4TPAtqNXuWi2rk3IPwCxxtl2RqOhHIw==

GET
H2 200 89812b76af29bc5f27a6.1.js Show response
assets.scoota.co/serving/31880/ Frame 3382 53 KB
17 KB 30ms
29ms Script
application/javascript 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31880/89812b76af29bc5f27a6.1.js?placement_id=31880
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=7379796288815871095&delivery_id=fad5fb22-6ac2-4ccf-97ea-6eb12e46c096&domain=kresy.pl&cachebuster=671432163&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008606&ts=1673177008606&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008606
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0aac96f25dce7953a47fb6b4c096634eef3ff12a1daf057e331933dc418aa4b4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:14 GMT
content-encoding: gzip
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
last-modified: Tue, 03 Jan 2023 14:53:54 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 84076
etag: W/"35a3d6a8928d937c1f71163827a9509f"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: NjaswkXSsSEreYM-UkOWCphOntxcjjHakV6dJfbwLXrEz3N-hMa7BA==

GET
H2 200 e82b3284352589468355.1.js Show response
assets.scoota.co/serving/31880/ Frame 3382 771 B
1 KB 30ms
30ms Script
application/javascript 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31880/e82b3284352589468355.1.js?placement_id=31880
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=7379796288815871095&delivery_id=fad5fb22-6ac2-4ccf-97ea-6eb12e46c096&domain=kresy.pl&cachebuster=671432163&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008606&ts=1673177008606&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008606
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c9f3f1de749ebdc661397061a1d8c0680bc294c67d3da4ac3b96f731b7f3a6ba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:14 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 84076
x-cache: Hit from cloudfront
content-length: 771
last-modified: Tue, 03 Jan 2023 14:53:54 GMT
server: AmazonS3
etag: "06f022c6c4d7f97d23d19503002dfdf0"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: Si89Mfd-zIXS7CZght3Uif4KPfsqVlqIGbgYHH2u00vIEr7rnzQKVw==

GET
H/1.1 200
OK script.js Show response
acdn.adnxs-simple.com/strikeforce/ Frame B182 122 KB
43 KB 20ms
20ms Script
application/javascript 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs-simple.com/strikeforce/script.js
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 336e9badb32b4ce8c15616c6001d6a21640864ddbcfad231b9ed5dce1a323134

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Expires: Thu, 15 Dec 2022 04:54:10 GMT
Date: Sun, 08 Jan 2023 11:23:29 GMT
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Age: 23310
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 43824
X-Served-By: cache-lga13622-LGA, cache-hhn-etou8220081-HHN
Last-Modified: Tue, 13 Dec 2022 17:30:57 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Timer: S1673177009.035819,VS0,VE0
ETag: W/"6398b6d1-1e79f"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=86402
Accept-Ranges: bytes
X-Cache-Hits: 3, 57979

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame B182 42 B
63 B 124ms
124ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BewldtFWd-JzurNAvKuvXn7vTMvuOY_1CNWS9Y3YMkRrW9f5zG6XTn1TW7xNVMAKTMb6UDCP5QQxHainSap0hCHaPlRHCWKNryj_dHPuqIlfJQcDY

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK trk.js Show response
cdn.adnxs.com/v/s/231/ Frame B182 80 KB
27 KB 24ms
23ms Script
application/x-javascript 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adnxs.com/v/s/231/trk.js
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: a6014f6b98eaeb6078b9e1c953c61f33af95d5f4866d89a416d01b74a0dd6c27

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Expires: Wed, 06 Dec 2023 04:35:13 GMT
Date: Sun, 08 Jan 2023 11:23:29 GMT
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Age: 2875696
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 27455
X-Served-By: cache-lga13620-LGA, cache-hhn-etou8220030-HHN
Last-Modified: Wed, 30 Nov 2022 10:07:25 GMT
Server: AkamaiNetStorage
X-Timer: S1673177009.038682,VS0,VE0
ETag: "48b9fe7fe4120aea6f95a30f505d7b35:1669802845.0694"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *, *
Cache-Control: max-age=31536000
Accept-Ranges: bytes
X-Cache-Hits: 17, 3184551

GET
H/1.1 200
OK it
fra1-ib.adnxs.com/ Frame B182 0
934 B 27ms
26ms Image
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fra1-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252Fkresy.pl%252F&e=wqT_3QKYC_BMmAUAAAMA1gAFAQiwz-qdBhCk48vnw_LSv08YrtKEspaDxZIcKjYJjPM3oRABlz8RzyBw6iTXkj8ZAAAAgOtRyD8hzyBw6iTXkj8pjPMJJNgxAAAAQOF6lD8w4-v0CjiYUEC8CUhlUNbCqsMBWPLTlwFgAGj0-7QBeMuGBoABAYoBA1VTRJIBAQbwVZgBrAKgAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKbhU7qAhFodHRwczovL2tyZXN5LnBsL4ADAIgDAZADAJgDF6ADAaoDiQcK0gZoDSf0rARhZHguZy5kb3VibGVjbGljay5uZXQvcGFnZWFkL2Fkdmlldz9haT1DakY4RnNLZTZZOTZTTk1tRGxnVE81cG5vQ2RlcmthRnVvSW5uOVpzUi1DNFFBU0RtbDlZbFlKV0NnSUNzQjhnQkFxa0NQSk5GQk1yYnNUNm9Bd0hJQTVrRXFnU0NBa19RbTJjaWViVWdsR29KUVdyTkRxbXpWeUNqQUFhc04tTDdOdlc0S1ZVT0E0SU1fU19RTHVxTm5UMENGMXJhRmJXUU5ZTkxSQUpwaTJySmNvS3Z3QlhiWFZITWVhV2tQajBLbUw4TU96T3FHVjhLSDZPQXJtbTQ2bG9nUkY5ck1OQktpOEtvQUtHMEs0UFZ0YzdVRG5TLW5Gb1JFV0I4cjZ3YXJNTU0tMlN1djF1eHBrTkdFRFZGMFdyN0tyb3d4dnZlMFdYUlpZTXRIR2hvU1p0S3ZKMGNNQ2lnWkdIQW9jX2xpM2dFMlR3aVpvSWFkU2p4Q05Scml2RzNFV1BCbUZ2d09oYzNQZmFRTV9rN0dyc3pRVGdid0ExRXhQMW1Zd1U4S1RjNHFLSGQwQ2l0a2tBbWV0dTA5T0lrNEhZOWNlc1lJajlhUWVpTnlfQUxPVlNlSVB6UkpNQUVxSlNoOFlvRTRBUURpQVhrX19lYlFaSUZCZ2dkRUFRWUFaSUZCZ2dkRUFFWUFaSUZCZ2dlRUFFWUFaQUdBYUFHQW9BSDE3dTB4QUdvQjQ3T0c2Z0hrOWdicUFmdWxyRUNxQWYtbnJFQ3FBZWtvN0VDcUFmVnlSdW9CNmEtRzlnSEFQSUhDaERCcndFWWlPdUszUUhTQ0JFSWdPR0FFQkFCR0Y4eUFxb0NPZ0tBUVBJSURtSnBaR1JsY2kwMU56UXpNRFU0Z0FvRXlBc0JzQk9janVZUnlCUGxnOFBnQTlBVEFOZ1RFTmdVQWRBVkFZQVhBYklYQ0FvR0NBQVNBQmdBJnNpZ2g9TEZJZWF4eHBiUkEmdWFjaF9tPVtVQUNIXSZjaWQ9Q0FRU0d3RHEyNk45NXRyNk9FdS16Nkloc0h6YkRxdUs3emw4NXdhbmFCZ0JJQW8mcHI9MTA6JHtBVUNUSU9OX1BSSUNFfRoTNTcyODM4MDM1MTA4ODM1Nzc5NiIJNDA5NjQxMzAyKgc1NjI1MDMzOgk0NjM2NDgxMzbAA6wCyAMA2AOR1lLgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQOMjE3LjExNC4yMTguMjeoBACyBBAIABABGKwCIPoBKAAwADgCuAQAwAQAyAQA2gQCCAHgBAHwBNbCqsMBiAUBmAUAoAWwkc3RvYOXzWvABQDJBQAAAAAAAPA_0gUJCQAAAAAAAAAA2AUB4AUB8AXThQH6BQQIABAAkAYAmAYAuAYAwQYAAAAAAADwP9AGwosB2gYWChAAAAAAAAAAAAAAAAAAAAAAEAAYAOAGAfIGAggAgAcBiAcAoAcBqgcLMTc1MDY4OTM3OTbIB8uGBtIHDQkAAAAAAAAAABAAGADaBwYIABAAGADgBwDqBwIIAPAH59kCiggCEACVCAAAgD-YCAE.&s=83d8590b05bafbe3d9602507f49e051abd6cf46b

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:29 GMT
AN-X-Request-Uuid: e4c88a43-5df7-4769-885c-a0993447d0a8
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK js Show response
tags.mathtag.com/notify/ Frame 1018 2 KB
2 KB 93ms
27ms Script
application/x-javascript 185.29.132.242
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.mathtag.com/notify/js?exch=ruc&s_exch=ruc&id=5aW95q2jLzIzLyAvWlRBelpHUmpObVV0WW1Nd1pTMDBNemRqTFRBd01EQXRNREF3TURBd01EQXdNREF3LzE3NjQ2ODYxMzI3MzY3NjI4NDgvMTEyMDQ0MTQvMTI3ODAzMzYvOS9rNXQyOTRaRGZ2TWtqazA5ZGdBNjFtWDJWOUxNeGp0dWdIdkphczROZVVrLzEvOS8wLzAvMjAzOTIxNi8wLzIxNTU0My8xMjYyMTQyLzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvMTc2NDY4NjEzMjczNjc2Mjg0OC96cmgvMC8xMDQxMC8zOS85OTkvMi8yMDAxOjFiNjA6MjoyMDA6Oi8wLjAwMC8xNjczMTc3MDA4LzE2NzMxODk2MDgvOS8xNzIxMC8/6NphwL_p_XG7tCn-AjBRq9boYX4&nodeid=3753&group=zrh&auctionid=1764686132736762848&pbs_auctionid=1764686132736762848&shardkey=1764686132736762848&sid=12780336&cid=11204414&bp=a_cagefj&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.134.227&3pck=https%3A%2F%2Fbeacon-nf.rubiconproject.com%2Fbeacon%2Fv3%2Ft%2Ffra2%2F0%2F48826c9f-2e22-4293-836d-e96a87629420%2F
Requested by: Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.132.242 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.374.2 /
Resource Hash: 51a3ba4a2f427f07eccb24abfb8171df563653af9edfe2c7528476df13a35c9b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:29 GMT
x-mm-nodeid: 3753
Content-Encoding: gzip
x-mm-bid-request-time: 1673177008
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Connection: close
x-mm-handled-by-owner: true
Last-Modified: Sun, 08 Jan 2023 11:23:28 GMT
Server: MMBD/3.374.2
x-mm-latency: 2 (1)
Content-Type: application/x-javascript; charset=UTF-8
x-mm-dbg: NotCount
Cache-Control: no-cache
x-mm-host: zrh-router-x38, zrh-bidder-x14
x-mm-lag: 1
Expires: Sun, 08 Jan 2023 11:23:28 GMT

GET
H/1.1 200 48826c9f-2e22-4293-836d-e96a87629420
beacon-fra2.rubiconproject.com/beacon/d/ Frame 1018 43 B
354 B 120ms
23ms Image
image/avif 2602:803:c004:200::154
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://beacon-fra2.rubiconproject.com/beacon/d/48826c9f-2e22-4293-836d-e96a87629420?oo=0&accountId=17210&siteId=389854&zoneId=2179160&sizeId=15&e=6A1E40E384DA563B2CF2D090052C7C0ED990ED7CE55E0E1770165FC1E710B0E5DF35831E00058DCC69B4BB85B63C2B0D172DB22D3B21A9B5F9BE169171DE9759222072F6E94301DFB88CD92141EACE04C66F54B23E9F4534DD3DAC11C3136BDEA0629DAD06110F82754EAA6A66776A70772EE3027F51D83B7DF75306E9CD7459F8173AA165278123EBF9ECE22B3579C6F44A47E239EF709F004E2AFDEC2B42FFC3EE653749A6798456C11F42AAC3F49693E1550EAF4E273D

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

2602:803:c004:200::154 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),

Reverse DNS

Software

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:28 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Content-Type: image/avif
Cache-Control: private, max-age=0, no-cache
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block
Expires: 01 Jan 1970 10:00:00 GMT

GET
H/1.1

200
OK

ck-confirm
tags.mathtag.com/ Frame 1018
Redirect Chain

https://tags.mathtag.com/notify/img?exch=ruc&s_exch=ruc&id=5aW95q2jLzIzLyAvWlRBelpHUmpObVV0WW1Nd1pTMDBNemRqTFRBd01EQXRNREF3TURBd01EQXdNREF3LzE3NjQ2ODYxMzI3MzY3NjI4NDgvMTEyMDQ0MTQvMTI3ODAzMzYvOS9rNX...
https://tags.mathtag.com/ck-confirm?bid_id=1764686132736762848&node_id=3753&exch_id=9

49 B
329 B

31ms
28ms

Image
image/gif

185.29.132.242
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/ck-confirm?bid_id=1764686132736762848&node_id=3753&exch_id=9
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=ehgguw&e=1250011214715
Protocol: HTTP/1.1
Server: 185.29.132.242 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.374.2 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:29 GMT
Server: MMBD/3.374.2
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: zrh-router-x29, zrh-bidder-x14
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Sun, 08 Jan 2023 11:23:28 GMT

Redirect headers

Date: Sun, 08 Jan 2023 11:23:29 GMT
x-mm-nodeid: 3753
x-mm-bid-request-time: 1673177008
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Connection: keep-alive
Content-Length: 85
x-mm-handled-by-owner: true
Last-Modified: Sun, 08 Jan 2023 11:23:28 GMT
Server: MMBD/3.374.2
x-mm-latency: 2 (1)
Content-Type: text/html; charset=utf-8
Location: https://tags.mathtag.com/ck-confirm?bid_id=1764686132736762848&node_id=3753&exch_id=9
x-mm-dbg: Count
Cache-Control: no-cache
x-mm-host: zrh-router-x78, zrh-bidder-x14
Keep-Alive: timeout=360
x-mm-lag: 1
Expires: Sun, 08 Jan 2023 11:23:28 GMT

POST
H/1.1 200
OK vevent
fra1-ib.adnxs.com/ Frame ADB6 0
953 B 29ms
24ms Ping
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QL1BfBM9QIAAAMA1gAFAQiwz-qdBhD_lMr0p-Ts2C8YrtKEspaDxZIcKjYJ7SjOUUfHdT8R_krxNSfWcT8ZAAAAoEfhyj8h_krxNSfWcT8p7SgJJNAxAAAA4FG4nj8wrev0CjiYUEDlHkhlUK2iyyVY8tOXAWAAaPT7tAF4s9gFgAEBigEDVVNEkgUG8FWYAcoHoAH6AagBAbABALgBAcABBcgBAtABANgBAOABAPABANgCAOACm4VO6gIRaHR0cHM6Ly9rcmVzeS5wbC-AAwCIAwGQAwCYAxegAwGqA-cBCr8BaA0ncHBhZ2VhZDIuZ29vZ2xlc3luZGljYXRpb24uY29tDR5EL2dlbl8yMDQ_aWQ9YXdiaWQmBQb0BQFfYj1BS0FtZi1CRnpkSVpEaHpBVVhlU3NrVGFXM2E1bWlnbXNPVlIzVEN1RlJmaUVNVjlCR19QWWRJcGJtdlNvNkNnTFQzczFTUHp2OW9Sa0ZjTlVMdUM5Z1NpZXFmNG1XZmxjQSZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhMzNDM2NzI0OTUxMzk0MTkxOTk5Igg3ODgyNzgyMSoEMzk0McADrALIAwDYA5HWUuADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBA4yMTcuMTE0LjIxOC4yN6gEALIEEAgAEAEYygcg-gEoADAAOAK4BADABADIBADaBAIIAeAEAfAEIcFYiAUBmAUAoAW6neW-1caqixzABQDJBQAFARTwP9IFCQkFC3wAAADYBQHgBQHwBdGUO_oFBAgAEACQBgCYBgC4BgDBBgEhNAAA8D_QBu6PAdoGFgoQCRIZAbAQABgA4AYB8gYCCACABwGIBwCgBwGqBwwxNDAzODExMzA0NzbIB7PYBdIHDQkRNwE1CNoHBgFtcBgA4AcA6gcCCADwB-fZAooIAhAAlQgAAIA_mAgB&s=6c38a5221d46b1132686d2e093c22c3935c6850f&type=nv&nvt=5&jm=1003&px=0&py=0&bw=970&bh=250&sid=7403146411521057559&vd=ct~0|rr~0&sv=231&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=22885805&sw=1600&sh=1200&pw=970&ph=250&ww=970&wh=250&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/231/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:29 GMT
AN-X-Request-Uuid: 628ee22c-5bfe-4426-9a13-3b758e892040
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 0FAB 273 B
125 B 71ms
68ms Document
text/html 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ64bnAhiI64rdATAB&v=APEucNVagFrpaB-ZbMSiAYYZ_YP63R7qphX0gNZz23jsbfEII4pLE3nUE0u57CFJVZWLAiGOepD7WGZXO_wkKzcwzYxbXVWQs6_NVLd1l1yRaE5GK3D19WVgj_MjO4Y51_JyUsDH10YFg7MUDAQUt7qlHiQub9A8auLFXJ1bu9JiFx1SgbeZy-IxZsb0PZ_M1KUUmSLIQg_M1COzpn1ka87-CI8fEm5wXJds3B-Kz9zQggl3TabNhuw

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f9069e765fbe398f997add12a68cb2a29757379a4419198ef6fc3f627a06011f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 101
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 08 Jan 2023 11:23:29 GMT
expires: Sun, 08 Jan 2023 11:23:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame FEFF 68 KB
32 KB 92ms
91ms Script
text/javascript 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AAXnRLXJ3fE8CObqN_YyUMRZ0OlIc7G4_O34nJpNtC19l59JHR-DGdNKYJr4fhj1SVisSMwTIwG4uKzQP7BLQcHXaZg6akpNziPToJNm6UjJ2BBwB8zr1U-aSWNPj5_y01nqzQ8WQHljJ46J9DY1WRUN3a0B2a_v2EHI2pLogfm9IjIgs&cry=1&dbm_d=AKAmf-DrevnH5c_itm1KiK2KXejXpfxSHnylXbN4kjoYDLsVURiYyN0_FlQcoct4YezJ431EAEeLXcmnLnf-jIr5CoLO7LlGQBoh3ePcZ5z1Lc4iHztj9ur6f_nWXtarz1_xeYSdodNQZTwwAAqZT4OAqK2kVuXe78R9qe38pNKoiRts9zgMHeOaXd_mwh07ngk2k_Pj31t6KrL0-V52jCvbHmbhecyVsELwAszp-CELZ60kPbL-g-DEljG-4HE17K7SeR63zzSjNf_sJiUC5-Fog5kQvJOikMp3Vqe8w_B8P7D6cMAKsCln8kj-5cy-1yKgt0MOsFUmv1MPu2eVR4JHCqw13mTV3Tw9vVeareaPsf_qsyngXDmQe4vQsPdqpbQlhNXW7A1pG--RpPX_c5-fcnLBX41hfnfHyGGhXo-uJwrPXeHhnLECS3ZFzTh4eAtjfSRHQyrdej26HALYsvosjqYuvdfs2yiHqP7fbypUb8H2448t3Q5S_pHdZZBh8LB04fRO0iZRmzAF9MNLinUnvYstsX_LxbqFSatSF0y3nCcZQY7jy0AbTN7UBZ9bQlzsO0qr97Npvy0Jk6-lJEDDm6t7UQ2dmBnWdnTp0oN1jHimWGmFJ5ar9tMzaJx2lQz7KN6fqhW6SCrelDCZeCJbGsrrdad8GUgHR0MHZnXlK84A90vDJpoC1nXTVCuj32-b_FKirIfJoUH_0yoDxr4fhpcI3nORHF7-_mJWcTF1mQ6SArFsIZQGx6lypMcCKOYq6h0TMdhynkv7uA0jdVw23mU2rPzkrQEB3kwd1wi_QQXf164dcBXbDuWKsOTTVNTMEV-cEVcAmT96f-XL4pIHFPfVTWQ0rZuswz7sQrswjCVymuZs-42QbkeKZW4uMEZOJ8jTL_xtP5vmreEuMM9Br7okiS5MK1Tmbnm7996p49Kdx3PW53BIBRiUYx4kgP3zDZe69phZ5NEYFUj6AYQN7O2FK3_589zWQ3CfyBjn_k8EWmRaFEv3xqgBL9MiQ_o_Mg1Wa6-h4nZs8nPBQJg4U2NVCMY62yT_ag1z6Upt8NWkKZ9Y5PQrRmYCv5NHrzcIqUXy_5xHGACFj-kJ5WCnZkoCFaOlNoRzPXdmXd4qI9PWI5J5wHZmBf4dh8EAEA3b-3SVsPTboCXlHaEJFrvRhoZpLMgO_Le2RZ_atmOIBxvozt2SWi3QDAvzIIExKivMT1fkLoktZk80-N7MMBk3B3RaK1gQqbEaRErtzGOShtpIFidzPYfZAObN8cHw1ZJmPZAnKWB0N7zLToBOxkC-9VccahMk7NZbDxc4bynt3Py-aVVgB4NM7T2PnqUtoP3nrIsPr4FLEccq4yXRW24CsjXrAhk3fHbvogSqh4g45YgDg3s1e8snTpJ5mnNUsaVmQ-aBpUy8nJQdbE3e8xvpFWrlHmmH7OsFWMUfjTvftAg4FpXEybeTzR2LVZeFYUgfUxFoP_mEoLoYdnz16Yb1CgI5Qh1hXCFmgjE6BwDoBRUO9THAVw3SoRC8eoKOGHqxj06JTvpUYyf4VPmervgkzMDHX8p0njTbPSBjWmgYdGNctfQv6CFDm87epJz32xa8T7bti7nPqzxi0hVXid4Yja4uCVmpnMHr4Ux6dIKTzxBt4NEgaydTahE-IZm3DpNmiWxxDfmzwY3u4faFoPDAc-tGLyLY8FBtib9xcQKRUHfT2my1c9irDIlgtwxMeKgkvWEfNV89RaEntijzi9YCQnSlq7cg7ihHe-PSPeLsTUvvxrGGBjXClXLi50F1wywOYpGYXCt7R2Xl0aW3Ut7RqrQm2KsFBmkTWVv4IWw12q0Xml881OLUW6m4zuPjma69VnfS3Q7mF-7T2di5ub8SMX3PHFqRfW7wvZsVS6s44YFxwR7icP961q-snepyF4LJq1MALEvkzci5pz-WDVSAQ8OLZxOGl7surY8C4BumeQVAY5xKAmZmYW5sZvF3-6rUbQ7vV1XsSNOF_Cc1mR80U3YXTjtjNtJUuc4P7WHQ4ZSYxZ9hSOGkQObQMLI38aUfftjUpseNzsAAkrg6wMe9X02GUE9AG0yAnTJH53HPF1DE8JPx-E7u4bNTCi3C2fiDstn1mAMkPw9hlRwYAGKoZ3plTbPwj_cva2v-3XgLp3OzBX5eyDIOiWYA_t2JEPsKxUWpGqkSuKgXLAIGViTtKZVP7Yx0l-pVGHkoBtH3vOBsBxy9jxeJFvugrnq_JIvlkRwzekvoRzQW3zO1Jd0BZXGA9wFkMfKjZXMiKEpWYEPYjz7rPUubFTCecRV3C28UW_y5vql22djtfhmKgWIeW8WmT38MwN_KT29gVAI8cb-GkMeDM8Zo3V6sysLcN2jxjIAz4zd0JZxU-oJKZfVFukegD2lJQC1gCIjJ-2ogWOW28mUTh6R1NaaAHBrJFAdU2Z9aYtru8FJU531iLpScBQ_ANl--slkk80QS4C5D0Z42QhZpddweeCpHIUqAl1oXq0iFGMJVAERlI2XErkDtQgYCJWNfCMulA3AqU6NE5JitFZNOwt4cLi5IHcjufqYSS4bqG8QXns8HbH6LKcJWY4qppSvz3VmFZzQjwk5iazDBmtWYX5bZu2EeCiiuHkNdx4u_GAjfEwBLJeK91mHvkYoYJs5DMGfx_E1juEEovH7FN2dRnT_H77MBqFbiRjLybr60KM6CTz8_dIGsUj2H3WG2UU-NZ_1JIyuEDRl8ghax_pbcW5VQ8008KeA8pTC0KtQCWmL5YczVYl4AT5n_ndt5aLDN7whVzZMyZzUUHNbvsuuXzmDx3IoP47_RW_0wL1w0CjsT7CMmi60_9gZdrMCCj4u57VrkOXLOv2cma7vkehDXEbiv7PRLPjjfVCFP4RVDK1pAt91YCa9bmC6uMICJqWoNRMFCS_4cntFXoM4eBhDWm6EbSrL8IZmNZNT-TVo5PNNdMQJ7Y2eCIGFcHpWri1RRMh-zUax66V0vjDsBn1CFe7KT9OrpF-VQpY9W-XhjPYOXGUCgRl7Pz1jZ9h4QL8l3Abm-VmObdKOVULt0hf378Io7oWLHeZSSj-3KV4CqYKQMWG9i_JPPFNbOT2_JCV34xD-4AqlbTfp7y10X3P0yJ-UXTeHi4XTc7UxXKuC8lzzJUVPuwcc_pmJeW7Ypu5b-2_A4AcUo7wpuf0Cdfpxa1jPxIYM8t8ut7rUooXE5fc-ZL4zthzTd-dPteXXKoO3wnAxfvsJKn5HH8uF36vdwj-JL-QIqHoJbDccgeAl8IcnwbRCytZfbiWECzFqdxo0rKcCJ3GiS--iJXVXS_8HJAExOklMkRrkDteWxbVoJu7_UxjbRwtwCRNWNMLvpvVmCnag762Y52QQcXulrNrBSUx_Fbed320iVSobcpOsQKCGYjVIgq-zOhQNnvIRcUxQ3uy_W08_msnsb_OjssEoqOVnMkG5lqsA0RnFpEK89hk8Nuc-Szmk1yKgduyP4eTVSuBFMadiUG1-TCG5HK89nEqXk2yxsaQxRB34xbVhfBG7L1_SRbCUQuMd2dHdqD4fnEA&cid=CAQSGwDq26N9XRQOd2_eBpffwC9Mms4EeJnB2qaQWBgBIAo&rfl=2%2Chttps%253A%252F%252Fkresy.pl%252F%240

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d6d53d1a606f667ac1da7ba9862d24214d9462b7e4dad2c6c3a830fae348adb7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:29 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33066
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK trk.js Show response
cdn.adnxs.com/v/s/231/ Frame FEFF 80 KB
27 KB 21ms
20ms Script
application/x-javascript 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adnxs.com/v/s/231/trk.js
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: a6014f6b98eaeb6078b9e1c953c61f33af95d5f4866d89a416d01b74a0dd6c27

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Expires: Wed, 06 Dec 2023 04:35:13 GMT
Date: Sun, 08 Jan 2023 11:23:29 GMT
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Age: 2875696
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 27455
X-Served-By: cache-lga13620-LGA, cache-hhn-etou8220030-HHN
Last-Modified: Wed, 30 Nov 2022 10:07:25 GMT
Server: AkamaiNetStorage
X-Timer: S1673177009.073337,VS0,VE0
ETag: "48b9fe7fe4120aea6f95a30f505d7b35:1669802845.0694"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *, *
Cache-Control: max-age=31536000
Accept-Ranges: bytes
X-Cache-Hits: 17, 3184552

GET
H/1.1 200
OK it
fra1-ib.adnxs.com/ Frame FEFF 0
934 B 35ms
34ms Image
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fra1-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252Fkresy.pl%252F&e=wqT_3QKaC_BMmgUAAAMA1gAFAQiwz-qdBhCq7oW48IedkWgYrtKEspaDxZIcKjYJjPM3oRABlz8RzyBw6iTXkj8ZAAAAgOtRyD8hzyBw6iTXkj8pjPMJJNgxAAAAQOF6lD8w4-v0CjiYUEC8CUhlUNbCqsMBWPLTlwFgAGj0-7QBeLvXBYABAYoBA1VTRJIBAQbwVZgBrAKgAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKbhU7qAhFodHRwczovL2tyZXN5LnBsL4ADAIgDAZADAJgDF6ADAaoDiwcK1AZoDSf0rgRhZHguZy5kb3VibGVjbGljay5uZXQvcGFnZWFkL2Fkdmlldz9haT1DWHJYcnNLZTZZNDJuTE1tZ21MQVAtNjI0aUFIWHE1R2hicUNKNV9XYkVmZ3VFQUVnNXBmV0pXQ1Znb0NBckFmSUFRS3BBanlUUlFUSzI3RS1xQU1CeUFPWkJLb0VnZ0pQMEtHRm95SW9NQ1BLNDBORmtiR1BEY2Y2c0JlZnljdVBPcG9keEI5OVNzMFM1WFA4NkNURW1JdVdzYjFFYS1EdVNWZU1tMzNYYndRY3dXUTA2RHZQUEhlVkJ4ZlJvcmt6SHhiR2w5VVpmZXptUFVWUm9CbmJVVktlc1dycnFGamxhY0pFbjFaYUw3eHJwUjM1NTRjT016QU9NS1RUdFhiWURST084a05iU0lpTUZKb2ltWjlOODc0b2NkbDJjY0JUQ1VmMVhFbzFTbjRFZUFHWkxad3VoS0V2cm9BNW9XUTJYQVFLVlliWTNxWGdSRlZaWWVlVXV5YkQ3VEZqSHo2TXBmNkZMRDJuSEFHRXB4d1pZcFRkcHpoTTlHVDY4MUZYNWU3Y19LdHR4S3ZJcnNFa1pkbVdUWk1kLWplMWJFZnphZWhPRnFwYWZVcFdpRnU3Y1prYjRJekFCS2lVb2ZHS0JPQUVBNGdGNVBfM20wR1NCUVlJSFJBRUdBR1NCUVlJSFJBQkdBR1NCUVlJSGhBQkdBR1FCZ0dnQmdLQUI5ZTd0TVFCcUFlT3podW9CNVBZRzZnSDdwYXhBcWdIX3A2eEFxZ0hwS094QXFnSDFja2JxQWVtdmh2WUJ3RHlCd29Rd2E4QkdJanJpdDBCMGdnUkNJRGhnQkFRQVJoZk1nS3FBam9DZ0VEeUNBNWlhV1JrWlhJdE5UYzBNekExT0lBS0JNZ0xBYkFUbkk3bUVjZ1Q1WVBENEFQUUV3RFlFeERZRkFIUUZRR0FGd0d5RndnS0JnZ0FFZ0FZQUEmc2lnaD1NS2pQTlo4dVFNQSZ1YWNoX209W1VBQ0hdJmNpZD1DQVFTR3dEcTI2TjlYUlFPZDJfZUJwZmZ3QzlNbXM0RWVKbkIycWFRV0JnQklBbyZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhM3NTAzNjg3NzQzMjAxOTY1ODY2Igk0MDk2NDEzMDIqBzU2MjUwMzM6CTQ2MzY0ODEzNsADrALIAwDYA5HWUuADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBA4yMTcuMTE0LjIxOC4yN6gEALIEEAgAEAEYrAIg-gEoADAAOAK4BADABADIBADaBAIIAeAEAfAE1sKqwwGIBQGYBQCgBbfW0rXtoLahesAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBdOFAfoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbCiwHaBhYKEAAAAAAAAAAAAAAAAAAAAAAQABgA4AYB8gYCCACABwGIBwCgBwGqBwsxNzUwNjg5Mzc5NsgHu9cF0gcNCQAAAAAAAAAAEAAYANoHBggAEAAYAOAHAOoHAggA8Afn2QKKCAIQAJUIAACAP5gIAQ..&s=067836505f57b6149e196799114181dc0c283d2b

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:29 GMT
AN-X-Request-Uuid: 16d11444-4c66-4c18-b8cd-7964b6a4b5a1
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame FEFF 42 B
63 B 122ms
122ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DcjcpJgewP_EW_p-5J7_rU1KUjzCxSS23Dyhb7-JGSemSL5k9dSLe7NvcafHTg6WJCfAXIS_uTbW-fJRiwChYYYZU7DD1aS-YgIWCsCzgAY9_GmL0

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK script.js Show response
acdn.adnxs-simple.com/strikeforce/ Frame EE53 122 KB
43 KB 29ms
23ms Script
application/javascript 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs-simple.com/strikeforce/script.js
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 336e9badb32b4ce8c15616c6001d6a21640864ddbcfad231b9ed5dce1a323134

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Expires: Thu, 15 Dec 2022 04:54:10 GMT
Date: Sun, 08 Jan 2023 11:23:29 GMT
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Age: 23310
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 43824
X-Served-By: cache-lga13622-LGA, cache-hhn-etou8220081-HHN
Last-Modified: Tue, 13 Dec 2022 17:30:57 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Timer: S1673177009.115126,VS0,VE0
ETag: W/"6398b6d1-1e79f"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=86402
Accept-Ranges: bytes
X-Cache-Hits: 3, 57980

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame EE53 42 B
63 B 126ms
120ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BUCVK9wHZGXE2zZk5QEkJhWZQHO6sK26sulScmT4WfkdbvDZDQmKbXQnIPxAGMH8eYeBTYhCvSFEwOA2ETVgGwB7_DajqW0BnhViSs_CDJS9C8xUY

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK trk.js Show response
cdn.adnxs.com/v/s/231/ Frame EE53 80 KB
27 KB 27ms
21ms Script
application/x-javascript 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adnxs.com/v/s/231/trk.js
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: a6014f6b98eaeb6078b9e1c953c61f33af95d5f4866d89a416d01b74a0dd6c27

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Expires: Wed, 06 Dec 2023 04:35:13 GMT
Date: Sun, 08 Jan 2023 11:23:29 GMT
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Age: 2875696
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 27455
X-Served-By: cache-lga13620-LGA, cache-hhn-etou8220030-HHN
Last-Modified: Wed, 30 Nov 2022 10:07:25 GMT
Server: AkamaiNetStorage
X-Timer: S1673177009.115645,VS0,VE0
ETag: "48b9fe7fe4120aea6f95a30f505d7b35:1669802845.0694"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *, *
Cache-Control: max-age=31536000
Accept-Ranges: bytes
X-Cache-Hits: 17, 3184553

GET
H/1.1 200
OK it
fra1-ib.adnxs.com/ Frame EE53 0
934 B 38ms
32ms Image
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fra1-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252Fkresy.pl%252F&e=wqT_3QKSC_BMkgUAAAMA1gAFAQiwz-qdBhCNmfT7rNWY2SMYrtKEspaDxZIcKjYJjPM3oRABlz8RzyBw6iTXkj8ZAAAAgOtRyD8hzyBw6iTXkj8pjPMJJNgxAAAAQOF6lD8w4-v0CjiYUEC8CUhlUNbCqsMBWPLTlwFgAGj0-7QBeK_YBYABAYoBA1VTRJIBAQbwVZgBrAKgAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKbhU7qAhFodHRwczovL2tyZXN5LnBsL4ADAIgDAZADAJgDF6ADAaoDgwcKzAZoDSf0pgRhZHguZy5kb3VibGVjbGljay5uZXQvcGFnZWFkL2Fkdmlldz9haT1Dcl84enNLZTZZLUx1TElUSW1MQVB6YzI1eUFiWHE1R2hicUNKNV9XYkVmZ3VFQUVnNXBmV0pXQ1Znb0NBckFmSUFRS3BBanlUUlFUSzI3RS1xQU1CeUFPWkJLb0VfQUZQMElrVjR1ZFZXZUpMdVRZRFpWWVdaN2t5aC1pSHdsYmV6WDVNbDZFLUhMNUlkeWEweEhiczdmYU5wSk9mR1dFTmxTM0RYRXRscG9WRzE5NUFUa2ctMlgxVHhOUG9hUVI5LXJQOXp5UDl5SWloOEZkVENYRThyeU5tYlJyOTZJQm9jT2d0b0wxSnVEX2ltN0pFbERmb2RWZDRpajdSMml6T0ZEdlRZaVVCbGdPa2NWcVFqejJRaUxFd1l0Zm5IYVU3Rktoa1g5eFY2bHJFS2czU3FzMGk4WS1TS2ctWmduXy1acUlobnFGeWIyRXZrTmljejV1TkgyYWtweDFNMi0tdWJXQ1BEZ3lmNFgyOFZYaGFBakRGMWdaeC1WSHp3RjZfQUNkdDVHeVRXV3pWZGlfV2Z0OXo1a1RrNjNzRTMxdXhySzNQX05fZVZENTRkbzdBQktpVW9mR0tCT0FFQTRnRjVQXzNtMEdTQlFZSUhSQUVHQUdTQlFZSUhSQUJHQUdTQlFZSUhoQUJHQUdRQmdHZ0JnS0FCOWU3dE1RQnFBZU96aHVvQjVQWUc2Z0g3cGF4QXFnSF9wNnhBcWdIcEtPeEFxZ0gxY2ticUFlbXZodllCd0R5QndvUXdhOEJHSWpyaXQwQjBnZ1JDSURoZ0JBUUFSaGZNZ0txQWpvQ2dFRHlDQTVpYVdSa1pYSXROVGMwTXpBMU9JQUtCTWdMQWJBVG5JN21FY2dUNVlQRDRBUFFFd0RZRXhEWUZBSFFGUUdBRndHeUZ3Z0tCZ2dBRWdBWUFBJnNpZ2g9aGYydEJ6WDRKaHcmdWFjaF9tPVtVQUNIXSZjaWQ9Q0FRU0d3RHEyNk45NGtsalZqWk9jWG5RN3lWbElhSWVFNWo0NEtWazVoZ0JJQW8mcHI9MTA6JHtBVUNUSU9OX1BSSUNFfRoTMjU3MjIyNjgyMjk0NzAxNTgyMSIJNDA5NjQxMzAyKgc1NjI1MDMzOgk0NjM2NDgxMzbAA6wCyAMA2AOR1lLgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQOMjE3LjExNC4yMTguMjeoBACyBBAIABABGKwCIPoBKAAwADgCuAQAwAQAyAQA2gQCCAHgBAHwBNbCqsMBiAUBmAUAoAWK8b-ppY606BjABQDJBQAAAAAAAPA_0gUJCQAAAAAAAAAA2AUB4AUB8AXThQH6BQQIABAAkAYAmAYAuAYAwQYAAAAAAADwP9AGwosB2gYWChAAAAAAAAAAAAAAAAAAAAAAEAAYAOAGAfIGAggAgAcBiAcAoAcBqgcLMTc1MDY4OTM3OTbIB6_YBdIHDQkAAAAAAAAAABAAGADaBwYIABAAGADgBwDqBwIIAPAH59kCiggCEACVCAAAgD-YCAE.&s=2f65130b87945add6886d7c55789d3e7c44b8e26

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:29 GMT
AN-X-Request-Uuid: de3ac1bc-d609-47eb-9e52-3babdb814045
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame B3F6 52 KB
17 KB 24ms
23ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=2030592
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=runvt&e=1250011214715
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 17771
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Sun, 08 Jan 2023 11:23:29 GMT
ETag: W/"623de86a-cf34"
Expires: Sun, 01 Jan 2023 17:03:48 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 7, 236590
X-Served-By: cache-lga13626-LGA, cache-hhn-etou8220061-HHN
X-Timer: S1673177009.118978,VS0,VE0

GET
H/1.1 200
OK rd_log Show response
fra1-ib.adnxs.com/ Frame 85AA 0
934 B 52ms
51ms Script
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QKOBPBMDgIAAAMA1gAFAQiwz-qdBhD8kIL9vcLbrHsYrtKEspaDxZIcKjYJjPM3oRABlz8RzyBw6iTXkj8ZAAAAgOtRyD8hzyBw6iTXkj8pjPMJJNgxAAAAQOF6lD8w4-v0CjiYUEC8CUhlUNbCqsMBWPLTlwFgAGj0-7QBeJuIBoABAYoBA1VTRJIBAQbwtpgBrAKgAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKbhU7qAhFodHRwczovL2tyZXN5LnBsL4ADAIgDAZADAJgDF6ADAaoDAMADrALIAwDYA5HWUuADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBA4yMTcuMTE0LjIxOC4yN6gEALIEEAgAEAEYrAIg-gEoADAAOAK4BADABADIBADaBAIIAeAEAfAE1gHaWIgFAZgFAKAF2e76o-C6v-kVwAUAyQUABQEU8D_SBQkJBQuAAAAA2AUB4AUB8AXThQH6BQQIABAAkAYAmAYAuAYAwQYABQEs8D_QBsKLAdoGFgoQBREdAagQABgA4AYB8gYCCACABwGIBwCgBwGqBwsxNzUwNjg5Mzc5NsgHm4gG0gcNFXMBNAjaBwYBbHAYAOAHAOoHAggA8Afn2QKKCAIQAJUIAACAP5gIAQ..&s=1f7141f1200724b99b3a9a42666e5953cbe1d902&bdref=https%3A%2F%2Fkresy.pl%2F&bdtop=true&bdifs=2&bstk=https%3A%2F%2Fkresy.pl%2F,https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Drunvt%26e%3D1250011214715,https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Drunvt%26e%3D1250011214715&

Requested by

Host: guandads.com
URL: https://guandads.com/r/p.html?f=runvt&e=1250011214715

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:29 GMT
AN-X-Request-Uuid: 3fc64047-3c65-42cc-a8d2-4df10c7320b4
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 124C 15 KB
15 KB 90ms
38ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 06 Jan 2023 20:22:20 GMT
x-content-type-options: nosniff
age: 140469
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15740
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Jan 2024 20:22:20 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 124C 15 KB
16 KB 71ms
21ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 06 Jan 2023 05:09:29 GMT
x-content-type-options: nosniff
age: 195240
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Jan 2024 05:09:29 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 124C 15 KB
15 KB 71ms
23ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 06 Jan 2023 13:14:53 GMT
x-content-type-options: nosniff
age: 166116
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Jan 2024 13:14:53 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 9940 6 KB
672 B 57ms
56ms Stylesheet
text/css 2a00:1450:400d:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 08 Jan 2023 11:23:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 08 Jan 2023 09:34:49 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 08 Jan 2023 11:23:29 GMT

GET
H3 200 load_preloaded_resource.js Show response
tpc.googlesyndication.com/pagead/js/r20230104/r20110914/client/ Frame 9940 2 KB
1 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230104/r20110914/client/load_preloaded_resource.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2178de4e69e10d3105666c8a33d1f2f046594c48cd0140d5bba102e357d38d82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 01:47:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34587
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1079
x-xss-protection: 0
server: cafe
etag: 11127005899800245401
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 22 Jan 2023 01:47:02 GMT

GET
H3 200 abg_lite.js Show response
tpc.googlesyndication.com/pagead/js/r20230104/r20110914/ Frame 9940 28 KB
11 KB 27ms
22ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230104/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6dc0e3aead945b6160bc87da5f4d8fbb043dde5d0bece2aa426fa01895c9e358

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 01:47:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34587
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10849
x-xss-protection: 0
server: cafe
etag: 7485935580621256062
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 22 Jan 2023 01:47:02 GMT

GET
H3 200 window_focus.js Show response
tpc.googlesyndication.com/pagead/js/r20230104/r20110914/client/ Frame 9940 3 KB
1 KB 29ms
24ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230104/r20110914/client/window_focus.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dcc84ca2069873bf863e0b36e587fd75731d689301e628c13156550f61689722

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 01:47:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34587
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1305
x-xss-protection: 0
server: cafe
etag: 12828169674928258300
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 22 Jan 2023 01:47:02 GMT

GET
H3 200 qs_click_protection.js Show response
tpc.googlesyndication.com/pagead/js/r20230104/r20110914/client/ Frame 9940 26 KB
10 KB 30ms
24ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230104/r20110914/client/qs_click_protection.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

af96fb1022b60847be7efb9f7b474be73fe1078e0d1983c03f12dc559ccd7900

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 01:47:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34587
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10210
x-xss-protection: 0
server: cafe
etag: 17586515056264111834
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 22 Jan 2023 01:47:02 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9940 156 KB
48 KB 40ms
33ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e7e65f5432de604cdf476d9ad55a2af5a933c715c639e4c36847023a3446f1ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48907
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1672933789069018"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 08 Jan 2023 11:23:29 GMT

GET
H3 200 e3f51b200de87688fe09b5fabf25a934.js Show response
www.gstatic.com/mysidia/ Frame 9940 48 KB
18 KB 27ms
21ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/e3f51b200de87688fe09b5fabf25a934.js?tag=mysidia_one_click_handler_one_afma

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b3a54a424fdbf1c9d52c4fbac6d4af3c6121c7e43fe7ffe3f181d926935fecc3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 05 Jan 2023 18:08:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 234880
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18682
x-xss-protection: 0
last-modified: Fri, 09 Dec 2022 19:06:26 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 05 Apr 2023 18:08:49 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 9940 0
17 B 84ms
79ms Image
text/html 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C4a47sKe6Y9eID-j6nsEP_9qciAql1Imlbomxm5HWEIfgor3AARABIOaX1iVglYKAgKwHoAH75N-YA8gBCakCPJNFBMrbsT6oAwHIA8sEqgTIAU_QeCJ3XPc-e5uQbugF1N31kqZhE_ppS5PsXiOF7kbBGiRM_dfrl3qkNmRq8Zu0gdyzj1Kfev-N_FTQLgoaNyp9dQiLZIS9Pr1n9ZLfUQW06N0g521xgOqJGn9IKk1HejdloiBElwzp3CEcncD4hlJnR-DkpB6ENABZFo4JwBD9V43ivQ0UBsgKMWNGO6_th0BlnSju8bcZ_1H2wTJzVn9XWa2XnjRV2be3kM-jZUtSZx0QA4lrDklb0UkRWdWhW7QG7gpjX7zTwASaoczlhQSSBQQIBBgBkgUECAUYBKAGLoAH7ZqgZ6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA0ggRCIDhgBAQARgAMgKqAjoCgEDyCA5iaWRkZXItNTc0MzA1OIAKBMgLAbgT5APYEwyIFAHQFQGYFgGAFwGyFwgKBggAEgAYAA&sigh=9IYVhOUwZeY&uach_m=[UACH]&pr=10:0.014571&cid=CAQSGwDq26N9z6e6BD6VL6nU5QtQ7rFQrPuu3Fl-PxgBIAo&template_id=484&vis=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 08 Jan 2023 11:23:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 0cdb1bbf3bd2202e0841.1.js Show response
assets.scoota.co/serving/31880/ Frame 5C97 20 KB
7 KB 23ms
21ms Script
application/javascript 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31880/0cdb1bbf3bd2202e0841.1.js?placement_id=31880
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=2207446029686697550&delivery_id=db5e5970-dd4f-405f-b471-8d265112bec7&domain=kresy.pl&cachebuster=122896422&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008756&ts=1673177008756&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008756
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 529f379c0603cf67345295a28ed81a391f9ee4d6539a12dda9006218a6c7ea4e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:14 GMT
content-encoding: gzip
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
last-modified: Tue, 03 Jan 2023 14:53:54 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 84076
etag: W/"3b33339ebee2852fbcd21940fef4f54a"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: WbQJFoDzsRUCebGQ9i4Ht_L0ZIbcTUD_1xTuPPGaArzJ_EntQFRHVQ==

GET
H2 200 89812b76af29bc5f27a6.1.js Show response
assets.scoota.co/serving/31880/ Frame 5C97 53 KB
17 KB 25ms
24ms Script
application/javascript 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31880/89812b76af29bc5f27a6.1.js?placement_id=31880
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=2207446029686697550&delivery_id=db5e5970-dd4f-405f-b471-8d265112bec7&domain=kresy.pl&cachebuster=122896422&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008756&ts=1673177008756&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008756
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0aac96f25dce7953a47fb6b4c096634eef3ff12a1daf057e331933dc418aa4b4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:14 GMT
content-encoding: gzip
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
last-modified: Tue, 03 Jan 2023 14:53:54 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 84076
etag: W/"35a3d6a8928d937c1f71163827a9509f"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: Ahqokkbr5zzdL3884xJ1uUfupYgcbm4kFu6q-f8Jz4OTDii7fyknzQ==

GET
H2 200 e82b3284352589468355.1.js Show response
assets.scoota.co/serving/31880/ Frame 5C97 771 B
1 KB 26ms
25ms Script
application/javascript 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31880/e82b3284352589468355.1.js?placement_id=31880
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=2207446029686697550&delivery_id=db5e5970-dd4f-405f-b471-8d265112bec7&domain=kresy.pl&cachebuster=122896422&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008756&ts=1673177008756&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008756
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c9f3f1de749ebdc661397061a1d8c0680bc294c67d3da4ac3b96f731b7f3a6ba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:14 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 84076
x-cache: Hit from cloudfront
content-length: 771
last-modified: Tue, 03 Jan 2023 14:53:54 GMT
server: AmazonS3
etag: "06f022c6c4d7f97d23d19503002dfdf0"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: ZPM51d5J73tw3NiRcONqUsAZ_GzzAG19fYs1RB_DvN_ZFs7jC7KSHQ==

GET
H3 200 abg_lite.js Show response
tpc.googlesyndication.com/pagead/js/r20230104/r20110914/ Frame B8BA 28 KB
11 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230104/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6dc0e3aead945b6160bc87da5f4d8fbb043dde5d0bece2aa426fa01895c9e358

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 01:47:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34587
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10849
x-xss-protection: 0
server: cafe
etag: 7485935580621256062
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 22 Jan 2023 01:47:02 GMT

GET
H3 200 window_focus.js Show response
tpc.googlesyndication.com/pagead/js/r20230104/r20110914/client/ Frame B8BA 3 KB
1 KB 32ms
31ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230104/r20110914/client/window_focus.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dcc84ca2069873bf863e0b36e587fd75731d689301e628c13156550f61689722

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 01:47:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34587
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1305
x-xss-protection: 0
server: cafe
etag: 12828169674928258300
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 22 Jan 2023 01:47:02 GMT

GET
H3 200 qs_click_protection.js Show response
tpc.googlesyndication.com/pagead/js/r20230104/r20110914/client/ Frame B8BA 26 KB
10 KB 28ms
27ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230104/r20110914/client/qs_click_protection.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

af96fb1022b60847be7efb9f7b474be73fe1078e0d1983c03f12dc559ccd7900

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 01:47:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34587
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10210
x-xss-protection: 0
server: cafe
etag: 17586515056264111834
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 22 Jan 2023 01:47:02 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B8BA 156 KB
48 KB 50ms
49ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e7e65f5432de604cdf476d9ad55a2af5a933c715c639e4c36847023a3446f1ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48907
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1672933789069018"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 08 Jan 2023 11:23:29 GMT

GET
H3 200 one_click_handler_one_afma.js Show response
tpc.googlesyndication.com/pagead/js/r20230104/r20110914/client/ Frame B8BA 48 KB
18 KB 32ms
31ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230104/r20110914/client/one_click_handler_one_afma.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

55b0063e00094dbd7bea39b4532f57e20d0aab4e056c1ca590b2ad23d8431e33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 02:04:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33524
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18033
x-xss-protection: 0
server: cafe
etag: 10981175199376853430
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 22 Jan 2023 02:04:45 GMT

GET
H3 200 15043130463177678948
tpc.googlesyndication.com/simgad/ Frame B8BA 41 KB
41 KB 42ms
42ms Image
image/jpeg 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/15043130463177678948?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qk8anhlV74CrzrN9rMjKqYlZVt4TA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0f92a66423a67e5dadddea0a6fad3e0dec77c5ff4e6b673a5443438237c82ea3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 08:05:24 GMT
x-content-type-options: nosniff
age: 11885
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41974
x-xss-protection: 0
last-modified: Thu, 10 Jun 2021 11:16:51 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 08 Jan 2024 08:05:24 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame A669 261 B
122 B 71ms
69ms Document
text/html 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ64bnAhiI64rdATAB&v=APEucNVoDR_Ttl59HfpmHmd5EMjEYzGejVHKE7Atr8ONhJjode7vWNkR1G8MzCQs7-T3tkAuUYYuTbR188lGhyLUd0NTol7C0WVOiECzWRJQgyNq9oQCBSyH2xVkHvoL76KDZHN4081-v2JyU9crHv9iOi5xYRgMh6I688bGnCkVuAUR9cG15Q5tTHxbqO1KOJzwiMek738t4n17TKe5IFuak_JOWDHkEsnEyqpiXlEqBC_U3oHN6Xs

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8e7c0b0b1c36228ba736e564a00405f72bf3b6bcfe6ac826cde2b6b9c14e55ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 102
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 08 Jan 2023 11:23:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 2047 68 KB
32 KB 114ms
112ms Script
text/javascript 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BE6BMwNVivTYZNlGnLKigsublyU-Ik_2Z_BZAItxS_lV9TIODEeYSplQWXN7HIHBGmrDUcgIQw-p1Gieb9NXCkL7Xx7vlrN-1GYIyuX7xYgUijy4-3iPd9iMeIYslyMMGzzfIq45M4QejJ4beX8hnl2OaHtFYKwiy0-uyMZBMqzq9OVKQ&cry=1&dbm_d=AKAmf-An79bXF4pAUnuJlbmyeCbG9XrddpAdBwx23RZo8xrFYznvCsdQ6sWtPWAaFzGSa5UKm6sogzo93IUuFBt79aI4_dD48C3g7R0IyfWbsJ0xFOdypB4KXnJrOi5K7yVfwDRqDFebHOo5C5tATO7PuGpadOdJlPigSqb-KFRtUrxkXoMpVrAEybOZGIU9ZURVvCgViQnxsMGVI7YzYC2iodDN86URQOcz0Rh0BUMPwrhQ0-F9EfdXFIk3eGIRXq8jH-1r7_cFkCMGwl2VqrEgvz2QkCjIU64LOayH5df2WfL2kKUe47vPzYrcgz0yDCkUMGBItPj-W5ZatMXmNeGV4Erb8MWI60dm4Nw9rjukK9PliD93t2JGeiLMG-BkQj0bCxtagk0Y9ZzzEE9rQysytstDcfWHg8gd0n61wZtcsefWch7BcxPS7kclIBZWnRHzYKHzVSD7aVqj11EsKyaVEfMclVJnryNjcsqBboO8IG7cRy_hznsKeIVezrHGJ923xspeu0f7w2H7F8lMp50qNesmslI6Ld8N7hZa3oOPvHJFwbspmos78-XeD4K46RrMShGeqmJ-RqB2yRrXVulQkZYeZrfpISVLQ3Rhwu3jo7GwmmEwr4SJ1Fa2ACH-IFad7hzQymqSz-q0yGlL62AIS_9EllOiyge0zkDpWsoMIVJQGSxL194oj5UVNevF24UPkQUZGGEs0la1lwonCbAQS-tru9wsY3LskL4vDyJGKv-zTG-x-VhpCHhi2xFddgbJmhm6lILNEe5o3Wxj9EvH5VIglCPP4QJ_T2dfLsWfF_VQNPD8ntyY4On_fuomSiro0aLM7jBV3_P3OgJ0_FLl7i6A9JVYTl8HuLthKYVcq46ZJ4A6oao2UeIAPJLzDbeiNaNJ0nat6VGib300SzlTsnADLv0eoWfSXtlewqFDKVecPiWXKP6AgCasgPYJDEVQtMUJEcS2Tyw7ODxz9ASU4BSEPqK5Kil97rt1Q52lSSO6EBrwUOoRi13fhJh-TLBSwgzBU610FZrasUpOOIJ0J_g4ff5hkXP-rqtxKt50yPUu7IQkcS0UfEU-EVYqhjUESl440dwlWxNQp-1wnP70tGIqPhzteLL5khYAVsv2CovGwRqquFBuTnKBpa6dFbANnI96zfL7eNQVBjxsJZR_j691TU8gYT2ntSJMRcSSJNAHjxpsvbuXjP9BQeGhlU5eZjqF-U-mV8dPBcbGzj-b10HmREU4r-MHnraCP17h3rXjaUHtHvsmo3KaqJgC7n8u10NNc_Kbydve9sfB1BThXIKdygA2PDM7X0fgM55QFSf1VODN9LEeaGV0f_ssw0h3dUm_0QKPFxxzWoPLkPdbMILgenyuQLt7en_0cIl7aMX9Rk63IZRFiVYsPcHxkg54ofZoBWPB7_XM9cXYghAITp34BbDFYy8Ll07FCXZQ-mrBHtnoZFgbnvQmWEmGIM0EiFrMMydCcdsFe3V7LW31F1P2dGnaEUtl4LQxnXMD3gy9yLMyyVDXxN9IO4n2Ib57uNzSLUaxxi4DcKuWm75YXJ279i60zcj7U0H5zBWr05vAokPb1euDx9bUmfGan7IvC18gF49R6tuwJ1sRE8JPaYvtJ1XUzjMoHfdcuSQeigCihNjA7xZ6wlW6ytnn3t0F4VjmBBOQMm6YCpHiJqqRJKAL9ZtBMQEj3JU1b25zl0dhnOsEDGZNjEBvnW0Je3DA1GZVdZgFnbCjSSSGaNGcehEg7YLuuEbWnoYgpcrFqxeA2fcduRDBCfRSlprlmGVsFBQpOz3ciez-B9wfpWuJc2PcSgZeQT5bN28ipgdeoq87e9odRUBGGasMpMOgr3bzs1fSPDtiDOC5V1I04_LyBaiBMFkZX6Y3l6ey6_z3g_zseK96QBDevWblWmh3oJB0zXxbEObAdlz7pc4eaZthP92uIfJ95bOYaEZoBKvIcYsk1KchrBMB0m05WJTI0IkqQMiEWB9a1OqU38TZRmKeIaB86gOw9Y9z8CN2976o96GMIzvBeZGHnrHvcYeoUVJplLl6B-5VWzZy8SFcXSvSs2bcbNHE0F1SNdEIhdeeQRXWAWHwqU0-UZs-V0ye_WlCRfrUpN0U0PmP-MqrKQjahoc9wfDaq1opGsog-gw5cC8MYGngITwPiJ3ok4cTMoVWQigpXtIU_io3XibA7lJyfPFblLPHmK6fgFh9LYTa9cPfk_-H2WxALQPFRdvoCFSM5OjSuarP_uYA-IaZzu5_QyUW6X1jM5vxeSIx-bTJ7QGmJHe6iJT92LEIYV_KFLiwXgvCKcryrwbNoyXHh7siCLZq7HDgJEAIqAOWwJDc3HDSgTz9OAzPrvC9Z0APurJxye9F_TylvQujYwnw1Npm4ZCYPMaTWYWOPh9g9chfFeLrTlz0s3C5Vvr60eyj2BuNKB_YweH_T1CWBEm0fdOVFzoyJXyzHK9rpkZWwCfP6b6HvKMuVUb1ua6cMjay8_5MmlchmSSe__RRI3YsiM5aKrCN2HPeEfIjfvw_6G3ym91-0_Sf3QmPADMnBSYt-5yZj7A9cHHzsH7lgx8wP7wpwwAkacn2s3VmKOgkbN-lxwJjUnX86fRxGRAiJDefky82Wh53wlsHTUG9Mvfz1GT9fq1ztX6sw03X85cYH-_TMNk9kLj1cGf4MkNEOE9nhfeodNDC_hjB9Ap3uK57j2x3EHAofDCkuSIrqfkjQRPFK2-t5RmQZqoZ2uPF5HvgLfEllT9LdJV28svaXFty_31VYzd_bO12LYuzZZ7oxpNefNC66VZet0SuCPIjE92NvOoN9DBWn6h1osBnN4ERj7ddFrCaKBbuHRD-bkZZ6V9cLX4GnpcbGeTrvepSDOFCqWw8x38xNZRPPbGGYSb8uhOAwif8gl0IuSk0yF-zC61F6hesTd0RHwVc-d9RmVHuMM4bFxjpjsGgvurLVJZkJh2eJJ15mDVwokcNXx69fNHjosRM8-yYXu1h8QxpSMjJDUmJgjw9-rIUuANJ1Oxetqjtc4ymg5PJXJ53Ilr8HLBTzQzaG934BDfnA1gRdW0k0P-Etj1aEWMzNsHkWCZXoTxJy3tfOjvcuArzkLzPwI1hDr7PtJCnQy-kzcmQqmuneDNwXNrgJ94Q8gJS_iEKOe69A2c93gdHyxECtWnMTzJSwE_2FpNEHm2xhPy-ww7txG-5x6Zo159e11Gmx86Yjcr7fGv4IvDzc1ghReZJO68ks4I9aNj9N-kVkQnjUXi2-K5vHHeqApRjJAA-nnXz9d6IZQ6eDrCnX7keV_2biHGtYOvvB7PJypQq0S6Augi7vpNnnqAT3Jw5aMNpKl7fIRAy599Xyws19eEm0yjQf0ro-WnrWuYz8RmZMcKqaGrAjBkDc9Nq0ZXacV6at14tu10Ac3KAUWMTQPiWLzejLt3rt8jt3wWvOMVqzp45DJTiKXkd6mexSwI5yMVLCZlbOAJUAmtjCAmUuoAApoK7Oq0Q_GxZfxDBV2l_hZKvO4wAHAWcKRzZd5bMehAuS1GbFTRRjkURhSc02A&cid=CAQSGwDq26N9g_dFmm1B6KZ5X1Hq8ip2fYztIDoB_xgBIAo&rfl=2%2Chttps%253A%252F%252Fkresy.pl%252F%240

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

77bc4ef4192bab3ec5ce1da2d2766dee8535c661601c525d2f6dde836761db4d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:29 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33201
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK trk.js Show response
cdn.adnxs.com/v/s/231/ Frame 2047 80 KB
27 KB 23ms
21ms Script
application/x-javascript 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adnxs.com/v/s/231/trk.js
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: a6014f6b98eaeb6078b9e1c953c61f33af95d5f4866d89a416d01b74a0dd6c27

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Expires: Wed, 06 Dec 2023 04:35:13 GMT
Date: Sun, 08 Jan 2023 11:23:29 GMT
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Age: 2875696
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 27455
X-Served-By: cache-lga13620-LGA, cache-hhn-etou8220030-HHN
Last-Modified: Wed, 30 Nov 2022 10:07:25 GMT
Server: AkamaiNetStorage
X-Timer: S1673177009.161645,VS0,VE0
ETag: "48b9fe7fe4120aea6f95a30f505d7b35:1669802845.0694"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *, *
Cache-Control: max-age=31536000
Accept-Ranges: bytes
X-Cache-Hits: 17, 3184554

GET
H/1.1 200
OK it
fra1-ib.adnxs.com/ Frame 2047 0
934 B 29ms
27ms Image
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fra1-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252Fkresy.pl%252F&e=wqT_3QKXC_BMlwUAAAMA1gAFAQiwz-qdBhCf2LC3ovX2zQYYrtKEspaDxZIcKjYJjPM3oRABlz8RzyBw6iTXkj8ZAAAAgOtRyD8hzyBw6iTXkj8pjPMJJNgxAAAAQOF6lD8w4-v0CjiYUEC8CUhlUNbCqsMBWPLTlwFgAGj0-7QBeLvXBYABAYoBA1VTRJIBAQbwVZgBrAKgAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKbhU7qAhFodHRwczovL2tyZXN5LnBsL4ADAIgDAZADAJgDF6ADAaoDiAcK0gZoDSf0qwRhZHguZy5kb3VibGVjbGljay5uZXQvcGFnZWFkL2Fkdmlldz9haT1DeDY5M3NLZTZZNmFkTk5xcm5zRVB3NUtuTU5lcmthRnVvSW5uOVpzUi1DNFFBU0RtbDlZbFlKV0NnSUNzQjhnQkFxa0NQSk5GQk1yYnNUNm9Bd0hJQTVrRXFnU0NBa19RVzhYT0JJMldxRGlabFVWVi1mS2xjbkJ5TmhuYk1EeWItV1Z0YjczV3NnalJscmc3b2xSOXh4NE5lRVJ4S2U3Y0xIWDdSMGhqTGJMRVNOT25lYnBETFVsamxhVW54Tjltdl9fekc4Tm42ZG83bzdMeHRwd05QY3Vfa3E5RkdRcklBZl90bzdyRTRkbm43c0dTTTVlS0FsUDR0aUdrRm9DUmZUckNXaTFsaVRJN1lqQzcwV01VWlRTODAwSGdVMzRObHVoeHJzRDhpa28tUHE1SUVVQjI1S3BOYzlkNmFhUjNaSHM4WDgtZ2VkYm9sbUNSTk5OWDRaLUxYVGtFby1PWXdvbnJXblFyajUxZ0JncHBGVm1kYVJPbkh4dVJ4RFNpOHE3dDlkNHVJNDJDR2VJZzNrWXZCRHhHZDBBTzZrY3dkalZRNEFaRWFLOWloZzBkMURBZU9zQUVxSlNoOFlvRTRBUURpQVhrX19lYlFaSUZCZ2dkRUFRWUFaSUZCZ2dkRUFFWUFaSUZCZ2dlRUFFWUFaQUdBYUFHQW9BSDE3dTB4QUdvQjQ3T0c2Z0hrOWdicUFmdWxyRUNxQWYtbnJFQ3FBZWtvN0VDcUFmVnlSdW9CNmEtRzlnSEFQSUhDaERCcndFWWlPdUszUUhTQ0JFSWdPR0FFQkFCR0Y4eUFxb0NPZ0tBUVBJSURtSnBaR1JsY2kwMU56UXpNRFU0Z0FvRXlBc0JzQk9janVZUnlCUGxnOFBnQTlBVEFOZ1RFTmdVQWRBVkFZQVhBYklYQ0FvR0NBQVNBQmdBJnNpZ2g9N2lIM1p2SS1jcU0mdWFjaF9tPVtVQUNIXSZjaWQ9Q0FRU0d3RHEyNk45Z19kRm1tMUI2S1o1WDFIcThpcDJmWXp0SURvQl94Z0JJQW8mcHI9MTA6JHtBVUNUSU9OX1BSSUNFfRoSNDc2MjE1NzA5NDYxNjU0NTU5Igk0MDk2NDEzMDIqBzU2MjUwMzM6CTQ2MzY0ODEzNsADrALIAwDYA5HWUuADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBA4yMTcuMTE0LjIxOC4yN6gEALIEEAgAEAEYrAIg-gEoADAAOAK4BADABADIBADaBAIIAeAEAfAE1sKqwwGIBQGYBQCgBZv9sPnP-uGoDMAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBdOFAfoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbCiwHaBhYKEAAAAAAAAAAAAAAAAAAAAAAQABgA4AYB8gYCCACABwGIBwCgBwGqBwsxNzUwNjg5Mzc5NsgHu9cF0gcNCQAAAAAAAAAAEAAYANoHBggAEAAYAOAHAOoHAggA8Afn2QKKCAIQAJUIAACAP5gIAQ..&s=637296a3167678cf2091c818b7da0aeaadbc4561

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:29 GMT
AN-X-Request-Uuid: fdcae46c-433b-4d66-b3f9-cb7103b36d5a
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2047 42 B
63 B 122ms
120ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CI1HxbXaQhXQ-6e5ln5A6uwig5Z8r7OP8VNWt0WNkJfvtJyRMds0M2_JUJ6rYzKfNWhqZtdaqNGBhCX3tJxbfmSZs7gOatb4CvL7WhknbEjtlDzu8

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame FD26 273 B
121 B 76ms
70ms Document
text/html 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ64bnAhiI64rdATAB&v=APEucNV3cO1FuFzy6zxX0jQicxKm1cnP3EPzh73W-owkUygXIBR779jMe2f4VAsDcaUl25nujA4IAHBZ7uZbyQporBNSolfAtzqLcadLOE1cjWc8E2zmvlPKjhuve62AEHXRIbF-WJ076CykZTJMc-CJGqzyOgzpbQ9z6L2B35Mry-ww8YNuSgQ1jpmdR47IPplN-a9JnIGM0AeEuPGzeGWUsW8xn2elBN0y7dabTy7ricyi1I_mYNY

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f9069e765fbe398f997add12a68cb2a29757379a4419198ef6fc3f627a06011f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 101
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 08 Jan 2023 11:23:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 59B2 68 KB
32 KB 93ms
84ms Script
text/javascript 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CaO6JiyescqQiEL4VQZ2VOc_L74T341bWg_cTtgzCGJC9x1HsbUO6GboDdwRxzmfyD8246wAddncbGnRdkvPea3jhmurPq2-rvwvj2RQp4tiaHjLoIdZG0alc7rzRT7UrFd3xPLrzYkU7xhymKi3EnPcm_5A6vABxxsj24bSAAUXaobBY&cry=1&dbm_d=AKAmf-Az51PNUB0yFib84HikgGPTZeGV3AyRI1jsAh1uvGm64IviHuZLT5D8ciNW_TJ7EGTCaAqwXLG_TdhmLf7a7EAvP2mOLjiGeFklh-uK2aAPtaeMFAeZc7iw2rgqCCtEnHxos0Ot3gaNZ9Kc6eY9HtJvsTZnbzSh1WXMHaIVmFTAzNEbOE4UY3xNOoztfSz1DH3VKwOfm2V-bBL-36CgrFXbgiBKksQTlaLMxmxr1qqe5TJp8YUexG2O9-Z94JRJ-i1kzMXuiPX9iwEywVbEi8f9LV0qY9biEZMCHLIit85J9i-4-DWI58PR4veZBIJzsiGj5QlNwv1ajYygxXR-ilw1eh7e1hH5oW2nRG3jfFNKUM_A5bLwZ7wAzD-rr2h5NJoy32YJ6CNZGunHsC3DZuXDXGmLZD_7You43YlPP8SMd_GZDzIpUuAEwda5mvrUQJMN3lSORdRUWGupb5LdPXHgVk5F2tD_2L_RUYPHG0z_nu8La0sB75usiUBf3muMjnqYII-2E_u-LBd-wN0tIUNDfiM2FRV-hWlSEo1wxH5kW9tgCaS873uuH6qR1Wk7hpGsH6nGs_ueLsbcgoByd7Di2KWda1HSg9DELixN1ISo8RM5VAcqxhl3BL2HOtVRU9uRZiroLU48jAadLx3tMGFQR6zsvW2QEcCMxdXbX--Xa8j6BdQGhpksAkuIyKTyq6h7zbEI3p47IKZAZ-3lxfm3cVj9LBpaPj6xzJ6TBZwRRySI45rbVTlQrQHW2EZ8KYGmzd_3LJJNbgLtY3ZfT6MNCpVAG5_FyouYxfrK3vUazjubKLHYKeYnXLDn3olZS6dPzagMDKVf8oZqoOjd-EQeD0NHqdvs3CJ1pQV-t1LZS1Idv8k42Yw9DjYF3TY0EViX4APp36dHVmHwb6gIddyznD3GJwQ1He-1LL8VhJ3Ul99E7wwnd1ULx7i4FDOgeXf-24lgsqnt2_hLH8BYOpXib7SXMhhISIBEjrMN4hiSdEzBDMfl0R0sCl87r6j7yxG0BnVI-KBZMdOnBYLeG3QJYzUhQoQ6bhTbAY3EK0FCf_Ip0HDSdlAnrN4rNEaAJDRqUx6ixX1r3FxAXQFJqmbLXwjXpYzuqUG0rm-4il_hsrQkMFiVV5KpNb2Ewu4T2kxQl0uDVD0NQTIp85UQOwMxfmUngNwHpTxEWEVmnZ3HhehWnz2cpiZnlsdMZFZkBYLlmZmWQtJec_PevzldjweqZnE-l4SwWa_mKPi-JPUI5y65Uga_jXT_IE2j5bzeYyMVNb4OO9p360yDmyLgVnAOgHx09f8kFsa7CyL8Bh1Z4AxmEhP6XJ0U6sElUBcRMfz660W9hIQ5IkanrOWKbpcHiosbZ8zRSZ-rSz6vY6dbM9MeCIkPtqFOQlYjxp-Wg71sujblS_VEmOv6vh3ACs-FaJeskIVRPAlkMbRNA84YljhcSU9IFARuynwNHOZkaxC_gp4tf_JopjgPcCGgE1dhxLms7SzNrgtQPglf307pkU0VRGy6XVAkjOufAzaZzMsq-PLOl1mWJfyAxgwAMOGdCD8p8Bcip7H9N43hjOCQ12CyrEY6izw3GXNGBIiCia_cg_jf5Nd23-Eyv-PhHmwkP_erhvGHy31l7RZQiSq0L91IinWcZcvzh5pGUI1U_RCuHe422YgJ6Fm5fdP-HKBVu_kJqHbW_OcDVA6DHLe6BCuIzSztgbY1qA01sDaGlEHZs4xOpeZUtVKTMXoqrkqtI5KJpDUxE4k0y4CxpdhpBxZ7cFkQzYaChdUTcZiiWBDDqGjm1l6m5FHXj_FXH1ThVmGpZp0XlMtybQ6X947GHlynJ3pdIcoXYACdOHcEPaDjb2JBFcdGXM8Qzc4_AC5BLQz6z4leIhykaIuHWWqPdZHRuj_-uPW51EPHhkBG_YbjejumRzk5x12np8ZlugVMGXQ3U7xpkIlQrplBfcdseBrUQdlF-B3Pg1hgVse9sO0Vk_es2Loh2Xzfxso-lq0Bvr_TvZ1XGVTj5dyh-K4slEwF5KBM8N9Ezgb6dx6QINXvVdHWH28t2MBr1REPfeSrbEr2r_DKCQBmQ-4Gt9Lia0IMN0qVbZBok_e-xSOGqBg8pUh0qEuqNzJgHVAbnoSttTyXorafP-OqjHEj3NpzqkgSzharktWYVz_2-6k23U_iWrIMhCiXP1_Vt1iQNVuz_ngjzlArXKyC8a-apyEKD7qYixD4tP_bxVPzxElGvAjNnrnfYgUdjA5-icSBG_Qzj5okO0v29QcvkX8cijDNT5UDxMfbq61aklyK984k8QDkh7BAWSXFI7Y8HrMTFUPIk4wvXDr1eLSPdh8-qbfKc3C8i7Z_dCNNujz7MRzWyBA5Y0q2lHpw6fhZuK-j1hG78HbZhxyXRtNlIKimgUuyY3apIGuELVqOZ33qpd7hLFocvVAdu_ULY-mlNQFp5JYvdN2c70AQErAwfEWhDUaMHvwvcCrfIm4FBdWHAyiLQPLpOZlTe3NtxxcnBDIG7XhRr7KXHqMbcPEd-F-toBDrEQE6zaRhhEfTco7zPivxJDFm2MDMFeiIOlSkCRamX8UR-2oQc_vpJslnr5WMoRXye52YCf3FAbRMZR9GIc8cqoX11cfQf8QdX0_DxcSEdyUHU1bdNa-0E8Awc0z2cXfkEZzNGXKdf2ffoX5WwVCCzud9XFes7K1D_XIf4dUYRzmFi2mUms5Fz1Ppx4HW_j9bLcTEQwYGR1ReyvzcNEaxQL_xBE49BRqZeY-RFL6NowxUvQcSwrqQh1bD9VQuAP1jYRuhCDh3KzaHQKbmHPPn1zrSYI0BIyTyIXhA9F0bXWEUxTKiD8WGzhk4GHqt0xqnAG3PsgFjSyQUula6zFm9UWGxL5FZ3AM75o75CrPlCBBBcdjpFlOH0k3Q-Xrzyg2r2oKuRpD1Et2Ea1b0LbqV68qjH0XV_E6u5su8CeKGXmLvT0LzIypIzIJnZoa6XC91N5Ji_6M_uCIRI3wOXn2u8tlYtLhHFxVBWUzWEcZhQ17mqC6KRH01DLCXYgGa8xS_yDF5Q-FcUJoB0hf0CzM0hQo6pANYDwV_brs5OMgkdkZdmfBq89QCBVLx__VO7tmdfhmN2lG_lIChqNvauGW8r7joqKbrNSnavDr2CSDSZCeUuD8KR11JGn-_jpAxP6JccJF5LRIthfGroDfhe36DYFVBmmPRPccyENe46a3VfzUnfv01QLehJhFQTVe9oExKpfdA-vQb2kpmU4kdYIGoSNq3CFreJi8Fr5AuERFHOycuNCc5MHey324-NY5GOUfPzhOgu889QjZg0Mu0R3x5TqvpjXNs4dnO6Pjoj2C8-tLv1uUIv4n6QarvcnJnoMwD717QeLONIASgj_aQEzntdTxd0W8uF7oGXiZQGwpGmFeYuCfF-TYNDwA63UiG_WMi9Sksmfvfm1Jt4L8dLppHGLtiRgQ182nYu4MSl0rXezoNV1ZnmTwUthab_orJG-hAWvYaJnVvYk2VAGYLt-S_BddLrFgE&cid=CAQSGwDq26N9O95_hkwgQEjYt6_vrTwEVYGk8QyXFRgBIAo&rfl=2%2Chttps%253A%252F%252Fkresy.pl%252F%240

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fc9b3363304583874d745495a9b0482c4f7703d036b8938c200ebdc4b6da8b1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:29 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33175
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK trk.js Show response
cdn.adnxs.com/v/s/231/ Frame 59B2 80 KB
27 KB 40ms
32ms Script
application/x-javascript 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adnxs.com/v/s/231/trk.js
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: a6014f6b98eaeb6078b9e1c953c61f33af95d5f4866d89a416d01b74a0dd6c27

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Expires: Wed, 06 Dec 2023 04:35:13 GMT
Date: Sun, 08 Jan 2023 11:23:29 GMT
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Age: 2875696
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 27455
X-Served-By: cache-lga13620-LGA, cache-hhn-etou8220058-HHN
Last-Modified: Wed, 30 Nov 2022 10:07:25 GMT
Server: AkamaiNetStorage
X-Timer: S1673177009.179423,VS0,VE1
ETag: "48b9fe7fe4120aea6f95a30f505d7b35:1669802845.0694"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *, *
Cache-Control: max-age=31536000
Accept-Ranges: bytes
X-Cache-Hits: 17, 1869129

GET
H/1.1 200
OK it
fra1-ib.adnxs.com/ Frame 59B2 0
934 B 28ms
19ms Image
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fra1-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252Fkresy.pl%252F&e=wqT_3QKSC_BMkgUAAAMA1gAFAQiwz-qdBhDvsdSWm7LR_D0YrtKEspaDxZIcKjYJjPM3oRABlz8RzyBw6iTXkj8ZAAAAgOtRyD8hzyBw6iTXkj8pjPMJJNgxAAAAQOF6lD8w4-v0CjiYUEC8CUhlUNbCqsMBWPLTlwFgAGj0-7QBeL2EBoABAYoBA1VTRJIBAQbwVZgBrAKgAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKbhU7qAhFodHRwczovL2tyZXN5LnBsL4ADAIgDAZADAJgDF6ADAaoDgwcKzAZoDSf0pgRhZHguZy5kb3VibGVjbGljay5uZXQvcGFnZWFkL2Fkdmlldz9haT1DQWtnUHNLZTZZNnJVTi1ILW5zRVBvdXFKLUFUWHE1R2hicUNKNV9XYkVmZ3VFQUVnNXBmV0pXQ1Znb0NBckFmSUFRS3BBanlUUlFUSzI3RS1xQU1CeUFPWkJLb0VfQUZQMEV0MlBDWUplZ0VhWFpqcXNiS2MzTkpTZ05aZ05kRko5ZzE2WjMzMC1yZnl6akVMQXRtSU1pOXNBRjE3WmRDUm53dHgySldGVDJuVWVld08wX1RfZzY4aG9iT1lCUUt2cnh6Zl9pTl9Wb2F0UjlBbjVfV3ZDdUx4cWY1VWMxbHRLQXhwRUI4U0hNbGR2a19YdnI1anprN3RVczVFck03MkZiQ3VuWk9yN09yLVNkYlBhZFdZLVdoTG5CeVlVSkpFMzdrSGQ0OEpsNXlvUWIxY0t0SFhfMHlZS2lKc0ZPYk5FbnJvN1N6c1UtLXFJM0lrVkxlMUFlcUwxX01FVVZ4V2xxNzJCVExjeUVpTTdtVml0UVRYdlpydkgwZllMc0FFYkotMUhYVEFOYm9HdDVwTFEyQUEwd3kzRXdZWUQxRTVUVkx3bTVTbEJmdTBTUWZBQktpVW9mR0tCT0FFQTRnRjVQXzNtMEdTQlFZSUhSQUVHQUdTQlFZSUhSQUJHQUdTQlFZSUhoQUJHQUdRQmdHZ0JnS0FCOWU3dE1RQnFBZU96aHVvQjVQWUc2Z0g3cGF4QXFnSF9wNnhBcWdIcEtPeEFxZ0gxY2ticUFlbXZodllCd0R5QndvUXdhOEJHSWpyaXQwQjBnZ1JDSURoZ0JBUUFSaGZNZ0txQWpvQ2dFRHlDQTVpYVdSa1pYSXROVGMwTXpBMU9JQUtCTWdMQWJBVG5JN21FY2dUNVlQRDRBUFFFd0RZRXhEWUZBSFFGUUdBRndHeUZ3Z0tCZ2dBRWdBWUFBJnNpZ2g9QXNQZTJQV3h6NHMmdWFjaF9tPVtVQUNIXSZjaWQ9Q0FRU0d3RHEyNk45Tzk1X2hrd2dRRWpZdDZfdnJUd0VWWUdrOFF5WEZSZ0JJQW8mcHI9MTA6JHtBVUNUSU9OX1BSSUNFfRoTNDQ2NTY3Njk5NzU4NzQ0MTkwMyIJNDA5NjQxMzAyKgc1NjI1MDMzOgk0NjM2NDgxMzbAA6wCyAMA2AOR1lLgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQOMjE3LjExNC4yMTguMjeoBACyBBAIABABGKwCIPoBKAAwADgCuAQAwAQAyAQA2gQCCAHgBAHwBNbCqsMBiAUBmAUAoAXj0tKB4LTX4QHABQDJBQAAAAAAAPA_0gUJCQAAAAAAAAAA2AUB4AUB8AXThQH6BQQIABAAkAYAmAYAuAYAwQYAAAAAAADwP9AGwosB2gYWChAAAAAAAAAAAAAAAAAAAAAAEAAYAOAGAfIGAggAgAcBiAcAoAcBqgcLMTc1MDY4OTM3OTbIB72EBtIHDQkAAAAAAAAAABAAGADaBwYIABAAGADgBwDqBwIIAPAH59kCiggCEACVCAAAgD-YCAE.&s=9a82d2f511cc939d3f19ee654f7ec7772e154cdc

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:29 GMT
AN-X-Request-Uuid: f324b0a7-a3c4-4fa5-a6ea-79acca5d9325
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 59B2 42 B
63 B 132ms
123ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CrilW2c417bwJQXnpVWZoso26JHZDrv5Bndb1zJzM494FLuiALbeu27MdBxXdHeDiGW61zS23NaTWVvbCleG3VQBmDvgSx7gbc8mcMYhds4qBmIZE

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 4AF3 273 B
121 B 73ms
69ms Document
text/html 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ64bnAhiI64rdATAB&v=APEucNVsp5ChyAFuw6xyH9NIkI2m8uhDGCq2-KojJGFZsY5g5yIoIwPxtaQeT15Oluq5ju6jKIJyCWIXSNikPlqqAG8VjtAjUW51vqctuQf7GTGvRaGWUybBabPiXHJa5G53AAaYxryr3UWH8WsfF8Vn5BVr1AOGeuHwOW1-tlnVZ2Pv-NZ_bavWgYfGs-mmT-p3C4tUgbVfOIYhJQmKxQZiP5nzJCH5iD-6U5tftElCRlvTglPujrk

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f9069e765fbe398f997add12a68cb2a29757379a4419198ef6fc3f627a06011f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 101
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 08 Jan 2023 11:23:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 83FB 68 KB
32 KB 94ms
91ms Script
text/javascript 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AwBpCS6BeZZzeE6YFpdl08FBDUOR3NsqieqSl8X7Dl82Bx44dZdLZbC6AEOyjHsdwSwl6WIje_CtTrFoKbgILQzlTb220RcJX3ar4tYmsU2iO3z80CliOpvjgTGT0PTllZHmkldSO-G0Em58-az68_sxAwBaasUma6STKDscYPDbpbXNc&cry=1&dbm_d=AKAmf-A_46l5d8gkO_V2_pHUZkQWj8J2D27_p9SVX7LxD9M7b9cdoYNR_l4aTDwNmZcxVZdOudKMgiigreWPoxALjd9Zh36ksvujlV05AFrWrgyupMDbLZ7z0VLXDoZm1V03rZl26ajMBqpgHNBHHR35SffotFvIe_DLwANDA-AHpv3D0lDZPY5M3y7_elMLi0OuFqgELdpqs7x34_hbxc4QVhe-d0FrxBTq_MR11jC57K6qKYJyWEwP3qVkctoyiacubQGu3LtZdlu7Br7E1hzZgFy5YZ3jRLPNkKl84s3Kmq2-dmOk-Lao4JiqG8izgcxoep_vktMqbc6RUf0u26VqvHs7wzq-YrwgaOIx4A_7OVSZjWNWsy4J7emkMKxYKd94OirDqfYtRez9tFgFOVEQ0ZzK0rnZaVoGT221911MH0A2qP9v0k_e31_QfXiYOiZsKmy3ATlhfWspxHclqQ3lHWKeeYTALSfm7CYMAWVhuclj88TEfOBrjjDOmHLBqA0OfrtsaHzrEG8HVtZwNI0QRi6q2SprlPk3fmAGMp1e1W440SvAozxgSn3xWk2KPlEPGqalWcs-Ob_IHmojCkGp83v00O3nFbmCV3TQn1EgjNwBLlluG4i8muGYwW_HheS2bdZRc4CqD63P4xyKkjBc2Y6m7H_VZWW3aPFQnJ0kicf5pE4W-FF0h0GXXDAlGglhnmfE2P8EV65XzPiYyf8BPqiE_OB_Jiwk2914E69DZ5ULJ8PKQLhQWHY7a_SQnwIpAuCsQRpzp7Qgm79IYBaRViwAo5PCIXK5i5tEAFZ4tx1ZWqTF_eLc-jYyy7K8S1-i_YwwAFTOrEW_GsqRZGQomGDORA_qFxgUTWtxag1fX6sYoVu2_NyCe1OU4LYoe1pBKIYeVqSMC0WHEc5_vU2fHvvmM9DOyG7znOsIFGhZsT4fP9cS7tTC2XXTb7VtoD4iQ6_y1nzktiLUU4-bpO-5sm2uwEsQLvQigJN8jliNkf1mjMdntLlWqYt-FIBTS898lc7zQlWw5dT6Oy4SV45f8YiLzZ3pjPYAJ79dJepfdyhrVUJ1AHjvAugzteifjO6WYuYQHOaB5GnueA8pxiTuYNgivwZ6Kp9qwvIV1-rZxwksZFYfNaD-kheLIQOMGwAXtuAn1YFNZKwCMIL9Ssxnk-aH6AV_Hz4VCO9x5NSx8ZEeCYH0HclZEjdBcSbV9PeEiXTAxhK4QjltyHcHSkhKZ6zNPI_cUWwGGzS7JqNw4Kszu1f1onb3d2bvnbvK8ieL70PSOEVnJyMA-zXI4QC8xJWzJ6ugRWh4z1PmpGX_htnxCsYirvEO4ybSJhROoWCa_kL7hwOyZTxLawkhudd0_0mjbGB1iUquNCQIqYzX2tV9wO0kFVkZZ_8FAcLaR8XRA-_hgJbtw_wOVj240M7vwbIGSU7w5d2W-gGKFF9gudhm9lokpCRE7ekrTHbQNfQeGgMlMuuGbmcQEkFYw5Ahep_JPhbCTXfSNvhppibcQMU9hradPNbX6h6KX-sk9tE8f6MnSEPOKJ8WkW7GClrFslOhlbBFdYGbwbpwpz106nfHKoqwPIcb1-il-2v22jclfFVLe9BMKZU8DhqWKuS08I1lYgJqPvxG8LsxRWRQqBtvAHy9G8zc63oyfcyr1hKnep8_6EsR5sHrTKZka6rx6iDnYQkWnTmib_4orGsaloOYjQpu3LYrwgUFKVVDU_oBqsoXia82YFoUTXj8kPKPjrbP8OsO6H58oE7nfe4r5EXsYwvovW-iWxGfXNxm6_JNbK2ws5CIUnd0YjhXzsq5kvoYF6WPst_iToT0MnYfuLJSlunv0u3aT6EZLJCSLGkvQg89vg-KVQck3wKhTEFXUGFvdHhEp5qN-HGstQDXIcyTip-lelnVSUfmX9PthnTPIfMPa9krsaJqc8a9xlMOESdngV_eDO1GZFM6uRtFbVYw6wV5QJ3MfOWTO-b-pfnZU1Nujdt0yD2VrbgQqV8gv43eWvwUeUSoIfmB6FPCbSuW3Woxzh0KOQzOSCEof-b_YoZVVJmz7rLutJi2eV_HtO0AyNS9nyN9geuYwM9ZdoxV-ATgW864dHLkSHYuelU07sixTup6ELuK_dMw7hibSCy3WhYDRZYVdC33TWhzGY8G6HtBjUSuWj3eD_13PH1zb5nuWYLY7oyufcw-gVDchESlMJr0wQXkLvfrREnODG3xbzvNly5nY3IQM12FWQNf2DMqnXv9S9qASFLVirE-HYeh6f9Jt7M4zCIHAEpbRPmGk5Nc_Mm4U7oQddqV9ZQ-Vzh3z65ye3T5E1T0I1MUBuQW7P0ptX99THRvj_ByU1un4p5NtkeEr4hAXNpA5UmS423ikSDPKvIzvpzHRE9tpI_JEt56rbjInJfjN0NWqpkN4KiMdjqRAbA3EGypW-4B_VU6uWEaO_NPGrJAr8lBP2uXraUOdAvwZygp1TkHQWmLkaTvFaRdsEMtAyR01QC5o9MudGrVecrUaTrraUu5XhwrgdDrNsIngVqC_XbuSZtuHF8oTd-vezmnwDcrzvHGjb4kjNyHXl3NdUScf3EIJfG9RZZjhyWqpcIou_jWSpbUbfSOyWphVNQ3yBbSh7AVE4-_UhjSqfKS1I9uiNoxQTlTUoQYTo9v30AB-QuHz8Ly8MM_Qi0c81xHCo1qn4aKzBJ_1dbslX7vuh_GHH-QuLU-X0xC0kjJWeowcv9LTq_nFrBBlNeAy3j7p8HQ7OfyY5-TvNISWzSBKsxN5S7-p2e7MlE9psH4i24DaV60KB30UgH2E08dYZIBbzgfYtIXbZYbKVpmIse5OEhMgZZpi4rtxKJEZi9p7YDQirhCPRVi3VJ4KLFzuyRS2F4X0s4ERSv4UEVphLp0TgYJUeI4gM4lBA3bkzpQrI6CrJZC-tHvUFVqRXucTi8zp-H-REUtpK9YXMODCICSa82Yg0zLk2hVeUz9Anw1wgtC5Lj7tYPAc6Jh6SDnI10BFSkElhEL4FvuNVm7FVnA9cIyToCkE2PzlvqhfakQ1slAoY40G0Bvnmlw1nj3oW46XbNjspwgkils-EjsvSalWv5s4Lsi7uRdYbS_mHNO5D7PXgU6npwrocrhlQt2Z8WpHUKNUD97F7Baou7686p9zzZ1zHc_97NdYYdJhJSmQTfpebW4IBacrGQl3x3jgAMBfnGktlCor69FgpgKsTArqiZRhIg8kJP56m-zz7dIOsjLP0ec43BIprecW74uf6bFzE1GnGB2z-yKB4-8bU2D4uTeHUhReUgTyWxX7fY92EA7HkCbxKcfoPNmKWI_tI38nfc3hL9vc6WiyPEBSM5gkWyI6hJ-HARkwgZu8_tSWjKdJ24AWEWEEZ6u3USv9Lgmu0VK5NeNLOKlxmcIbJl0KkajZgUWulflsCuj8qe1GmHUGZdHfifAC8dMM71X7CbTgVvqRuspEwNKh33u3acjSD3m9wSEvlcMfpXmKQ2Zb_bFFASZOiV7aMGc6a-QOFe2DYKxU771H10BTFvAqKuk6YWr8uvsaxQ4BJIyaA&cid=CAQSGwDq26N9u4pK3Bk8Y1UPH5ig2wEPGwXzafD4_RgBIAo&rfl=2%2Chttps%253A%252F%252Fkresy.pl%252F%240

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fe941daf7fea60fdf40db6ff4bed148bd6c42183352ab403f709941e55babb6d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:29 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33046
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK trk.js Show response
cdn.adnxs.com/v/s/231/ Frame 83FB 80 KB
27 KB 25ms
22ms Script
application/x-javascript 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adnxs.com/v/s/231/trk.js
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: a6014f6b98eaeb6078b9e1c953c61f33af95d5f4866d89a416d01b74a0dd6c27

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Expires: Wed, 06 Dec 2023 04:35:13 GMT
Date: Sun, 08 Jan 2023 11:23:29 GMT
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Age: 2875696
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 27455
X-Served-By: cache-lga13620-LGA, cache-hhn-etou8220040-HHN
Last-Modified: Wed, 30 Nov 2022 10:07:25 GMT
Server: AkamaiNetStorage
X-Timer: S1673177009.176384,VS0,VE0
ETag: "48b9fe7fe4120aea6f95a30f505d7b35:1669802845.0694"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *, *
Cache-Control: max-age=31536000
Accept-Ranges: bytes
X-Cache-Hits: 17, 2301158

GET
H/1.1 200
OK it
fra1-ib.adnxs.com/ Frame 83FB 0
934 B 36ms
33ms Image
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fra1-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252Fkresy.pl%252F&e=wqT_3QKWC_BMlgUAAAMA1gAFAQiwz-qdBhCfgLWHn5DejQEYrtKEspaDxZIcKjYJjPM3oRABlz8RzyBw6iTXkj8ZAAAAgOtRyD8hzyBw6iTXkj8pjPMJJNgxAAAAQOF6lD8w4-v0CjiYUEC8CUhlUNbCqsMBWPLTlwFgAGj0-7QBeLSEBoABAYoBA1VTRJIBAQbwVZgBrAKgAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKbhU7qAhFodHRwczovL2tyZXN5LnBsL4ADAIgDAZADAJgDF6ADAaoDhwcK0gZoDSf0qgRhZHguZy5kb3VibGVjbGljay5uZXQvcGFnZWFkL2Fkdmlldz9haT1DWDJScnNLZTZZNm1hTzYtdHpBYkI5WTZ3QTllcmthRnVvSW5uOVpzUi1DNFFBU0RtbDlZbFlKV0NnSUNzQjhnQkFxa0NQSk5GQk1yYnNUNm9Bd0hJQTVrRXFnU0NBa19RUksyRFFvZ0VSWXY4enNwdzFfZXVrR2R1NjJuMXZ5TXQweUFEQXVNd2w4VmxXUzUzc09uMm16U2NBbjBIcmtLcHFpa0NDcEJCVE16MU9veTlsZTJ2b0FLQVBfMFFucml4RThvajFQdGwwTUFkOTBFbG5IcVpKcDlEMzhTMkNZUFZPdmw2NVloNFYyMEw1WFZmZElxOVJ5aTlkS1hZRGNMR1JRdWY2MzJHX1NmQ0RGSFpKNnhZQU4ydWREbE1JeHdFZVFUSEdnSHpDUE9rY0ttUVlKU09ZMzd1Rm1JQVNVMVBUVG1fck83SDU2OEZ5MFdwUEJwY0V4cklyYTFxOUplRkZoLUV1NnhRQXc1QjBycFlSemFvSEFtY0lnd3NzRVczVTZINHM3OXpTQ0ZabTEtT2N6a2NicEFocTRicXcyTkQ1VjRyaEZ3dUdscmZyY0RETVotWU5jQUVxSlNoOFlvRTRBUURpQVhrX19lYlFaSUZCZ2dkRUFRWUFaSUZCZ2dkRUFFWUFaSUZCZ2dlRUFFWUFaQUdBYUFHQW9BSDE3dTB4QUdvQjQ3T0c2Z0hrOWdicUFmdWxyRUNxQWYtbnJFQ3FBZWtvN0VDcUFmVnlSdW9CNmEtRzlnSEFQSUhDaERCcndFWWlPdUszUUhTQ0JFSWdPR0FFQkFCR0Y4eUFxb0NPZ0tBUVBJSURtSnBaR1JsY2kwMU56UXpNRFU0Z0FvRXlBc0JzQk9janVZUnlCUGxnOFBnQTlBVEFOZ1RFTmdVQWRBVkFZQVhBYklYQ0FvR0NBQVNBQmdBJnNpZ2g9My1zOGJoWXRVYjgmdWFjaF9tPVtVQUNIXSZjaWQ9Q0FRU0d3RHEyNk45dTRwSzNCazhZMVVQSDVpZzJ3RVBHd1h6YWZENF9SZ0JJQW8mcHI9MTA6JHtBVUNUSU9OX1BSSUNFfRoRNzk3ODk5MTc4OTczMTAyMzkiCTQwOTY0MTMwMioHNTYyNTAzMzoJNDYzNjQ4MTM2wAOsAsgDANgDkdZS4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDjIxNy4xMTQuMjE4LjI3qAQAsgQQCAAQARisAiD6ASgAMAA4ArgEAMAEAMgEANoEAggB4AQB8ATWwqrDAYgFAZgFAKAFreX7-82U--0lwAUAyQUAAAAAAADwP9IFCQkAAAAAAAAAANgFAeAFAfAF04UB-gUECAAQAJAGAJgGALgGAMEGAAAAAAAA8D_QBsKLAdoGFgoQAAAAAAAAAAAAAAAAAAAAABAAGADgBgHyBgIIAIAHAYgHAKAHAaoHCzE3NTA2ODkzNzk2yAe0hAbSBw0JAAAAAAAAAAAQABgA2gcGCAAQABgA4AcA6gcCCADwB-fZAooIAhAAlQgAAIA_mAgB&s=789f69d95a52c052bf6210285083fef4af3f286c

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:29 GMT
AN-X-Request-Uuid: fc4c9ae9-8551-4068-8560-6c5af0d1da78
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 83FB 42 B
63 B 125ms
122ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AFM0-UlfwW_9pwrK1aK-UKyoyciB1Ho6uWoC4wS-0hPL_D_OgemKjPcFZJcPM80DEjdY0iL0pHoaCyb1twOKYSTTOM6komiL3q84D8On9OPv5_z24

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/10252940186316907237/ Frame 9940 21 KB
21 KB 23ms
23ms Image
image/jpeg 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10252940186316907237/14763004658117789537?w=400&h=209

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

283cb92b36724bf98757e865d294d5c654f40790bf787bd54d075dbde382ed52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 22:23:47 GMT
x-content-type-options: nosniff
age: 46782
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21584
x-xss-protection: 0
last-modified: Thu, 05 Jan 2023 13:56:11 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 07 Jan 2024 22:23:47 GMT

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/4140046757392509342/ Frame 9940 744 B
771 B 25ms
24ms Image
image/png 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4140046757392509342/14763004658117789537?w=100&h=100

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b312c55e3afef18f18cf6e7d3e97e7ab879ddf6c72228270a558bc25fd764c49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 08:24:12 GMT
x-content-type-options: nosniff
age: 10757
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 744
x-xss-protection: 0
last-modified: Sun, 26 Jun 2022 00:53:40 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 08 Jan 2024 08:24:12 GMT

GET
H2 200 153615.js Show response
c.evidon.com/a/n/1267/ Frame D424 3 KB
1 KB 29ms
27ms Script
application/x-javascript 23.2.214.109
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/a/n/1267/153615.js
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/geo/ba.js?r221006
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.2.214.109 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-214-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 94e8b99f224b394ce1a5031b2f1742c551f635eed13a813716a475d8275f46c5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
content-encoding: gzip
last-modified: Thu, 08 Oct 2020 14:46:33 GMT
server: AkamaiNetStorage
etag: "6824cb2ff4568d14eda7aff13744195c:1602168393.36391"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: application/x-javascript
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
cache-control: max-age=600
accept-ranges: bytes
access-control-allow-headers: *
content-length: 867

GET
H2 200 153615.js Show response
c.evidon.com/a/n/1267/ Frame 0ABF 3 KB
1 KB 30ms
28ms Script
application/x-javascript 23.2.214.109
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/a/n/1267/153615.js
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/geo/ba.js?r221006
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.2.214.109 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-214-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 94e8b99f224b394ce1a5031b2f1742c551f635eed13a813716a475d8275f46c5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
content-encoding: gzip
last-modified: Thu, 08 Oct 2020 14:46:33 GMT
server: AkamaiNetStorage
etag: "6824cb2ff4568d14eda7aff13744195c:1602168393.36391"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: application/x-javascript
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
cache-control: max-age=600
accept-ranges: bytes
access-control-allow-headers: *
content-length: 867

GET
H3 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame C098 28 KB
11 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c9406a92f81fad251295cd64386a8bb62ee7503f589ae1b96893faae2f4fcb18

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 10:38:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2674
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10900
x-xss-protection: 0
last-modified: Wed, 09 Nov 2022 17:19:43 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Sun, 08 Jan 2023 11:38:55 GMT

GET
H2 200 apn
beacon.sojern.com/imp/ Frame C098 42 B
229 B 88ms
29ms Image
image/gif 107.178.244.119
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.sojern.com/imp/apn?auc=2388022505169867866&cr=347914397&seg=&st=0&bp=0.01038&pp=0.01038&aaid=&idfa=&ord=528318265
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.178.244.119 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 119.244.178.107.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

p3p: policyref="/w3c/p3p.xml", CP="ADMa OUR IND DSP NON LAW"
date: Sun, 08 Jan 2023 11:23:29 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
vary: Accept-Encoding
content-type: image/gif

GET
H2 200 ca Show response
choices.truste.com/ Frame C098 2 KB
2 KB 176ms
116ms Script
text/javascript 143.204.215.88
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://choices.truste.com/ca?pid=sojern01&aid=sojern02_d&cid=0&c=528318265&sz=300x250&js=st_dapp

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.88 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-88.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

3cef1864f3b4a587c446729a5ee0eb8ae906ec76154e956b797e467c653d0024

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' ; font-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' ; frame-ancestors 'self' ; connect-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; media-src 'self' ; child-src 'self' ; worker-src 'self' ; manifest-src 'self' ; prefetch-src 'self' ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 511c8b6c7e903efca023a504d527516a.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *; prefetch-src 'self' *;
x-amz-cf-pop: FRA53-C1
cross-origin-embedder-policy: unsafe-none
x-cache: Miss from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 918
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: origin
server: nginx
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=31536000
x-frame-options: SAMEORIGIN
vary: Accept-Encoding, Origin
content-type: text/javascript;charset=UTF-8
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: geolocation=(), microphone=(), payment=()
x-amz-cf-id: xKsHw-qEWTVk9TntwZDL0GPhC1TkVywIqg7OwTVKwwkzYSWgrF-0og==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK trk.js Show response
cdn.adnxs.com/v/s/231/ Frame C098 80 KB
27 KB 23ms
20ms Script
application/x-javascript 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adnxs.com/v/s/231/trk.js
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: a6014f6b98eaeb6078b9e1c953c61f33af95d5f4866d89a416d01b74a0dd6c27

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Expires: Wed, 06 Dec 2023 04:35:13 GMT
Date: Sun, 08 Jan 2023 11:23:29 GMT
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Age: 2875696
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 27455
X-Served-By: cache-lga13620-LGA, cache-hhn-etou8220030-HHN
Last-Modified: Wed, 30 Nov 2022 10:07:25 GMT
Server: AkamaiNetStorage
X-Timer: S1673177009.201620,VS0,VE0
ETag: "48b9fe7fe4120aea6f95a30f505d7b35:1669802845.0694"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *, *
Cache-Control: max-age=31536000
Accept-Ranges: bytes
X-Cache-Hits: 17, 3184555

GET
H/1.1 200
OK it
fra1-ib.adnxs.com/ Frame C098 0
934 B 28ms
25ms Image
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fra1-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252Fkresy.pl%252F&e=wqT_3QKtCvBMLQUAAAMA1gAFAQiwz-qdBhDaqKeCj7r9kSEYrtKEspaDxZIcKjYJ34RCBBxChT8RGIHqROavfz8ZAAAAgOtRyD8hGIHqROavfz8p4IQJJNgxAAAAQOF6lD8w4-v0CjiYUEDqP0gCUJ2B86UBWPLTlwFgAGj0-7QBeNyEBoABAYoBA1VTRJIBAQbwTJgBrAKgAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEAigJTdWYoJ2EnLCAyOTM4Nzk1LCAwKTt1ZignaScsIDQ4MjMyOTksIDApBRQsZycsIDEyNzI0NjM5FSkwcicsIDM0NzkxNDM5NwUW8IuSAqUEIV8yV1pkZ2pZMmRNVkVKMkI4NlVCR0FBZzh0T1hBVEFBT0FCQUFFanFQMURqNl9RS1dBQmdyZ1pvQUhBQWVBQ0FBUUNJQVFDUUFRR1lBUUdnQVFHb0FRR3dBUUM1QVUtRGlIdERRWVVfd1FGUGc0aDdRMEdGUDhrQkFBQUFBQUFBOERfWkFRQQkOdFBBXzRBR0RzcVlDOVFITnpNdzltQUlBb0FJQnRRSQUkAHYNCPBbd0FJQXlBSUEwQUlBMkFJQTRBSUE2QUlBLUFJQWdBTUJtQU1CdWdNSlJsSkJNVG8yTkRBMjRBT1hNSUFFaU5mRkJJZ0VoWmZMQkpBRUFaZ0VBYm9FR2dpRkJCRUEFaRRBRFFQeGsJCwEBJENDQ3hvc093UVEBDgBBBSAIOGtFAQoJARhEWUJBRHhCCQ0FARxpQVdHTXFrRgUNBewILXhCET8gQUFBd1FXYW1aBQIINVA4CSgcZ0pPUnVqX1IuKAAIMlFVAS8BdMB3UC1BRmpnandCWl9UaUFiNEJhdXZzd0dDQmdOVlUwU0lCZ0NRQmdHWUJnQ2hCcHFaBV4sYmtfcUFZRXNnWWtDHYAARR0MAEcdDABJHQw4dUFZS5oCmQEhNFJiRWtBOikCMFBMVGx3RWdBQ2dBTVoZbUxPZ2xHVWtFeE9qWTBNRFpBbHpCSgG_AQEMOEQ5UgEICQEEQloJCAEBBEJoAQYBAQwwRDlwAQgJAQRCeAkIAQEQQjRBSWs1ZPD1OEQ4LtgCAOACm4VO6gIRaHR0cHM6Ly9rcmVzeS5wbC-AAwCIAwGQAwCYAxegAwGqAwDAA6wCyAMA2AOR1lLgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQOMjE3LjExNC4yMTguMjeoBACyBBAIABABGKwCIPoBKAAwADgCuAQAwAQAyAQA0gQOODE3MCNGUkExOjY0MDbaBAIIAeAEAfAEnYHzpQGIBQGYBQCgBf___________wHABQDJBQAAAAAAAPA_0gUJCQAAAAAAAAAA2AUB4AUB8AXanR_6BQQIABAAkAYAmAYAuAYAwQYABSUo8D_QBugp2gYWChAFEB0BdBAAGADgBgHyBgIIAIAHAYgHAKAHAcgH3IQG0gcNCREpASYI2gcGAV1wGADgBwDqBwIIAPAH59kCiggCEACVCAAAgD-YCAE.&s=cbc4efc7331c09b0d6ff9eaa5d265b4b659cc3fe

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:29 GMT
AN-X-Request-Uuid: 481d2bf9-4dbf-4f57-83b3-7bb71e2faccf
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame B8BA 0
17 B 87ms
85ms Image
text/html 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C_8G0sKe6Y-eeIrLknsEPisa6oA3t34qqbrKq2oS8EKfror3AARABIOaX1iVglYKAgKwHoAGG19e9A8gBAqkCPJNFBMrbsT6oAwHIA8kEqgTEAU_QMcpXharYt6CfnfgvxZNmILb-vo2yHNiv48A1-D7pA7B-03ty2WXW5o-O1jhc-GuHXZ9QQgZxSA2uKgXVR0OjexCMDKhrXDRsc7d3-YLlrWg28C4OAZ0X53-GIfwnTYTpG4o9g9F_-1fg9JCFP7EH3Ad1ne-e0ol2VLf5DpambbTC_P_ZzELp1kSEgHUynPvnME-_-eKTcNUP2iaWu7MfeFYArDdrbOoYgTL2EgsF9ZCM4mfspUBeV95qPVgr6n6VsBTABOyd-PqKBJIFBAgEGAGSBQQIBRgEoAYCgAfiqKhCqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHSCBEIgOGAEBABGAAyAqoCOgKAQPIIDmJpZGRlci01NzQzMDU4gAoEyAsB2BMN0BUBmBYBgBcBshcICgYIABIAGAA&sigh=YfVfdpAfLBM&uach_m=[UACH]&pr=10:0.005317&cid=CAQSGwDq26N9i0eVTMpZBT2puta9H5nY6PQAqzGerRgBIAo&vis=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 08 Jan 2023 11:23:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2

200

generic
match.adsrvr.org/track/cmf/ Frame 0FAB
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=smartstreamtv_dbm&google_cm&google_dbm
https://ads.smartstream.tv/cm/?cmsrc=dcm&google_gid=CAESELYErAlZoSVrfvofGsDz8IY&google_cver=1
https://cm.adsafety.net/?_cmsrc=dcm&testmidt=1&testdid=CAESELYErAlZoSVrfvofGsDz8IY&idt=0&did=0&data[stv][midt]=100&data[stv][mdid]=2ed9109f867c3a37caaed37b26bb98a8&uid=2ed9109f867c3a37caaed37b26bb9...
https://match.adsrvr.org/track/cmf/generic?ttd_pid=admans&ttd_tpi=1&gdpr=1&gdpr_consent=

70 B
265 B

143ms
47ms

Image
image/gif

35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=admans&ttd_tpi=1&gdpr=1&gdpr_consent=
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ64bnAhiI64rdATAB&v=APEucNVagFrpaB-ZbMSiAYYZ_YP63R7qphX0gNZz23jsbfEII4pLE3nUE0u57CFJVZWLAiGOepD7WGZXO_wkKzcwzYxbXVWQs6_NVLd1l1yRaE5GK3D19WVgj_MjO4Y51_JyUsDH10YFg7MUDAQUt7qlHiQub9A8auLFXJ1bu9JiFx1SgbeZy-IxZsb0PZ_M1KUUmSLIQg_M1COzpn1ka87-CI8fEm5wXJds3B-Kz9zQggl3TabNhuw
Protocol: H2
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sun, 08 Jan 2023 11:23:30 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Redirect headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:29 GMT
Last-Modified: Sun, 08 Jan 2023 11:23:29 GMT
Server: nginx
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: *
Location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=admans&ttd_tpi=1&gdpr=1&gdpr_consent=
Cache-Control: must-revalidate, no-cache, no-store, post-check=0, pre-check=0, private
Connection: keep-alive
Expires: Mon, 28 Jul 1997 05:00:00 GMT

GET
H3

200

sync
ad.sxp.smartclip.net/ Frame 0FAB
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=smartclip_dbm&google_cm&google_dbm
https://ad.sxp.smartclip.net/sync?type=host&dsp=10&dspuuid=CAESEDwzdaZjPX6RcOMaCWM4puE&google_cver=1
https://ad.sxp.smartclip.net/sync?type=host&dsp=10&dspuuid=CAESEDwzdaZjPX6RcOMaCWM4puE&google_cver=1&ang_testid=1

42 B
60 B

73ms
25ms

Image
image/gif

35.186.194.101
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.sxp.smartclip.net/sync?type=host&dsp=10&dspuuid=CAESEDwzdaZjPX6RcOMaCWM4puE&google_cver=1&ang_testid=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ64bnAhiI64rdATAB&v=APEucNVagFrpaB-ZbMSiAYYZ_YP63R7qphX0gNZz23jsbfEII4pLE3nUE0u57CFJVZWLAiGOepD7WGZXO_wkKzcwzYxbXVWQs6_NVLd1l1yRaE5GK3D19WVgj_MjO4Y51_JyUsDH10YFg7MUDAQUt7qlHiQub9A8auLFXJ1bu9JiFx1SgbeZy-IxZsb0PZ_M1KUUmSLIQg_M1COzpn1ka87-CI8fEm5wXJds3B-Kz9zQggl3TabNhuw
Protocol: H3
Server: 35.186.194.101 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 101.194.186.35.bc.googleusercontent.com
Software: openresty/1.19.9.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
via: 1.1 google
server: openresty/1.19.9.1
p3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/gif
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

date: Sun, 08 Jan 2023 11:23:29 GMT
via: 1.1 google
server: openresty/1.19.9.1
p3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad.sxp.smartclip.net/sync?type=host&dsp=10&dspuuid=CAESEDwzdaZjPX6RcOMaCWM4puE&google_cver=1&ang_testid=1
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 85AA 0
0 108ms
59ms Fetch
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssx5UU4pYHkcfKqtj6XvNLNpP1fHBObfQ4O6qIz_rxenMMgG081r8NEW-fJtZ6RU5-iS3izl0e89GXuhgVU_8gdUwBHKYuOeN4e3CImrx__3HZCG_RMKRCvFWjcWFCzNgXX3p8&sai=AMfl-YSF_1NPBig5l_2nx8kX_WAw_swL1UTHPlTuPZPXCHvrjzH4YN0BIp1ucz_rtnEfDo04-2Zm_ojglQ1uUchdZQ&sig=Cg0ArKJSzPOPeq53kKfZEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=304&vt=11&dtpt=303&dett=2&cstd=0&cisv=r20230104.16736&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 08 Jan 2023 11:23:29 GMT

POST
H3 200 1a Show response
i.clean.gg/ Frame EE53 0
15 B 114ms
113ms XHR
application/octet-stream 34.95.69.49
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clean.gg/1a
Requested by: Host: acdn.adnxs-simple.com
URL: https://acdn.adnxs-simple.com/strikeforce/script.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.95.69.49 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 49.69.95.34.bc.googleusercontent.com
Software: nginx/1.21.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
via: 1.1 google
server: nginx/1.21.6
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/octet-stream
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Origin,Accept,X-API-Key
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

OPTIONS
H3 204 1a
i.clean.gg/ Frame 0
0 111ms
110ms Preflight
text/plain 34.95.69.49
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clean.gg/1a
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.95.69.49 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 49.69.95.34.bc.googleusercontent.com
Software: nginx/1.21.6 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://guandads.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Origin,Accept,X-API-Key
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1728000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/plain; charset=utf-8
date: Sun, 08 Jan 2023 11:23:29 GMT
server: nginx/1.21.6
via: 1.1 google

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 535F 261 B
122 B 69ms
69ms Document
text/html 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ64bnAhiI64rdATAB&v=APEucNVNgrY_UdERqygeTr-MJXPyuIFhnEZd-FQyAUDJpkFzFwGQ7lnkrY90grSw3URu65QnzgWMsJDOCUSvui0KKBXLlYNE8qk0jbdHSFtEmyg2Hu9Wb0vWAmjbEgm9VMtDJcRVOdnhYfgFwArqxikKaJ8SMsrE3SW9UE-kYXYEYOvsTOnr56e13bPvTRsQYEM7ckKgXp0_ps3JLi3v-s5hWoSf2_mtYusoVfkLZ_2t48c6HrlRJ6A

Requested by

Host: guandads.com
URL: https://guandads.com/r/p.html?f=hifpjvmm&e=1250011214715

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8e7c0b0b1c36228ba736e564a00405f72bf3b6bcfe6ac826cde2b6b9c14e55ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 102
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 08 Jan 2023 11:23:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame EE53 68 KB
32 KB 85ms
84ms Script
text/javascript 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BgSwTY43M2JvFjQbeZRi9_yga3k9Q9QBwzubU7kFLXGpbKwpmx0S2hz0NjrEc_UZizlSfa-cnW2aESPvu5912DJvWNR2xSxn2Rt0ZprVcQzUOm1a3UDgVHQ00HMta9YtJH8K1fewz0CCQ8fgONTejX2kWOvmOL1kDsk-ZcatI4zAH6qVA&cry=1&dbm_d=AKAmf-BQYE3grLYhdWnUtcaLTY7fXdHKk6o8-SUC_sgyTXl6vXbH_SsDJMG-5pdtwG3T5Cdj-Jes_uY5r0j0p2umQFN60pAhLkCRzdCqNEgdG9MBedNc2Hw78ZX5U31-64H5cwWJR4ck9AjtFg1x-Nvq21VywHqxciCbbzkfb2h0v385gOl0VYy9B7wAeBRsdRLtzoZQiOFrknZpFRegfFA1Ee1hCv9gBgBJgRnyo9iBopf9s3YEC12gNDLpzZJthgcmIEBcLsiBEKuztNC4Jz9cCyQsmD-gKiMG32D8UaaqllrtMLfKSfKxsjsgAoNcrR5b101GGA309RCEyDeiCL3Lf1Y7B1m_0sLpzalKiyNXoBoGP8PoTu87d2TPvsoyazbr4rVmKWYH-AuT7zG1BjnFPUCFaEj34dT701DlE5qP3YL40wzQaVwx-bhS0XtJboq-siS8BfclbV9hWwEoO9txhBmg96TVEL352euLdAHuvDlPhNE6dfGH1E8mPa1HeXaUKA5LdjFF3XVekBjhKIAWxdSEu4yKfP5il2MOEOgVBGIaM_w9lFiBy3mkfsp7sb611fSeJyy7VLxDPDXC9B3pgSt7rXPPtYYKmmQuv6v1l7tysqo3clRb5xbGx4FJ1TTZiEadVfUhIFzSQtuD6v9gYsHetul97wX-hEjGPHr1r7J_soynH4I1TRpRRfj_JXp2wykfd9GYlu3ecqtP5b6mtB-rAiiW9YZELbKBxlGn9LriIYIauHhoiPtnjdYKe7uHqtocxWYDXnQXrONqJbN8k6W_7ke9Q_0Y16EI4THlmoId6c_WmZOOl_gFroOf6IBuc3oVynfbr1N9dMTaAN-xosSlm7-LZwZacmoONJwCyOnSklzX_00s4eyo-smiDV1i8bAxxkdbXOfq2wbpBp0xyr-4rKcdol-4Td8ww2rPIZW8epZjhGHJWRuH3oKBNt2qyyN8sWJGxlrbyCZsKUgTp5RuwtNrxeTkyjfVxdI7gdIxbyCOWaCtA_KqNlOqN_COL_-oJOIsuO3U2kG8VHYpOGAzqCUyg87u8DoRzpsfL76p_D_NF4qMBsIbrwSFxb6369NbmKurujg6joZ0G6BKA3UAaEAW7mhYvlI_q0RdZuaLDskf1eAjadb5VB6ilI7BecmGAWpviklJRJUTJISk6pJJf-yt5ajhTBvvWtk8GYToz8Tb0HnBW23AfnP7sLOU4WbplSiU15SVx6STaGlt1_Tfv5muoR0ldlsWazFGfGyA3GvzMigkvuTAHAtVWuS9ImSHrx6I-LAQRtvgXTZq0zQcedPx_L0H0eWzHw9vDdxP9MIPU9fFstbzcVJxnIhoDa4EsiT3k516_q_d3DI5SP9s53rzhyVt9OSwzPnfX7NiRUZCj-TZ9TBU4TOcMDF_G3oJtRrBKANtAB4tglPF-BD6cSnaQ7Pn52ibYMUmRbHCri7Y6Gikxx9hvFJJT5boYmNE8Jktma8msOL_zUqcwi-1FXOX5fD_eVS-YT4YwJ5taY1YM9AjoWWQVSm80DodJnI-j-1ePkjsiN3b8r46NOztjWv7kAfFRvqkONxOrK2ONOxaeEpVLtPQRl6nZRZe5VqCqTyVY-e8xhC_5-tFZrI8ypNFv_iO5508iXO6wTo840Ah0HBkAGP7kWBgyQxQaD9SJTdcsmpIgshTLVtjzXzZGGrOcHrB9T5QWfBhWLrgX3NjS6vlbwIWADwuOEdPtjj3CJ7cG7Ctk4j5YruNJD1nH_rSNP6iufE4hwJuD2g9xHXtKnlegfow2_pt1qRraMvHP2G7HKmNwU2fqB_PibJnBdXNDg2q03o2sT53K9yruTgBs9F3GoLcO2pAxs0IVd38eWJQ0RCoJIaIYqW8U4mYbIXYYZbqkupGF3q2rXWOj4VG1_oaOo3FfouPCoseg-6GFe6c6z5X_hnp95A3VVzVwEDRxpP9n5w2hUPwjRBRXjpA5Cy9WGIchNoMnhCUQwJqcPj_TqFAHGv1aErTabE_tSlUrPdbloQWthVGHNc_JRCC6z3KFNjMcI7TaYHTo1XkfpYEhHVGpYwWbykABLTS5z5kdXqLVEB9l7QJYMKNzE6goY4KBHAkx_EtyuBmwPnQdyQr75IB_TrFbwdPrmJZHEVcpKGuFyI4WItFkCdNAD1gQIQWdqwbf_kOuzG8JtRbOiqVTYNdwoK2P7SRgBfJNwejFYBaKFLJfqjv5HdkfEKYUnX2O1kWm_pG_0EXg-YWwj7e8qH3SJnTTHuAXhSXbkGky4JTAHcdCgHRq3ZPviVum_UJ7bUGvv3PwyVWH1VolI6X0NXAeGNDND7V85jWzG4C-7VC-9kWD2Gj_JBNVBvXCBNvOuU8mZYQ7jBPp-EIKURjPA4kV-TTM3QxX_M8KJASICb6kZUtYOTNqysgVY8UTx8DPHCbkzqr7E60m3idB4BweAaWRqgpu8Jez9uyjoGn_34ERS4911VjU5peoIL3WwY5jP8Wmp7769VSk8tnWZiNF1GFK3JmJCznCWek5fX6fVpHHyVd1Z3ES65fuDAM8oD_KRC-4PVwX8vzfdEnGvBbyzCdd1hK6kKzkZ5xBBV1XIeznlmkeCikBrp247cTzxT2ocLHwm3CyjM2nafypDLC1CY09P9bFqJrwIlk8hQK4IX_V4KiT-ce11aAVHPLS5CPZUqrME2D4CwYyWkopQvaGIOpGwhmF70SNYR82cbYxgC_n-RAO8ktT5JyW-o3S3ZbeIsEZ5W_rNIi8cvaXEeK7n7DT1e6N3kCfT9BBb8O4a-hfcWPtJ0jEzisd4gpnKFpSMvcfIIIvcj-myQieTrpdlviT_np12WktOsUP6JVNUmOU4BS5VtVsyB4fTI5iUmdL-IulLMA3t6sDpIADNqKha4RGFOR8ldKghBYQLWoNbSsq7wKvQHOjpLWf8NMkO0KTvdCj1HSZN-jFLQ85mqcRLOXJ7uJhMLJqMHyu23PZet6iakq2grjv4LJ43VtR-R1j1ILFf6X0ShVqfSrMJaRmb-3Mfk-kKC2wWOYy5SXVpRflzVOQtkST01gppGfNQyqnJldt6dhRk3ZKomjrfKIfFaIbF4MK38Y9XhBfX8Dmh6r0MSv2J0usK3-hLKzVz2x1VpjzhES3Z4katoYQKeSErppQhQdOtTBAPailP4gqxj-GbpfGHC97JRnY3yDOa2-5UT4HkuNRapSWZWdws60OP_XvmY1Cu2UOqT7xNhbdf2k9NxK4bxbw-fWt21oQtoFZrssWdPJAhp7mlspYGIZTUsbB9gpdBZCOkcp_9rQDnsIkfejcJ2S8830MFiISzJG_w6jrU6DyzC95nHU_4bdBhovmLZnrcc8re9Zhvfb_RU9Bl5fvwjSQFSemtKrwbBxyvtQ_u9tVpoqwe40RXHL8ffIoitwaTs2eGZ9pQLpdnTemxf2nB116k4iYv1lhBpYvwG09w3MYKkC5zfFsQp_255dyzAn5AK5q_1ZkY5DnDqH2hGHttX_jXAX_yVzVKLPaix_b5pIvXRPjqVMSVVo&cid=CAQSGwDq26N94kljVjZOcXnQ7yVlIaIeE5j44KVk5hgBIAo&rfl=2%2Chttps%253A%252F%252Fkresy.pl%252F%240

Requested by

Host: acdn.adnxs-simple.com
URL: https://acdn.adnxs-simple.com/strikeforce/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

75b6c2769344e3789e865ecdbaf2518a2cf68eba19180e049c28807811032ff0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:29 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33125
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK qcnz3il3mbuc Show response
hal9000.redintelligence.net/zone/ Frame 1018 10 KB
3 KB 86ms
25ms Script
text/html 88.99.219.174
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/qcnz3il3mbuc?subid=&gdpr=0&gdpr_consent=&rnd=1764686132736762848&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:ruc&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D1cdf1942e01b0880c87179d193f3caa15506e76e%26mt_aid%3D1764686132736762848%26mt_id%3D11204414%26mt_adid%3D215543%26mt_sid%3D12780336%26mt_exid%3D9%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D695b63ba-a7b1-4001-a45b-b92890f35042%26mt_cid%3D695b63ba-a7b1-4001-a45b-b92890f35042%26mt_3pck%3Dhttps%253A%2F%2Fbeacon-nf.rubiconproject.com%2Fbeacon%2Fv3%2Ft%2Ffra2%2F0%2F48826c9f-2e22-4293-836d-e96a87629420%2F%26redirect%3D
Requested by: Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.219.174 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.174.219.99.88.clients.your-server.de
Software: Apache /
Resource Hash: c57f2303bfb4791033fc78e48288eae3bebc82bfbf85d131ebd150b95c645708

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:29 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 2965
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK ck-confirm
tags.mathtag.com/ Frame 1018 49 B
329 B 28ms
27ms Image
image/gif 185.29.132.242
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/ck-confirm?bid_id=1764686132736762848&node_id=3753&exch_id=9
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=ruc&s_exch=ruc&id=5aW95q2jLzIzLyAvWlRBelpHUmpObVV0WW1Nd1pTMDBNemRqTFRBd01EQXRNREF3TURBd01EQXdNREF3LzE3NjQ2ODYxMzI3MzY3NjI4NDgvMTEyMDQ0MTQvMTI3ODAzMzYvOS9rNXQyOTRaRGZ2TWtqazA5ZGdBNjFtWDJWOUxNeGp0dWdIdkphczROZVVrLzEvOS8wLzAvMjAzOTIxNi8wLzIxNTU0My8xMjYyMTQyLzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvMTc2NDY4NjEzMjczNjc2Mjg0OC96cmgvMC8xMDQxMC8zOS85OTkvMi8yMDAxOjFiNjA6MjoyMDA6Oi8wLjAwMC8xNjczMTc3MDA4LzE2NzMxODk2MDgvOS8xNzIxMC8/6NphwL_p_XG7tCn-AjBRq9boYX4&nodeid=3753&group=zrh&auctionid=1764686132736762848&pbs_auctionid=1764686132736762848&shardkey=1764686132736762848&sid=12780336&cid=11204414&bp=a_cagefj&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.134.227&3pck=https%3A%2F%2Fbeacon-nf.rubiconproject.com%2Fbeacon%2Fv3%2Ft%2Ffra2%2F0%2F48826c9f-2e22-4293-836d-e96a87629420%2F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.132.242 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.374.2 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:29 GMT
Server: MMBD/3.374.2
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: zrh-router-x84, zrh-bidder-x14
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Sun, 08 Jan 2023 11:23:28 GMT

GET
H/1.1 200
OK img
pixel.mathtag.com/event/ Frame 1018 43 B
404 B 108ms
34ms Image
image/gif 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=9&v2=1764686132736762848&v3=1262142&v4=12780336&v5=11204414&mt_nsync=1&no_attr=1
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=ruc&s_exch=ruc&id=5aW95q2jLzIzLyAvWlRBelpHUmpObVV0WW1Nd1pTMDBNemRqTFRBd01EQXRNREF3TURBd01EQXdNREF3LzE3NjQ2ODYxMzI3MzY3NjI4NDgvMTEyMDQ0MTQvMTI3ODAzMzYvOS9rNXQyOTRaRGZ2TWtqazA5ZGdBNjFtWDJWOUxNeGp0dWdIdkphczROZVVrLzEvOS8wLzAvMjAzOTIxNi8wLzIxNTU0My8xMjYyMTQyLzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvMTc2NDY4NjEzMjczNjc2Mjg0OC96cmgvMC8xMDQxMC8zOS85OTkvMi8yMDAxOjFiNjA6MjoyMDA6Oi8wLjAwMC8xNjczMTc3MDA4LzE2NzMxODk2MDgvOS8xNzIxMC8/6NphwL_p_XG7tCn-AjBRq9boYX4&nodeid=3753&group=zrh&auctionid=1764686132736762848&pbs_auctionid=1764686132736762848&shardkey=1764686132736762848&sid=12780336&cid=11204414&bp=a_cagefj&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.134.227&3pck=https%3A%2F%2Fbeacon-nf.rubiconproject.com%2Fbeacon%2Fv3%2Ft%2Ffra2%2F0%2F48826c9f-2e22-4293-836d-e96a87629420%2F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 277 3f0ad7a master zrh-pixel-x26 config:1.0.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:29 GMT
Server: MT3 277 3f0ad7a master zrh-pixel-x26 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 43
Expires: Sun, 08 Jan 2023 11:23:28 GMT

GET
H/1.1 200
OK img
tags.mathtag.com/event/ Frame 1018 49 B
329 B 56ms
27ms Image
image/gif 185.29.132.242
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/event/img?type=mmImpTrack&exch=ruc&bid=1764686132736762848&st=12780336&time=1673177009&nodeid=3753
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=ruc&s_exch=ruc&id=5aW95q2jLzIzLyAvWlRBelpHUmpObVV0WW1Nd1pTMDBNemRqTFRBd01EQXRNREF3TURBd01EQXdNREF3LzE3NjQ2ODYxMzI3MzY3NjI4NDgvMTEyMDQ0MTQvMTI3ODAzMzYvOS9rNXQyOTRaRGZ2TWtqazA5ZGdBNjFtWDJWOUxNeGp0dWdIdkphczROZVVrLzEvOS8wLzAvMjAzOTIxNi8wLzIxNTU0My8xMjYyMTQyLzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvMTc2NDY4NjEzMjczNjc2Mjg0OC96cmgvMC8xMDQxMC8zOS85OTkvMi8yMDAxOjFiNjA6MjoyMDA6Oi8wLjAwMC8xNjczMTc3MDA4LzE2NzMxODk2MDgvOS8xNzIxMC8/6NphwL_p_XG7tCn-AjBRq9boYX4&nodeid=3753&group=zrh&auctionid=1764686132736762848&pbs_auctionid=1764686132736762848&shardkey=1764686132736762848&sid=12780336&cid=11204414&bp=a_cagefj&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.134.227&3pck=https%3A%2F%2Fbeacon-nf.rubiconproject.com%2Fbeacon%2Fv3%2Ft%2Ffra2%2F0%2F48826c9f-2e22-4293-836d-e96a87629420%2F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.132.242 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.374.2 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:29 GMT
Server: MMBD/3.374.2
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: zrh-router-x87, zrh-bidder-x14
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Sun, 08 Jan 2023 11:23:28 GMT

GET
H2 200 0d071d87eeedf70de624.1.js Show response
assets.scoota.co/serving/31881/ Frame D424 20 KB
7 KB 21ms
21ms Script
application/javascript 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31881/0d071d87eeedf70de624.1.js?placement_id=31881
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=7202460214858058873&delivery_id=3fdc4e55-f72c-4b5f-87e0-94ccff97d0e9&domain=kresy.pl&cachebuster=985648012&event=serve&placement_id=31881&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008795&ts=1673177008795&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31881%2Fplacement.js%3Fts%3D1673177008795
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a93443e298a72a6380c6a1f8bbffe58cbc40531cbf9ac366cf685d8526047fb5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 07:41:10 GMT
content-encoding: gzip
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
last-modified: Tue, 03 Jan 2023 14:53:53 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 13340
etag: W/"64343e760d67dd14c0c9abecf20eadd8"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: vWhEG7VSwAGyEnGno8cVb4l5zUg3LtY1XJDLL4Rp7mV___-3FCK6LQ==

GET
H2 200 7db856c424b607666857.1.js Show response
assets.scoota.co/serving/31881/ Frame D424 54 KB
17 KB 22ms
21ms Script
application/javascript 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31881/7db856c424b607666857.1.js?placement_id=31881
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=7202460214858058873&delivery_id=3fdc4e55-f72c-4b5f-87e0-94ccff97d0e9&domain=kresy.pl&cachebuster=985648012&event=serve&placement_id=31881&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008795&ts=1673177008795&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31881%2Fplacement.js%3Fts%3D1673177008795
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8f6e722a0211238724d4af2d9a864ae302e3edccc9293215100e6640d0da21c8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 06:38:19 GMT
content-encoding: gzip
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
last-modified: Tue, 03 Jan 2023 14:53:53 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 17111
etag: W/"e461d4091cd2a16c7f34c9208aa654d4"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: fALWJjjnQ2ZD0BDpxFR2UDVjrJ-jtVrjtvy50j4K2j1lY7u9MthqvQ==

GET
H2 200 831531cb6b06a2dc0877.1.js Show response
assets.scoota.co/serving/31881/ Frame D424 771 B
1 KB 22ms
22ms Script
application/javascript 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31881/831531cb6b06a2dc0877.1.js?placement_id=31881
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=7202460214858058873&delivery_id=3fdc4e55-f72c-4b5f-87e0-94ccff97d0e9&domain=kresy.pl&cachebuster=985648012&event=serve&placement_id=31881&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008795&ts=1673177008795&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31881%2Fplacement.js%3Fts%3D1673177008795
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: eaa8d3dec2f2073ba4c8a4831a518e613ebc9cd8addb4324c1356f245d0ffd5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 02:29:40 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 32030
x-cache: Hit from cloudfront
content-length: 771
last-modified: Tue, 03 Jan 2023 14:53:53 GMT
server: AmazonS3
etag: "7bd37cade15142bd24fc0d6c5103808e"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: XgxrTBGKYN_5yl8nUSDBjm0XTncMSpTH5184owtXiRfEAk3qsFC6vw==

GET
H2 200 0d071d87eeedf70de624.1.js Show response
assets.scoota.co/serving/31881/ Frame 0ABF 20 KB
7 KB 26ms
25ms Script
application/javascript 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31881/0d071d87eeedf70de624.1.js?placement_id=31881
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=3605273051021679518&delivery_id=9fb09995-9bdb-4590-9bdc-da93d9cb4c8f&domain=kresy.pl&cachebuster=2070341175&event=serve&placement_id=31881&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008799&ts=1673177008799&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31881%2Fplacement.js%3Fts%3D1673177008799
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a93443e298a72a6380c6a1f8bbffe58cbc40531cbf9ac366cf685d8526047fb5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 07:41:10 GMT
content-encoding: gzip
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
last-modified: Tue, 03 Jan 2023 14:53:53 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 13340
etag: W/"64343e760d67dd14c0c9abecf20eadd8"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: EIpg6gR70RGPV6JYbxXNR47ovxx9gm3zGq478H8R2XQRAIsse_tmUw==

GET
H2 200 7db856c424b607666857.1.js Show response
assets.scoota.co/serving/31881/ Frame 0ABF 54 KB
17 KB 28ms
27ms Script
application/javascript 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31881/7db856c424b607666857.1.js?placement_id=31881
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=3605273051021679518&delivery_id=9fb09995-9bdb-4590-9bdc-da93d9cb4c8f&domain=kresy.pl&cachebuster=2070341175&event=serve&placement_id=31881&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008799&ts=1673177008799&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31881%2Fplacement.js%3Fts%3D1673177008799
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8f6e722a0211238724d4af2d9a864ae302e3edccc9293215100e6640d0da21c8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 06:38:19 GMT
content-encoding: gzip
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
last-modified: Tue, 03 Jan 2023 14:53:53 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 17111
etag: W/"e461d4091cd2a16c7f34c9208aa654d4"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: rD5P39tItcLevae_zohL1eAATjGQbnJGnIcrXnIx4HRhjE_bnmAmJw==

GET
H2 200 831531cb6b06a2dc0877.1.js Show response
assets.scoota.co/serving/31881/ Frame 0ABF 771 B
1 KB 29ms
28ms Script
application/javascript 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31881/831531cb6b06a2dc0877.1.js?placement_id=31881
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=3605273051021679518&delivery_id=9fb09995-9bdb-4590-9bdc-da93d9cb4c8f&domain=kresy.pl&cachebuster=2070341175&event=serve&placement_id=31881&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008799&ts=1673177008799&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31881%2Fplacement.js%3Fts%3D1673177008799
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: eaa8d3dec2f2073ba4c8a4831a518e613ebc9cd8addb4324c1356f245d0ffd5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 02:29:40 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 32030
x-cache: Hit from cloudfront
content-length: 771
last-modified: Tue, 03 Jan 2023 14:53:53 GMT
server: AmazonS3
etag: "7bd37cade15142bd24fc0d6c5103808e"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: BVCJ9SUy2GyiYwwSDDykvu-QLoDjw1kJgTx7bqME5hln4vZ8MiQLHw==

POST
H/1.1 200
OK vevent
fra1-ib.adnxs.com/ Frame 85AA 0
953 B 31ms
30ms Ping
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QKYC_BMmAUAAAMA1gAFAQiwz-qdBhD8kIL9vcLbrHsYrtKEspaDxZIcKjYJjPM3oRABlz8RzyBw6iTXkj8ZAAAAgOtRyD8hzyBw6iTXkj8pjPMJJNgxAAAAQOF6lD8w4-v0CjiYUEC8CUhlUNbCqsMBWPLTlwFgAGj0-7QBeJuIBoABAYoBA1VTRJIBAQbwVZgBrAKgAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKbhU7qAhFodHRwczovL2tyZXN5LnBsL4ADAIgDAZADAJgDF6ADAaoDiQcK0gZoDSf0rARhZHguZy5kb3VibGVjbGljay5uZXQvcGFnZWFkL2Fkdmlldz9haT1DeVdnaXNLZTZZOFhZSlliQnpRYmdyN3JJRE5lcmthRnVvSW5uOVpzUi1DNFFBU0RtbDlZbFlKV0NnSUNzQjhnQkFxa0NQSk5GQk1yYnNUNm9Bd0hJQTVrRXFnU0NBa19ROTA3cVk2QmdiUDhjUFc3YkZrQVNCUVZ3VHJ3ZVZZNGUydUVmVmMwNnFFMFhfcmNjZzRNa1dGZ0dYaWhCODBwXzBCZFN4NUxsaTVZZDdTcVlCb0RoZEVWZ1NCSndzdm8wSlNjT3Z0MUFmNVRDTW5YcnAtSEtrcC16aUQxclRxT2dJSXp2OGpadG9RTkRZR3dKWTlTZkQwY2VxblRPRmJIejYwOXJtcEhrVWNzSTdBMjhZUDM3T1Njai12anUxZ282SmZ3cmlJYVRsQnVpem5VSEFla2NxTHdHbUhjdXQ0aXpPVnhxcHhrLU5wOFQzLXNoS3FJMU9BaWVnQy1QRmlWOENBemx3Wlp5d0RmQXZLVzZwb013Zkd0YkhOMTFOQVpYRDFaRUtkUm9RQjdjT0xyYmZ0ZGtoN0l4WGtydGx1a1JzNXpKNDdyNUhxTTg4Uzl5RHFUeVRNQUVxSlNoOFlvRTRBUURpQVhrX19lYlFaSUZCZ2dkRUFRWUFaSUZCZ2dkRUFFWUFaSUZCZ2dlRUFFWUFaQUdBYUFHQW9BSDE3dTB4QUdvQjQ3T0c2Z0hrOWdicUFmdWxyRUNxQWYtbnJFQ3FBZWtvN0VDcUFmVnlSdW9CNmEtRzlnSEFQSUhDaERCcndFWWlPdUszUUhTQ0JFSWdPR0FFQkFCR0Y4eUFxb0NPZ0tBUVBJSURtSnBaR1JsY2kwMU56UXpNRFU0Z0FvRXlBc0JzQk9janVZUnlCUGxnOFBnQTlBVEFOZ1RFTmdVQWRBVkFZQVhBYklYQ0FvR0NBQVNBQmdBJnNpZ2g9dzhnTEFGbXR5ZWsmdWFjaF9tPVtVQUNIXSZjaWQ9Q0FRU0d3RHEyNk45MnhfOHRZQndkRHFmS0VrR0twV0xoV3pKNVR2SHhSZ0JJQW8mcHI9MTA6JHtBVUNUSU9OX1BSSUNFfRoTODg4ODI1NjM3MTIyNzY1ODM2NCIJNDA5NjQxMzAyKgc1NjI1MDMzOgk0NjM2NDgxMzbAA6wCyAMA2AOR1lLgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQOMjE3LjExNC4yMTguMjeoBACyBBAIABABGKwCIPoBKAAwADgCuAQAwAQAyAQA2gQCCAHgBAHwBNbCqsMBiAUBmAUAoAXZ7vqj4Lq_6RXABQDJBQAAAAAAAPA_0gUJCQAAAAAAAAAA2AUB4AUB8AXThQH6BQQIABAAkAYAmAYAuAYAwQYAAAAAAADwP9AGwosB2gYWChAAAAAAAAAAAAAAAAAAAAAAEAAYAOAGAfIGAggAgAcBiAcAoAcBqgcLMTc1MDY4OTM3OTbIB5uIBtIHDQkAAAAAAAAAABAAGADaBwYIABAAGADgBwDqBwIIAPAH59kCiggCEACVCAAAgD-YCAE.&s=e11c525eedabbb78b4435ee3c3b9d79624c4e07d&type=nv&nvt=5&jm=1003&px=0&py=0&bw=300&bh=250&sid=7403146411521057559&vd=ct~0|rr~0&sv=231&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=22885859&sw=1600&sh=1200&pw=300&ph=250&ww=300&wh=250&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/231/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:29 GMT
AN-X-Request-Uuid: 09378663-6d1d-428c-92d1-7cdaed9d3d6b
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 15226198413995535885
s0.2mdn.net/simgad/ Frame FEFF 128 KB
128 KB 67ms
21ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/15226198413995535885

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AAXnRLXJ3fE8CObqN_YyUMRZ0OlIc7G4_O34nJpNtC19l59JHR-DGdNKYJr4fhj1SVisSMwTIwG4uKzQP7BLQcHXaZg6akpNziPToJNm6UjJ2BBwB8zr1U-aSWNPj5_y01nqzQ8WQHljJ46J9DY1WRUN3a0B2a_v2EHI2pLogfm9IjIgs&cry=1&dbm_d=AKAmf-DrevnH5c_itm1KiK2KXejXpfxSHnylXbN4kjoYDLsVURiYyN0_FlQcoct4YezJ431EAEeLXcmnLnf-jIr5CoLO7LlGQBoh3ePcZ5z1Lc4iHztj9ur6f_nWXtarz1_xeYSdodNQZTwwAAqZT4OAqK2kVuXe78R9qe38pNKoiRts9zgMHeOaXd_mwh07ngk2k_Pj31t6KrL0-V52jCvbHmbhecyVsELwAszp-CELZ60kPbL-g-DEljG-4HE17K7SeR63zzSjNf_sJiUC5-Fog5kQvJOikMp3Vqe8w_B8P7D6cMAKsCln8kj-5cy-1yKgt0MOsFUmv1MPu2eVR4JHCqw13mTV3Tw9vVeareaPsf_qsyngXDmQe4vQsPdqpbQlhNXW7A1pG--RpPX_c5-fcnLBX41hfnfHyGGhXo-uJwrPXeHhnLECS3ZFzTh4eAtjfSRHQyrdej26HALYsvosjqYuvdfs2yiHqP7fbypUb8H2448t3Q5S_pHdZZBh8LB04fRO0iZRmzAF9MNLinUnvYstsX_LxbqFSatSF0y3nCcZQY7jy0AbTN7UBZ9bQlzsO0qr97Npvy0Jk6-lJEDDm6t7UQ2dmBnWdnTp0oN1jHimWGmFJ5ar9tMzaJx2lQz7KN6fqhW6SCrelDCZeCJbGsrrdad8GUgHR0MHZnXlK84A90vDJpoC1nXTVCuj32-b_FKirIfJoUH_0yoDxr4fhpcI3nORHF7-_mJWcTF1mQ6SArFsIZQGx6lypMcCKOYq6h0TMdhynkv7uA0jdVw23mU2rPzkrQEB3kwd1wi_QQXf164dcBXbDuWKsOTTVNTMEV-cEVcAmT96f-XL4pIHFPfVTWQ0rZuswz7sQrswjCVymuZs-42QbkeKZW4uMEZOJ8jTL_xtP5vmreEuMM9Br7okiS5MK1Tmbnm7996p49Kdx3PW53BIBRiUYx4kgP3zDZe69phZ5NEYFUj6AYQN7O2FK3_589zWQ3CfyBjn_k8EWmRaFEv3xqgBL9MiQ_o_Mg1Wa6-h4nZs8nPBQJg4U2NVCMY62yT_ag1z6Upt8NWkKZ9Y5PQrRmYCv5NHrzcIqUXy_5xHGACFj-kJ5WCnZkoCFaOlNoRzPXdmXd4qI9PWI5J5wHZmBf4dh8EAEA3b-3SVsPTboCXlHaEJFrvRhoZpLMgO_Le2RZ_atmOIBxvozt2SWi3QDAvzIIExKivMT1fkLoktZk80-N7MMBk3B3RaK1gQqbEaRErtzGOShtpIFidzPYfZAObN8cHw1ZJmPZAnKWB0N7zLToBOxkC-9VccahMk7NZbDxc4bynt3Py-aVVgB4NM7T2PnqUtoP3nrIsPr4FLEccq4yXRW24CsjXrAhk3fHbvogSqh4g45YgDg3s1e8snTpJ5mnNUsaVmQ-aBpUy8nJQdbE3e8xvpFWrlHmmH7OsFWMUfjTvftAg4FpXEybeTzR2LVZeFYUgfUxFoP_mEoLoYdnz16Yb1CgI5Qh1hXCFmgjE6BwDoBRUO9THAVw3SoRC8eoKOGHqxj06JTvpUYyf4VPmervgkzMDHX8p0njTbPSBjWmgYdGNctfQv6CFDm87epJz32xa8T7bti7nPqzxi0hVXid4Yja4uCVmpnMHr4Ux6dIKTzxBt4NEgaydTahE-IZm3DpNmiWxxDfmzwY3u4faFoPDAc-tGLyLY8FBtib9xcQKRUHfT2my1c9irDIlgtwxMeKgkvWEfNV89RaEntijzi9YCQnSlq7cg7ihHe-PSPeLsTUvvxrGGBjXClXLi50F1wywOYpGYXCt7R2Xl0aW3Ut7RqrQm2KsFBmkTWVv4IWw12q0Xml881OLUW6m4zuPjma69VnfS3Q7mF-7T2di5ub8SMX3PHFqRfW7wvZsVS6s44YFxwR7icP961q-snepyF4LJq1MALEvkzci5pz-WDVSAQ8OLZxOGl7surY8C4BumeQVAY5xKAmZmYW5sZvF3-6rUbQ7vV1XsSNOF_Cc1mR80U3YXTjtjNtJUuc4P7WHQ4ZSYxZ9hSOGkQObQMLI38aUfftjUpseNzsAAkrg6wMe9X02GUE9AG0yAnTJH53HPF1DE8JPx-E7u4bNTCi3C2fiDstn1mAMkPw9hlRwYAGKoZ3plTbPwj_cva2v-3XgLp3OzBX5eyDIOiWYA_t2JEPsKxUWpGqkSuKgXLAIGViTtKZVP7Yx0l-pVGHkoBtH3vOBsBxy9jxeJFvugrnq_JIvlkRwzekvoRzQW3zO1Jd0BZXGA9wFkMfKjZXMiKEpWYEPYjz7rPUubFTCecRV3C28UW_y5vql22djtfhmKgWIeW8WmT38MwN_KT29gVAI8cb-GkMeDM8Zo3V6sysLcN2jxjIAz4zd0JZxU-oJKZfVFukegD2lJQC1gCIjJ-2ogWOW28mUTh6R1NaaAHBrJFAdU2Z9aYtru8FJU531iLpScBQ_ANl--slkk80QS4C5D0Z42QhZpddweeCpHIUqAl1oXq0iFGMJVAERlI2XErkDtQgYCJWNfCMulA3AqU6NE5JitFZNOwt4cLi5IHcjufqYSS4bqG8QXns8HbH6LKcJWY4qppSvz3VmFZzQjwk5iazDBmtWYX5bZu2EeCiiuHkNdx4u_GAjfEwBLJeK91mHvkYoYJs5DMGfx_E1juEEovH7FN2dRnT_H77MBqFbiRjLybr60KM6CTz8_dIGsUj2H3WG2UU-NZ_1JIyuEDRl8ghax_pbcW5VQ8008KeA8pTC0KtQCWmL5YczVYl4AT5n_ndt5aLDN7whVzZMyZzUUHNbvsuuXzmDx3IoP47_RW_0wL1w0CjsT7CMmi60_9gZdrMCCj4u57VrkOXLOv2cma7vkehDXEbiv7PRLPjjfVCFP4RVDK1pAt91YCa9bmC6uMICJqWoNRMFCS_4cntFXoM4eBhDWm6EbSrL8IZmNZNT-TVo5PNNdMQJ7Y2eCIGFcHpWri1RRMh-zUax66V0vjDsBn1CFe7KT9OrpF-VQpY9W-XhjPYOXGUCgRl7Pz1jZ9h4QL8l3Abm-VmObdKOVULt0hf378Io7oWLHeZSSj-3KV4CqYKQMWG9i_JPPFNbOT2_JCV34xD-4AqlbTfp7y10X3P0yJ-UXTeHi4XTc7UxXKuC8lzzJUVPuwcc_pmJeW7Ypu5b-2_A4AcUo7wpuf0Cdfpxa1jPxIYM8t8ut7rUooXE5fc-ZL4zthzTd-dPteXXKoO3wnAxfvsJKn5HH8uF36vdwj-JL-QIqHoJbDccgeAl8IcnwbRCytZfbiWECzFqdxo0rKcCJ3GiS--iJXVXS_8HJAExOklMkRrkDteWxbVoJu7_UxjbRwtwCRNWNMLvpvVmCnag762Y52QQcXulrNrBSUx_Fbed320iVSobcpOsQKCGYjVIgq-zOhQNnvIRcUxQ3uy_W08_msnsb_OjssEoqOVnMkG5lqsA0RnFpEK89hk8Nuc-Szmk1yKgduyP4eTVSuBFMadiUG1-TCG5HK89nEqXk2yxsaQxRB34xbVhfBG7L1_SRbCUQuMd2dHdqD4fnEA&cid=CAQSGwDq26N9XRQOd2_eBpffwC9Mms4EeJnB2qaQWBgBIAo&rfl=2%2Chttps%253A%252F%252Fkresy.pl%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a82d78a7fdaece20ceebee19121e6442cbd352153c0cca236efa6c63492a636f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 22:01:23 GMT
x-content-type-options: nosniff
age: 48126
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 130850
x-xss-protection: 0
last-modified: Thu, 22 Dec 2022 12:59:23 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 07 Jan 2024 22:01:23 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230104/r20110914/ Frame FEFF 28 KB
11 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230104/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6dc0e3aead945b6160bc87da5f4d8fbb043dde5d0bece2aa426fa01895c9e358

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 01:38:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35128
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10849
x-xss-protection: 0
server: cafe
etag: 7485935580621256062
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 22 Jan 2023 01:38:01 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame FEFF 156 KB
48 KB 42ms
42ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e7e65f5432de604cdf476d9ad55a2af5a933c715c639e4c36847023a3446f1ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48907
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1672933789069018"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 08 Jan 2023 11:23:29 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230104/r20110914/elements/html/ Frame FEFF 8 KB
3 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230104/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 01:37:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35139
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 22 Jan 2023 01:37:50 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame FEFF 0
0 59ms
58ms Fetch
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst_wLEMHeHMaNLXCoGhaxMMKpg4Jg2tLyRkMRhUp1uVCmGkwtLyECvcA5zdeVtc8Fx9YeXSFuLNsZBSAm1gcfuRw4-zJ8cgZhPNGq5ZnGcUT9nTdUuwz1sGccKGo9afQKQpO5ahhBxc_Fc0sFFq1JzAXw&sai=AMfl-YR2zPcwiLwhknZxTKwoif5uvNyXMTFL6ZnD5kk2NyXZLjGbrqT5gRKwTg8_pX6qfh0aZ9r0EHLwQIp4OnB400cKqMAW9s57WXrecJ7X&sig=Cg0ArKJSzDHueCwUPFwBEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20230104.18123&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 08 Jan 2023 11:23:29 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame FEFF 41 KB
15 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 06 Jan 2023 22:28:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 132906
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Jan 2024 22:28:23 GMT

POST
H3 200 1a Show response
i.clean.gg/ Frame B182 0
15 B 111ms
111ms XHR
application/octet-stream 34.95.69.49
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clean.gg/1a
Requested by: Host: acdn.adnxs-simple.com
URL: https://acdn.adnxs-simple.com/strikeforce/script.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.95.69.49 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 49.69.95.34.bc.googleusercontent.com
Software: nginx/1.21.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://guandads.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
via: 1.1 google
server: nginx/1.21.6
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/octet-stream
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Origin,Accept,X-API-Key
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

OPTIONS
H3 204 1a
i.clean.gg/ Frame 0
0 111ms
111ms Preflight
text/plain 34.95.69.49
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clean.gg/1a
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.95.69.49 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 49.69.95.34.bc.googleusercontent.com
Software: nginx/1.21.6 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://guandads.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Origin,Accept,X-API-Key
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1728000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/plain; charset=utf-8
date: Sun, 08 Jan 2023 11:23:29 GMT
server: nginx/1.21.6
via: 1.1 google

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame ACF6 624 B
242 B 70ms
70ms Document
text/html 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ64bnAhiI64rdATAB&v=APEucNXPV2Ku3pV7c-L4GMTimn9dDeRzeXHNDSUOdRZinPLeCpHRqycrwVbfHjJsiqiZzQA_x7lM-2eUnMzZV4LMMkuroveWZMDmhBWoCb62R7EkuT7a4CBAgd1zseBmtMZr7arqvJ1C8JtLwNr0EcYtZCpMfEMEtXVjRZ7mCIBwKyyd1pftdd1b34mzGSAWp9eStDsKf2zbmfWHy9SICq13aaOf6iU_XgwW54nP_xta_u6NFUtzF4I

Requested by

Host: guandads.com
URL: https://guandads.com/r/p.html?f=hpzswbsj&e=1977672056027

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 08 Jan 2023 11:23:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame B182 68 KB
32 KB 87ms
87ms Script
text/javascript 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Ci69ELaTl6MTTbQr2vSTMc83gXQO8lGNH-8cYdEYVnAMROQxsKtXP5N4uwhUv5vngY5j8ajltv1LhB7PlqTEhy2V0jHnf6y5cNldAyPDtlcrwrLp_GrW0UrYg0Jq21NnEb5kdEOtx5Q5LRThaxTjpdjQkc6Lp4paZ-h3-JDpOqfqAJeu0&cry=1&dbm_d=AKAmf-AsyRrhNmjXBiKw_P8iD_N9kROkH51CfPiH_bZK2D6wXUzgbvySOICU1i3AHVboJJUlYYLExlcCqVqu4C3YvI3fv3W19CKxgtoswq7Eakrcf-JawLufS4ayIuuuiYnwX-5Db1ZowdXrG0Av-DanZEMkh_P1Zi-yXorgP17NkWEkd-tDsqeMg4tRxsfapzo4DPebZoNsLtSxl8hQy_-pk-AmtMiCplAjTKzEhSL_neLiJ78Dj4Kae6W6CQEqbUHP3ZBTlQZNuFfRxj2JahXJsID4A--byfNGdy3E-em5_GFaRzdYZkX5qJ7XVf3Q6-636vNl72ukU-rHTYW4TjfojwSpNvRfIvSOR69sJinos3o141-Jt8rEJiNOZseAHW7uh4P5uR8tkdxRirtTa2AhOIS5Q5iqolNOuodQ97Dixd66-33_2ttZNogC9exdajaFheUz9I1b6_f0X6-3ApnQBXToSCSmnh4zeTpSTBXKlbCxuzgrtMJsczBWEX9DvYkMuhJHb_sNww7wgUrxpiGuj_V3m9_8UNtc2vrEHDG1S1XdAPPgA95WfK6Qhv15xIJfxq283VoN8Kg_vSNHnf9l7RG5VroXdCLxmhydGYeDJCyr3rgnPHvDIKW9Gtt989Jx8CnKIFnYteXE4koQE3U8NK1tgj0JvDf-ibpxdggjLWVjWQ7ryOj7hincmNBbWDxLmXmpsFeJBvW0cKCqP_f5raCMnv77s2XmWoRdpk5j2eVQhE3RC9s-oDZWxG5nOHh68aFdEvvMd75hj_CujWmdhZgZdVU6eEenJfo9xxpbJLI78j9j0qgpq5m0WPZ7beeY4hRxPck0Grrev50mBhMhWdWKFBpMMcjZCI1rjoYukdE4PRNtUDwKgdkV_eLOIwnI93XD6oFVyBHZhe0gRfDG05d7x3wVVJmzl5xDRvSu2R4DARRfjJYsPO7iqsAg2Hp_9p7xXF1duv7Cuf1wM8ER24kvGjNwa4y2MBXCiwDv3vDWPX79-WrmkUeiWJE4blj9Iz2xoKdN7IuAyK322fq4JEAYDNfS8RbY87oKalVG8majBwM9Kq0W3TBFOsU3c9_ck7kj7-0QgoBnVoyDlyvzQXXv6WUifa-CXpRad5XH_fnp_mQa78VzwaCddSGbKVOOMx1XeDao3f72lkxZj1nZEpKZQl9wwLl-EhiXw7hsecds-vBUXjTVhU9ziV2J6rjImCkNUqOEG5B2SVQn13yuQ83XlW3eDQPTc_5XbDlisjzJi81xI0eflmilLcmfqH0U8-HZcSdvBGRcGkUP478BBIpRZMdJhYXhTViz1qI_whvL07s7NaIkmmUgszPKxpROkc4DDBzuuOWlPrbnwoH2f5OryTvTQqG0skHpFdmmyOHsL2ho7ktah9EJwJ3nVhKR_sdpcz0vBqaJcjRkY0MNwkpLLckpYCr32JyKfhWXyPsSEiqG1XAOToDqGEbZpQWgp7f4CtlgKlS8GOQ-PzR6GVuxuk1QA9c80x_iuKT4GjndIw1IhiW_MsWS_scKL0iEMRGHHrAnr8C3Jd4e_VdYKn1AEBS3znoM0CAS_r-2dK7to33IdTjHYWktmXozL63hiv7HUwlqb9bVcaG4SHpMdJbsbTPhGw_IkE2AQ-sabvtB_zO0oNOcLutE3WMLhyjd8iBVwOBOP23L8jIWZ6ve1iDaPKMO5zC4A6LmIIVQv6rQKfwoq_lSpo77O5jau545UVqm0_M_tF-CEQU8UXiJB994EuO0zax_6priJJeSahcJVQjdBSbAzR7-5cap0NUAFSMBiByvHU7IkhqomrW0S4wGhI8qYGWc2i8_OOITOEWbPtjU2PKRKHLbRVsxRpFgm25zjITiRjS5zgzrLZ-ifI4nmTbXYIdwAZfwpCX3jneZwDNJ88eEYjUntE5p6VYcwwf-dXdJRHGstfViKm1ZzY6lb6AWY1hQckf0NDofuLbJCxPyFg6mHKt8N5GkLP9kZArOnsilkJOpQW-6zw3CKoZ9JjPLByBR-3uPIT4TFuvihCkmuIA_PkP6Y_LDOtovI14QbWkHqETIPquxSg6zCi94Uy48WsM3XwrMXVf05mvOIymRl3V4ts2BsLgTyfVEEU8_nXF9tAfFLt5bTkxH399x1Igqq_UjBCFC9pa79aAnk2Uar3nqCrUtvXZMPxwURLd7xuXyurMchWXcSHCETSbkO8aHi6k1vWs1bhyW0Er38yaiAwMk2hTCgXJSMYnoMUznlqfxtjfTKWdetAIal1cpuJv0nqAVyZQAdrUEMNUr1oFdMaM-GqipSNoZOgG51NECKr8KTCi1VeZsCptKGswOnfS1XUlsSb5KU9qWRf7Qa7yQop01FgzuxXQ3T9SAWci7oh1xDbtx-RY3mw7p3w3M2-iOt4Sm4Pfk9DIN50IbgtN2x5-hxrfViatIK5T15W4VdIftaB6VXUTaqWkK3iwGn1k53n_Cbm1ZSX0ISfKvWONG5S3amnO8ZzFhvsYz0jhN8hbh6sr8poT6p_hzJcp8xCC5Ki5zBh87eQy7hAKJcVjyfq7KkcRnAwM9DcakRYAdi6Ee6rZTP9kGuIp3TgXCmQd8RpsyNDo49r6zMX9nDEpjDqV5-6UkMW_C0RvxwW4wjgHO5hFGr7kJndHUEQlYzleru6HAhuh8tekaCaR6tz6MXhXHYKgm26MDyS6K4a8-7vPOeovHaq1ESnwEFCX3OMz5VZx95hMHvT8eQpi11N0ykYn63VtRBnAGdejjpXzR2RTriPnSKHiTHfXCapxiMTFSCBuTs7UDHyfLYXlK2wIh333k8eHQogjiHRyFSDWcJK96B2CuBaaxyCMv3apfq8IZ2nA2fNxVI3a1hbhnpYQ5ACalY8GSHX-z3pS1A4_5zaBzGNw_73LPj-FLbIO-q5PHESySYcGqHdDA56JXb9WX5ZxgRca_UTf7GZXq_PZC_EgdjERuIlmMNShIV__5M0TEaA2QO1Zf-6Wp8WlNIyrMWtQuiLvcjyE-MrCyyKhYOuP_aTR2kNVJm8gB-XYNqVA7R2n4PXWXwIsCqAfRsxqVGNkqGV_aZZUeu52jp0crUrzcJhN7qZuzrf8-xpjSiHT5T9NTyrzl_mVr9ZbvkkYlo9LU9ZZBECfqskoQvD5__XnZcT_vdqb-hjG_xYd1OCWCfZnIVIaDEgI2kj5V8BricgTSD7UC4ipgg5t4z2lgncITIVdW11_-Lb5UOH3HP8Xoje5577QWNdTw1YbdvL76XcJzxrWsaGajwg9KfcwJaGLua2xfT8TxqwfxyXgFiGmLl3vR5sK4o8xNeeSAHvhznqsgD6Cl5u6lrzB0LOV5P6rz6zHmMyLTVBcgy1zlefyerQ4QlkajAdWnarAvAlqnCaXK5ecqQbQ4O6CNd1ZJlPtAeTRMbi8cppXWXKk34zpZMGMPLZssT36FYChvWY7AC0r1vQ0xV1q3YkVyGbrVhD6Wq9u8Bh89wHyeDkFEw2B4czxmrDs4zzALalb5xAqF0RptpUGvCO4lHsoF_RJgzGoqWBGFzlLPbw7yNSUkeWn03A&cid=CAQSGwDq26N95tr6OEu-z6IhsHzbDquK7zl85wanaBgBIAo&rfl=2%2Chttps%253A%252F%252Fkresy.pl%252F%240

Requested by

Host: acdn.adnxs-simple.com
URL: https://acdn.adnxs-simple.com/strikeforce/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6a4b351e12f2d5ed3f7848094a2040600ae1fa3683e2cc7b8df1574e32d7bbe4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:29 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33089
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 36F8 143 B
166 B 34ms
34ms Document
text/html 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2386
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 08 Jan 2023 10:43:43 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

204
No Content

m
ad.yieldlab.net/ Frame A669
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=yieldlab&google_cm&google_dbm
https://ad.yieldlab.net/m?dt_id=52&ext_id=CAESEHr1pxAyN5jvoAQ4MedILC8&google_cver=1

0
525 B

116ms
53ms

Image
text/plain

23.0.214.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.yieldlab.net/m?dt_id=52&ext_id=CAESEHr1pxAyN5jvoAQ4MedILC8&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ64bnAhiI64rdATAB&v=APEucNVoDR_Ttl59HfpmHmd5EMjEYzGejVHKE7Atr8ONhJjode7vWNkR1G8MzCQs7-T3tkAuUYYuTbR188lGhyLUd0NTol7C0WVOiECzWRJQgyNq9oQCBSyH2xVkHvoL76KDZHN4081-v2JyU9crHv9iOi5xYRgMh6I688bGnCkVuAUR9cG15Q5tTHxbqO1KOJzwiMek738t4n17TKe5IFuak_JOWDHkEsnEyqpiXlEqBC_U3oHN6Xs

Protocol

HTTP/1.1

Server

23.0.214.93 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-0-214-93.deploy.static.akamaitechnologies.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:29 GMT
x-content-type-options: nosniff
x-frame-options: DENY
Cache-Control: no-store,no-cache,max-age=-3600,must-revalidate,post-check=0,pre-check=0
Connection: keep-alive
x-xss-protection: 1; mode=block
x-application-context: application
Expires: Sat, 07 Jan 2023 11:23:29 GMT

Redirect headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:29 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ad.yieldlab.net/m?dt_id=52&ext_id=CAESEHr1pxAyN5jvoAQ4MedILC8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 288
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.adform.net/ Frame A669
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adform_dbm&google_cm&google_dbm
https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESELODE_JobNzGqRBFl5DZue4&google_cver=1&adform_v=1

43 B
163 B

147ms
42ms

Image
image/gif

37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESELODE_JobNzGqRBFl5DZue4&google_cver=1&adform_v=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ64bnAhiI64rdATAB&v=APEucNVoDR_Ttl59HfpmHmd5EMjEYzGejVHKE7Atr8ONhJjode7vWNkR1G8MzCQs7-T3tkAuUYYuTbR188lGhyLUd0NTol7C0WVOiECzWRJQgyNq9oQCBSyH2xVkHvoL76KDZHN4081-v2JyU9crHv9iOi5xYRgMh6I688bGnCkVuAUR9cG15Q5tTHxbqO1KOJzwiMek738t4n17TKe5IFuak_JOWDHkEsnEyqpiXlEqBC_U3oHN6Xs
Protocol: H2
Server: 37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
last-modified: Fri, 07 Feb 2020 08:03:24 GMT
server: nginx
accept-ranges: bytes
etag: "5e3d19cc-2b"
content-length: 43
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:29 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESELODE_JobNzGqRBFl5DZue4&google_cver=1&adform_v=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 312
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

generic
match.adsrvr.org/track/cmf/ Frame FD26
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=smartstreamtv_dbm&google_cm&google_dbm
https://ads.smartstream.tv/cm/?cmsrc=dcm&google_gid=CAESELYErAlZoSVrfvofGsDz8IY&google_cver=1
https://cm.adsafety.net/?_cmsrc=dcm&testmidt=1&testdid=CAESELYErAlZoSVrfvofGsDz8IY&idt=0&did=0&data[stv][midt]=100&data[stv][mdid]=2ed9109f867c3a37caaed37b26bb98a8&uid=2ed9109f867c3a37caaed37b26bb9...
https://match.adsrvr.org/track/cmf/generic?ttd_pid=admans&ttd_tpi=1&gdpr=1&gdpr_consent=

70 B
264 B

45ms
44ms

Image
image/gif

35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=admans&ttd_tpi=1&gdpr=1&gdpr_consent=
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ64bnAhiI64rdATAB&v=APEucNV3cO1FuFzy6zxX0jQicxKm1cnP3EPzh73W-owkUygXIBR779jMe2f4VAsDcaUl25nujA4IAHBZ7uZbyQporBNSolfAtzqLcadLOE1cjWc8E2zmvlPKjhuve62AEHXRIbF-WJ076CykZTJMc-CJGqzyOgzpbQ9z6L2B35Mry-ww8YNuSgQ1jpmdR47IPplN-a9JnIGM0AeEuPGzeGWUsW8xn2elBN0y7dabTy7ricyi1I_mYNY
Protocol: H2
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sun, 08 Jan 2023 11:23:30 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Redirect headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:30 GMT
Last-Modified: Sun, 08 Jan 2023 11:23:30 GMT
Server: nginx
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: *
Location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=admans&ttd_tpi=1&gdpr=1&gdpr_consent=
Cache-Control: must-revalidate, no-cache, no-store, post-check=0, pre-check=0, private
Connection: keep-alive
Expires: Mon, 28 Jul 1997 05:00:00 GMT

GET
H3

200

sync
ad.sxp.smartclip.net/ Frame FD26
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=smartclip_dbm&google_cm&google_dbm
https://ad.sxp.smartclip.net/sync?type=host&dsp=10&dspuuid=CAESEDwzdaZjPX6RcOMaCWM4puE&google_cver=1

42 B
60 B

82ms
25ms

Image
image/gif

35.186.194.101
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.sxp.smartclip.net/sync?type=host&dsp=10&dspuuid=CAESEDwzdaZjPX6RcOMaCWM4puE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ64bnAhiI64rdATAB&v=APEucNV3cO1FuFzy6zxX0jQicxKm1cnP3EPzh73W-owkUygXIBR779jMe2f4VAsDcaUl25nujA4IAHBZ7uZbyQporBNSolfAtzqLcadLOE1cjWc8E2zmvlPKjhuve62AEHXRIbF-WJ076CykZTJMc-CJGqzyOgzpbQ9z6L2B35Mry-ww8YNuSgQ1jpmdR47IPplN-a9JnIGM0AeEuPGzeGWUsW8xn2elBN0y7dabTy7ricyi1I_mYNY
Protocol: H3
Server: 35.186.194.101 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 101.194.186.35.bc.googleusercontent.com
Software: openresty/1.19.9.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
via: 1.1 google
server: openresty/1.19.9.1
p3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/gif
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:29 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ad.sxp.smartclip.net/sync?type=host&dsp=10&dspuuid=CAESEDwzdaZjPX6RcOMaCWM4puE&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 309
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

generic
match.adsrvr.org/track/cmf/ Frame 4AF3
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=smartstreamtv_dbm&google_cm&google_dbm
https://ads.smartstream.tv/cm/?cmsrc=dcm&google_gid=CAESELYErAlZoSVrfvofGsDz8IY&google_cver=1
https://cm.adsafety.net/?_cmsrc=dcm&testmidt=1&testdid=CAESELYErAlZoSVrfvofGsDz8IY&idt=0&did=0&data[stv][midt]=100&data[stv][mdid]=2ed9109f867c3a37caaed37b26bb98a8&uid=2ed9109f867c3a37caaed37b26bb9...
https://match.adsrvr.org/track/cmf/generic?ttd_pid=admans&ttd_tpi=1&gdpr=1&gdpr_consent=

70 B
264 B

47ms
47ms

Image
image/gif

35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=admans&ttd_tpi=1&gdpr=1&gdpr_consent=
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ64bnAhiI64rdATAB&v=APEucNVsp5ChyAFuw6xyH9NIkI2m8uhDGCq2-KojJGFZsY5g5yIoIwPxtaQeT15Oluq5ju6jKIJyCWIXSNikPlqqAG8VjtAjUW51vqctuQf7GTGvRaGWUybBabPiXHJa5G53AAaYxryr3UWH8WsfF8Vn5BVr1AOGeuHwOW1-tlnVZ2Pv-NZ_bavWgYfGs-mmT-p3C4tUgbVfOIYhJQmKxQZiP5nzJCH5iD-6U5tftElCRlvTglPujrk
Protocol: H2
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sun, 08 Jan 2023 11:23:30 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Redirect headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:30 GMT
Last-Modified: Sun, 08 Jan 2023 11:23:30 GMT
Server: nginx
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: *
Location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=admans&ttd_tpi=1&gdpr=1&gdpr_consent=
Cache-Control: must-revalidate, no-cache, no-store, post-check=0, pre-check=0, private
Connection: keep-alive
Expires: Mon, 28 Jul 1997 05:00:00 GMT

GET
H3

200

sync
ad.sxp.smartclip.net/ Frame 4AF3
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=smartclip_dbm&google_cm&google_dbm
https://ad.sxp.smartclip.net/sync?type=host&dsp=10&dspuuid=CAESEDwzdaZjPX6RcOMaCWM4puE&google_cver=1

42 B
60 B

80ms
26ms

Image
image/gif

35.186.194.101
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.sxp.smartclip.net/sync?type=host&dsp=10&dspuuid=CAESEDwzdaZjPX6RcOMaCWM4puE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ64bnAhiI64rdATAB&v=APEucNVsp5ChyAFuw6xyH9NIkI2m8uhDGCq2-KojJGFZsY5g5yIoIwPxtaQeT15Oluq5ju6jKIJyCWIXSNikPlqqAG8VjtAjUW51vqctuQf7GTGvRaGWUybBabPiXHJa5G53AAaYxryr3UWH8WsfF8Vn5BVr1AOGeuHwOW1-tlnVZ2Pv-NZ_bavWgYfGs-mmT-p3C4tUgbVfOIYhJQmKxQZiP5nzJCH5iD-6U5tftElCRlvTglPujrk
Protocol: H3
Server: 35.186.194.101 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 101.194.186.35.bc.googleusercontent.com
Software: openresty/1.19.9.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
via: 1.1 google
server: openresty/1.19.9.1
p3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/gif
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:29 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ad.sxp.smartclip.net/sync?type=host&dsp=10&dspuuid=CAESEDwzdaZjPX6RcOMaCWM4puE&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 309
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 19E8 22 KB
8 KB 22ms
21ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 111194
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 07 Jan 2023 04:30:15 GMT
expires: Sun, 07 Jan 2024 04:30:15 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 OU_aD-3-G2pcaJqwlUagl315JVS_daCE4k47Wxj7Xso.js Show response
pagead2.googlesyndication.com/bg/ Frame 9357 36 KB
16 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/OU_aD-3-G2pcaJqwlUagl315JVS_daCE4k47Wxj7Xso.js

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

394fda0fedfe1b6a5c689ab09546a0977d792554bf75a084e24e3b5b18fb5eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 20:26:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 53816
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16095
x-xss-protection: 0
last-modified: Tue, 03 Jan 2023 14:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 07 Jan 2024 20:26:33 GMT

GET
H3 200 impl_v92.js Show response
www.googletagservices.com/dcm/ Frame C098 60 KB
23 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v92.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8acf96115cb55ad61bfdc24b7918a946d1b983ac14062a584dbbe8744021430a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 01:33:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 35419
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23563
x-xss-protection: 0
last-modified: Mon, 07 Nov 2022 16:32:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 08 Jan 2024 01:33:10 GMT

GET
H2 200 4feeb7a44dedb032c50a.1.js Show response
assets.scoota.co/serving/31880/ Frame 5C97 30 KB
7 KB 22ms
22ms Script
application/javascript 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31880/4feeb7a44dedb032c50a.1.js?placement_id=31880
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=2207446029686697550&delivery_id=db5e5970-dd4f-405f-b471-8d265112bec7&domain=kresy.pl&cachebuster=122896422&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008756&ts=1673177008756&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008756
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1b181931d4d1611b145f6d7f745f462b4c8f3cb4b606bdb5d1f3d4cbf782e9f3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 06:22:42 GMT
content-encoding: gzip
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
last-modified: Tue, 03 Jan 2023 14:53:54 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 18048
etag: W/"adfd10a6484cfa765ab0ec374a579d83"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: JOOW0F2hBTqJ8qg91YBU0SAsapakY11ZGLNn_lxJ0cbUXUW6DyjvBQ==

GET
H2 200 c-click.png
assets.scoota.co/creative/assets/hoy4lk3/bundle/9/ Frame 5C97 123 B
537 B 22ms
21ms Image
image/png 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/hoy4lk3/bundle/9/c-click.png?placement_id=31880
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=hwvfnqo&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 90804254f9fc817e1f345555862b6283240d9b029ebcf6995a7e24d87a0b4a2f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:15 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 84075
x-cache: Hit from cloudfront
content-length: 123
last-modified: Wed, 14 Dec 2022 18:55:04 GMT
server: AmazonS3
etag: "bdac9f292fc68407c9ff3d50b8f4bcf5"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: 0FZ6dYDa1Mw871L4XzYe43utrU5qHHoWOVex5CKyh88WjNvYIrXntA==

GET
H2 200 c-dell.png
assets.scoota.co/creative/assets/hoy4lk3/bundle/9/ Frame 5C97 2 KB
2 KB 25ms
22ms Image
image/png 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/hoy4lk3/bundle/9/c-dell.png?placement_id=31880
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=hwvfnqo&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6ceebbb0cc3c9f4268c91fdc8bdb86b3f2d0c6d8922b9b91bcd3853eda2dc667

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:15 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 84075
x-cache: Hit from cloudfront
content-length: 1790
last-modified: Wed, 14 Dec 2022 18:55:04 GMT
server: AmazonS3
etag: "b892857e5c6c06b2ec8b4f109e6b26dc"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: Djqz9N3ms6tUm9CGUVRIWhjD2lInyOAfTEQApGU9CmtyWgmcEHq_Hw==

GET
H2 200 c-intel.png
assets.scoota.co/creative/assets/hoy4lk3/bundle/9/ Frame 5C97 6 KB
6 KB 26ms
23ms Image
image/png 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/hoy4lk3/bundle/9/c-intel.png?placement_id=31880
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=hwvfnqo&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6d1378dc240aa3be25758d5ea637cfbf5e2ba2c4f550a6b54380389cccfb7622

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:15 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 84074
x-cache: Hit from cloudfront
content-length: 5869
last-modified: Wed, 14 Dec 2022 18:55:05 GMT
server: AmazonS3
etag: "b6800318cb778ea4ff1379da8f50ff6b"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: IZVsQGMWa3GVFeNopD49qGhymB5t6IlH4xh7X88-lNvxkd-DxLA0zQ==

GET
H2 200 c-cta.png
assets.scoota.co/creative/assets/hoy4lk3/bundle/9/ Frame 5C97 720 B
1 KB 26ms
23ms Image
image/png 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/hoy4lk3/bundle/9/c-cta.png?placement_id=31880
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=hwvfnqo&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6a0d0c84d6bdfcc214c1486c2a703b71b4aeae6630b50d59fca181f3c4ffed39

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:15 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 84075
x-cache: Hit from cloudfront
content-length: 720
last-modified: Wed, 14 Dec 2022 18:55:04 GMT
server: AmazonS3
etag: "2893ae570510ac35b7aae4f876b43ead"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: WXYK6p5r-Fhvq--HV9fLl2Mxl72pflm--USosiej5RbrhiI00T3IFw==

GET
H2 200 c-background.png
assets.scoota.co/creative/assets/hoy4lk3/bundle/9/ Frame 5C97 124 B
537 B 26ms
24ms Image
image/png 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/hoy4lk3/bundle/9/c-background.png?placement_id=31880
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=hwvfnqo&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a563591015d387f22841dd47f911622559f930cc250b92806e74d7954640db2c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:15 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 84075
x-cache: Hit from cloudfront
content-length: 124
last-modified: Wed, 14 Dec 2022 18:55:04 GMT
server: AmazonS3
etag: "07eb55593bcf521b53aac1d072db0190"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: d-eC4mM5gzQ3Y3ufixYQTGwG5nqr1CASbvR19hZwX7Rf3j4Krvx-yg==

GET
H2 200 session
track.scoota.co/ Frame 5C97 42 B
123 B 49ms
46ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/session?ts=1673177009367&bid_id=2207446029686697550&delivery_id=db5e5970-dd4f-405f-b471-8d265112bec7&placement_id=31880&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27939&creative_version=12
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=hwvfnqo&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 9df863b7c0ceaed826a6088bffacbaaf
date: Sun, 08 Jan 2023 11:23:29 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H/1.1

204
No Content

m
ad.yieldlab.net/ Frame 535F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=yieldlab&google_cm&google_dbm
https://ad.yieldlab.net/m?dt_id=52&ext_id=CAESEHr1pxAyN5jvoAQ4MedILC8&google_cver=1

0
525 B

100ms
41ms

Image
text/plain

23.0.214.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.yieldlab.net/m?dt_id=52&ext_id=CAESEHr1pxAyN5jvoAQ4MedILC8&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ64bnAhiI64rdATAB&v=APEucNVNgrY_UdERqygeTr-MJXPyuIFhnEZd-FQyAUDJpkFzFwGQ7lnkrY90grSw3URu65QnzgWMsJDOCUSvui0KKBXLlYNE8qk0jbdHSFtEmyg2Hu9Wb0vWAmjbEgm9VMtDJcRVOdnhYfgFwArqxikKaJ8SMsrE3SW9UE-kYXYEYOvsTOnr56e13bPvTRsQYEM7ckKgXp0_ps3JLi3v-s5hWoSf2_mtYusoVfkLZ_2t48c6HrlRJ6A

Protocol

HTTP/1.1

Server

23.0.214.93 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-0-214-93.deploy.static.akamaitechnologies.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:29 GMT
x-content-type-options: nosniff
x-frame-options: DENY
Cache-Control: no-store,no-cache,max-age=-3600,must-revalidate,post-check=0,pre-check=0
Connection: keep-alive
x-xss-protection: 1; mode=block
x-application-context: application
Expires: Sat, 07 Jan 2023 11:23:29 GMT

Redirect headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:29 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ad.yieldlab.net/m?dt_id=52&ext_id=CAESEHr1pxAyN5jvoAQ4MedILC8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 288
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.adform.net/ Frame 535F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adform_dbm&google_cm&google_dbm
https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESELODE_JobNzGqRBFl5DZue4&google_cver=1&adform_v=1

43 B
162 B

143ms
42ms

Image
image/gif

37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESELODE_JobNzGqRBFl5DZue4&google_cver=1&adform_v=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ64bnAhiI64rdATAB&v=APEucNVNgrY_UdERqygeTr-MJXPyuIFhnEZd-FQyAUDJpkFzFwGQ7lnkrY90grSw3URu65QnzgWMsJDOCUSvui0KKBXLlYNE8qk0jbdHSFtEmyg2Hu9Wb0vWAmjbEgm9VMtDJcRVOdnhYfgFwArqxikKaJ8SMsrE3SW9UE-kYXYEYOvsTOnr56e13bPvTRsQYEM7ckKgXp0_ps3JLi3v-s5hWoSf2_mtYusoVfkLZ_2t48c6HrlRJ6A
Protocol: H2
Server: 37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
last-modified: Fri, 07 Feb 2020 08:03:24 GMT
server: nginx
accept-ranges: bytes
etag: "5e3d19cc-2b"
content-length: 43
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:29 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://cm.adform.net/pixel?adform_pid=4&adform_pc=CAESELODE_JobNzGqRBFl5DZue4&google_cver=1&adform_v=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 312
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 15226198413995535885
s0.2mdn.net/simgad/ Frame 59B2 128 KB
128 KB 21ms
21ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/15226198413995535885

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CaO6JiyescqQiEL4VQZ2VOc_L74T341bWg_cTtgzCGJC9x1HsbUO6GboDdwRxzmfyD8246wAddncbGnRdkvPea3jhmurPq2-rvwvj2RQp4tiaHjLoIdZG0alc7rzRT7UrFd3xPLrzYkU7xhymKi3EnPcm_5A6vABxxsj24bSAAUXaobBY&cry=1&dbm_d=AKAmf-Az51PNUB0yFib84HikgGPTZeGV3AyRI1jsAh1uvGm64IviHuZLT5D8ciNW_TJ7EGTCaAqwXLG_TdhmLf7a7EAvP2mOLjiGeFklh-uK2aAPtaeMFAeZc7iw2rgqCCtEnHxos0Ot3gaNZ9Kc6eY9HtJvsTZnbzSh1WXMHaIVmFTAzNEbOE4UY3xNOoztfSz1DH3VKwOfm2V-bBL-36CgrFXbgiBKksQTlaLMxmxr1qqe5TJp8YUexG2O9-Z94JRJ-i1kzMXuiPX9iwEywVbEi8f9LV0qY9biEZMCHLIit85J9i-4-DWI58PR4veZBIJzsiGj5QlNwv1ajYygxXR-ilw1eh7e1hH5oW2nRG3jfFNKUM_A5bLwZ7wAzD-rr2h5NJoy32YJ6CNZGunHsC3DZuXDXGmLZD_7You43YlPP8SMd_GZDzIpUuAEwda5mvrUQJMN3lSORdRUWGupb5LdPXHgVk5F2tD_2L_RUYPHG0z_nu8La0sB75usiUBf3muMjnqYII-2E_u-LBd-wN0tIUNDfiM2FRV-hWlSEo1wxH5kW9tgCaS873uuH6qR1Wk7hpGsH6nGs_ueLsbcgoByd7Di2KWda1HSg9DELixN1ISo8RM5VAcqxhl3BL2HOtVRU9uRZiroLU48jAadLx3tMGFQR6zsvW2QEcCMxdXbX--Xa8j6BdQGhpksAkuIyKTyq6h7zbEI3p47IKZAZ-3lxfm3cVj9LBpaPj6xzJ6TBZwRRySI45rbVTlQrQHW2EZ8KYGmzd_3LJJNbgLtY3ZfT6MNCpVAG5_FyouYxfrK3vUazjubKLHYKeYnXLDn3olZS6dPzagMDKVf8oZqoOjd-EQeD0NHqdvs3CJ1pQV-t1LZS1Idv8k42Yw9DjYF3TY0EViX4APp36dHVmHwb6gIddyznD3GJwQ1He-1LL8VhJ3Ul99E7wwnd1ULx7i4FDOgeXf-24lgsqnt2_hLH8BYOpXib7SXMhhISIBEjrMN4hiSdEzBDMfl0R0sCl87r6j7yxG0BnVI-KBZMdOnBYLeG3QJYzUhQoQ6bhTbAY3EK0FCf_Ip0HDSdlAnrN4rNEaAJDRqUx6ixX1r3FxAXQFJqmbLXwjXpYzuqUG0rm-4il_hsrQkMFiVV5KpNb2Ewu4T2kxQl0uDVD0NQTIp85UQOwMxfmUngNwHpTxEWEVmnZ3HhehWnz2cpiZnlsdMZFZkBYLlmZmWQtJec_PevzldjweqZnE-l4SwWa_mKPi-JPUI5y65Uga_jXT_IE2j5bzeYyMVNb4OO9p360yDmyLgVnAOgHx09f8kFsa7CyL8Bh1Z4AxmEhP6XJ0U6sElUBcRMfz660W9hIQ5IkanrOWKbpcHiosbZ8zRSZ-rSz6vY6dbM9MeCIkPtqFOQlYjxp-Wg71sujblS_VEmOv6vh3ACs-FaJeskIVRPAlkMbRNA84YljhcSU9IFARuynwNHOZkaxC_gp4tf_JopjgPcCGgE1dhxLms7SzNrgtQPglf307pkU0VRGy6XVAkjOufAzaZzMsq-PLOl1mWJfyAxgwAMOGdCD8p8Bcip7H9N43hjOCQ12CyrEY6izw3GXNGBIiCia_cg_jf5Nd23-Eyv-PhHmwkP_erhvGHy31l7RZQiSq0L91IinWcZcvzh5pGUI1U_RCuHe422YgJ6Fm5fdP-HKBVu_kJqHbW_OcDVA6DHLe6BCuIzSztgbY1qA01sDaGlEHZs4xOpeZUtVKTMXoqrkqtI5KJpDUxE4k0y4CxpdhpBxZ7cFkQzYaChdUTcZiiWBDDqGjm1l6m5FHXj_FXH1ThVmGpZp0XlMtybQ6X947GHlynJ3pdIcoXYACdOHcEPaDjb2JBFcdGXM8Qzc4_AC5BLQz6z4leIhykaIuHWWqPdZHRuj_-uPW51EPHhkBG_YbjejumRzk5x12np8ZlugVMGXQ3U7xpkIlQrplBfcdseBrUQdlF-B3Pg1hgVse9sO0Vk_es2Loh2Xzfxso-lq0Bvr_TvZ1XGVTj5dyh-K4slEwF5KBM8N9Ezgb6dx6QINXvVdHWH28t2MBr1REPfeSrbEr2r_DKCQBmQ-4Gt9Lia0IMN0qVbZBok_e-xSOGqBg8pUh0qEuqNzJgHVAbnoSttTyXorafP-OqjHEj3NpzqkgSzharktWYVz_2-6k23U_iWrIMhCiXP1_Vt1iQNVuz_ngjzlArXKyC8a-apyEKD7qYixD4tP_bxVPzxElGvAjNnrnfYgUdjA5-icSBG_Qzj5okO0v29QcvkX8cijDNT5UDxMfbq61aklyK984k8QDkh7BAWSXFI7Y8HrMTFUPIk4wvXDr1eLSPdh8-qbfKc3C8i7Z_dCNNujz7MRzWyBA5Y0q2lHpw6fhZuK-j1hG78HbZhxyXRtNlIKimgUuyY3apIGuELVqOZ33qpd7hLFocvVAdu_ULY-mlNQFp5JYvdN2c70AQErAwfEWhDUaMHvwvcCrfIm4FBdWHAyiLQPLpOZlTe3NtxxcnBDIG7XhRr7KXHqMbcPEd-F-toBDrEQE6zaRhhEfTco7zPivxJDFm2MDMFeiIOlSkCRamX8UR-2oQc_vpJslnr5WMoRXye52YCf3FAbRMZR9GIc8cqoX11cfQf8QdX0_DxcSEdyUHU1bdNa-0E8Awc0z2cXfkEZzNGXKdf2ffoX5WwVCCzud9XFes7K1D_XIf4dUYRzmFi2mUms5Fz1Ppx4HW_j9bLcTEQwYGR1ReyvzcNEaxQL_xBE49BRqZeY-RFL6NowxUvQcSwrqQh1bD9VQuAP1jYRuhCDh3KzaHQKbmHPPn1zrSYI0BIyTyIXhA9F0bXWEUxTKiD8WGzhk4GHqt0xqnAG3PsgFjSyQUula6zFm9UWGxL5FZ3AM75o75CrPlCBBBcdjpFlOH0k3Q-Xrzyg2r2oKuRpD1Et2Ea1b0LbqV68qjH0XV_E6u5su8CeKGXmLvT0LzIypIzIJnZoa6XC91N5Ji_6M_uCIRI3wOXn2u8tlYtLhHFxVBWUzWEcZhQ17mqC6KRH01DLCXYgGa8xS_yDF5Q-FcUJoB0hf0CzM0hQo6pANYDwV_brs5OMgkdkZdmfBq89QCBVLx__VO7tmdfhmN2lG_lIChqNvauGW8r7joqKbrNSnavDr2CSDSZCeUuD8KR11JGn-_jpAxP6JccJF5LRIthfGroDfhe36DYFVBmmPRPccyENe46a3VfzUnfv01QLehJhFQTVe9oExKpfdA-vQb2kpmU4kdYIGoSNq3CFreJi8Fr5AuERFHOycuNCc5MHey324-NY5GOUfPzhOgu889QjZg0Mu0R3x5TqvpjXNs4dnO6Pjoj2C8-tLv1uUIv4n6QarvcnJnoMwD717QeLONIASgj_aQEzntdTxd0W8uF7oGXiZQGwpGmFeYuCfF-TYNDwA63UiG_WMi9Sksmfvfm1Jt4L8dLppHGLtiRgQ182nYu4MSl0rXezoNV1ZnmTwUthab_orJG-hAWvYaJnVvYk2VAGYLt-S_BddLrFgE&cid=CAQSGwDq26N9O95_hkwgQEjYt6_vrTwEVYGk8QyXFRgBIAo&rfl=2%2Chttps%253A%252F%252Fkresy.pl%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a82d78a7fdaece20ceebee19121e6442cbd352153c0cca236efa6c63492a636f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 22:01:23 GMT
x-content-type-options: nosniff
age: 48126
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 130850
x-xss-protection: 0
last-modified: Thu, 22 Dec 2022 12:59:23 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 07 Jan 2024 22:01:23 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230104/r20110914/ Frame 59B2 28 KB
11 KB 24ms
19ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230104/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6dc0e3aead945b6160bc87da5f4d8fbb043dde5d0bece2aa426fa01895c9e358

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 01:38:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35128
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10849
x-xss-protection: 0
server: cafe
etag: 7485935580621256062
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 22 Jan 2023 01:38:01 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 59B2 156 KB
48 KB 40ms
35ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e7e65f5432de604cdf476d9ad55a2af5a933c715c639e4c36847023a3446f1ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48907
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1672933789069018"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 08 Jan 2023 11:23:29 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230104/r20110914/elements/html/ Frame 59B2 8 KB
3 KB 25ms
20ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230104/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 01:37:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35139
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 22 Jan 2023 01:37:50 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 59B2 0
0 65ms
58ms Fetch
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstNT08swKZvR-zutYol93PjeVw36J-LqU_fIE3IVHJW2a2oJVNV_Y8GwRKxZhemecCA8WOI-35HCMhcSbq6LiUd3UdcXqbzixFObZvp3PkYnWSAN6CVHIPWP-BDoZ1EL8eqSoLmn6WdXiNIwGGyjluQNA&sai=AMfl-YTVGO0m2b9D_Dgdbnjuf2J470lxyEyODVCLyF6-V5dY1__7c2hrSy7B1fNQteBDrYcIFjku3csqNqc1q4Zu8r5gUxjyG6s8HqWOQ1ns&sig=Cg0ArKJSzGiAlCI8-2DxEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20230104.08775&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 08 Jan 2023 11:23:29 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 59B2 41 KB
15 KB 30ms
23ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 06 Jan 2023 22:28:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 132906
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Jan 2024 22:28:23 GMT

GET
H3 200 15226198413995535885
s0.2mdn.net/simgad/ Frame 83FB 128 KB
128 KB 28ms
25ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/15226198413995535885

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AwBpCS6BeZZzeE6YFpdl08FBDUOR3NsqieqSl8X7Dl82Bx44dZdLZbC6AEOyjHsdwSwl6WIje_CtTrFoKbgILQzlTb220RcJX3ar4tYmsU2iO3z80CliOpvjgTGT0PTllZHmkldSO-G0Em58-az68_sxAwBaasUma6STKDscYPDbpbXNc&cry=1&dbm_d=AKAmf-A_46l5d8gkO_V2_pHUZkQWj8J2D27_p9SVX7LxD9M7b9cdoYNR_l4aTDwNmZcxVZdOudKMgiigreWPoxALjd9Zh36ksvujlV05AFrWrgyupMDbLZ7z0VLXDoZm1V03rZl26ajMBqpgHNBHHR35SffotFvIe_DLwANDA-AHpv3D0lDZPY5M3y7_elMLi0OuFqgELdpqs7x34_hbxc4QVhe-d0FrxBTq_MR11jC57K6qKYJyWEwP3qVkctoyiacubQGu3LtZdlu7Br7E1hzZgFy5YZ3jRLPNkKl84s3Kmq2-dmOk-Lao4JiqG8izgcxoep_vktMqbc6RUf0u26VqvHs7wzq-YrwgaOIx4A_7OVSZjWNWsy4J7emkMKxYKd94OirDqfYtRez9tFgFOVEQ0ZzK0rnZaVoGT221911MH0A2qP9v0k_e31_QfXiYOiZsKmy3ATlhfWspxHclqQ3lHWKeeYTALSfm7CYMAWVhuclj88TEfOBrjjDOmHLBqA0OfrtsaHzrEG8HVtZwNI0QRi6q2SprlPk3fmAGMp1e1W440SvAozxgSn3xWk2KPlEPGqalWcs-Ob_IHmojCkGp83v00O3nFbmCV3TQn1EgjNwBLlluG4i8muGYwW_HheS2bdZRc4CqD63P4xyKkjBc2Y6m7H_VZWW3aPFQnJ0kicf5pE4W-FF0h0GXXDAlGglhnmfE2P8EV65XzPiYyf8BPqiE_OB_Jiwk2914E69DZ5ULJ8PKQLhQWHY7a_SQnwIpAuCsQRpzp7Qgm79IYBaRViwAo5PCIXK5i5tEAFZ4tx1ZWqTF_eLc-jYyy7K8S1-i_YwwAFTOrEW_GsqRZGQomGDORA_qFxgUTWtxag1fX6sYoVu2_NyCe1OU4LYoe1pBKIYeVqSMC0WHEc5_vU2fHvvmM9DOyG7znOsIFGhZsT4fP9cS7tTC2XXTb7VtoD4iQ6_y1nzktiLUU4-bpO-5sm2uwEsQLvQigJN8jliNkf1mjMdntLlWqYt-FIBTS898lc7zQlWw5dT6Oy4SV45f8YiLzZ3pjPYAJ79dJepfdyhrVUJ1AHjvAugzteifjO6WYuYQHOaB5GnueA8pxiTuYNgivwZ6Kp9qwvIV1-rZxwksZFYfNaD-kheLIQOMGwAXtuAn1YFNZKwCMIL9Ssxnk-aH6AV_Hz4VCO9x5NSx8ZEeCYH0HclZEjdBcSbV9PeEiXTAxhK4QjltyHcHSkhKZ6zNPI_cUWwGGzS7JqNw4Kszu1f1onb3d2bvnbvK8ieL70PSOEVnJyMA-zXI4QC8xJWzJ6ugRWh4z1PmpGX_htnxCsYirvEO4ybSJhROoWCa_kL7hwOyZTxLawkhudd0_0mjbGB1iUquNCQIqYzX2tV9wO0kFVkZZ_8FAcLaR8XRA-_hgJbtw_wOVj240M7vwbIGSU7w5d2W-gGKFF9gudhm9lokpCRE7ekrTHbQNfQeGgMlMuuGbmcQEkFYw5Ahep_JPhbCTXfSNvhppibcQMU9hradPNbX6h6KX-sk9tE8f6MnSEPOKJ8WkW7GClrFslOhlbBFdYGbwbpwpz106nfHKoqwPIcb1-il-2v22jclfFVLe9BMKZU8DhqWKuS08I1lYgJqPvxG8LsxRWRQqBtvAHy9G8zc63oyfcyr1hKnep8_6EsR5sHrTKZka6rx6iDnYQkWnTmib_4orGsaloOYjQpu3LYrwgUFKVVDU_oBqsoXia82YFoUTXj8kPKPjrbP8OsO6H58oE7nfe4r5EXsYwvovW-iWxGfXNxm6_JNbK2ws5CIUnd0YjhXzsq5kvoYF6WPst_iToT0MnYfuLJSlunv0u3aT6EZLJCSLGkvQg89vg-KVQck3wKhTEFXUGFvdHhEp5qN-HGstQDXIcyTip-lelnVSUfmX9PthnTPIfMPa9krsaJqc8a9xlMOESdngV_eDO1GZFM6uRtFbVYw6wV5QJ3MfOWTO-b-pfnZU1Nujdt0yD2VrbgQqV8gv43eWvwUeUSoIfmB6FPCbSuW3Woxzh0KOQzOSCEof-b_YoZVVJmz7rLutJi2eV_HtO0AyNS9nyN9geuYwM9ZdoxV-ATgW864dHLkSHYuelU07sixTup6ELuK_dMw7hibSCy3WhYDRZYVdC33TWhzGY8G6HtBjUSuWj3eD_13PH1zb5nuWYLY7oyufcw-gVDchESlMJr0wQXkLvfrREnODG3xbzvNly5nY3IQM12FWQNf2DMqnXv9S9qASFLVirE-HYeh6f9Jt7M4zCIHAEpbRPmGk5Nc_Mm4U7oQddqV9ZQ-Vzh3z65ye3T5E1T0I1MUBuQW7P0ptX99THRvj_ByU1un4p5NtkeEr4hAXNpA5UmS423ikSDPKvIzvpzHRE9tpI_JEt56rbjInJfjN0NWqpkN4KiMdjqRAbA3EGypW-4B_VU6uWEaO_NPGrJAr8lBP2uXraUOdAvwZygp1TkHQWmLkaTvFaRdsEMtAyR01QC5o9MudGrVecrUaTrraUu5XhwrgdDrNsIngVqC_XbuSZtuHF8oTd-vezmnwDcrzvHGjb4kjNyHXl3NdUScf3EIJfG9RZZjhyWqpcIou_jWSpbUbfSOyWphVNQ3yBbSh7AVE4-_UhjSqfKS1I9uiNoxQTlTUoQYTo9v30AB-QuHz8Ly8MM_Qi0c81xHCo1qn4aKzBJ_1dbslX7vuh_GHH-QuLU-X0xC0kjJWeowcv9LTq_nFrBBlNeAy3j7p8HQ7OfyY5-TvNISWzSBKsxN5S7-p2e7MlE9psH4i24DaV60KB30UgH2E08dYZIBbzgfYtIXbZYbKVpmIse5OEhMgZZpi4rtxKJEZi9p7YDQirhCPRVi3VJ4KLFzuyRS2F4X0s4ERSv4UEVphLp0TgYJUeI4gM4lBA3bkzpQrI6CrJZC-tHvUFVqRXucTi8zp-H-REUtpK9YXMODCICSa82Yg0zLk2hVeUz9Anw1wgtC5Lj7tYPAc6Jh6SDnI10BFSkElhEL4FvuNVm7FVnA9cIyToCkE2PzlvqhfakQ1slAoY40G0Bvnmlw1nj3oW46XbNjspwgkils-EjsvSalWv5s4Lsi7uRdYbS_mHNO5D7PXgU6npwrocrhlQt2Z8WpHUKNUD97F7Baou7686p9zzZ1zHc_97NdYYdJhJSmQTfpebW4IBacrGQl3x3jgAMBfnGktlCor69FgpgKsTArqiZRhIg8kJP56m-zz7dIOsjLP0ec43BIprecW74uf6bFzE1GnGB2z-yKB4-8bU2D4uTeHUhReUgTyWxX7fY92EA7HkCbxKcfoPNmKWI_tI38nfc3hL9vc6WiyPEBSM5gkWyI6hJ-HARkwgZu8_tSWjKdJ24AWEWEEZ6u3USv9Lgmu0VK5NeNLOKlxmcIbJl0KkajZgUWulflsCuj8qe1GmHUGZdHfifAC8dMM71X7CbTgVvqRuspEwNKh33u3acjSD3m9wSEvlcMfpXmKQ2Zb_bFFASZOiV7aMGc6a-QOFe2DYKxU771H10BTFvAqKuk6YWr8uvsaxQ4BJIyaA&cid=CAQSGwDq26N9u4pK3Bk8Y1UPH5ig2wEPGwXzafD4_RgBIAo&rfl=2%2Chttps%253A%252F%252Fkresy.pl%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a82d78a7fdaece20ceebee19121e6442cbd352153c0cca236efa6c63492a636f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 22:01:23 GMT
x-content-type-options: nosniff
age: 48126
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 130850
x-xss-protection: 0
last-modified: Thu, 22 Dec 2022 12:59:23 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 07 Jan 2024 22:01:23 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230104/r20110914/ Frame 83FB 28 KB
11 KB 22ms
19ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230104/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6dc0e3aead945b6160bc87da5f4d8fbb043dde5d0bece2aa426fa01895c9e358

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 01:38:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35128
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10849
x-xss-protection: 0
server: cafe
etag: 7485935580621256062
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 22 Jan 2023 01:38:01 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 83FB 156 KB
48 KB 54ms
51ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e7e65f5432de604cdf476d9ad55a2af5a933c715c639e4c36847023a3446f1ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48907
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1672933789069018"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 08 Jan 2023 11:23:29 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230104/r20110914/elements/html/ Frame 83FB 8 KB
3 KB 25ms
22ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230104/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 01:37:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35139
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 22 Jan 2023 01:37:50 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 83FB 0
0 60ms
58ms Fetch
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssc48eaxfvPy80lDxhQcujcPuljNUXO1pO7K7xEPi9hJGZWbWAX5OCW7_THx8Bv3tfcyYBeNwY2W6258FtgRhpGJKaOH4AJ-su2nEpC7nW6jlaqJCHxmDTiC3lC8qG_HiQjbILbTXvoQwwMERGA_qQQSQ&sai=AMfl-YRR4lCT9fPlHBS1Jl1cFj4jqwx1XD2OG18V7OqxxpehwPLR7QaFiinwICoNbrQKf1V4paqt1A4NHBXr4WuPLWVi4fEVHqt75i1JrD28&sig=Cg0ArKJSzJi7t9xQZOoUEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=0&cbvp=1&cstd=0&cisv=r20230104.93217&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 08 Jan 2023 11:23:29 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 83FB 41 KB
15 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 06 Jan 2023 22:28:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 132906
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Jan 2024 22:28:23 GMT

GET
DATA 200
OK truncated
/ Frame 9940 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0e118d3d784c5eb8cdb6ae1ed35bb4ce8e34972dda1d3cf03fbc9de0b832bd26

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 15226198413995535885
s0.2mdn.net/simgad/ Frame 2047 128 KB
128 KB 24ms
22ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/15226198413995535885

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BE6BMwNVivTYZNlGnLKigsublyU-Ik_2Z_BZAItxS_lV9TIODEeYSplQWXN7HIHBGmrDUcgIQw-p1Gieb9NXCkL7Xx7vlrN-1GYIyuX7xYgUijy4-3iPd9iMeIYslyMMGzzfIq45M4QejJ4beX8hnl2OaHtFYKwiy0-uyMZBMqzq9OVKQ&cry=1&dbm_d=AKAmf-An79bXF4pAUnuJlbmyeCbG9XrddpAdBwx23RZo8xrFYznvCsdQ6sWtPWAaFzGSa5UKm6sogzo93IUuFBt79aI4_dD48C3g7R0IyfWbsJ0xFOdypB4KXnJrOi5K7yVfwDRqDFebHOo5C5tATO7PuGpadOdJlPigSqb-KFRtUrxkXoMpVrAEybOZGIU9ZURVvCgViQnxsMGVI7YzYC2iodDN86URQOcz0Rh0BUMPwrhQ0-F9EfdXFIk3eGIRXq8jH-1r7_cFkCMGwl2VqrEgvz2QkCjIU64LOayH5df2WfL2kKUe47vPzYrcgz0yDCkUMGBItPj-W5ZatMXmNeGV4Erb8MWI60dm4Nw9rjukK9PliD93t2JGeiLMG-BkQj0bCxtagk0Y9ZzzEE9rQysytstDcfWHg8gd0n61wZtcsefWch7BcxPS7kclIBZWnRHzYKHzVSD7aVqj11EsKyaVEfMclVJnryNjcsqBboO8IG7cRy_hznsKeIVezrHGJ923xspeu0f7w2H7F8lMp50qNesmslI6Ld8N7hZa3oOPvHJFwbspmos78-XeD4K46RrMShGeqmJ-RqB2yRrXVulQkZYeZrfpISVLQ3Rhwu3jo7GwmmEwr4SJ1Fa2ACH-IFad7hzQymqSz-q0yGlL62AIS_9EllOiyge0zkDpWsoMIVJQGSxL194oj5UVNevF24UPkQUZGGEs0la1lwonCbAQS-tru9wsY3LskL4vDyJGKv-zTG-x-VhpCHhi2xFddgbJmhm6lILNEe5o3Wxj9EvH5VIglCPP4QJ_T2dfLsWfF_VQNPD8ntyY4On_fuomSiro0aLM7jBV3_P3OgJ0_FLl7i6A9JVYTl8HuLthKYVcq46ZJ4A6oao2UeIAPJLzDbeiNaNJ0nat6VGib300SzlTsnADLv0eoWfSXtlewqFDKVecPiWXKP6AgCasgPYJDEVQtMUJEcS2Tyw7ODxz9ASU4BSEPqK5Kil97rt1Q52lSSO6EBrwUOoRi13fhJh-TLBSwgzBU610FZrasUpOOIJ0J_g4ff5hkXP-rqtxKt50yPUu7IQkcS0UfEU-EVYqhjUESl440dwlWxNQp-1wnP70tGIqPhzteLL5khYAVsv2CovGwRqquFBuTnKBpa6dFbANnI96zfL7eNQVBjxsJZR_j691TU8gYT2ntSJMRcSSJNAHjxpsvbuXjP9BQeGhlU5eZjqF-U-mV8dPBcbGzj-b10HmREU4r-MHnraCP17h3rXjaUHtHvsmo3KaqJgC7n8u10NNc_Kbydve9sfB1BThXIKdygA2PDM7X0fgM55QFSf1VODN9LEeaGV0f_ssw0h3dUm_0QKPFxxzWoPLkPdbMILgenyuQLt7en_0cIl7aMX9Rk63IZRFiVYsPcHxkg54ofZoBWPB7_XM9cXYghAITp34BbDFYy8Ll07FCXZQ-mrBHtnoZFgbnvQmWEmGIM0EiFrMMydCcdsFe3V7LW31F1P2dGnaEUtl4LQxnXMD3gy9yLMyyVDXxN9IO4n2Ib57uNzSLUaxxi4DcKuWm75YXJ279i60zcj7U0H5zBWr05vAokPb1euDx9bUmfGan7IvC18gF49R6tuwJ1sRE8JPaYvtJ1XUzjMoHfdcuSQeigCihNjA7xZ6wlW6ytnn3t0F4VjmBBOQMm6YCpHiJqqRJKAL9ZtBMQEj3JU1b25zl0dhnOsEDGZNjEBvnW0Je3DA1GZVdZgFnbCjSSSGaNGcehEg7YLuuEbWnoYgpcrFqxeA2fcduRDBCfRSlprlmGVsFBQpOz3ciez-B9wfpWuJc2PcSgZeQT5bN28ipgdeoq87e9odRUBGGasMpMOgr3bzs1fSPDtiDOC5V1I04_LyBaiBMFkZX6Y3l6ey6_z3g_zseK96QBDevWblWmh3oJB0zXxbEObAdlz7pc4eaZthP92uIfJ95bOYaEZoBKvIcYsk1KchrBMB0m05WJTI0IkqQMiEWB9a1OqU38TZRmKeIaB86gOw9Y9z8CN2976o96GMIzvBeZGHnrHvcYeoUVJplLl6B-5VWzZy8SFcXSvSs2bcbNHE0F1SNdEIhdeeQRXWAWHwqU0-UZs-V0ye_WlCRfrUpN0U0PmP-MqrKQjahoc9wfDaq1opGsog-gw5cC8MYGngITwPiJ3ok4cTMoVWQigpXtIU_io3XibA7lJyfPFblLPHmK6fgFh9LYTa9cPfk_-H2WxALQPFRdvoCFSM5OjSuarP_uYA-IaZzu5_QyUW6X1jM5vxeSIx-bTJ7QGmJHe6iJT92LEIYV_KFLiwXgvCKcryrwbNoyXHh7siCLZq7HDgJEAIqAOWwJDc3HDSgTz9OAzPrvC9Z0APurJxye9F_TylvQujYwnw1Npm4ZCYPMaTWYWOPh9g9chfFeLrTlz0s3C5Vvr60eyj2BuNKB_YweH_T1CWBEm0fdOVFzoyJXyzHK9rpkZWwCfP6b6HvKMuVUb1ua6cMjay8_5MmlchmSSe__RRI3YsiM5aKrCN2HPeEfIjfvw_6G3ym91-0_Sf3QmPADMnBSYt-5yZj7A9cHHzsH7lgx8wP7wpwwAkacn2s3VmKOgkbN-lxwJjUnX86fRxGRAiJDefky82Wh53wlsHTUG9Mvfz1GT9fq1ztX6sw03X85cYH-_TMNk9kLj1cGf4MkNEOE9nhfeodNDC_hjB9Ap3uK57j2x3EHAofDCkuSIrqfkjQRPFK2-t5RmQZqoZ2uPF5HvgLfEllT9LdJV28svaXFty_31VYzd_bO12LYuzZZ7oxpNefNC66VZet0SuCPIjE92NvOoN9DBWn6h1osBnN4ERj7ddFrCaKBbuHRD-bkZZ6V9cLX4GnpcbGeTrvepSDOFCqWw8x38xNZRPPbGGYSb8uhOAwif8gl0IuSk0yF-zC61F6hesTd0RHwVc-d9RmVHuMM4bFxjpjsGgvurLVJZkJh2eJJ15mDVwokcNXx69fNHjosRM8-yYXu1h8QxpSMjJDUmJgjw9-rIUuANJ1Oxetqjtc4ymg5PJXJ53Ilr8HLBTzQzaG934BDfnA1gRdW0k0P-Etj1aEWMzNsHkWCZXoTxJy3tfOjvcuArzkLzPwI1hDr7PtJCnQy-kzcmQqmuneDNwXNrgJ94Q8gJS_iEKOe69A2c93gdHyxECtWnMTzJSwE_2FpNEHm2xhPy-ww7txG-5x6Zo159e11Gmx86Yjcr7fGv4IvDzc1ghReZJO68ks4I9aNj9N-kVkQnjUXi2-K5vHHeqApRjJAA-nnXz9d6IZQ6eDrCnX7keV_2biHGtYOvvB7PJypQq0S6Augi7vpNnnqAT3Jw5aMNpKl7fIRAy599Xyws19eEm0yjQf0ro-WnrWuYz8RmZMcKqaGrAjBkDc9Nq0ZXacV6at14tu10Ac3KAUWMTQPiWLzejLt3rt8jt3wWvOMVqzp45DJTiKXkd6mexSwI5yMVLCZlbOAJUAmtjCAmUuoAApoK7Oq0Q_GxZfxDBV2l_hZKvO4wAHAWcKRzZd5bMehAuS1GbFTRRjkURhSc02A&cid=CAQSGwDq26N9g_dFmm1B6KZ5X1Hq8ip2fYztIDoB_xgBIAo&rfl=2%2Chttps%253A%252F%252Fkresy.pl%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a82d78a7fdaece20ceebee19121e6442cbd352153c0cca236efa6c63492a636f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 22:01:23 GMT
x-content-type-options: nosniff
age: 48126
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 130850
x-xss-protection: 0
last-modified: Thu, 22 Dec 2022 12:59:23 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 07 Jan 2024 22:01:23 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230104/r20110914/ Frame 2047 28 KB
11 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230104/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6dc0e3aead945b6160bc87da5f4d8fbb043dde5d0bece2aa426fa01895c9e358

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 01:38:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35128
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10849
x-xss-protection: 0
server: cafe
etag: 7485935580621256062
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 22 Jan 2023 01:38:01 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2047 156 KB
48 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e7e65f5432de604cdf476d9ad55a2af5a933c715c639e4c36847023a3446f1ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48907
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1672933789069018"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 08 Jan 2023 11:23:29 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230104/r20110914/elements/html/ Frame 2047 8 KB
3 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230104/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 01:37:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35139
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 22 Jan 2023 01:37:50 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 2047 0
0 63ms
59ms Fetch
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsujJHkfn8zezEAUDqKknoff6xkpWzPOs3phOFnURsUEa-9On1gczgWOIF374739UYRW-OJc4I9_Q3hHu-Fj1R6b0jJzqgC0Eacu62e4xoGMZTx-WDvEYCg_ZoxqJR1aoFsUp9DKW03JLbz9O2XvoO_QOw&sai=AMfl-YRa_XopRcARpBBRjttRXMItL89wBJL2uW0lv7XXchvVNFBDYLerXGkx5Uyhp87BYUcnTI7KeuWEfZBhDrme_zWrobj35DXg4teJBNkN&sig=Cg0ArKJSzFVMbrV2gCCFEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20230104.64567&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 08 Jan 2023 11:23:29 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 2047 41 KB
15 KB 24ms
21ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 06 Jan 2023 22:28:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 132906
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Jan 2024 22:28:23 GMT

GET
H2 200 c-click.png
assets.scoota.co/creative/assets/hoy4lk3/bundle/9/ Frame BC77 123 B
537 B 23ms
23ms Image
image/png 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/hoy4lk3/bundle/9/c-click.png?placement_id=31880
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=8666453536827556983&delivery_id=5f6e1fb6-b0ed-4657-b676-7fb29b5006ae&domain=kresy.pl&cachebuster=1600130912&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008584&ts=1673177008584&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008584
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 90804254f9fc817e1f345555862b6283240d9b029ebcf6995a7e24d87a0b4a2f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:15 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 84075
x-cache: Hit from cloudfront
content-length: 123
last-modified: Wed, 14 Dec 2022 18:55:04 GMT
server: AmazonS3
etag: "bdac9f292fc68407c9ff3d50b8f4bcf5"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: JKoB3ABsIpRLLxptrTeKwBVZJ5sSctXOXcNU2rQq5GmtWX1Yv_pG6w==

GET
H2 200 c-dell.png
assets.scoota.co/creative/assets/hoy4lk3/bundle/9/ Frame BC77 2 KB
2 KB 23ms
23ms Image
image/png 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/hoy4lk3/bundle/9/c-dell.png?placement_id=31880
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=8666453536827556983&delivery_id=5f6e1fb6-b0ed-4657-b676-7fb29b5006ae&domain=kresy.pl&cachebuster=1600130912&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008584&ts=1673177008584&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008584
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6ceebbb0cc3c9f4268c91fdc8bdb86b3f2d0c6d8922b9b91bcd3853eda2dc667

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:15 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 84075
x-cache: Hit from cloudfront
content-length: 1790
last-modified: Wed, 14 Dec 2022 18:55:04 GMT
server: AmazonS3
etag: "b892857e5c6c06b2ec8b4f109e6b26dc"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: 5MOq6kt7pfATiSajqYq-SPQDzmSxiRuDeMFhLdtUO5UNg3u-TgR-rA==

GET
H2 200 c-intel.png
assets.scoota.co/creative/assets/hoy4lk3/bundle/9/ Frame BC77 6 KB
6 KB 23ms
23ms Image
image/png 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/hoy4lk3/bundle/9/c-intel.png?placement_id=31880
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=8666453536827556983&delivery_id=5f6e1fb6-b0ed-4657-b676-7fb29b5006ae&domain=kresy.pl&cachebuster=1600130912&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008584&ts=1673177008584&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008584
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6d1378dc240aa3be25758d5ea637cfbf5e2ba2c4f550a6b54380389cccfb7622

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:15 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 84074
x-cache: Hit from cloudfront
content-length: 5869
last-modified: Wed, 14 Dec 2022 18:55:05 GMT
server: AmazonS3
etag: "b6800318cb778ea4ff1379da8f50ff6b"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: l_RSw0ELLBLRdPkPonRiBR-cewwrcx7fkiNNRrFmtMI-gmp4qMGOVg==

GET
H2 200 c-cta.png
assets.scoota.co/creative/assets/hoy4lk3/bundle/9/ Frame BC77 720 B
1 KB 23ms
23ms Image
image/png 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/hoy4lk3/bundle/9/c-cta.png?placement_id=31880
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=8666453536827556983&delivery_id=5f6e1fb6-b0ed-4657-b676-7fb29b5006ae&domain=kresy.pl&cachebuster=1600130912&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008584&ts=1673177008584&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008584
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6a0d0c84d6bdfcc214c1486c2a703b71b4aeae6630b50d59fca181f3c4ffed39

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:15 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 84075
x-cache: Hit from cloudfront
content-length: 720
last-modified: Wed, 14 Dec 2022 18:55:04 GMT
server: AmazonS3
etag: "2893ae570510ac35b7aae4f876b43ead"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: ddr1-mDmnwABaGIy5oymND9R9ZHFgT-G2accNSXUKQKT059OCX8D7w==

GET
H2 200 c-background.png
assets.scoota.co/creative/assets/hoy4lk3/bundle/9/ Frame BC77 124 B
538 B 23ms
22ms Image
image/png 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/hoy4lk3/bundle/9/c-background.png?placement_id=31880
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=8666453536827556983&delivery_id=5f6e1fb6-b0ed-4657-b676-7fb29b5006ae&domain=kresy.pl&cachebuster=1600130912&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008584&ts=1673177008584&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008584
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a563591015d387f22841dd47f911622559f930cc250b92806e74d7954640db2c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:15 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 84075
x-cache: Hit from cloudfront
content-length: 124
last-modified: Wed, 14 Dec 2022 18:55:04 GMT
server: AmazonS3
etag: "07eb55593bcf521b53aac1d072db0190"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: XnjfwQU3mmmLlCLfFJSkwt8IW2OywqUIsr-Qhh4EcUxYHMY2n7N6Ag==

GET
H2 200 4feeb7a44dedb032c50a.1.js Show response
assets.scoota.co/serving/31880/ Frame BC77 30 KB
7 KB 23ms
23ms Script
application/javascript 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31880/4feeb7a44dedb032c50a.1.js?placement_id=31880
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=8666453536827556983&delivery_id=5f6e1fb6-b0ed-4657-b676-7fb29b5006ae&domain=kresy.pl&cachebuster=1600130912&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008584&ts=1673177008584&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008584
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1b181931d4d1611b145f6d7f745f462b4c8f3cb4b606bdb5d1f3d4cbf782e9f3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 06:22:42 GMT
content-encoding: gzip
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
last-modified: Tue, 03 Jan 2023 14:53:54 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 18048
etag: W/"adfd10a6484cfa765ab0ec374a579d83"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: 8_fDVBeD7huv7QwCwjFHK60zxstqdAAm9GuIKmRj9364Do8xHpLWDA==

GET
H2 200 session
track.scoota.co/ Frame BC77 42 B
123 B 60ms
60ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/session?ts=1673177009433&bid_id=8666453536827556983&delivery_id=5f6e1fb6-b0ed-4657-b676-7fb29b5006ae&placement_id=31880&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27939&creative_version=12
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=ygqcyx&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: d89f57f2adfca2f84c3fa6ad789f8f94
date: Sun, 08 Jan 2023 11:23:29 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 c-click.png
assets.scoota.co/creative/assets/hoy4lk3/bundle/9/ Frame 3382 123 B
528 B 21ms
21ms Image
image/png 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/hoy4lk3/bundle/9/c-click.png?placement_id=31880
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=7379796288815871095&delivery_id=fad5fb22-6ac2-4ccf-97ea-6eb12e46c096&domain=kresy.pl&cachebuster=671432163&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008606&ts=1673177008606&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008606
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 90804254f9fc817e1f345555862b6283240d9b029ebcf6995a7e24d87a0b4a2f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:15 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 84075
x-cache: Hit from cloudfront
content-length: 123
last-modified: Wed, 14 Dec 2022 18:55:04 GMT
server: AmazonS3
etag: "bdac9f292fc68407c9ff3d50b8f4bcf5"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: xc1oSmulGI7RGGU-roouSVXRfdJwEjfgKXhtAEHI9th4rUuYoqoVWg==

GET
H2 200 c-dell.png
assets.scoota.co/creative/assets/hoy4lk3/bundle/9/ Frame 3382 2 KB
2 KB 21ms
20ms Image
image/png 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/hoy4lk3/bundle/9/c-dell.png?placement_id=31880
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=7379796288815871095&delivery_id=fad5fb22-6ac2-4ccf-97ea-6eb12e46c096&domain=kresy.pl&cachebuster=671432163&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008606&ts=1673177008606&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008606
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6ceebbb0cc3c9f4268c91fdc8bdb86b3f2d0c6d8922b9b91bcd3853eda2dc667

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:15 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 84075
x-cache: Hit from cloudfront
content-length: 1790
last-modified: Wed, 14 Dec 2022 18:55:04 GMT
server: AmazonS3
etag: "b892857e5c6c06b2ec8b4f109e6b26dc"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: bQOIylBTRF9kWeBEh9LvmEFpYNLTWbQwhXD8c4XqIiw1BNkAbWYGjQ==

GET
H2 200 c-intel.png
assets.scoota.co/creative/assets/hoy4lk3/bundle/9/ Frame 3382 6 KB
6 KB 21ms
21ms Image
image/png 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/hoy4lk3/bundle/9/c-intel.png?placement_id=31880
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=7379796288815871095&delivery_id=fad5fb22-6ac2-4ccf-97ea-6eb12e46c096&domain=kresy.pl&cachebuster=671432163&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008606&ts=1673177008606&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008606
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6d1378dc240aa3be25758d5ea637cfbf5e2ba2c4f550a6b54380389cccfb7622

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:15 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 84074
x-cache: Hit from cloudfront
content-length: 5869
last-modified: Wed, 14 Dec 2022 18:55:05 GMT
server: AmazonS3
etag: "b6800318cb778ea4ff1379da8f50ff6b"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: BQGtaV86hA0lfctTdF6BzSmVkVmC97gVRvjwVPYzRV_SnIxVvBggRw==

GET
H2 200 c-cta.png
assets.scoota.co/creative/assets/hoy4lk3/bundle/9/ Frame 3382 720 B
1 KB 21ms
21ms Image
image/png 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/hoy4lk3/bundle/9/c-cta.png?placement_id=31880
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=7379796288815871095&delivery_id=fad5fb22-6ac2-4ccf-97ea-6eb12e46c096&domain=kresy.pl&cachebuster=671432163&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008606&ts=1673177008606&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008606
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6a0d0c84d6bdfcc214c1486c2a703b71b4aeae6630b50d59fca181f3c4ffed39

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:15 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 84075
x-cache: Hit from cloudfront
content-length: 720
last-modified: Wed, 14 Dec 2022 18:55:04 GMT
server: AmazonS3
etag: "2893ae570510ac35b7aae4f876b43ead"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: NJWcizIwDIV9pCxBk4bB_nGFahWS39NEa5K4DkuZhyN51Lb_Mhjg0g==

GET
H2 200 c-background.png
assets.scoota.co/creative/assets/hoy4lk3/bundle/9/ Frame 3382 124 B
527 B 22ms
20ms Image
image/png 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/hoy4lk3/bundle/9/c-background.png?placement_id=31880
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=7379796288815871095&delivery_id=fad5fb22-6ac2-4ccf-97ea-6eb12e46c096&domain=kresy.pl&cachebuster=671432163&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008606&ts=1673177008606&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008606
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a563591015d387f22841dd47f911622559f930cc250b92806e74d7954640db2c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:15 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 84075
x-cache: Hit from cloudfront
content-length: 124
last-modified: Wed, 14 Dec 2022 18:55:04 GMT
server: AmazonS3
etag: "07eb55593bcf521b53aac1d072db0190"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: shM2yLPSy-lRSgzg_LVp6nbmp72TBP7viRbmCbIkabi72MIXge023g==

GET
H2 200 4feeb7a44dedb032c50a.1.js Show response
assets.scoota.co/serving/31880/ Frame 3382 30 KB
6 KB 23ms
21ms Script
application/javascript 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31880/4feeb7a44dedb032c50a.1.js?placement_id=31880
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=7379796288815871095&delivery_id=fad5fb22-6ac2-4ccf-97ea-6eb12e46c096&domain=kresy.pl&cachebuster=671432163&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008606&ts=1673177008606&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008606
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1b181931d4d1611b145f6d7f745f462b4c8f3cb4b606bdb5d1f3d4cbf782e9f3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 06:22:42 GMT
content-encoding: gzip
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
last-modified: Tue, 03 Jan 2023 14:53:54 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 18048
etag: W/"adfd10a6484cfa765ab0ec374a579d83"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: AosFHFH3x6blVfqRJnlapo-LbYsc77BknMa90XSIGyYJLrq2s8qI-g==

GET
H2 200 session
track.scoota.co/ Frame 3382 42 B
123 B 60ms
59ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/session?ts=1673177009441&bid_id=7379796288815871095&delivery_id=fad5fb22-6ac2-4ccf-97ea-6eb12e46c096&placement_id=31880&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27939&creative_version=12
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=elbbkpf&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 06d736f2eb590249fcf02bed171e6ab1
date: Sun, 08 Jan 2023 11:23:29 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 c-click.png
assets.scoota.co/creative/assets/hoy4lk3/bundle/9/ Frame 55AC 123 B
528 B 21ms
20ms Image
image/png 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/hoy4lk3/bundle/9/c-click.png?placement_id=31880
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=1951772018706946693&delivery_id=a4063513-e4df-4114-b27e-eb96b5221ee8&domain=kresy.pl&cachebuster=279801505&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008550&ts=1673177008550&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008550
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 90804254f9fc817e1f345555862b6283240d9b029ebcf6995a7e24d87a0b4a2f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:15 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 84075
x-cache: Hit from cloudfront
content-length: 123
last-modified: Wed, 14 Dec 2022 18:55:04 GMT
server: AmazonS3
etag: "bdac9f292fc68407c9ff3d50b8f4bcf5"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: l7hzgQUvsoqbdDv2VzK8shB0y9W35uYJHhU2HIIYgMyL3_KlwfGAgw==

GET
H2 200 c-dell.png
assets.scoota.co/creative/assets/hoy4lk3/bundle/9/ Frame 55AC 2 KB
2 KB 26ms
20ms Image
image/png 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/hoy4lk3/bundle/9/c-dell.png?placement_id=31880
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=1951772018706946693&delivery_id=a4063513-e4df-4114-b27e-eb96b5221ee8&domain=kresy.pl&cachebuster=279801505&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008550&ts=1673177008550&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008550
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6ceebbb0cc3c9f4268c91fdc8bdb86b3f2d0c6d8922b9b91bcd3853eda2dc667

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:15 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 84075
x-cache: Hit from cloudfront
content-length: 1790
last-modified: Wed, 14 Dec 2022 18:55:04 GMT
server: AmazonS3
etag: "b892857e5c6c06b2ec8b4f109e6b26dc"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: wAh4m5nARoHzKRQXX305UILWPa42pWjn_pfQRcktl6gRBMdA3T2mEA==

GET
H2 200 c-intel.png
assets.scoota.co/creative/assets/hoy4lk3/bundle/9/ Frame 55AC 6 KB
6 KB 25ms
21ms Image
image/png 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/hoy4lk3/bundle/9/c-intel.png?placement_id=31880
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=1951772018706946693&delivery_id=a4063513-e4df-4114-b27e-eb96b5221ee8&domain=kresy.pl&cachebuster=279801505&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008550&ts=1673177008550&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008550
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6d1378dc240aa3be25758d5ea637cfbf5e2ba2c4f550a6b54380389cccfb7622

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:15 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 84074
x-cache: Hit from cloudfront
content-length: 5869
last-modified: Wed, 14 Dec 2022 18:55:05 GMT
server: AmazonS3
etag: "b6800318cb778ea4ff1379da8f50ff6b"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: cIpZE01jXqdIpmIkvUIGTnK3DzYHg9mKiPGVGj_04-KnrpLztkcbxg==

GET
H2 200 c-cta.png
assets.scoota.co/creative/assets/hoy4lk3/bundle/9/ Frame 55AC 720 B
1 KB 25ms
19ms Image
image/png 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/hoy4lk3/bundle/9/c-cta.png?placement_id=31880
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=1951772018706946693&delivery_id=a4063513-e4df-4114-b27e-eb96b5221ee8&domain=kresy.pl&cachebuster=279801505&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008550&ts=1673177008550&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008550
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6a0d0c84d6bdfcc214c1486c2a703b71b4aeae6630b50d59fca181f3c4ffed39

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:15 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 84075
x-cache: Hit from cloudfront
content-length: 720
last-modified: Wed, 14 Dec 2022 18:55:04 GMT
server: AmazonS3
etag: "2893ae570510ac35b7aae4f876b43ead"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: YhIyxM-QfmYvwRM-Ks_TcrOgTSgCPv59qg7wX0YWtJyGNqZ52PTTyA==

GET
H2 200 c-background.png
assets.scoota.co/creative/assets/hoy4lk3/bundle/9/ Frame 55AC 124 B
528 B 24ms
19ms Image
image/png 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/hoy4lk3/bundle/9/c-background.png?placement_id=31880
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=1951772018706946693&delivery_id=a4063513-e4df-4114-b27e-eb96b5221ee8&domain=kresy.pl&cachebuster=279801505&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008550&ts=1673177008550&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008550
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a563591015d387f22841dd47f911622559f930cc250b92806e74d7954640db2c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:15 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 84075
x-cache: Hit from cloudfront
content-length: 124
last-modified: Wed, 14 Dec 2022 18:55:04 GMT
server: AmazonS3
etag: "07eb55593bcf521b53aac1d072db0190"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: YIsb5s4vAHz5BrBlTktaawnf9xZjjQGSO1MmgtEMmEJPWfMlJikZfA==

GET
H2 200 4feeb7a44dedb032c50a.1.js Show response
assets.scoota.co/serving/31880/ Frame 55AC 30 KB
6 KB 23ms
20ms Script
application/javascript 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/serving/31880/4feeb7a44dedb032c50a.1.js?placement_id=31880
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=1951772018706946693&delivery_id=a4063513-e4df-4114-b27e-eb96b5221ee8&domain=kresy.pl&cachebuster=279801505&event=serve&placement_id=31880&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008550&ts=1673177008550&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31880%2Fplacement.js%3Fts%3D1673177008550
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1b181931d4d1611b145f6d7f745f462b4c8f3cb4b606bdb5d1f3d4cbf782e9f3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 06:22:42 GMT
content-encoding: gzip
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
last-modified: Tue, 03 Jan 2023 14:53:54 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 18048
etag: W/"adfd10a6484cfa765ab0ec374a579d83"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-amz-cf-id: EUbEH6gcCjmvx5Q0OZ0jNxY8oZmW4w91NeFGF8Yjs6lzR_KL9_4tgg==

GET
H2 200 session
track.scoota.co/ Frame 55AC 42 B
123 B 64ms
61ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/session?ts=1673177009452&bid_id=1951772018706946693&delivery_id=a4063513-e4df-4114-b27e-eb96b5221ee8&placement_id=31880&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27939&creative_version=12
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=yuptqxg&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: e2d5af53802fdafcd8fbbb63f14bf5a6
date: Sun, 08 Jan 2023 11:23:29 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
DATA 200
OK truncated
/ Frame B8BA 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 84f64dbbc75b4cedd97e18b4d1407e58e27fb9cc17260d77ef751eb932afc9f2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 5116 52 KB
17 KB 21ms
21ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=2030592
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=auwfxq&e=1250011214715
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 17771
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Sun, 08 Jan 2023 11:23:29 GMT
ETag: W/"623de86a-cf34"
Expires: Sun, 01 Jan 2023 17:03:48 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 7, 236594
X-Served-By: cache-lga13626-LGA, cache-hhn-etou8220061-HHN
X-Timer: S1673177009.492665,VS0,VE0

GET
H/1.1 200
OK rd_log Show response
fra1-ib.adnxs.com/ Frame FEFF 0
934 B 20ms
19ms Script
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QKOBPBMDgIAAAMA1gAFAQiwz-qdBhCq7oW48IedkWgYrtKEspaDxZIcKjYJjPM3oRABlz8RzyBw6iTXkj8ZAAAAgOtRyD8hzyBw6iTXkj8pjPMJJNgxAAAAQOF6lD8w4-v0CjiYUEC8CUhlUNbCqsMBWPLTlwFgAGj0-7QBeLvXBYABAYoBA1VTRJIBAQbwtpgBrAKgAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKbhU7qAhFodHRwczovL2tyZXN5LnBsL4ADAIgDAZADAJgDF6ADAaoDAMADrALIAwDYA5HWUuADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBA4yMTcuMTE0LjIxOC4yN6gEALIEEAgAEAEYrAIg-gEoADAAOAK4BADABADIBADaBAIIAeAEAfAE1gHaWIgFAZgFAKAFt9bSte2gtqF6wAUAyQUABQEU8D_SBQkJBQuAAAAA2AUB4AUB8AXThQH6BQQIABAAkAYAmAYAuAYAwQYABQEs8D_QBsKLAdoGFgoQBREdAagQABgA4AYB8gYCCACABwGIBwCgBwGqBwsxNzUwNjg5Mzc5NsgHu9cF0gcNFXMBNAjaBwYBbHAYAOAHAOoHAggA8Afn2QKKCAIQAJUIAACAP5gIAQ..&s=5998de15209f3d3d898555606af16b0965cf2f86&bdref=https%3A%2F%2Fkresy.pl%2F&bdtop=true&bdifs=2&bstk=https%3A%2F%2Fkresy.pl%2F,https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Dauwfxq%26e%3D1250011214715,https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Dauwfxq%26e%3D1250011214715&

Requested by

Host: guandads.com
URL: https://guandads.com/r/p.html?f=auwfxq&e=1250011214715

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:29 GMT
AN-X-Request-Uuid: 39dbbab9-8944-4b81-adec-8e96fde79551
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame ACF6
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO5e5rMFqHtQpXqG-z2h52s&google_cver=1

43 B
766 B

22ms
22ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO5e5rMFqHtQpXqG-z2h52s&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ64bnAhiI64rdATAB&v=APEucNXPV2Ku3pV7c-L4GMTimn9dDeRzeXHNDSUOdRZinPLeCpHRqycrwVbfHjJsiqiZzQA_x7lM-2eUnMzZV4LMMkuroveWZMDmhBWoCb62R7EkuT7a4CBAgd1zseBmtMZr7arqvJ1C8JtLwNr0EcYtZCpMfEMEtXVjRZ7mCIBwKyyd1pftdd1b34mzGSAWp9eStDsKf2zbmfWHy9SICq13aaOf6iU_XgwW54nP_xta_u6NFUtzF4I
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:29 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:29 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO5e5rMFqHtQpXqG-z2h52s&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame ACF6
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y7qnsWW3zaGr-WnHUJbxbgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO5e5rMFqHtQpXqG-z2h52s&google_cver=1

43 B
766 B

24ms
24ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO5e5rMFqHtQpXqG-z2h52s&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ64bnAhiI64rdATAB&v=APEucNXPV2Ku3pV7c-L4GMTimn9dDeRzeXHNDSUOdRZinPLeCpHRqycrwVbfHjJsiqiZzQA_x7lM-2eUnMzZV4LMMkuroveWZMDmhBWoCb62R7EkuT7a4CBAgd1zseBmtMZr7arqvJ1C8JtLwNr0EcYtZCpMfEMEtXVjRZ7mCIBwKyyd1pftdd1b34mzGSAWp9eStDsKf2zbmfWHy9SICq13aaOf6iU_XgwW54nP_xta_u6NFUtzF4I
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:30 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:29 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO5e5rMFqHtQpXqG-z2h52s&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame ACF6
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEChYt0gBh2uVqUzstA67JgA&google_cver=1

43 B
1 KB

27ms
27ms

Image
image/gif

37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEChYt0gBh2uVqUzstA67JgA&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ64bnAhiI64rdATAB&v=APEucNXPV2Ku3pV7c-L4GMTimn9dDeRzeXHNDSUOdRZinPLeCpHRqycrwVbfHjJsiqiZzQA_x7lM-2eUnMzZV4LMMkuroveWZMDmhBWoCb62R7EkuT7a4CBAgd1zseBmtMZr7arqvJ1C8JtLwNr0EcYtZCpMfEMEtXVjRZ7mCIBwKyyd1pftdd1b34mzGSAWp9eStDsKf2zbmfWHy9SICq13aaOf6iU_XgwW54nP_xta_u6NFUtzF4I

Protocol

HTTP/1.1

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:29 GMT
AN-X-Request-Uuid: 35b334fc-39e0-4582-8ba3-3db2fe1cd049
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:29 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEChYt0gBh2uVqUzstA67JgA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame ACF6
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjAyODA0OTMwNjUyMjU2MDgxNA%3D%3D

170 B
188 B

33ms
32ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjAyODA0OTMwNjUyMjU2MDgxNA%3D%3D

Requested by

Protocol

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sun, 08 Jan 2023 11:23:29 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 3c98808f-c552-4e1e-a470-5015cd8a8a05
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjAyODA0OTMwNjUyMjU2MDgxNA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 9940 15 KB
15 KB 23ms
23ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 06 Jan 2023 20:22:20 GMT
x-content-type-options: nosniff
age: 140469
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15740
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Jan 2024 20:22:20 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 9940 15 KB
16 KB 23ms
23ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 06 Jan 2023 05:09:29 GMT
x-content-type-options: nosniff
age: 195240
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Jan 2024 05:09:29 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 9940 15 KB
15 KB 23ms
23ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 06 Jan 2023 13:14:53 GMT
x-content-type-options: nosniff
age: 166116
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Jan 2024 13:14:53 GMT

GET
H3 200 15226198413995535885
s0.2mdn.net/simgad/ Frame EE53 128 KB
128 KB 22ms
21ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/15226198413995535885

Requested by

Host: acdn.adnxs-simple.com
URL: https://acdn.adnxs-simple.com/strikeforce/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a82d78a7fdaece20ceebee19121e6442cbd352153c0cca236efa6c63492a636f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 22:01:23 GMT
x-content-type-options: nosniff
age: 48126
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 130850
x-xss-protection: 0
last-modified: Thu, 22 Dec 2022 12:59:23 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 07 Jan 2024 22:01:23 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230104/r20110914/ Frame EE53 28 KB
11 KB 21ms
19ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230104/r20110914/abg_lite.js

Requested by

Host: acdn.adnxs-simple.com
URL: https://acdn.adnxs-simple.com/strikeforce/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6dc0e3aead945b6160bc87da5f4d8fbb043dde5d0bece2aa426fa01895c9e358

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 01:38:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35128
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10849
x-xss-protection: 0
server: cafe
etag: 7485935580621256062
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 22 Jan 2023 01:38:01 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame EE53 156 KB
48 KB 35ms
33ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: acdn.adnxs-simple.com
URL: https://acdn.adnxs-simple.com/strikeforce/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e7e65f5432de604cdf476d9ad55a2af5a933c715c639e4c36847023a3446f1ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48907
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1672933789069018"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 08 Jan 2023 11:23:29 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230104/r20110914/elements/html/ Frame EE53 8 KB
3 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230104/r20110914/elements/html/omrhp.js

Requested by

Host: acdn.adnxs-simple.com
URL: https://acdn.adnxs-simple.com/strikeforce/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 01:37:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35139
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 22 Jan 2023 01:37:50 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame EE53 0
0 59ms
59ms Fetch
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstuZgW-VeNwnU9gPmJk4NTTE4-w2HwHH1qt-F2JT_bySJvnLP6w5GhJ4yzOZCzgPgu8rfD7zFTLewNtsYRdf7ZVd7hJuOa2KgOyvjmnIoR35i3c5pZOb6PxV7FNO12QNi1IIIuQocYNK1Hom9-JBBrJMg&sai=AMfl-YTV053UzktTlZhyyqC-EqUIdUBAb6gyzkrzG7Q6nP4Y0VgELOpYvCS61OXcQXUpaUf7zI42YfK8-93GscAH8e0-B2xVO5ZbrEx4sfEq&sig=Cg0ArKJSzHmYQY0i_yTNEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20230104.70528&arae=0&ftch=1&adurl=

Requested by

Host: acdn.adnxs-simple.com
URL: https://acdn.adnxs-simple.com/strikeforce/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 08 Jan 2023 11:23:29 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame EE53 41 KB
15 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: acdn.adnxs-simple.com
URL: https://acdn.adnxs-simple.com/strikeforce/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 06 Jan 2023 22:28:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 132906
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Jan 2024 22:28:23 GMT

GET
H/1.1

200
OK

request.php Show response
hal900023.redintelligence.net/ Frame 1018
Redirect Chain

https://hal900023.redintelligence.net/request.php?zone=qcnz3il3mbuc&nw=20&renderingType=javascript&namespace=0dda538860&subid=&uid=e43c682b0c84b6d0&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900023.redintelligence.net/request.php?zone=qcnz3il3mbuc&nw=20&renderingType=javascript&namespace=0dda538860&subid=&uid=e43c682b0c84b6d0&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

613 B
937 B

128ms
71ms

Script
application/x-javascript

78.46.23.46
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900023.redintelligence.net/request.php?zone=qcnz3il3mbuc&nw=20&renderingType=javascript&namespace=0dda538860&subid=&uid=e43c682b0c84b6d0&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aruc&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D1cdf1942e01b0880c87179d193f3caa15506e76e%26mt_aid%3D1764686132736762848%26mt_id%3D11204414%26mt_adid%3D215543%26mt_sid%3D12780336%26mt_exid%3D9%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D695b63ba-a7b1-4001-a45b-b92890f35042%26mt_cid%3D695b63ba-a7b1-4001-a45b-b92890f35042%26mt_3pck%3Dhttps%253A%2F%2Fbeacon-nf.rubiconproject.com%2Fbeacon%2Fv3%2Ft%2Ffra2%2F0%2F48826c9f-2e22-4293-836d-e96a87629420%2F%26redirect%3D&documentReferer=https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Dehgguw%26e%3D1250011214715&ancestorOrigins=https%3A%2F%2Fguandads.com%2Chttps%3A%2F%2Fkresy.pl&random=384744200761&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=ehgguw&e=1250011214715
Protocol: HTTP/1.1
Server: 78.46.23.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.46.23.46.78.clients.your-server.de
Software: Apache /
Resource Hash: 4b53e11670d6f95a4288897fcf924dc85dce175f12e47a5fbe47882d27f3b410

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:29 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 22272800078875306783187012198023
Connection: close
Content-Length: 331
Expires: Sun, 08 Jan 2023 11:23:29 +0100

Redirect headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:29 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=qcnz3il3mbuc&nw=20&renderingType=javascript&namespace=0dda538860&subid=&uid=e43c682b0c84b6d0&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aruc&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D1cdf1942e01b0880c87179d193f3caa15506e76e%26mt_aid%3D1764686132736762848%26mt_id%3D11204414%26mt_adid%3D215543%26mt_sid%3D12780336%26mt_exid%3D9%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D695b63ba-a7b1-4001-a45b-b92890f35042%26mt_cid%3D695b63ba-a7b1-4001-a45b-b92890f35042%26mt_3pck%3Dhttps%253A%2F%2Fbeacon-nf.rubiconproject.com%2Fbeacon%2Fv3%2Ft%2Ffra2%2F0%2F48826c9f-2e22-4293-836d-e96a87629420%2F%26redirect%3D&documentReferer=https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Dehgguw%26e%3D1250011214715&ancestorOrigins=https%3A%2F%2Fguandads.com%2Chttps%3A%2F%2Fkresy.pl&random=384744200761&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Sun, 08 Jan 2023 11:23:29 +0100

GET
H2 404 c-click-402x.png
assets.scoota.co/creative/assets/oet0lk2/bundle/18/ Frame D424 0
0 151ms
149ms Image
application/xml 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/oet0lk2/bundle/18/c-click-402x.png?placement_id=31881
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=xebwvxkv&e=1250011214715
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H2 200 c-click.png
assets.scoota.co/creative/assets/oet0lk2/bundle/18/ Frame D424 133 B
538 B 25ms
22ms Image
image/png 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/oet0lk2/bundle/18/c-click.png?placement_id=31881
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=xebwvxkv&e=1250011214715
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c6cda3436804b8099a3082f03fba9dcdd129cf207a23a987544859a6d37f0b60

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 06:01:59 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 20605
x-cache: Hit from cloudfront
content-length: 133
last-modified: Wed, 14 Dec 2022 18:13:12 GMT
server: AmazonS3
etag: "4c59b72a56a1f9d68ed872927f3eeda1"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: eZ5wZElzd5Ktf8FCb2SbgAM5GQgwBuDTN2SeFExRgQU4IJS6nzyF3Q==

GET
H2 404 c-dell-logo-402x.png
assets.scoota.co/creative/assets/oet0lk2/bundle/18/ Frame D424 0
0 58ms
56ms Image
application/xml 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/oet0lk2/bundle/18/c-dell-logo-402x.png?placement_id=31881
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=xebwvxkv&e=1250011214715
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H2 200 c-dell-logo.png
assets.scoota.co/creative/assets/oet0lk2/bundle/18/ Frame D424 2 KB
2 KB 24ms
22ms Image
image/png 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/oet0lk2/bundle/18/c-dell-logo.png?placement_id=31881
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=xebwvxkv&e=1250011214715
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6ceebbb0cc3c9f4268c91fdc8bdb86b3f2d0c6d8922b9b91bcd3853eda2dc667

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 06:01:59 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 20605
x-cache: Hit from cloudfront
content-length: 1790
last-modified: Wed, 14 Dec 2022 18:13:14 GMT
server: AmazonS3
etag: "b892857e5c6c06b2ec8b4f109e6b26dc"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: 6EHuR2TYAWVcDchY1INKYXFc2dQZ8h71Sj5bDheMrDR6PqXNRfo1uw==

GET
H2 404 c-intel-402x.png
assets.scoota.co/creative/assets/oet0lk2/bundle/18/ Frame D424 0
0 66ms
64ms Image
application/xml 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/oet0lk2/bundle/18/c-intel-402x.png?placement_id=31881
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=xebwvxkv&e=1250011214715
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H2 200 c-intel.png
assets.scoota.co/creative/assets/oet0lk2/bundle/18/ Frame D424 6 KB
6 KB 25ms
23ms Image
image/png 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/oet0lk2/bundle/18/c-intel.png?placement_id=31881
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=xebwvxkv&e=1250011214715
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6d1378dc240aa3be25758d5ea637cfbf5e2ba2c4f550a6b54380389cccfb7622

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 06:05:55 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 19055
x-cache: Hit from cloudfront
content-length: 5869
last-modified: Wed, 14 Dec 2022 18:13:13 GMT
server: AmazonS3
etag: "b6800318cb778ea4ff1379da8f50ff6b"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: 3eqfo0pGaf9PNhRSEXFaWi3TY0cTBoaSqMjpUL8_TvRoM8sZIjBTig==

GET
H2 404 c-cta-402x.png
assets.scoota.co/creative/assets/oet0lk2/bundle/18/ Frame D424 0
0 100ms
98ms Image
application/xml 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/oet0lk2/bundle/18/c-cta-402x.png?placement_id=31881
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=xebwvxkv&e=1250011214715
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H2 200 c-cta.png
assets.scoota.co/creative/assets/oet0lk2/bundle/18/ Frame D424 730 B
1 KB 25ms
23ms Image
image/png 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/oet0lk2/bundle/18/c-cta.png?placement_id=31881
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=xebwvxkv&e=1250011214715
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d01e3858d850c67329efcc30054e9e19c45261d7aa161d273002795f05a6db2a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 06:05:55 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
last-modified: Wed, 14 Dec 2022 18:13:12 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 19055
etag: "6f1631d973a3a56507e44d2c73d3d0e0"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
x-cache: Hit from cloudfront
accept-ranges: bytes
content-length: 730
x-amz-cf-id: BjbzExTLSJtk5UEhbdDLWG7kOQsQIykC4bo0ypn5SUZK777P8VWnJQ==

GET
H2 200 c-video.png
assets.scoota.co/creative/assets/oet0lk2/bundle/18/ Frame D424 119 B
523 B 25ms
24ms Image
image/png 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/oet0lk2/bundle/18/c-video.png?placement_id=31881
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=xebwvxkv&e=1250011214715
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b7be4acff514395180a685654bf3dfa66fdc6e2b64f069234f23520fe94e4240

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:46 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 84094
x-cache: Hit from cloudfront
content-length: 119
last-modified: Wed, 14 Dec 2022 18:13:12 GMT
server: AmazonS3
etag: "a335afc866129b8c48038f201c6a8ce4"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: Usg7HLnp6hubB5v3Tw7gva7BRFzDLt9MV1HZowQDySCs4RXKslcpHg==

GET
H2 404 c-background-402x.png
assets.scoota.co/creative/assets/oet0lk2/bundle/18/ Frame D424 0
0 151ms
150ms Image
application/xml 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/oet0lk2/bundle/18/c-background-402x.png?placement_id=31881
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=xebwvxkv&e=1250011214715
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H2 200 c-background.png
assets.scoota.co/creative/assets/oet0lk2/bundle/18/ Frame D424 105 B
510 B 25ms
24ms Image
image/png 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/oet0lk2/bundle/18/c-background.png?placement_id=31881
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=xebwvxkv&e=1250011214715
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 290f6707a06ba91d68d6942f3103048a77070723ad53d467595b7c8c4d452753

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 06:39:44 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 19055
x-cache: Hit from cloudfront
content-length: 105
last-modified: Wed, 14 Dec 2022 18:13:11 GMT
server: AmazonS3
etag: "809255f91738bef0a61476ef0709cca0"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: 2HmQRm3YxSPSUgstkv426wePPfOdlwKlQLo44kPAZwJRTsQ_9uxxpw==

GET
H2 200 session
track.scoota.co/ Frame D424 42 B
123 B 42ms
41ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/session?ts=1673177009545&bid_id=7202460214858058873&delivery_id=3fdc4e55-f72c-4b5f-87e0-94ccff97d0e9&placement_id=31881&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27938&creative_version=17
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=xebwvxkv&e=1250011214715
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 9a703f56c4a47562bd4d25dffa471e51
date: Sun, 08 Jan 2023 11:23:29 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 404 c-video-402x.png
assets.scoota.co/creative/assets/oet0lk2/bundle/18/ Frame D424 0
0 140ms
140ms Image
application/xml 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/oet0lk2/bundle/18/c-video-402x.png?placement_id=31881
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=xebwvxkv&e=1250011214715
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame FEFF 0
0 62ms
62ms Fetch
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst_wLEMHeHMaNLXCoGhaxMMKpg4Jg2tLyRkMRhUp1uVCmGkwtLyECvcA5zdeVtc8Fx9YeXSFuLNsZBSAm1gcfuRw4-zJ8cgZhPNGq5ZnGcUT9nTdUuwz1sGccKGo9afQKQpO5ahhBxc_Fc0sFFq1JzAXw&sai=AMfl-YR2zPcwiLwhknZxTKwoif5uvNyXMTFL6ZnD5kk2NyXZLjGbrqT5gRKwTg8_pX6qfh0aZ9r0EHLwQIp4OnB400cKqMAW9s57WXrecJ7X&sig=Cg0ArKJSzDHueCwUPFwBEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=256&vt=11&dtpt=255&dett=2&cstd=0&cisv=r20230104.18123&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 08 Jan 2023 11:23:29 GMT

GET
H2 404 c-click-402x.png
assets.scoota.co/creative/assets/oet0lk2/bundle/18/ Frame 0ABF 0
0 146ms
146ms Image
application/xml 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/oet0lk2/bundle/18/c-click-402x.png?placement_id=31881
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=3605273051021679518&delivery_id=9fb09995-9bdb-4590-9bdc-da93d9cb4c8f&domain=kresy.pl&cachebuster=2070341175&event=serve&placement_id=31881&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008799&ts=1673177008799&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31881%2Fplacement.js%3Fts%3D1673177008799
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H2 200 c-click.png
assets.scoota.co/creative/assets/oet0lk2/bundle/18/ Frame 0ABF 133 B
538 B 22ms
21ms Image
image/png 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/oet0lk2/bundle/18/c-click.png?placement_id=31881
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=3605273051021679518&delivery_id=9fb09995-9bdb-4590-9bdc-da93d9cb4c8f&domain=kresy.pl&cachebuster=2070341175&event=serve&placement_id=31881&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008799&ts=1673177008799&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31881%2Fplacement.js%3Fts%3D1673177008799
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c6cda3436804b8099a3082f03fba9dcdd129cf207a23a987544859a6d37f0b60

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 06:01:59 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 20605
x-cache: Hit from cloudfront
content-length: 133
last-modified: Wed, 14 Dec 2022 18:13:12 GMT
server: AmazonS3
etag: "4c59b72a56a1f9d68ed872927f3eeda1"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: vCa7lIT_YnWLJwPdcO1zL1EdUH8elTWRamRSX03fI_KOjqnTV-Zb_g==

GET
H2 404 c-dell-logo-402x.png
assets.scoota.co/creative/assets/oet0lk2/bundle/18/ Frame 0ABF 0
0 50ms
48ms Image
application/xml 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/oet0lk2/bundle/18/c-dell-logo-402x.png?placement_id=31881
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=3605273051021679518&delivery_id=9fb09995-9bdb-4590-9bdc-da93d9cb4c8f&domain=kresy.pl&cachebuster=2070341175&event=serve&placement_id=31881&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008799&ts=1673177008799&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31881%2Fplacement.js%3Fts%3D1673177008799
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H2 200 c-dell-logo.png
assets.scoota.co/creative/assets/oet0lk2/bundle/18/ Frame 0ABF 2 KB
2 KB 22ms
22ms Image
image/png 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/oet0lk2/bundle/18/c-dell-logo.png?placement_id=31881
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=3605273051021679518&delivery_id=9fb09995-9bdb-4590-9bdc-da93d9cb4c8f&domain=kresy.pl&cachebuster=2070341175&event=serve&placement_id=31881&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008799&ts=1673177008799&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31881%2Fplacement.js%3Fts%3D1673177008799
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6ceebbb0cc3c9f4268c91fdc8bdb86b3f2d0c6d8922b9b91bcd3853eda2dc667

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 06:01:59 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 20605
x-cache: Hit from cloudfront
content-length: 1790
last-modified: Wed, 14 Dec 2022 18:13:14 GMT
server: AmazonS3
etag: "b892857e5c6c06b2ec8b4f109e6b26dc"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: vaJZjZ3iThnOmDV5BM-2IEPyjSJ7fPA_6kwzBYEI_RavXqGEhcH94w==

GET
H2 404 c-intel-402x.png
assets.scoota.co/creative/assets/oet0lk2/bundle/18/ Frame 0ABF 0
0 57ms
56ms Image
application/xml 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/oet0lk2/bundle/18/c-intel-402x.png?placement_id=31881
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=3605273051021679518&delivery_id=9fb09995-9bdb-4590-9bdc-da93d9cb4c8f&domain=kresy.pl&cachebuster=2070341175&event=serve&placement_id=31881&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008799&ts=1673177008799&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31881%2Fplacement.js%3Fts%3D1673177008799
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H2 200 c-intel.png
assets.scoota.co/creative/assets/oet0lk2/bundle/18/ Frame 0ABF 6 KB
6 KB 22ms
21ms Image
image/png 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/oet0lk2/bundle/18/c-intel.png?placement_id=31881
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=3605273051021679518&delivery_id=9fb09995-9bdb-4590-9bdc-da93d9cb4c8f&domain=kresy.pl&cachebuster=2070341175&event=serve&placement_id=31881&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008799&ts=1673177008799&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31881%2Fplacement.js%3Fts%3D1673177008799
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6d1378dc240aa3be25758d5ea637cfbf5e2ba2c4f550a6b54380389cccfb7622

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 06:05:55 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 19055
x-cache: Hit from cloudfront
content-length: 5869
last-modified: Wed, 14 Dec 2022 18:13:13 GMT
server: AmazonS3
etag: "b6800318cb778ea4ff1379da8f50ff6b"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: 8hkUi5l-RDG7MYozHfKO78vykB42mD5_5G99qy-jflkhuqXyuTjyXA==

GET
H2 404 c-cta-402x.png
assets.scoota.co/creative/assets/oet0lk2/bundle/18/ Frame 0ABF 0
0 90ms
89ms Image
application/xml 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/oet0lk2/bundle/18/c-cta-402x.png?placement_id=31881
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=3605273051021679518&delivery_id=9fb09995-9bdb-4590-9bdc-da93d9cb4c8f&domain=kresy.pl&cachebuster=2070341175&event=serve&placement_id=31881&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008799&ts=1673177008799&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31881%2Fplacement.js%3Fts%3D1673177008799
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H2 200 c-cta.png
assets.scoota.co/creative/assets/oet0lk2/bundle/18/ Frame 0ABF 730 B
1 KB 21ms
21ms Image
image/png 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/oet0lk2/bundle/18/c-cta.png?placement_id=31881
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=3605273051021679518&delivery_id=9fb09995-9bdb-4590-9bdc-da93d9cb4c8f&domain=kresy.pl&cachebuster=2070341175&event=serve&placement_id=31881&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008799&ts=1673177008799&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31881%2Fplacement.js%3Fts%3D1673177008799
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d01e3858d850c67329efcc30054e9e19c45261d7aa161d273002795f05a6db2a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 06:05:55 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
last-modified: Wed, 14 Dec 2022 18:13:12 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 19055
etag: "6f1631d973a3a56507e44d2c73d3d0e0"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
x-cache: Hit from cloudfront
accept-ranges: bytes
content-length: 730
x-amz-cf-id: EbwdXku7iAjWnwIQlu5hZcjsEXhzWAubvgaJ3Xso6-cP0qpCULSCAA==

GET
H2 200 c-video.png
assets.scoota.co/creative/assets/oet0lk2/bundle/18/ Frame 0ABF 119 B
523 B 21ms
20ms Image
image/png 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/oet0lk2/bundle/18/c-video.png?placement_id=31881
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=3605273051021679518&delivery_id=9fb09995-9bdb-4590-9bdc-da93d9cb4c8f&domain=kresy.pl&cachebuster=2070341175&event=serve&placement_id=31881&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008799&ts=1673177008799&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31881%2Fplacement.js%3Fts%3D1673177008799
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b7be4acff514395180a685654bf3dfa66fdc6e2b64f069234f23520fe94e4240

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:46 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 84094
x-cache: Hit from cloudfront
content-length: 119
last-modified: Wed, 14 Dec 2022 18:13:12 GMT
server: AmazonS3
etag: "a335afc866129b8c48038f201c6a8ce4"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: gG0L9HOI9In4t9W5xQ_7SSC3J1yauriGWd0iXv8wxm78jQU77bvAFw==

GET
H2 404 c-background-402x.png
assets.scoota.co/creative/assets/oet0lk2/bundle/18/ Frame 0ABF 0
0 140ms
139ms Image
application/xml 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/oet0lk2/bundle/18/c-background-402x.png?placement_id=31881
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=3605273051021679518&delivery_id=9fb09995-9bdb-4590-9bdc-da93d9cb4c8f&domain=kresy.pl&cachebuster=2070341175&event=serve&placement_id=31881&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008799&ts=1673177008799&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31881%2Fplacement.js%3Fts%3D1673177008799
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H2 200 c-background.png
assets.scoota.co/creative/assets/oet0lk2/bundle/18/ Frame 0ABF 105 B
509 B 21ms
21ms Image
image/png 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/oet0lk2/bundle/18/c-background.png?placement_id=31881
Requested by: Host: track.scoota.co
URL: https://track.scoota.co/serve?bid_id=3605273051021679518&delivery_id=9fb09995-9bdb-4590-9bdc-da93d9cb4c8f&domain=kresy.pl&cachebuster=2070341175&event=serve&placement_id=31881&runtime_version=19.5.1&placement_version=1&ssp=appnexus_10264&dsp=appnexus_no_cost&time=1673177008799&ts=1673177008799&url=https%3A%2F%2Fassets.scoota.co%2Fserving%2F31881%2Fplacement.js%3Fts%3D1673177008799
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 290f6707a06ba91d68d6942f3103048a77070723ad53d467595b7c8c4d452753

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 06:39:44 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 19055
x-cache: Hit from cloudfront
content-length: 105
last-modified: Wed, 14 Dec 2022 18:13:11 GMT
server: AmazonS3
etag: "809255f91738bef0a61476ef0709cca0"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: SnjL44qk0kyU2Qsyt6F9R7YMvs58Vt0Iso-dbLgoUKf-__ulj254jw==

GET
H2 200 session
track.scoota.co/ Frame 0ABF 42 B
123 B 41ms
41ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/session?ts=1673177009561&bid_id=3605273051021679518&delivery_id=9fb09995-9bdb-4590-9bdc-da93d9cb4c8f&placement_id=31881&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27938&creative_version=17
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=dtbuvkzau&e=1250011214715
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: fa2ff3f2a4a3783bd251fb320dad881e
date: Sun, 08 Jan 2023 11:23:29 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 404 c-video-402x.png
assets.scoota.co/creative/assets/oet0lk2/bundle/18/ Frame 0ABF 0
0 127ms
127ms Image
application/xml 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/oet0lk2/bundle/18/c-video-402x.png?placement_id=31881
Requested by: Host: assets.scoota.co
URL: https://assets.scoota.co/serving/31881/7db856c424b607666857.1.js?placement_id=31881
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H3 200 B27432037.331381584;dc_ver=92.271;sz=300x250;u_sd=1;gdpr=0;aucid=2388022505169867866;crid=347914397;ioid=%24%7BINSERTION_ORDER_ID%7D;liid=%24%7BCAMPAIGN_ID%7D;segid=%24%7BPIXEL_ID_COMMA%7D;srcid=%2... Show response
ad.doubleclick.net/ddm/adj/N163801.2560713PROPERTYSOLUTIONS/ Frame C098 67 KB
28 KB 60ms
59ms Script
text/javascript 142.250.181.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N163801.2560713PROPERTYSOLUTIONS/B27432037.331381584;dc_ver=92.271;sz=300x250;u_sd=1;gdpr=0;aucid=2388022505169867866;crid=347914397;ioid=%24%7BINSERTION_ORDER_ID%7D;liid=%24%7BCAMPAIGN_ID%7D;segid=%24%7BPIXEL_ID_COMMA%7D;srcid=%24%7BSOURCE_URL%7D;dc_adk=1221982918;ord=9mz749;click=https%3A%2F%2Ffra1-ib.adnxs.com%2Fclick%3F34RCBBxChT8YgepE5q9_PwAAAIDrUcg_GIHqROavfz_ghEIEHEKFP1rUSfDQ9SMhLilBZhkUJRywp7pjAAAAAOM1XQEYKAAA6h8AAAIAAACdwLwU8uklAAAAAABVU0QAVVNEACwB-gD0PQAAAAABAQUCAAAAANoA4CSZewAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%25214RbEkAjY2dMVEJ2B86UBGPLTlwEgACgAMZqZmZmZmbk_OglGUkExOjY0MDZAlzBJAAAAAAAA8D9RAAAAAAAAAABZAAAAAAAAAABhAAAAAAAA0D9pAAAAAAAAAABxAAAAAAAAAAB4AIkBAAAAAAAA8D8.%2Fcca%3DODE3MCNGUkExOjY0MDY%3D%2Fbn%3D98908%2Fclickenc%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd;dc_rfl=2,https%3A%2F%2Fkresy.pl%2F$0;xdt=1;crlt=ZcB4vihynP;cmpl=8;gcsr=m;stc=1;chaa=1;sttr=223;prcl=s

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v92.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f6.1e100.net

Software

cafe /

Resource Hash

4dab2e9fc859a576e69ee65d521505331516fc987017932336c6f0320eb3505a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:29 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28560
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 404 c-video-402x.png
assets.scoota.co/creative/assets/oet0lk2/bundle/18/ Frame D424 0
0 110ms
108ms Image
application/xml 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/oet0lk2/bundle/18/c-video-402x.png?placement_id=31881
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=xebwvxkv&e=1250011214715
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

GET
H3 200 15226198413995535885
s0.2mdn.net/simgad/ Frame B182 128 KB
128 KB 22ms
21ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/15226198413995535885

Requested by

Host: acdn.adnxs-simple.com
URL: https://acdn.adnxs-simple.com/strikeforce/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a82d78a7fdaece20ceebee19121e6442cbd352153c0cca236efa6c63492a636f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 22:01:23 GMT
x-content-type-options: nosniff
age: 48126
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 130850
x-xss-protection: 0
last-modified: Thu, 22 Dec 2022 12:59:23 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 07 Jan 2024 22:01:23 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230104/r20110914/ Frame B182 28 KB
11 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230104/r20110914/abg_lite.js

Requested by

Host: acdn.adnxs-simple.com
URL: https://acdn.adnxs-simple.com/strikeforce/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6dc0e3aead945b6160bc87da5f4d8fbb043dde5d0bece2aa426fa01895c9e358

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 01:38:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35128
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10849
x-xss-protection: 0
server: cafe
etag: 7485935580621256062
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 22 Jan 2023 01:38:01 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B182 156 KB
48 KB 30ms
30ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: acdn.adnxs-simple.com
URL: https://acdn.adnxs-simple.com/strikeforce/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e7e65f5432de604cdf476d9ad55a2af5a933c715c639e4c36847023a3446f1ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48907
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1672933789069018"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 08 Jan 2023 11:23:29 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230104/r20110914/elements/html/ Frame B182 8 KB
3 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230104/r20110914/elements/html/omrhp.js

Requested by

Host: acdn.adnxs-simple.com
URL: https://acdn.adnxs-simple.com/strikeforce/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 01:37:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35139
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 22 Jan 2023 01:37:50 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame B182 0
0 59ms
58ms Fetch
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuhvn_OZo8kIAxOM7iy2Reqzxz840PVqzotAWA3dQQZjZJYpynikX3Qw82ZI9l9AW9nKFRhVZ6w1yywN5WzbG-RCfxpkM1xf1QYsoCzAtIrEpWs4QcLklInHGUzGzKAMuzEIy5z8DgpjHAIg2-1ZfmQ9Q&sai=AMfl-YSqyYdB9IXahebufkSKw4M15L-FvEVfJm-lEMDl018nUEe06IOjh3eW36LqzVJ2sNC8GJ3afb_NWdAEPvBeP4vjCawFc73GoktaWejM&sig=Cg0ArKJSzGcA0JGsc8pDEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20230104.15083&arae=0&ftch=1&adurl=

Requested by

Host: acdn.adnxs-simple.com
URL: https://acdn.adnxs-simple.com/strikeforce/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 08 Jan 2023 11:23:29 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame B182 41 KB
15 KB 25ms
21ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: acdn.adnxs-simple.com
URL: https://acdn.adnxs-simple.com/strikeforce/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 06 Jan 2023 22:28:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 132906
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Jan 2024 22:28:23 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 59B2 0
0 59ms
58ms Fetch
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstNT08swKZvR-zutYol93PjeVw36J-LqU_fIE3IVHJW2a2oJVNV_Y8GwRKxZhemecCA8WOI-35HCMhcSbq6LiUd3UdcXqbzixFObZvp3PkYnWSAN6CVHIPWP-BDoZ1EL8eqSoLmn6WdXiNIwGGyjluQNA&sai=AMfl-YTVGO0m2b9D_Dgdbnjuf2J470lxyEyODVCLyF6-V5dY1__7c2hrSy7B1fNQteBDrYcIFjku3csqNqc1q4Zu8r5gUxjyG6s8HqWOQ1ns&sig=Cg0ArKJSzGiAlCI8-2DxEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=217&vt=11&dtpt=216&dett=2&cstd=0&cisv=r20230104.08775&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 08 Jan 2023 11:23:29 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 83FB 0
0 58ms
58ms Fetch
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssc48eaxfvPy80lDxhQcujcPuljNUXO1pO7K7xEPi9hJGZWbWAX5OCW7_THx8Bv3tfcyYBeNwY2W6258FtgRhpGJKaOH4AJ-su2nEpC7nW6jlaqJCHxmDTiC3lC8qG_HiQjbILbTXvoQwwMERGA_qQQSQ&sai=AMfl-YRR4lCT9fPlHBS1Jl1cFj4jqwx1XD2OG18V7OqxxpehwPLR7QaFiinwICoNbrQKf1V4paqt1A4NHBXr4WuPLWVi4fEVHqt75i1JrD28&sig=Cg0ArKJSzJi7t9xQZOoUEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=259&vt=11&dtpt=259&dett=2&cstd=0&cisv=r20230104.93217&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 08 Jan 2023 11:23:29 GMT

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 6907 52 KB
17 KB 22ms
21ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=2030592
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=okjsbkm&e=1977672056027
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 17771
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Sun, 08 Jan 2023 11:23:29 GMT
ETag: W/"623de86a-cf34"
Expires: Sun, 01 Jan 2023 17:03:48 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 7, 236598
X-Served-By: cache-lga13626-LGA, cache-hhn-etou8220061-HHN
X-Timer: S1673177010.668900,VS0,VE0

GET
H/1.1 200
OK rd_log Show response
fra1-ib.adnxs.com/ Frame 59B2 0
934 B 21ms
20ms Script
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QKOBPBMDgIAAAMA1gAFAQiwz-qdBhDvsdSWm7LR_D0YrtKEspaDxZIcKjYJjPM3oRABlz8RzyBw6iTXkj8ZAAAAgOtRyD8hzyBw6iTXkj8pjPMJJNgxAAAAQOF6lD8w4-v0CjiYUEC8CUhlUNbCqsMBWPLTlwFgAGj0-7QBeL2EBoABAYoBA1VTRJIBAQbwtpgBrAKgAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKbhU7qAhFodHRwczovL2tyZXN5LnBsL4ADAIgDAZADAJgDF6ADAaoDAMADrALIAwDYA5HWUuADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBA4yMTcuMTE0LjIxOC4yN6gEALIEEAgAEAEYrAIg-gEoADAAOAK4BADABADIBADaBAIIAeAEAfAE1gHaWIgFAZgFAKAF49LSgeC01-EBwAUAyQUABQEU8D_SBQkJBQuAAAAA2AUB4AUB8AXThQH6BQQIABAAkAYAmAYAuAYAwQYABQEs8D_QBsKLAdoGFgoQBREdAagQABgA4AYB8gYCCACABwGIBwCgBwGqBwsxNzUwNjg5Mzc5NsgHvYQG0gcNFXMBNAjaBwYBbHAYAOAHAOoHAggA8Afn2QKKCAIQAJUIAACAP5gIAQ..&s=f04746c596bbe33fd05a8a6c267b660336dea3b1&bdref=https%3A%2F%2Fkresy.pl%2F&bdtop=true&bdifs=2&bstk=https%3A%2F%2Fkresy.pl%2F,https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Dokjsbkm%26e%3D1977672056027,https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Dokjsbkm%26e%3D1977672056027&

Requested by

Host: guandads.com
URL: https://guandads.com/r/p.html?f=okjsbkm&e=1977672056027

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:29 GMT
AN-X-Request-Uuid: ef42d9f3-3258-4c0f-892f-06d2b32a0d54
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 2047 0
0 59ms
58ms Fetch
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsujJHkfn8zezEAUDqKknoff6xkpWzPOs3phOFnURsUEa-9On1gczgWOIF374739UYRW-OJc4I9_Q3hHu-Fj1R6b0jJzqgC0Eacu62e4xoGMZTx-WDvEYCg_ZoxqJR1aoFsUp9DKW03JLbz9O2XvoO_QOw&sai=AMfl-YRa_XopRcARpBBRjttRXMItL89wBJL2uW0lv7XXchvVNFBDYLerXGkx5Uyhp87BYUcnTI7KeuWEfZBhDrme_zWrobj35DXg4teJBNkN&sig=Cg0ArKJSzFVMbrV2gCCFEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=240&vt=11&dtpt=239&dett=2&cstd=0&cisv=r20230104.64567&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 08 Jan 2023 11:23:29 GMT

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 6641 52 KB
17 KB 30ms
29ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=2030592
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=lfippz&e=1977672056027
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 17771
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Sun, 08 Jan 2023 11:23:29 GMT
ETag: W/"623de86a-cf34"
Expires: Sun, 01 Jan 2023 17:03:48 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 7, 232296
X-Served-By: cache-lga13626-LGA, cache-hhn-etou8220041-HHN
X-Timer: S1673177010.679745,VS0,VE0

GET
H/1.1 200
OK rd_log Show response
fra1-ib.adnxs.com/ Frame 83FB 0
934 B 39ms
38ms Script
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QKOBPBMDgIAAAMA1gAFAQiwz-qdBhCfgLWHn5DejQEYrtKEspaDxZIcKjYJjPM3oRABlz8RzyBw6iTXkj8ZAAAAgOtRyD8hzyBw6iTXkj8pjPMJJNgxAAAAQOF6lD8w4-v0CjiYUEC8CUhlUNbCqsMBWPLTlwFgAGj0-7QBeLSEBoABAYoBA1VTRJIBAQbwtpgBrAKgAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKbhU7qAhFodHRwczovL2tyZXN5LnBsL4ADAIgDAZADAJgDF6ADAaoDAMADrALIAwDYA5HWUuADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBA4yMTcuMTE0LjIxOC4yN6gEALIEEAgAEAEYrAIg-gEoADAAOAK4BADABADIBADaBAIIAeAEAfAE1gHaWIgFAZgFAKAFreX7-82U--0lwAUAyQUABQEU8D_SBQkJBQuAAAAA2AUB4AUB8AXThQH6BQQIABAAkAYAmAYAuAYAwQYABQEs8D_QBsKLAdoGFgoQBREdAagQABgA4AYB8gYCCACABwGIBwCgBwGqBwsxNzUwNjg5Mzc5NsgHtIQG0gcNFXMBNAjaBwYBbHAYAOAHAOoHAggA8Afn2QKKCAIQAJUIAACAP5gIAQ..&s=f917aef7813535844fb8ccd28fdf2a03e87aa725&bdref=https%3A%2F%2Fkresy.pl%2F&bdtop=true&bdifs=2&bstk=https%3A%2F%2Fkresy.pl%2F,https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Dlfippz%26e%3D1977672056027,https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Dlfippz%26e%3D1977672056027&

Requested by

Host: guandads.com
URL: https://guandads.com/r/p.html?f=lfippz&e=1977672056027

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:29 GMT
AN-X-Request-Uuid: 8a1d69b4-f3d3-4edd-bd0b-31c45bfb5a06
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 5CA2 52 KB
17 KB 39ms
21ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=2030592
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=qxnnnps&e=1977672056027
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 17771
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Sun, 08 Jan 2023 11:23:29 GMT
ETag: W/"623de86a-cf34"
Expires: Sun, 01 Jan 2023 17:03:48 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 7, 236599
X-Served-By: cache-lga13626-LGA, cache-hhn-etou8220061-HHN
X-Timer: S1673177010.693978,VS0,VE0

GET
H/1.1 200
OK rd_log Show response
fra1-ib.adnxs.com/ Frame 2047 0
934 B 21ms
21ms Script
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QKOBPBMDgIAAAMA1gAFAQiwz-qdBhCf2LC3ovX2zQYYrtKEspaDxZIcKjYJjPM3oRABlz8RzyBw6iTXkj8ZAAAAgOtRyD8hzyBw6iTXkj8pjPMJJNgxAAAAQOF6lD8w4-v0CjiYUEC8CUhlUNbCqsMBWPLTlwFgAGj0-7QBeLvXBYABAYoBA1VTRJIBAQbwtpgBrAKgAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKbhU7qAhFodHRwczovL2tyZXN5LnBsL4ADAIgDAZADAJgDF6ADAaoDAMADrALIAwDYA5HWUuADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBA4yMTcuMTE0LjIxOC4yN6gEALIEEAgAEAEYrAIg-gEoADAAOAK4BADABADIBADaBAIIAeAEAfAE1gHaWIgFAZgFAKAFm_2w-c_64agMwAUAyQUABQEU8D_SBQkJBQuAAAAA2AUB4AUB8AXThQH6BQQIABAAkAYAmAYAuAYAwQYABQEs8D_QBsKLAdoGFgoQBREdAagQABgA4AYB8gYCCACABwGIBwCgBwGqBwsxNzUwNjg5Mzc5NsgHu9cF0gcNFXMBNAjaBwYBbHAYAOAHAOoHAggA8Afn2QKKCAIQAJUIAACAP5gIAQ..&s=068c525bc08ee0a9312672a4f6fa95561855c666&bdref=https%3A%2F%2Fkresy.pl%2F&bdtop=true&bdifs=2&bstk=https%3A%2F%2Fkresy.pl%2F,https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Dqxnnnps%26e%3D1977672056027,https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Dqxnnnps%26e%3D1977672056027&

Requested by

Host: guandads.com
URL: https://guandads.com/r/p.html?f=qxnnnps&e=1977672056027

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:29 GMT
AN-X-Request-Uuid: bab6da59-a232-4ee4-bfbe-d60dfabcae3c
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 206 Dell-NewYear-MPU.mp4
assets.scoota.co/creative/assets/oet0lk2/video/34/5/ Frame D424 2 MB
2 MB 24ms
24ms Media
video/mp4 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/creative/assets/oet0lk2/video/34/5/Dell-NewYear-MPU.mp4?placement_id=31881
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=xebwvxkv&e=1250011214715
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e71f47cb1a16158087ef695d4d43c7e8df57daf87a8efe283acb833674176f74

Request headers

Referer: https://guandads.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Range: bytes=0-

Response headers

date: Sat, 07 Jan 2023 12:02:35 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 84108
x-cache: Hit from cloudfront
Content-Range: bytes 0-2509576/2509577
content-disposition: attachment
Content-Length: 2509577
last-modified: Wed, 14 Dec 2022 18:13:29 GMT
server: AmazonS3
etag: "6392c5834744d00e1138632b583d27b2"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: video/mp4
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: DHp461FQUshGrYg5JkVRTZara-oSWxyV0V8ZvrS7cQqIMhtUgEs_Dw==

GET
H2 206 Dell-NewYear-MPU.mp4
assets.scoota.co/creative/assets/oet0lk2/video/34/5/ Frame 0ABF 2 MB
2 MB 61ms
61ms Media
video/mp4 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/creative/assets/oet0lk2/video/34/5/Dell-NewYear-MPU.mp4?placement_id=31881
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=dtbuvkzau&e=1250011214715
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e71f47cb1a16158087ef695d4d43c7e8df57daf87a8efe283acb833674176f74

Request headers

Referer: https://guandads.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Range: bytes=0-

Response headers

date: Sat, 07 Jan 2023 12:50:32 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 84108
x-cache: Hit from cloudfront
Content-Range: bytes 0-2509576/2509577
content-disposition: attachment
Content-Length: 2509577
last-modified: Wed, 14 Dec 2022 18:13:29 GMT
server: AmazonS3
etag: "6392c5834744d00e1138632b583d27b2"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: video/mp4
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: 1mWUSzeb8Afk-NeUHadU6S0ijCysPDue7TV_gyHIwvYb5ftufGciZA==

POST
H/1.1 200
OK impression Show response
analytics.webpushr.com/notification_card/ 0
531 B 178ms
178ms Fetch
text/html 64.227.50.180
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webpushr.com/notification_card/impression
Requested by: Host: cdn.webpushr.com
URL: https://cdn.webpushr.com/app.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.227.50.180 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://kresy.pl/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Sun, 08 Jan 2023 11:23:29 GMT
Content-Encoding: gzip
Server: nginx/1.14.0 (Ubuntu)
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: https://kresy.pl
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

GET
H2 200 c-video.png
assets.scoota.co/creative/assets/hoy4lk3/bundle/9/ Frame 5C97 268 B
682 B 51ms
51ms Image
image/png 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/hoy4lk3/bundle/9/c-video.png?placement_id=31880
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=hwvfnqo&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 376866d4c7ecc85ce6d2bf55e5ced6f6c04d42ffeabd6df481a6ea1f26d83ad1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:15 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 84075
x-cache: Hit from cloudfront
content-length: 268
last-modified: Wed, 14 Dec 2022 18:55:05 GMT
server: AmazonS3
etag: "d5d9608b31e655ae679bb2c9d76f69df"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: 8HLGkexvxQdSqg_wTStwdr6by0gbNlbbNkx903zL6JW3RR44DR3Qaw==

POST
H/1.1 200
OK vevent
fra1-ib.adnxs.com/ Frame FEFF 0
953 B 88ms
88ms Ping
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QKaC_BMmgUAAAMA1gAFAQiwz-qdBhCq7oW48IedkWgYrtKEspaDxZIcKjYJjPM3oRABlz8RzyBw6iTXkj8ZAAAAgOtRyD8hzyBw6iTXkj8pjPMJJNgxAAAAQOF6lD8w4-v0CjiYUEC8CUhlUNbCqsMBWPLTlwFgAGj0-7QBeLvXBYABAYoBA1VTRJIBAQbwVZgBrAKgAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKbhU7qAhFodHRwczovL2tyZXN5LnBsL4ADAIgDAZADAJgDF6ADAaoDiwcK1AZoDSf0rgRhZHguZy5kb3VibGVjbGljay5uZXQvcGFnZWFkL2Fkdmlldz9haT1DWHJYcnNLZTZZNDJuTE1tZ21MQVAtNjI0aUFIWHE1R2hicUNKNV9XYkVmZ3VFQUVnNXBmV0pXQ1Znb0NBckFmSUFRS3BBanlUUlFUSzI3RS1xQU1CeUFPWkJLb0VnZ0pQMEtHRm95SW9NQ1BLNDBORmtiR1BEY2Y2c0JlZnljdVBPcG9keEI5OVNzMFM1WFA4NkNURW1JdVdzYjFFYS1EdVNWZU1tMzNYYndRY3dXUTA2RHZQUEhlVkJ4ZlJvcmt6SHhiR2w5VVpmZXptUFVWUm9CbmJVVktlc1dycnFGamxhY0pFbjFaYUw3eHJwUjM1NTRjT016QU9NS1RUdFhiWURST084a05iU0lpTUZKb2ltWjlOODc0b2NkbDJjY0JUQ1VmMVhFbzFTbjRFZUFHWkxad3VoS0V2cm9BNW9XUTJYQVFLVlliWTNxWGdSRlZaWWVlVXV5YkQ3VEZqSHo2TXBmNkZMRDJuSEFHRXB4d1pZcFRkcHpoTTlHVDY4MUZYNWU3Y19LdHR4S3ZJcnNFa1pkbVdUWk1kLWplMWJFZnphZWhPRnFwYWZVcFdpRnU3Y1prYjRJekFCS2lVb2ZHS0JPQUVBNGdGNVBfM20wR1NCUVlJSFJBRUdBR1NCUVlJSFJBQkdBR1NCUVlJSGhBQkdBR1FCZ0dnQmdLQUI5ZTd0TVFCcUFlT3podW9CNVBZRzZnSDdwYXhBcWdIX3A2eEFxZ0hwS094QXFnSDFja2JxQWVtdmh2WUJ3RHlCd29Rd2E4QkdJanJpdDBCMGdnUkNJRGhnQkFRQVJoZk1nS3FBam9DZ0VEeUNBNWlhV1JrWlhJdE5UYzBNekExT0lBS0JNZ0xBYkFUbkk3bUVjZ1Q1WVBENEFQUUV3RFlFeERZRkFIUUZRR0FGd0d5RndnS0JnZ0FFZ0FZQUEmc2lnaD1NS2pQTlo4dVFNQSZ1YWNoX209W1VBQ0hdJmNpZD1DQVFTR3dEcTI2TjlYUlFPZDJfZUJwZmZ3QzlNbXM0RWVKbkIycWFRV0JnQklBbyZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhM3NTAzNjg3NzQzMjAxOTY1ODY2Igk0MDk2NDEzMDIqBzU2MjUwMzM6CTQ2MzY0ODEzNsADrALIAwDYA5HWUuADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBA4yMTcuMTE0LjIxOC4yN6gEALIEEAgAEAEYrAIg-gEoADAAOAK4BADABADIBADaBAIIAeAEAfAE1sKqwwGIBQGYBQCgBbfW0rXtoLahesAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBdOFAfoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbCiwHaBhYKEAAAAAAAAAAAAAAAAAAAAAAQABgA4AYB8gYCCACABwGIBwCgBwGqBwsxNzUwNjg5Mzc5NsgHu9cF0gcNCQAAAAAAAAAAEAAYANoHBggAEAAYAOAHAOoHAggA8Afn2QKKCAIQAJUIAACAP5gIAQ..&s=067836505f57b6149e196799114181dc0c283d2b&type=nv&nvt=5&jm=1003&px=0&py=0&bw=300&bh=250&sid=7403146411521057559&vd=ct~0|rr~0&sv=231&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=22885859&sw=1600&sh=1200&pw=300&ph=250&ww=300&wh=250&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/231/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:29 GMT
AN-X-Request-Uuid: d039e2e5-5a98-4683-a6be-d017ed3dba60
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 36F8
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

67ms
66ms

Document
text/html

2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 08 Jan 2023 11:23:29 GMT
expires: Sun, 08 Jan 2023 11:23:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 08 Jan 2023 11:23:29 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 0ABF 488 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 598e0134768c1cccdc20533b48338ab1d1c2036ed29a21a288773ac6cf490fa6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ Frame D424 488 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 598e0134768c1cccdc20533b48338ab1d1c2036ed29a21a288773ac6cf490fa6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 OU_aD-3-G2pcaJqwlUagl315JVS_daCE4k47Wxj7Xso.js Show response
pagead2.googlesyndication.com/bg/ Frame 1F3C 36 KB
16 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/OU_aD-3-G2pcaJqwlUagl315JVS_daCE4k47Wxj7Xso.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

394fda0fedfe1b6a5c689ab09546a0977d792554bf75a084e24e3b5b18fb5eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 20:26:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 53816
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16095
x-xss-protection: 0
last-modified: Tue, 03 Jan 2023 14:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 07 Jan 2024 20:26:33 GMT

GET
H3 200 OU_aD-3-G2pcaJqwlUagl315JVS_daCE4k47Wxj7Xso.js Show response
pagead2.googlesyndication.com/bg/ Frame 9715 36 KB
16 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/OU_aD-3-G2pcaJqwlUagl315JVS_daCE4k47Wxj7Xso.js

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

394fda0fedfe1b6a5c689ab09546a0977d792554bf75a084e24e3b5b18fb5eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 20:26:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 53816
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16095
x-xss-protection: 0
last-modified: Tue, 03 Jan 2023 14:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 07 Jan 2024 20:26:33 GMT

GET
H2 200 c-video.png
assets.scoota.co/creative/assets/hoy4lk3/bundle/9/ Frame BC77 268 B
683 B 73ms
72ms Image
image/png 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/hoy4lk3/bundle/9/c-video.png?placement_id=31880
Requested by: Host: assets.scoota.co
URL: https://assets.scoota.co/serving/31880/89812b76af29bc5f27a6.1.js?placement_id=31880
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 376866d4c7ecc85ce6d2bf55e5ced6f6c04d42ffeabd6df481a6ea1f26d83ad1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 12:02:15 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 84075
x-cache: Hit from cloudfront
content-length: 268
last-modified: Wed, 14 Dec 2022 18:55:05 GMT
server: AmazonS3
etag: "d5d9608b31e655ae679bb2c9d76f69df"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: x3dXiOG-igPqf33PPSXDoQvNrAo9vIHM3f-CXv3rf09WvIYxIbBr4w==

GET
H2 200 c-video.png
assets.scoota.co/creative/assets/hoy4lk3/bundle/9/ Frame 3382 268 B
682 B 46ms
46ms Image
image/png 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/hoy4lk3/bundle/9/c-video.png?placement_id=31880
Requested by: Host: assets.scoota.co
URL: https://assets.scoota.co/serving/31880/89812b76af29bc5f27a6.1.js?placement_id=31880
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 376866d4c7ecc85ce6d2bf55e5ced6f6c04d42ffeabd6df481a6ea1f26d83ad1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 84075
x-cache: Hit from cloudfront
content-length: 268
last-modified: Wed, 14 Dec 2022 18:55:05 GMT
server: AmazonS3
etag: "d5d9608b31e655ae679bb2c9d76f69df"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: -VFVFOVujtE4pSGL6snn2LH7tUzKFKugQvIkJ3w65SpRklnWcmA-vg==

GET
H2 200 c-video.png
assets.scoota.co/creative/assets/hoy4lk3/bundle/9/ Frame 55AC 268 B
682 B 42ms
42ms Image
image/png 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/hoy4lk3/bundle/9/c-video.png?placement_id=31880
Requested by: Host: assets.scoota.co
URL: https://assets.scoota.co/serving/31880/89812b76af29bc5f27a6.1.js?placement_id=31880
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 376866d4c7ecc85ce6d2bf55e5ced6f6c04d42ffeabd6df481a6ea1f26d83ad1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 84075
x-cache: Hit from cloudfront
content-length: 268
last-modified: Wed, 14 Dec 2022 18:55:05 GMT
server: AmazonS3
etag: "d5d9608b31e655ae679bb2c9d76f69df"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: HxWwocxS_tdLziLhgB1Id7SbVtwWTLiadEq1LYfGA26DwUuBkmW4pg==

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame AD07 22 KB
8 KB 21ms
21ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 111194
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 07 Jan 2023 04:30:15 GMT
expires: Sun, 07 Jan 2024 04:30:15 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 OU_aD-3-G2pcaJqwlUagl315JVS_daCE4k47Wxj7Xso.js Show response
pagead2.googlesyndication.com/bg/ Frame 19E8 36 KB
16 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/OU_aD-3-G2pcaJqwlUagl315JVS_daCE4k47Wxj7Xso.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

394fda0fedfe1b6a5c689ab09546a0977d792554bf75a084e24e3b5b18fb5eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 20:26:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 53816
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16095
x-xss-protection: 0
last-modified: Tue, 03 Jan 2023 14:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 07 Jan 2024 20:26:33 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame EE53 0
0 58ms
58ms Fetch
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstuZgW-VeNwnU9gPmJk4NTTE4-w2HwHH1qt-F2JT_bySJvnLP6w5GhJ4yzOZCzgPgu8rfD7zFTLewNtsYRdf7ZVd7hJuOa2KgOyvjmnIoR35i3c5pZOb6PxV7FNO12QNi1IIIuQocYNK1Hom9-JBBrJMg&sai=AMfl-YTV053UzktTlZhyyqC-EqUIdUBAb6gyzkrzG7Q6nP4Y0VgELOpYvCS61OXcQXUpaUf7zI42YfK8-93GscAH8e0-B2xVO5ZbrEx4sfEq&sig=Cg0ArKJSzHmYQY0i_yTNEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=369&vt=11&dtpt=368&dett=2&cstd=0&cisv=r20230104.70528&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: acdn.adnxs-simple.com
URL: https://acdn.adnxs-simple.com/strikeforce/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 08 Jan 2023 11:23:29 GMT

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame F7E0 52 KB
17 KB 23ms
20ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=2030592
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=hifpjvmm&e=1250011214715
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 17772
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Sun, 08 Jan 2023 11:23:29 GMT
ETag: W/"623de86a-cf34"
Expires: Sun, 01 Jan 2023 17:03:48 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 7, 236602
X-Served-By: cache-lga13626-LGA, cache-hhn-etou8220061-HHN
X-Timer: S1673177010.905159,VS0,VE0

GET
H/1.1 200
OK rd_log Show response
fra1-ib.adnxs.com/ Frame EE53 0
934 B 31ms
31ms Script
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QKOBPBMDgIAAAMA1gAFAQiwz-qdBhCNmfT7rNWY2SMYrtKEspaDxZIcKjYJjPM3oRABlz8RzyBw6iTXkj8ZAAAAgOtRyD8hzyBw6iTXkj8pjPMJJNgxAAAAQOF6lD8w4-v0CjiYUEC8CUhlUNbCqsMBWPLTlwFgAGj0-7QBeK_YBYABAYoBA1VTRJIBAQbwtpgBrAKgAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKbhU7qAhFodHRwczovL2tyZXN5LnBsL4ADAIgDAZADAJgDF6ADAaoDAMADrALIAwDYA5HWUuADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBA4yMTcuMTE0LjIxOC4yN6gEALIEEAgAEAEYrAIg-gEoADAAOAK4BADABADIBADaBAIIAeAEAfAE1gHaWIgFAZgFAKAFivG_qaWOtOgYwAUAyQUABQEU8D_SBQkJBQuAAAAA2AUB4AUB8AXThQH6BQQIABAAkAYAmAYAuAYAwQYABQEs8D_QBsKLAdoGFgoQBREdAagQABgA4AYB8gYCCACABwGIBwCgBwGqBwsxNzUwNjg5Mzc5NsgHr9gF0gcNFXMBNAjaBwYBbHAYAOAHAOoHAggA8Afn2QKKCAIQAJUIAACAP5gIAQ..&s=4ffbf7982e414d163e44ee94c9c8dc5e8cead912&bdref=https%3A%2F%2Fkresy.pl%2F&bdtop=true&bdifs=2&bstk=https%3A%2F%2Fkresy.pl%2F,https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Dhifpjvmm%26e%3D1250011214715,https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Dhifpjvmm%26e%3D1250011214715&

Requested by

Host: acdn.adnxs-simple.com
URL: https://acdn.adnxs-simple.com/strikeforce/script.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:29 GMT
AN-X-Request-Uuid: 6b4f32d7-c2aa-4302-939b-069abe4ea7bc
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 c-video.png
assets.scoota.co/creative/assets/hoy4lk3/bundle/9/ Frame BC77 268 B
674 B 21ms
21ms Image
image/png 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/hoy4lk3/bundle/9/c-video.png?placement_id=31880
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=ygqcyx&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 376866d4c7ecc85ce6d2bf55e5ced6f6c04d42ffeabd6df481a6ea1f26d83ad1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 84075
x-cache: Hit from cloudfront
content-length: 268
last-modified: Wed, 14 Dec 2022 18:55:05 GMT
server: AmazonS3
etag: "d5d9608b31e655ae679bb2c9d76f69df"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: TdC5EbICtMDDjCNreU8cZDJspUGh6SH9cSZdzMV-B4swbSX8PJKqtg==

GET
H2 200 c-video.png
assets.scoota.co/creative/assets/hoy4lk3/bundle/9/ Frame 55AC 268 B
673 B 23ms
23ms Image
image/png 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/hoy4lk3/bundle/9/c-video.png?placement_id=31880
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=yuptqxg&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 376866d4c7ecc85ce6d2bf55e5ced6f6c04d42ffeabd6df481a6ea1f26d83ad1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 84075
x-cache: Hit from cloudfront
content-length: 268
last-modified: Wed, 14 Dec 2022 18:55:05 GMT
server: AmazonS3
etag: "d5d9608b31e655ae679bb2c9d76f69df"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: c1MhaykOlZKh4M3Hnagxwly3gUkLfUCdSoz6JitThAcGSUE_NhEEDQ==

GET
H2 200 c-video.png
assets.scoota.co/creative/assets/hoy4lk3/bundle/9/ Frame 3382 268 B
673 B 23ms
23ms Image
image/png 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.scoota.co/creative/assets/hoy4lk3/bundle/9/c-video.png?placement_id=31880
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=elbbkpf&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 376866d4c7ecc85ce6d2bf55e5ced6f6c04d42ffeabd6df481a6ea1f26d83ad1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 84075
x-cache: Hit from cloudfront
content-length: 268
last-modified: Wed, 14 Dec 2022 18:55:05 GMT
server: AmazonS3
etag: "d5d9608b31e655ae679bb2c9d76f69df"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: VmFIvnpwkg_tPZhxDbAURFaYtI6PpGEvpceWals9-YpFY_jM4G0ogA==

POST
H/1.1 200
OK vevent
fra1-ib.adnxs.com/ Frame 6D7C 0
953 B 21ms
20ms Ping
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QL1BfBM9QIAAAMA1gAFAQiwz-qdBhD8gMyim7GYonYYrtKEspaDxZIcKjYJWDuKc9TRkT8R0KXWAEcwjT8ZAAAAoEfhyj8h0KXWAEcwjT8pWDsJJNAxAAAA4FG4nj8wrev0CjiYUEDlHkhlUK2iyyVY8tOXAWAAaPT7tAF47tAEgAEBigEDVVNEkgUG8FWYAcoHoAH6AagBAbABALgBAcABBcgBAtABANgBAOABAPABANgCAOACm4VO6gIRaHR0cHM6Ly9rcmVzeS5wbC-AAwCIAwGQAwCYAxegAwGqA-cBCr8BaA0ncHBhZ2VhZDIuZ29vZ2xlc3luZGljYXRpb24uY29tDR5EL2dlbl8yMDQ_aWQ9YXdiaWQmBQb0BQFfYj1BS0FtZi1BdU1OLXM0VEpRZ0Q5UTlQM0lnZ1ZkSXlrVjl1c3RkcUk5enMtN2ZKdTJ3bF92eldpRk90dmltaUphZjZIeGhvdGJ0dGthRXUzN3BjN0FHSDZhS3ZHRThMaXBRdyZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhM4NTIyMDQzNjM4OTU1NTczMzcyIgg3ODgyNzgyMSoEMzk0McADrALIAwDYA5HWUuADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBA4yMTcuMTE0LjIxOC4yN6gEALIEEAgAEAEYygcg-gEoADAAOAK4BADABADIBADaBAIIAeAEAfAEIcFYiAUBmAUAoAWv0rTYpobT2T7ABQDJBQAFARTwP9IFCQkFC3wAAADYBQHgBQHwBcnqK_oFBAgAEACQBgCYBgC4BgDBBgEhNAAA8D_QBu6PAdoGFgoQCRIZAbAQABgA4AYB8gYCCACABwGIBwCgBwGqBwwxMzg5OTQxOTI1MzjIB-7QBNIHDQkRNwE1CNoHBgFtcBgA4AcA6gcCCADwB-fZAooIAhAAlQgAAIA_mAgB&s=286d6942f39cfae69770476ffa0fb0e9c06ff839&type=pv&jm=1003&px=0&py=0&bw=970&bh=250&sf=1&sid=7403146411521057559&vd=ct~0|rr~5&sv=231&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=22885805&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/231/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:29 GMT
AN-X-Request-Uuid: 85dde25c-8c63-4f09-9d8f-615d49197052
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 206 Dell-NewYear-970x250.mp4
assets.scoota.co/creative/assets/hoy4lk3/video/19/11/ Frame 5C97 2 MB
2 MB 22ms
22ms Media
video/mp4 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/creative/assets/hoy4lk3/video/19/11/Dell-NewYear-970x250.mp4?placement_id=31880
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=hwvfnqo&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 204fd05601f839df43dc5e7d79d891465459a098fe7db76dd54f24fc0fd8c17c

Request headers

Referer: https://guandads.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Range: bytes=0-

Response headers

date: Sat, 07 Jan 2023 12:02:36 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 84075
x-cache: Hit from cloudfront
Content-Range: bytes 0-2527949/2527950
content-disposition: attachment
Content-Length: 2527950
last-modified: Wed, 14 Dec 2022 18:55:29 GMT
server: AmazonS3
etag: "36409dbb800d30aece3c3178968bf8ed"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: video/mp4
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: WeYrjmX3mYPPF5W9xkeeQ_C5Ltrc9tSyLkRcAxl9rs9B76InunSUMg==

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame B182 0
0 62ms
62ms Fetch
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuhvn_OZo8kIAxOM7iy2Reqzxz840PVqzotAWA3dQQZjZJYpynikX3Qw82ZI9l9AW9nKFRhVZ6w1yywN5WzbG-RCfxpkM1xf1QYsoCzAtIrEpWs4QcLklInHGUzGzKAMuzEIy5z8DgpjHAIg2-1ZfmQ9Q&sai=AMfl-YSqyYdB9IXahebufkSKw4M15L-FvEVfJm-lEMDl018nUEe06IOjh3eW36LqzVJ2sNC8GJ3afb_NWdAEPvBeP4vjCawFc73GoktaWejM&sig=Cg0ArKJSzGcA0JGsc8pDEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=353&vt=11&dtpt=352&dett=2&cstd=0&cisv=r20230104.15083&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: acdn.adnxs-simple.com
URL: https://acdn.adnxs-simple.com/strikeforce/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:29 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 08 Jan 2023 11:23:29 GMT

GET
H3 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame C098 106 KB
37 KB 100ms
27ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
Origin: https://guandads.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 14:16:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 75995
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 08 Jan 2023 14:16:55 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230104/r20110914/elements/html/ Frame C098 8 KB
3 KB 53ms
53ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230104/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N163801.2560713PROPERTYSOLUTIONS/B27432037.331381584;dc_ver=92.271;sz=300x250;u_sd=1;gdpr=0;aucid=2388022505169867866;crid=347914397;ioid=%24%7BINSERTION_ORDER_ID%7D;liid=%24%7BCAMPAIGN_ID%7D;segid=%24%7BPIXEL_ID_COMMA%7D;srcid=%24%7BSOURCE_URL%7D;dc_adk=1221982918;ord=9mz749;click=https%3A%2F%2Ffra1-ib.adnxs.com%2Fclick%3F34RCBBxChT8YgepE5q9_PwAAAIDrUcg_GIHqROavfz_ghEIEHEKFP1rUSfDQ9SMhLilBZhkUJRywp7pjAAAAAOM1XQEYKAAA6h8AAAIAAACdwLwU8uklAAAAAABVU0QAVVNEACwB-gD0PQAAAAABAQUCAAAAANoA4CSZewAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%25214RbEkAjY2dMVEJ2B86UBGPLTlwEgACgAMZqZmZmZmbk_OglGUkExOjY0MDZAlzBJAAAAAAAA8D9RAAAAAAAAAABZAAAAAAAAAABhAAAAAAAA0D9pAAAAAAAAAABxAAAAAAAAAAB4AIkBAAAAAAAA8D8.%2Fcca%3DODE3MCNGUkExOjY0MDY%3D%2Fbn%3D98908%2Fclickenc%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd;dc_rfl=2,https%3A%2F%2Fkresy.pl%2F$0;xdt=1;crlt=ZcB4vihynP;cmpl=8;gcsr=m;stc=1;chaa=1;sttr=223;prcl=s

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 01:37:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35139
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2986
x-xss-protection: 0
server: cafe
etag: 3296546412363819624
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 22 Jan 2023 01:37:50 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame C098 41 KB
15 KB 52ms
51ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 06 Jan 2023 22:28:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 132906
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Jan 2024 22:28:23 GMT

GET
H2 200 ca Show response
choices.trustarc.com/ Frame C098 27 KB
10 KB 178ms
119ms Script
text/javascript 99.86.4.64
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://choices.trustarc.com/ca?sz=300x250&c=528318265&cid=0&aid=sojern02_d&pid=sojern01&js=pmw0

Requested by

Host: choices.truste.com
URL: https://choices.truste.com/ca?pid=sojern01&aid=sojern02_d&cid=0&c=528318265&sz=300x250&js=st_dapp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.64 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-64.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

14f1dfe69aaff83f11c7119731b90fbd81daf43bbce44bf6a1c10dfb6fd0d24e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' ; font-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' ; frame-ancestors 'self' ; connect-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; media-src 'self' ; child-src 'self' ; worker-src 'self' ; manifest-src 'self' ; prefetch-src 'self' ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 21da0a66bafe2c8de8be4a4d8039346a.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *; prefetch-src 'self' *;
x-amz-cf-pop: FRA6-C1
cross-origin-embedder-policy: unsafe-none
x-cache: Miss from cloudfront
cross-origin-resource-policy: cross-origin
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: origin
server: nginx
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=31536000
x-frame-options: SAMEORIGIN
vary: Accept-Encoding, Origin
content-type: text/javascript;charset=UTF-8
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: geolocation=(), microphone=(), payment=()
x-amz-cf-id: 58xMt8ylaObpRQKPRCyYRGnPA1zEnX0fmPg6QCyN7fABsPfDXG0-KA==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame F086 52 KB
17 KB 26ms
26ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=2030592
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=hpzswbsj&e=1977672056027
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 17772
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Sun, 08 Jan 2023 11:23:29 GMT
ETag: W/"623de86a-cf34"
Expires: Sun, 01 Jan 2023 17:03:48 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 7, 236605
X-Served-By: cache-lga13626-LGA, cache-hhn-etou8220061-HHN
X-Timer: S1673177010.975649,VS0,VE0

GET
H/1.1 200
OK rd_log Show response
fra1-ib.adnxs.com/ Frame B182 0
934 B 80ms
80ms Script
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QKOBPBMDgIAAAMA1gAFAQiwz-qdBhCk48vnw_LSv08YrtKEspaDxZIcKjYJjPM3oRABlz8RzyBw6iTXkj8ZAAAAgOtRyD8hzyBw6iTXkj8pjPMJJNgxAAAAQOF6lD8w4-v0CjiYUEC8CUhlUNbCqsMBWPLTlwFgAGj0-7QBeMuGBoABAYoBA1VTRJIBAQbwtpgBrAKgAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKbhU7qAhFodHRwczovL2tyZXN5LnBsL4ADAIgDAZADAJgDF6ADAaoDAMADrALIAwDYA5HWUuADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBA4yMTcuMTE0LjIxOC4yN6gEALIEEAgAEAEYrAIg-gEoADAAOAK4BADABADIBADaBAIIAeAEAfAE1gHaWIgFAZgFAKAFsJHN0b2Dl81rwAUAyQUABQEU8D_SBQkJBQuAAAAA2AUB4AUB8AXThQH6BQQIABAAkAYAmAYAuAYAwQYABQEs8D_QBsKLAdoGFgoQBREdAagQABgA4AYB8gYCCACABwGIBwCgBwGqBwsxNzUwNjg5Mzc5NsgHy4YG0gcNFXMBNAjaBwYBbHAYAOAHAOoHAggA8Afn2QKKCAIQAJUIAACAP5gIAQ..&s=731dbd19483095dfaf34cbeb1611157add8ec254&bdref=https%3A%2F%2Fkresy.pl%2F&bdtop=true&bdifs=2&bstk=https%3A%2F%2Fkresy.pl%2F,https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Dhpzswbsj%26e%3D1977672056027,https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Dhpzswbsj%26e%3D1977672056027&

Requested by

Host: acdn.adnxs-simple.com
URL: https://acdn.adnxs-simple.com/strikeforce/script.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:30 GMT
AN-X-Request-Uuid: bacfd2d8-f464-41ef-81d4-fcc21c3d6f2e
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 206 Dell-NewYear-970x250.mp4
assets.scoota.co/creative/assets/hoy4lk3/video/19/11/ Frame BC77 2 MB
2 MB 74ms
74ms Media
video/mp4 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/creative/assets/hoy4lk3/video/19/11/Dell-NewYear-970x250.mp4?placement_id=31880
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=ygqcyx&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 204fd05601f839df43dc5e7d79d891465459a098fe7db76dd54f24fc0fd8c17c

Request headers

Referer: https://guandads.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Range: bytes=0-

Response headers

date: Sat, 07 Jan 2023 12:02:36 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 84075
x-cache: Hit from cloudfront
Content-Range: bytes 0-2527949/2527950
content-disposition: attachment
Content-Length: 2527950
last-modified: Wed, 14 Dec 2022 18:55:29 GMT
server: AmazonS3
etag: "36409dbb800d30aece3c3178968bf8ed"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: video/mp4
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: Y40lnNwzd7ErpiH8VVlkriFuTMHlda3GWIEk0dXRt3rAbjMCw9rP1w==

POST
H/1.1 200
OK vevent
fra1-ib.adnxs.com/ Frame 59B2 0
953 B 27ms
27ms Ping
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QKSC_BMkgUAAAMA1gAFAQiwz-qdBhDvsdSWm7LR_D0YrtKEspaDxZIcKjYJjPM3oRABlz8RzyBw6iTXkj8ZAAAAgOtRyD8hzyBw6iTXkj8pjPMJJNgxAAAAQOF6lD8w4-v0CjiYUEC8CUhlUNbCqsMBWPLTlwFgAGj0-7QBeL2EBoABAYoBA1VTRJIBAQbwVZgBrAKgAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKbhU7qAhFodHRwczovL2tyZXN5LnBsL4ADAIgDAZADAJgDF6ADAaoDgwcKzAZoDSf0pgRhZHguZy5kb3VibGVjbGljay5uZXQvcGFnZWFkL2Fkdmlldz9haT1DQWtnUHNLZTZZNnJVTi1ILW5zRVBvdXFKLUFUWHE1R2hicUNKNV9XYkVmZ3VFQUVnNXBmV0pXQ1Znb0NBckFmSUFRS3BBanlUUlFUSzI3RS1xQU1CeUFPWkJLb0VfQUZQMEV0MlBDWUplZ0VhWFpqcXNiS2MzTkpTZ05aZ05kRko5ZzE2WjMzMC1yZnl6akVMQXRtSU1pOXNBRjE3WmRDUm53dHgySldGVDJuVWVld08wX1RfZzY4aG9iT1lCUUt2cnh6Zl9pTl9Wb2F0UjlBbjVfV3ZDdUx4cWY1VWMxbHRLQXhwRUI4U0hNbGR2a19YdnI1anprN3RVczVFck03MkZiQ3VuWk9yN09yLVNkYlBhZFdZLVdoTG5CeVlVSkpFMzdrSGQ0OEpsNXlvUWIxY0t0SFhfMHlZS2lKc0ZPYk5FbnJvN1N6c1UtLXFJM0lrVkxlMUFlcUwxX01FVVZ4V2xxNzJCVExjeUVpTTdtVml0UVRYdlpydkgwZllMc0FFYkotMUhYVEFOYm9HdDVwTFEyQUEwd3kzRXdZWUQxRTVUVkx3bTVTbEJmdTBTUWZBQktpVW9mR0tCT0FFQTRnRjVQXzNtMEdTQlFZSUhSQUVHQUdTQlFZSUhSQUJHQUdTQlFZSUhoQUJHQUdRQmdHZ0JnS0FCOWU3dE1RQnFBZU96aHVvQjVQWUc2Z0g3cGF4QXFnSF9wNnhBcWdIcEtPeEFxZ0gxY2ticUFlbXZodllCd0R5QndvUXdhOEJHSWpyaXQwQjBnZ1JDSURoZ0JBUUFSaGZNZ0txQWpvQ2dFRHlDQTVpYVdSa1pYSXROVGMwTXpBMU9JQUtCTWdMQWJBVG5JN21FY2dUNVlQRDRBUFFFd0RZRXhEWUZBSFFGUUdBRndHeUZ3Z0tCZ2dBRWdBWUFBJnNpZ2g9QXNQZTJQV3h6NHMmdWFjaF9tPVtVQUNIXSZjaWQ9Q0FRU0d3RHEyNk45Tzk1X2hrd2dRRWpZdDZfdnJUd0VWWUdrOFF5WEZSZ0JJQW8mcHI9MTA6JHtBVUNUSU9OX1BSSUNFfRoTNDQ2NTY3Njk5NzU4NzQ0MTkwMyIJNDA5NjQxMzAyKgc1NjI1MDMzOgk0NjM2NDgxMzbAA6wCyAMA2AOR1lLgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQOMjE3LjExNC4yMTguMjeoBACyBBAIABABGKwCIPoBKAAwADgCuAQAwAQAyAQA2gQCCAHgBAHwBNbCqsMBiAUBmAUAoAXj0tKB4LTX4QHABQDJBQAAAAAAAPA_0gUJCQAAAAAAAAAA2AUB4AUB8AXThQH6BQQIABAAkAYAmAYAuAYAwQYAAAAAAADwP9AGwosB2gYWChAAAAAAAAAAAAAAAAAAAAAAEAAYAOAGAfIGAggAgAcBiAcAoAcBqgcLMTc1MDY4OTM3OTbIB72EBtIHDQkAAAAAAAAAABAAGADaBwYIABAAGADgBwDqBwIIAPAH59kCiggCEACVCAAAgD-YCAE.&s=9a82d2f511cc939d3f19ee654f7ec7772e154cdc&type=nv&nvt=5&jm=1003&px=0&py=0&bw=300&bh=250&sid=7403146411521057559&vd=ct~0|rr~0&sv=231&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=22885859&sw=1600&sh=1200&pw=300&ph=250&ww=300&wh=250&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/231/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:29 GMT
AN-X-Request-Uuid: 2e59d245-34f4-45a2-8df7-7a7c6d704566
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK vevent
fra1-ib.adnxs.com/ Frame 2047 0
953 B 27ms
26ms Ping
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QKXC_BMlwUAAAMA1gAFAQiwz-qdBhCf2LC3ovX2zQYYrtKEspaDxZIcKjYJjPM3oRABlz8RzyBw6iTXkj8ZAAAAgOtRyD8hzyBw6iTXkj8pjPMJJNgxAAAAQOF6lD8w4-v0CjiYUEC8CUhlUNbCqsMBWPLTlwFgAGj0-7QBeLvXBYABAYoBA1VTRJIBAQbwVZgBrAKgAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKbhU7qAhFodHRwczovL2tyZXN5LnBsL4ADAIgDAZADAJgDF6ADAaoDiAcK0gZoDSf0qwRhZHguZy5kb3VibGVjbGljay5uZXQvcGFnZWFkL2Fkdmlldz9haT1DeDY5M3NLZTZZNmFkTk5xcm5zRVB3NUtuTU5lcmthRnVvSW5uOVpzUi1DNFFBU0RtbDlZbFlKV0NnSUNzQjhnQkFxa0NQSk5GQk1yYnNUNm9Bd0hJQTVrRXFnU0NBa19RVzhYT0JJMldxRGlabFVWVi1mS2xjbkJ5TmhuYk1EeWItV1Z0YjczV3NnalJscmc3b2xSOXh4NE5lRVJ4S2U3Y0xIWDdSMGhqTGJMRVNOT25lYnBETFVsamxhVW54Tjltdl9fekc4Tm42ZG83bzdMeHRwd05QY3Vfa3E5RkdRcklBZl90bzdyRTRkbm43c0dTTTVlS0FsUDR0aUdrRm9DUmZUckNXaTFsaVRJN1lqQzcwV01VWlRTODAwSGdVMzRObHVoeHJzRDhpa28tUHE1SUVVQjI1S3BOYzlkNmFhUjNaSHM4WDgtZ2VkYm9sbUNSTk5OWDRaLUxYVGtFby1PWXdvbnJXblFyajUxZ0JncHBGVm1kYVJPbkh4dVJ4RFNpOHE3dDlkNHVJNDJDR2VJZzNrWXZCRHhHZDBBTzZrY3dkalZRNEFaRWFLOWloZzBkMURBZU9zQUVxSlNoOFlvRTRBUURpQVhrX19lYlFaSUZCZ2dkRUFRWUFaSUZCZ2dkRUFFWUFaSUZCZ2dlRUFFWUFaQUdBYUFHQW9BSDE3dTB4QUdvQjQ3T0c2Z0hrOWdicUFmdWxyRUNxQWYtbnJFQ3FBZWtvN0VDcUFmVnlSdW9CNmEtRzlnSEFQSUhDaERCcndFWWlPdUszUUhTQ0JFSWdPR0FFQkFCR0Y4eUFxb0NPZ0tBUVBJSURtSnBaR1JsY2kwMU56UXpNRFU0Z0FvRXlBc0JzQk9janVZUnlCUGxnOFBnQTlBVEFOZ1RFTmdVQWRBVkFZQVhBYklYQ0FvR0NBQVNBQmdBJnNpZ2g9N2lIM1p2SS1jcU0mdWFjaF9tPVtVQUNIXSZjaWQ9Q0FRU0d3RHEyNk45Z19kRm1tMUI2S1o1WDFIcThpcDJmWXp0SURvQl94Z0JJQW8mcHI9MTA6JHtBVUNUSU9OX1BSSUNFfRoSNDc2MjE1NzA5NDYxNjU0NTU5Igk0MDk2NDEzMDIqBzU2MjUwMzM6CTQ2MzY0ODEzNsADrALIAwDYA5HWUuADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBA4yMTcuMTE0LjIxOC4yN6gEALIEEAgAEAEYrAIg-gEoADAAOAK4BADABADIBADaBAIIAeAEAfAE1sKqwwGIBQGYBQCgBZv9sPnP-uGoDMAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBdOFAfoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbCiwHaBhYKEAAAAAAAAAAAAAAAAAAAAAAQABgA4AYB8gYCCACABwGIBwCgBwGqBwsxNzUwNjg5Mzc5NsgHu9cF0gcNCQAAAAAAAAAAEAAYANoHBggAEAAYAOAHAOoHAggA8Afn2QKKCAIQAJUIAACAP5gIAQ..&s=637296a3167678cf2091c818b7da0aeaadbc4561&type=nv&nvt=5&jm=1003&px=0&py=0&bw=300&bh=250&sid=7403146411521057559&vd=ct~0|rr~0&sv=231&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=22885859&sw=1600&sh=1200&pw=300&ph=250&ww=300&wh=250&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/231/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:29 GMT
AN-X-Request-Uuid: 42a36481-0d59-4a81-881b-8c0c7959de4c
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 206 Dell-NewYear-970x250.mp4
assets.scoota.co/creative/assets/hoy4lk3/video/19/11/ Frame 3382 2 MB
2 MB 132ms
131ms Media
video/mp4 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/creative/assets/hoy4lk3/video/19/11/Dell-NewYear-970x250.mp4?placement_id=31880
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=elbbkpf&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 204fd05601f839df43dc5e7d79d891465459a098fe7db76dd54f24fc0fd8c17c

Request headers

Referer: https://guandads.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Range: bytes=0-

Response headers

date: Sat, 07 Jan 2023 12:02:15 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 84075
x-cache: Hit from cloudfront
Content-Range: bytes 0-2527949/2527950
content-disposition: attachment
Content-Length: 2527950
last-modified: Wed, 14 Dec 2022 18:55:29 GMT
server: AmazonS3
etag: "36409dbb800d30aece3c3178968bf8ed"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: video/mp4
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: ebkAZ57dIzUbbZY3_6ipyAAjmU0-AlpRJJ1xB-1hdRYQNpxQfw47vQ==

GET
H2 206 Dell-NewYear-970x250.mp4
assets.scoota.co/creative/assets/hoy4lk3/video/19/11/ Frame 55AC 2 MB
2 MB 133ms
133ms Media
video/mp4 65.9.66.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.scoota.co/creative/assets/hoy4lk3/video/19/11/Dell-NewYear-970x250.mp4?placement_id=31880
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=yuptqxg&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 204fd05601f839df43dc5e7d79d891465459a098fe7db76dd54f24fc0fd8c17c

Request headers

Referer: https://guandads.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Range: bytes=0-

Response headers

date: Sat, 07 Jan 2023 12:02:15 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 84075
x-cache: Hit from cloudfront
Content-Range: bytes 0-2527949/2527950
content-disposition: attachment
Content-Length: 2527950
last-modified: Wed, 14 Dec 2022 18:55:29 GMT
server: AmazonS3
etag: "36409dbb800d30aece3c3178968bf8ed"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: video/mp4
access-control-allow-origin: *
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: IUbCpqokYLWzZ7yohlYi17qYvEG1v1NP3iy2Np0bcQGoD6KA0rboPA==

POST
H/1.1 200
OK vevent
fra1-ib.adnxs.com/ Frame 83FB 0
953 B 23ms
23ms Ping
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QKWC_BMlgUAAAMA1gAFAQiwz-qdBhCfgLWHn5DejQEYrtKEspaDxZIcKjYJjPM3oRABlz8RzyBw6iTXkj8ZAAAAgOtRyD8hzyBw6iTXkj8pjPMJJNgxAAAAQOF6lD8w4-v0CjiYUEC8CUhlUNbCqsMBWPLTlwFgAGj0-7QBeLSEBoABAYoBA1VTRJIBAQbwVZgBrAKgAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKbhU7qAhFodHRwczovL2tyZXN5LnBsL4ADAIgDAZADAJgDF6ADAaoDhwcK0gZoDSf0qgRhZHguZy5kb3VibGVjbGljay5uZXQvcGFnZWFkL2Fkdmlldz9haT1DWDJScnNLZTZZNm1hTzYtdHpBYkI5WTZ3QTllcmthRnVvSW5uOVpzUi1DNFFBU0RtbDlZbFlKV0NnSUNzQjhnQkFxa0NQSk5GQk1yYnNUNm9Bd0hJQTVrRXFnU0NBa19RUksyRFFvZ0VSWXY4enNwdzFfZXVrR2R1NjJuMXZ5TXQweUFEQXVNd2w4VmxXUzUzc09uMm16U2NBbjBIcmtLcHFpa0NDcEJCVE16MU9veTlsZTJ2b0FLQVBfMFFucml4RThvajFQdGwwTUFkOTBFbG5IcVpKcDlEMzhTMkNZUFZPdmw2NVloNFYyMEw1WFZmZElxOVJ5aTlkS1hZRGNMR1JRdWY2MzJHX1NmQ0RGSFpKNnhZQU4ydWREbE1JeHdFZVFUSEdnSHpDUE9rY0ttUVlKU09ZMzd1Rm1JQVNVMVBUVG1fck83SDU2OEZ5MFdwUEJwY0V4cklyYTFxOUplRkZoLUV1NnhRQXc1QjBycFlSemFvSEFtY0lnd3NzRVczVTZINHM3OXpTQ0ZabTEtT2N6a2NicEFocTRicXcyTkQ1VjRyaEZ3dUdscmZyY0RETVotWU5jQUVxSlNoOFlvRTRBUURpQVhrX19lYlFaSUZCZ2dkRUFRWUFaSUZCZ2dkRUFFWUFaSUZCZ2dlRUFFWUFaQUdBYUFHQW9BSDE3dTB4QUdvQjQ3T0c2Z0hrOWdicUFmdWxyRUNxQWYtbnJFQ3FBZWtvN0VDcUFmVnlSdW9CNmEtRzlnSEFQSUhDaERCcndFWWlPdUszUUhTQ0JFSWdPR0FFQkFCR0Y4eUFxb0NPZ0tBUVBJSURtSnBaR1JsY2kwMU56UXpNRFU0Z0FvRXlBc0JzQk9janVZUnlCUGxnOFBnQTlBVEFOZ1RFTmdVQWRBVkFZQVhBYklYQ0FvR0NBQVNBQmdBJnNpZ2g9My1zOGJoWXRVYjgmdWFjaF9tPVtVQUNIXSZjaWQ9Q0FRU0d3RHEyNk45dTRwSzNCazhZMVVQSDVpZzJ3RVBHd1h6YWZENF9SZ0JJQW8mcHI9MTA6JHtBVUNUSU9OX1BSSUNFfRoRNzk3ODk5MTc4OTczMTAyMzkiCTQwOTY0MTMwMioHNTYyNTAzMzoJNDYzNjQ4MTM2wAOsAsgDANgDkdZS4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDjIxNy4xMTQuMjE4LjI3qAQAsgQQCAAQARisAiD6ASgAMAA4ArgEAMAEAMgEANoEAggB4AQB8ATWwqrDAYgFAZgFAKAFreX7-82U--0lwAUAyQUAAAAAAADwP9IFCQkAAAAAAAAAANgFAeAFAfAF04UB-gUECAAQAJAGAJgGALgGAMEGAAAAAAAA8D_QBsKLAdoGFgoQAAAAAAAAAAAAAAAAAAAAABAAGADgBgHyBgIIAIAHAYgHAKAHAaoHCzE3NTA2ODkzNzk2yAe0hAbSBw0JAAAAAAAAAAAQABgA2gcGCAAQABgA4AcA6gcCCADwB-fZAooIAhAAlQgAAIA_mAgB&s=789f69d95a52c052bf6210285083fef4af3f286c&type=nv&nvt=5&jm=1003&px=0&py=0&bw=300&bh=250&sid=7403146411521057559&vd=ct~0|rr~0&sv=231&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=22885859&sw=1600&sh=1200&pw=300&ph=250&ww=300&wh=250&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/231/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:30 GMT
AN-X-Request-Uuid: 0a23b91a-8b55-4b54-a087-4147dc0d3f52
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK vevent
fra1-ib.adnxs.com/ Frame 1060 0
953 B 30ms
30ms Ping
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QL1BfBM9QIAAAMA1gAFAQiwz-qdBhCsmbDmwNqF5WIYrtKEspaDxZIcKjYJwJfCg2bXjT8RJmFqQatwiD8ZAAAAoEfhyj8hJmFqQatwiD8pwJcJJNAxAAAA4FG4nj8wrev0CjiYUEDlHkhlUK2iyyVY8tOXAWAAaPT7tAF4x4gGgAEBigEDVVNEkgUG8FWYAcoHoAH6AagBAbABALgBAcABBcgBAtABANgBAOABAPABANgCAOACm4VO6gIRaHR0cHM6Ly9rcmVzeS5wbC-AAwCIAwGQAwCYAxegAwGqA-cBCr8BaA0ncHBhZ2VhZDIuZ29vZ2xlc3luZGljYXRpb24uY29tDR5EL2dlbl8yMDQ_aWQ9YXdiaWQmBQb0BQFfYj1BS0FtZi1EYl9HZFJoSFpwMUhhVndoMXp6bmxWM0ZPU01SazVaSlZsS1RoX1ZKYVB3ckhQU05BaFpqNDBJTDFGUXBHS1BaRFlYUUJMYnBRMUlrX2ozUFJqLVdXN1kzamFTQSZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhM3MTE4NTI3MjYxMDE2MDY3MjQ0Igg3ODgyNzgyMSoEMzk0McADrALIAwDYA5HWUuADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBA4yMTcuMTE0LjIxOC4yN6gEALIEEAgAEAEYygcg-gEoADAAOAK4BADABADIBADaBAIIAeAEAfAEIcFYiAUBmAUAoAWL5Y6C6t3dvx3ABQDJBQAFARTwP9IFCQkFC3wAAADYBQHgBQHwBcnqK_oFBAgAEACQBgCYBgC4BgDBBgEhNAAA8D_QBu6PAdoGFgoQCRIZAbAQABgA4AYB8gYCCACABwGIBwCgBwGqBwwxMzg5OTQxOTI1MzjIB8eIBtIHDQkRNwE1CNoHBgFtcBgA4AcA6gcCCADwB-fZAooIAhAAlQgAAIA_mAgB&s=a7f106881fac161bfea4ffb7694d00acee2f3e24&type=pv&jm=1003&px=0&py=0&bw=970&bh=250&sf=1&sid=7403146411521057559&vd=ct~0|rr~5&sv=231&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=22885805&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/231/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:30 GMT
AN-X-Request-Uuid: aa42102f-3cca-490a-b937-522d72fc4e8f
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 8FED 22 KB
8 KB 27ms
26ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 111195
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 07 Jan 2023 04:30:15 GMT
expires: Sun, 07 Jan 2024 04:30:15 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 3E6D 22 KB
8 KB 30ms
27ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 111195
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 07 Jan 2023 04:30:15 GMT
expires: Sun, 07 Jan 2024 04:30:15 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame E040 22 KB
8 KB 103ms
99ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 111195
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 07 Jan 2023 04:30:15 GMT
expires: Sun, 07 Jan 2024 04:30:15 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 5826 52 KB
17 KB 24ms
21ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=2030592
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=hwvfnqo&e=1586314810833
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 17772
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Sun, 08 Jan 2023 11:23:30 GMT
ETag: W/"623de86a-cf34"
Expires: Sun, 01 Jan 2023 17:03:48 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 7, 236608
X-Served-By: cache-lga13626-LGA, cache-hhn-etou8220061-HHN
X-Timer: S1673177010.133421,VS0,VE0

GET
H/1.1 200
OK rd_log Show response
fra1-ib.adnxs.com/ Frame 5C97 0
934 B 26ms
23ms Script
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QKyDvBMMgcAAAMA1gAFAQiwz-qdBhDO3Mni_o6b0R4YrtKEspaDxZIcKjYJ9jsUBfpEfj8RQKJoqtfQdT8ZAAAAoEfhyj8hQKJoqtfQdT8p-DsJJNgxAAAA4FG4nj8wrev0CjiYUEDRB0gCUMmJtsMBWPLTlwFgAGj0-7QBePrXBYABAYoBA1VTRJIBAQbwTJgBygegAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEAigJpdWYoJ2EnLCAzNjcxOTYzLCAwKTt1ZignaScsIDc3NzY4MzMsIDApBRQsZycsIDE5NTQwMjMxFSkwcycsIDI3OTkwNDQ4NxUWLHInLCA0MDk4MzA2MAks8LCSAu0EIXVYcm1xQWlCNFA4WkVNbUp0c01CR0FBZzh0T1hBVEFCT0FCQUFFalJCMUN0Nl9RS1dBQmdyZ1pvQUhBQWVBQ0FBUUNJQVFDUUFRR1lBUUdnQVFLb0FRS3dBUUM1QVpfRF9iZ0tCWGtfd1FFWmVFd19ZVUYtUDhrQkFBQUFBQUFBOERfWkFaLXJyZGhmZHVvXzRBSEIxTm9EOVFITnpNdy1tQUlBb0FJQ3RRSUEBMwh2UUkBB_BYQXdBSUF5QUlBMEFJQTJBSUE0QUlBNkFJQS1BSUFnQU1CbUFNQm9nTU9DS3FiOUNjUUJCZ0JMVy1zM2pxaUF4TUk2dlBzSnhBS0dBRXRBQUNBUURJRGRXNXIFNDBKYXZ1Q1lRQ3hnQ0xRAW_wQ0M2QXdsR1VrRXhPalV6TWpEZ0E1Y3dnQVRJaE5FSmlBVGduX3dKa0FRQm1BUUVzZ1FLQ05EMDV3a1F5NFdtRGNFRUFBAUgBAQhESkIBBw0BFDJBUUE4UQVlCQFcSWdGeUNtUUJmRzhNWmdGNTRHOGhRR3BCESMUUEFfc1FVCSwBAQhNRUYBBwkBBERKBSgcRUFUby1jXzAuKAAETmsVKPBDOERfZ0JlTUY4QVdIMHFnSi1BV2JqLUFCZ2dZRFIwSlFpQVlBa0FZQm1BWUFvUWFhbVptWm1ablpQNmdHQkxJR0pBa0EJcAxBQUFCHdsEQmsBEgkBAEMdGERMZ0dDZy4umgKZASFmeGxXVlE6cQI0UExUbHdFZ0FDZ0FNWnEFbxRtZGtfT2cudQFEQkFsekJKbjZ1dDJGOTI2ajlSCWoBAQRCWgEGCQEEQmgJCAEBBEJwAQYJAQRCeAkIAQEQQjRBSWs1iPBAOEQ4LtgCAOACm4VO6gIRaHR0cHM6Ly9rcmVzeS5wbC_yAhEKBkFEVl9JRBIHMzY3MTk2M_ICEgoGQ1BHX0lEEghxhCzyAhIKBUNQX0lEEgl1gxDyAg0KCAE-GEZSRVESATAFEBxSRU1fVVNFUgUQAAwJIBhDT0RFEgDyAQ8BWREPEAsKB0NQFQ4QEAoFSU8BYSAHNzc3NjgzM_IBIQRJTxUhOBMKD0NVU1RPTV9NT0RFTAErFADyAhoKFjIWABxMRUFGX05BTQVxCB4KGjYdAAhBU1QBPhBJRklFRAE-HBUKCFNQTElUAU0Z2fCwgAMAiAMBkAMAmAMXoAMBqgMAwAOsAsgDANgDkdZS4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDjIxNy4xMTQuMjE4LjI3qAQAsgQQCAAQARjKByD6ASgAMAA4ArgEAMAEAMgEANIEDTk3NyNGUkExOjUzMjDaBAIIAeAEAfAEyYm2wwGIBQGYBQCgBf___________wHABQDJBQAAAAAAAPA_0gUJCQAAAQy4AADYBQHgBQHwBSf6BQQIABAAkAYAmAYAogYPMTAyNjQjRlJBMTo1Njc1uAYAwQYJMyjwP9AG5QLaBhYKEAkRGQFYEAAYAOAGAfIGggEI8bwxEnxQQk5SQ0ZlCthEQUFrQ0JRRUluNWpRQlJEc2dNNEJHSzJ4WUNBSEtBQkFvTlM1QWtqYzlmUURVSmN3V0tzc2NRQaEJARBlQUNCQXH6WEFBQWlBRUFrQUVBbWdFQ0NBQ29BUUN4LiAARIAHAYgHAKAHAcgH-tcF0gcNCRGpAacI2gcGAfBwGADgBwDqBwIIAPAH59kCiggCEACVCAAAgD-YCAE.&s=c559e8cbdaea3941c9465ee3f5484ea832244a97&bdref=https%3A%2F%2Fkresy.pl%2F&bdtop=true&bdifs=2&bstk=https%3A%2F%2Fkresy.pl%2F,https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Dhwvfnqo%26e%3D1586314810833,https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Dhwvfnqo%26e%3D1586314810833&

Requested by

Host: guandads.com
URL: https://guandads.com/r/p.html?f=hwvfnqo&e=1586314810833

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:30 GMT
AN-X-Request-Uuid: 897ccef2-3e61-4b51-bcb4-488c41c5959b
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame B902 52 KB
17 KB 23ms
21ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=2030592
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=ygqcyx&e=1586314810833
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 17772
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Sun, 08 Jan 2023 11:23:30 GMT
ETag: W/"623de86a-cf34"
Expires: Sun, 01 Jan 2023 17:03:48 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 7, 232303
X-Served-By: cache-lga13626-LGA, cache-hhn-etou8220041-HHN
X-Timer: S1673177010.134013,VS0,VE0

GET
H/1.1 200
OK rd_log Show response
fra1-ib.adnxs.com/ Frame BC77 0
934 B 21ms
20ms Script
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QKeGPBMHgwAAAMA1gAFAQiwz-qdBhD3iKPosrLbongYrtKEspaDxZIcKjYJ9jsUBfpEfj8RQKJoqtfQdT8ZAAAAoEfhyj8hQKJoqtfQdT8p-DsJJNgxAAAA4FG4nj8wrev0CjiYUEDRB0gCUMmJtsMBWPLTlwFgAGj0-7QBeNXXBYABAYoBA1VTRJIBAQbwTJgBygegAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEAigJpdWYoJ2EnLCAzNjcxOTYzLCAwKTt1ZignaScsIDc3NzY4MzMsIDApBRQsZycsIDE5NTQwMjMxFSkwcycsIDI3OTkwNDQ4NxUWLHInLCA0MDk4MzA2MAks8LCSAtkOIW5YSzNLd2lCNFA4WkVNbUp0c01CR0FBZzh0T1hBVEFCT0FCQUFFalJCMUN0Nl9RS1dBQmdyZ1pvQUhBQWVBQ0FBUUNJQVFDUUFRR1lBUUdnQVFLb0FRS3dBUUM1QVpfRF9iZ0tCWGtfd1FFWmVFd19ZVUYtUDhrQkFBQUFBQUFBOERfWkFaLXJyZGhmZHVvXzRBSEIxTm9EOVFITnpNdy1tQUlBb0FJQ3RRSUEBMwh2UUkBB_BYQXdBSUF5QUlBMEFJQTJBSUE0QUlBNkFJQS1BSUFnQU1CbUFNQm9nTU9DS3FiOUNjUUJCZ0JMVy1zM2pxaUF4TUk2dlBzSnhBS0dBRXRBQUNBUURJRGRXNXIFNDBKYXZ1Q1lRQ3hnQ0xRAW_YQzZBd2xHVWtFeE9qVXpNVGZnQTVjd2dBVEloTkVKaUFUZ25fd0prQVFCbUFRRXFnU3VCd2pfXxUCDDhCRVAVDRBfX3dFWR0ODF9BU0QdDxQ4QktBZ3cdEQxfQVRqHQ8IOEJRMkwABEZJHR0IX0FWNkwAAFc2LAAAZzIsAABXNlgAAGM2LAAQNEFZQUIyMAAEWWc2EAAAWjogACRaZ0JrZFpTb0FIHTcIOEJxOhAAAHM6EAAAdToQAAB3OhAAAHk6EAAMMEFHdEGMADI6GAAANDoQAAA2OhAAADg6EAAcLUFHX0JvQUMdrQxfQVlnNhAAAFo6IAAAWjogAABhOiAAAGE6IAAAYjogAABiOiAAAGM6IAAAYzogAABkOiAAAGQ6IAAAZTogAABlOiAAAGY6IAAAZjogAARZQS4xAiEANhAAAFo6IAAAWjogAABhOiAAAGE6IAAAYjogAABiOiAAAGM6IAAAYzogAABkOiAAAGQ6IAAAZTogAABlOiAAAGY6IAAAZjogAAhZQUU6AAI2EAAAWjogAABaOiAAAGE6IAAAYTogAABiOiAAAGI6IAAAYzogAABjOiAAAGQ6IAAAZDogAABlOiAAAGU6IAAAZjogAABmOiAACFlBRjoAATYQAABaOiAAAFo6IABMYklFQ2dqUTlPY0pFTXVGcGczQkKhMw0BBHlRpUEJARhOZ0VBUEVFCQ0BAWBDSUJjVXBrQVh4dkRHWUJlZUJ2SVVCcVFVAR0gQUFBRHdQN0VGAQoJAQhEQkIdTwB5BSgcQkFFNlBuUDkyKAAAWhUoyFBBXzRBWGpCZkFGaDlLb0NmZ0ZtNF9nQVlJR0EwZENVSWdHQUpBR0FaZ0dBS0VHbXBtWgECLDJULW9CZ1N5QmlRSgl8BQEAUgUGCQEAWgkHBQEAaAUGBQFIQzRCZ28umgKZASFoUm41VmdpQjJdBzhQTFRsd0VnQUNnQU1acVoBbRRtZGtfT2cuYQZAZEFsekJKbjZ1dDJGOTI2ajkdeQBCHXkAQh15BEJwBYAFAQRCeAUHBQEQQjRBSWs1lPBAOEQ4LtgCAOACm4VO6gIRaHR0cHM6Ly9rcmVzeS5wbC_yAhEKBkFEVl9JRBIHMzY3MTk2M_ICEgoGQ1BHX0lEEggecAgs8gISCgVDUF9JRBIJIm8IEPICDQoIAT4YRlJFURIBMAUQHFJFTV9VU0VSBRAADAkgGENPREUSAPIBDwFZEQ8QCwoHQ1AVDhAQCgVJTwFhCAc3NxL5CADyASEESU8VITgTCg9DVVNUT01fTU9ERUwBKxQA8gIaChYyFgAcTEVBRl9OQU0FcQgeCho2HQAIQVNUAT4QSUZJRUQBPhwVCghTUExJVAFNGdnwhoADAIgDAZADAJgDF6ADAaoDAMADrALIAwDYA5HWUuADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBA4yMTcuMTE0LjIxOC4yN6gEALIEEAgAEAEYygcg-gEoADAAOAK4BADABADIBADSBA05NzcjRlJBMTo1MzE32gQCCAHgBAHwBBJnCiCIBQGYBQCgBf8RARgBwAUAyQUABQEU8D_SBQkJBQvAAAAA2AUB4AUB8AUn-gUECAAQAJAGAJgGAKIGDzEwMjY0I0ZSQTE6NTE5N7gGAMEGAAEyLADwP9AG5QLaBhYKEAUQHQFcEAAYAOAGAfIGggEI8bwxEnxXaFBYRFZrQWfYREFBa0NCUUVJbjVqUUJSRHNnTTRCR0syeFlDQUhLQUJBb05TNUFramM5ZlFEVUpjd1dNMG9jUQE7CQEQZUFDQkF93kxpQUVBa0FFQW1nRUNDQUNvQVFDeC4gAECABwGIBwCgBwHIB9XXBdIHDRX1AacI2gcGAfBwGADgBwDqBwIIAPAH59kCiggCEACVCAAAgD-YCAE.&s=6610c67de39b975122d1e3b9e0e27fca23b74b07&bdref=https%3A%2F%2Fkresy.pl%2F&bdtop=true&bdifs=2&bstk=https%3A%2F%2Fkresy.pl%2F,https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Dygqcyx%26e%3D1586314810833,https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Dygqcyx%26e%3D1586314810833&

Requested by

Host: guandads.com
URL: https://guandads.com/r/p.html?f=ygqcyx&e=1586314810833

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:30 GMT
AN-X-Request-Uuid: 5ab17738-d98f-450a-a45f-7fef6c6bbbee
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 2492 52 KB
17 KB 24ms
24ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=2030592
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=xebwvxkv&e=1250011214715
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 17772
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Sun, 08 Jan 2023 11:23:30 GMT
ETag: W/"623de86a-cf34"
Expires: Sun, 01 Jan 2023 17:03:48 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 7, 233572
X-Served-By: cache-lga13626-LGA, cache-hhn-etou8220088-HHN
X-Timer: S1673177010.136023,VS0,VE0

GET
H/1.1 200
OK rd_log Show response
fra1-ib.adnxs.com/ Frame D424 0
934 B 22ms
21ms Script
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QKyDvBMMgcAAAMA1gAFAQiwz-qdBhD5mP67--yR-mMYrtKEspaDxZIcKjYJ9jsUBfpEfj8RQKJoqtfQdT8ZAAAAgOtRyD8hQKJoqtfQdT8p-DsJJNgxAAAAQOF6lD8w4-v0CjiYUEDRB0gCUIWNtsMBWPLTlwFgAGj0-7QBeN6HBoABAYoBA1VTRJIBAQbwTJgBrAKgAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEAigJpdWYoJ2EnLCAzNjcxOTYzLCAwKTt1ZignaScsIDc3NzY4MzMsIDApBRQsZycsIDE5NTQwMjMxFSkwcycsIDI3OTkwNDQ4NxUWMHInLCA0MDk4MzEwNDUFFvCwkgLtBCFMSG96QlFpQjRQOFpFSVdOdHNNQkdBQWc4dE9YQVRBQk9BQkFBRWpSQjFEajZfUUtXQUJncmdab0FIQUFlQUNBQVFDSUFRQ1FBUUdZQVFHZ0FRS29BUUt3QVFDNUFaX0RfYmdLQlhrX3dRRVplRXdfWVVGLVA4a0JBQUFBQUFBQThEX1pBWi1ycmRoZmR1b180QUhCMU5vRDlRSE56TXctbUFJQW9BSUN0UUlBATMIdlFJAQfwWEF3QUlBeUFJQTBBSUEyQUlBNEFJQTZBSUEtQUlBZ0FNQm1BTUJvZ01PQ0txYjlDY1FCQmdCTGFhQlRUcWlBeE1JNnZQc0p4QUtHQUV0QUFDQVFESURkVzVyBTQwSmF2dUNZUUN4Z0NMUQFv8ENDNkF3bEdVa0V4T2pZMU56ZmdBNWN3Z0FUSWhORUppQVRnbl93SmtBUUJtQVFFc2dRS0NORDA1d2tReTRXbURjRUVBQQFIAQEIREpCAQcNARQyQVFBOFEFZQkBXElnRnNUT1FCZkc4TVpnRjU0RzhoUUdwQhEjFFBBX3NRVQksAQEITUVGAQcJAQRESgUoHEVBVG8tY18wLigABE5rFSjwQzhEX2dCZU1GOEFXSDBxZ0otQVdiai1BQmdnWURSMEpRaUFZQWtBWUJtQVlBb1FhYW1abVptWm5aUDZnR0JMSUdKQWtBCXAMQUFBQh3bBEJrARIJAQBDHRhETGdHQ2cuLpoCmQEhVGhtNFB3OnECNFBMVGx3RWdBQ2dBTVpxBW8UbWRrX09nLnUBRGRBbHpCSm42dXQyRjkyNmo5UglqAQEEQloBBgkBBEJoCQgBAQRCcAEGCQEEQngJCAEBEEI0QUlrNYjwQDhEOC7YAgDgApuFTuoCEWh0dHBzOi8va3Jlc3kucGwv8gIRCgZBRFZfSUQSBzM2NzE5NjPyAhIKBkNQR19JRBIIcYQs8gISCgVDUF9JRBIJdYMQ8gINCggBPhhGUkVREgEwBRAcUkVNX1VTRVIFEAAMCSAYQ09ERRIA8gEPAVkRDxALCgdDUBUOEBAKBUlPAWEgBzc3NzY4MzPyASEESU8VITgTCg9DVVNUT01fTU9ERUwBKxQA8gIaChYyFgAcTEVBRl9OQU0FcQgeCho2HQAIQVNUAT4QSUZJRUQBPhwVCghTUExJVAFNGdnwhoADAIgDAZADAJgDF6ADAaoDAMADrALIAwDYA5HWUuADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBA4yMTcuMTE0LjIxOC4yN6gEALIEEAgAEAEYrAIg-gEoADAAOAK4BADABADIBADSBA05NzcjRlJBMTo2NTc32gQCCAHgBAHwBKV7IIgFAZgFAKAF_xEBGAHABQDJBQAFARTwP9IFCQkFC8AAAADYBQHgBQHwBSf6BQQIABAAkAYAmAYAogYPMTAyNjQjRlJBMTo1MTk4uAYAwQYAATIsAPA_0AblAtoGFgoQBRAdAVgQABgA4AYB8gaCAQjxvDESfGJ4UGVFbGUK2ERBQWtDQlFFSW41alFCUkRzZ000QkdLMnhZQ0FIS0JSQW9OUzVBa2pjOWZRRFVKY3dXTTRvY1FBoQkBEGVBQ0JBcfpYQUFBaUFFQWtBRUFtZ0VDQ0FDb0FRQ3guIABAgAcBiAcAoAcByAfehwbSBw0V9QGnCNoHBgHwcBgA4AcA6gcCCADwB-fZAooIAhAAlQgAAIA_mAgB&s=7804eb30526ee2ebbb5f04a9a0808ed1293f29a2&bdref=https%3A%2F%2Fkresy.pl%2F&bdtop=true&bdifs=2&bstk=https%3A%2F%2Fkresy.pl%2F,https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Dxebwvxkv%26e%3D1250011214715,https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Dxebwvxkv%26e%3D1250011214715&

Requested by

Host: guandads.com
URL: https://guandads.com/r/p.html?f=xebwvxkv&e=1250011214715

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:30 GMT
AN-X-Request-Uuid: e71f3afc-1dad-4d80-bdca-aa95697a4ed9
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 1A1F 52 KB
17 KB 48ms
22ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=2030592
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=yuptqxg&e=1586314810833
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 17772
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Sun, 08 Jan 2023 11:23:30 GMT
ETag: W/"623de86a-cf34"
Expires: Sun, 01 Jan 2023 17:03:48 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 7, 236609
X-Served-By: cache-lga13626-LGA, cache-hhn-etou8220061-HHN
X-Timer: S1673177010.163933,VS0,VE0

GET
H/1.1 200
OK rd_log Show response
fra1-ib.adnxs.com/ Frame 55AC 0
934 B 43ms
43ms Script
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QKyDvBMMgcAAAMA1gAFAQiwz-qdBhCFtcyM9smFixsYrtKEspaDxZIcKjYJ9jsUBfpEfj8RQKJoqtfQdT8ZAAAAoEfhyj8hQKJoqtfQdT8p-DsJJNgxAAAA4FG4nj8wrev0CjiYUEDRB0gCUMmJtsMBWPLTlwFgAGj0-7QBeLrZBYABAYoBA1VTRJIBAQbwTJgBygegAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEAigJpdWYoJ2EnLCAzNjcxOTYzLCAwKTt1ZignaScsIDc3NzY4MzMsIDApBRQsZycsIDE5NTQwMjMxFSkwcycsIDI3OTkwNDQ4NxUWLHInLCA0MDk4MzA2MAks8LCSAu0EIWxIcjRsUWlCNFA4WkVNbUp0c01CR0FBZzh0T1hBVEFCT0FCQUFFalJCMUN0Nl9RS1dBQmdyZ1pvQUhBQWVBQ0FBUUNJQVFDUUFRR1lBUUdnQVFLb0FRS3dBUUM1QVpfRF9iZ0tCWGtfd1FFWmVFd19ZVUYtUDhrQkFBQUFBQUFBOERfWkFaLXJyZGhmZHVvXzRBSEIxTm9EOVFITnpNdy1tQUlBb0FJQ3RRSUEBMwh2UUkBB_BYQXdBSUF5QUlBMEFJQTJBSUE0QUlBNkFJQS1BSUFnQU1CbUFNQm9nTU9DS3FiOUNjUUJCZ0JMVy1zM2pxaUF4TUk2dlBzSnhBS0dBRXRBQUNBUURJRGRXNXIFNDBKYXZ1Q1lRQ3hnQ0xRAW_wQ0M2QXdsR1VrRXhPalUzTnpiZ0E1Y3dnQVRJaE5FSmlBVGduX3dKa0FRQm1BUUVzZ1FLQ05EMDV3a1F5NFdtRGNFRUFBAUgBAQhESkIBBw0BFDJBUUE4UQVlCQFcSWdGa0MyUUJmRzhNWmdGNTRHOGhRR3BCESMUUEFfc1FVCSwBAQhNRUYBBwkBBERKBSgcRUFUby1jXzAuKAAETmsVKPBDOERfZ0JlTUY4QVdIMHFnSi1BV2JqLUFCZ2dZRFIwSlFpQVlBa0FZQm1BWUFvUWFhbVptWm1ablpQNmdHQkxJR0pBa0EJcAxBQUFCHdsEQmsBEgkBAEMdGEBMZ0dDZy4umgKZASFqaGw5Vz5xAjRQTFRsd0VnQUNnQU1acQVvFG1ka19PZy51AURaQWx6QkpuNnV0MkY5MjZqOVIJagEBBEJaAQYJAQRCaAkIAQEEQnABBgkBBEJ4CQgBARBCNEFJazWI8EA4RDgu2AIA4AKbhU7qAhFodHRwczovL2tyZXN5LnBsL_ICEQoGQURWX0lEEgczNjcxOTYz8gISCgZDUEdfSUQSCHGELPICEgoFQ1BfSUQSCXWDEPICDQoIAT4YRlJFURIBMAUQHFJFTV9VU0VSBRAADAkgGENPREUSAPIBDwFZEQ8QCwoHQ1AVDhAQCgVJTwFhIAc3Nzc2ODMz8gEhBElPFSE4EwoPQ1VTVE9NX01PREVMASsUAPICGgoWMhYAHExFQUZfTkFNBXEIHgoaNh0ACEFTVAE-EElGSUVEAT4cFQoIU1BMSVQBTRnZ8LCAAwCIAwGQAwCYAxegAwGqAwDAA6wCyAMA2AOR1lLgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQOMjE3LjExNC4yMTguMjeoBACyBBAIABABGMoHIPoBKAAwADgCuAQAwAQAyAQA0gQNOTc3I0ZSQTE6NTc3NtoEAggB4AQB8ATJibbDAYgFAZgFAKAF____________AcAFAMkFAAAAAAAA8D_SBQkJAAABDLgAANgFAeAFAfAFJ_oFBAgAEACQBgCYBgCiBg8xMDI2NCNGUkExOjU2ODe4BgDBBgkzKPA_0AblAtoGFgoQCREZAVgQABgA4AYB8gaCAQjxvDESfFNCT0ZDbGUK2ERBQWtDQlFFSW41alFCUkRzZ000QkdLMnhZQ0FIS0FCQW9OUzVBa2pjOWZRRFVKY3dXTGNzY1FBoQkBEGVBQ0JBcfpYQUFBaUFFQWtBRUFtZ0VDQ0FDb0FRQ3guIABEgAcBiAcAoAcByAe62QXSBw0JEakBpwjaBwYB8HAYAOAHAOoHAggA8Afn2QKKCAIQAJUIAACAP5gIAQ..&s=210869a3c8886d33db9543ac384cfd9d335d12db&bdref=https%3A%2F%2Fkresy.pl%2F&bdtop=true&bdifs=2&bstk=https%3A%2F%2Fkresy.pl%2F,https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Dyuptqxg%26e%3D1586314810833,https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Dyuptqxg%26e%3D1586314810833&

Requested by

Host: guandads.com
URL: https://guandads.com/r/p.html?f=yuptqxg&e=1586314810833

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:30 GMT
AN-X-Request-Uuid: 8aabe0c1-98c0-4928-bc32-a760bfa8ac45
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK vevent
fra1-ib.adnxs.com/ Frame EE53 0
953 B 44ms
38ms Ping
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QKSC_BMkgUAAAMA1gAFAQiwz-qdBhCNmfT7rNWY2SMYrtKEspaDxZIcKjYJjPM3oRABlz8RzyBw6iTXkj8ZAAAAgOtRyD8hzyBw6iTXkj8pjPMJJNgxAAAAQOF6lD8w4-v0CjiYUEC8CUhlUNbCqsMBWPLTlwFgAGj0-7QBeK_YBYABAYoBA1VTRJIBAQbwVZgBrAKgAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKbhU7qAhFodHRwczovL2tyZXN5LnBsL4ADAIgDAZADAJgDF6ADAaoDgwcKzAZoDSf0pgRhZHguZy5kb3VibGVjbGljay5uZXQvcGFnZWFkL2Fkdmlldz9haT1Dcl84enNLZTZZLUx1TElUSW1MQVB6YzI1eUFiWHE1R2hicUNKNV9XYkVmZ3VFQUVnNXBmV0pXQ1Znb0NBckFmSUFRS3BBanlUUlFUSzI3RS1xQU1CeUFPWkJLb0VfQUZQMElrVjR1ZFZXZUpMdVRZRFpWWVdaN2t5aC1pSHdsYmV6WDVNbDZFLUhMNUlkeWEweEhiczdmYU5wSk9mR1dFTmxTM0RYRXRscG9WRzE5NUFUa2ctMlgxVHhOUG9hUVI5LXJQOXp5UDl5SWloOEZkVENYRThyeU5tYlJyOTZJQm9jT2d0b0wxSnVEX2ltN0pFbERmb2RWZDRpajdSMml6T0ZEdlRZaVVCbGdPa2NWcVFqejJRaUxFd1l0Zm5IYVU3Rktoa1g5eFY2bHJFS2czU3FzMGk4WS1TS2ctWmduXy1acUlobnFGeWIyRXZrTmljejV1TkgyYWtweDFNMi0tdWJXQ1BEZ3lmNFgyOFZYaGFBakRGMWdaeC1WSHp3RjZfQUNkdDVHeVRXV3pWZGlfV2Z0OXo1a1RrNjNzRTMxdXhySzNQX05fZVZENTRkbzdBQktpVW9mR0tCT0FFQTRnRjVQXzNtMEdTQlFZSUhSQUVHQUdTQlFZSUhSQUJHQUdTQlFZSUhoQUJHQUdRQmdHZ0JnS0FCOWU3dE1RQnFBZU96aHVvQjVQWUc2Z0g3cGF4QXFnSF9wNnhBcWdIcEtPeEFxZ0gxY2ticUFlbXZodllCd0R5QndvUXdhOEJHSWpyaXQwQjBnZ1JDSURoZ0JBUUFSaGZNZ0txQWpvQ2dFRHlDQTVpYVdSa1pYSXROVGMwTXpBMU9JQUtCTWdMQWJBVG5JN21FY2dUNVlQRDRBUFFFd0RZRXhEWUZBSFFGUUdBRndHeUZ3Z0tCZ2dBRWdBWUFBJnNpZ2g9aGYydEJ6WDRKaHcmdWFjaF9tPVtVQUNIXSZjaWQ9Q0FRU0d3RHEyNk45NGtsalZqWk9jWG5RN3lWbElhSWVFNWo0NEtWazVoZ0JJQW8mcHI9MTA6JHtBVUNUSU9OX1BSSUNFfRoTMjU3MjIyNjgyMjk0NzAxNTgyMSIJNDA5NjQxMzAyKgc1NjI1MDMzOgk0NjM2NDgxMzbAA6wCyAMA2AOR1lLgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQOMjE3LjExNC4yMTguMjeoBACyBBAIABABGKwCIPoBKAAwADgCuAQAwAQAyAQA2gQCCAHgBAHwBNbCqsMBiAUBmAUAoAWK8b-ppY606BjABQDJBQAAAAAAAPA_0gUJCQAAAAAAAAAA2AUB4AUB8AXThQH6BQQIABAAkAYAmAYAuAYAwQYAAAAAAADwP9AGwosB2gYWChAAAAAAAAAAAAAAAAAAAAAAEAAYAOAGAfIGAggAgAcBiAcAoAcBqgcLMTc1MDY4OTM3OTbIB6_YBdIHDQkAAAAAAAAAABAAGADaBwYIABAAGADgBwDqBwIIAPAH59kCiggCEACVCAAAgD-YCAE.&s=2f65130b87945add6886d7c55789d3e7c44b8e26&type=nv&nvt=5&jm=1003&px=0&py=0&bw=300&bh=250&sid=7403146411521057559&vd=ct~0|rr~0&sv=231&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=22885859&sw=1600&sh=1200&pw=300&ph=250&ww=300&wh=250&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/231/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:30 GMT
AN-X-Request-Uuid: 582569a7-6972-4af1-821f-bfe06022285b
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK request_content.php Show response
hal900023.redintelligence.net/ Frame D49B 7 KB
3 KB 84ms
27ms Document
text/html 78.46.23.46
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900023.redintelligence.net/request_content.php?s=22272800078875306783187012198023&a=85005784
Requested by: Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request.php?zone=qcnz3il3mbuc&nw=20&renderingType=javascript&namespace=0dda538860&subid=&uid=e43c682b0c84b6d0&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aruc&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D1cdf1942e01b0880c87179d193f3caa15506e76e%26mt_aid%3D1764686132736762848%26mt_id%3D11204414%26mt_adid%3D215543%26mt_sid%3D12780336%26mt_exid%3D9%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D695b63ba-a7b1-4001-a45b-b92890f35042%26mt_cid%3D695b63ba-a7b1-4001-a45b-b92890f35042%26mt_3pck%3Dhttps%253A%2F%2Fbeacon-nf.rubiconproject.com%2Fbeacon%2Fv3%2Ft%2Ffra2%2F0%2F48826c9f-2e22-4293-836d-e96a87629420%2F%26redirect%3D&documentReferer=https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Dehgguw%26e%3D1250011214715&ancestorOrigins=https%3A%2F%2Fguandads.com%2Chttps%3A%2F%2Fkresy.pl&random=384744200761&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.23.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.46.23.46.78.clients.your-server.de
Software: Apache /
Resource Hash: 18b7996dd50dd01d9c2ce88b8fe3c932cf35e470d305f80066615a7277224cf9

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2299
Content-Type: text/html; charset=utf-8
Date: Sun, 08 Jan 2023 11:23:30 GMT
Expires: Sun, 08 Jan 2023 11:23:30 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 7DB5 281 B
554 B 110ms
27ms Document
text/html 23.2.211.147
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=ehgguw&e=1250011214715
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.2.211.147 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-211-147.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Sun, 08 Jan 2023 11:23:30 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 31A8 22 KB
8 KB 22ms
21ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: acdn.adnxs-simple.com
URL: https://acdn.adnxs-simple.com/strikeforce/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 111195
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 07 Jan 2023 04:30:15 GMT
expires: Sun, 07 Jan 2024 04:30:15 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 27A2 52 KB
17 KB 21ms
20ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=2030592
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=elbbkpf&e=1586314810833
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 17772
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Sun, 08 Jan 2023 11:23:30 GMT
ETag: W/"623de86a-cf34"
Expires: Sun, 01 Jan 2023 17:03:48 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 7, 236612
X-Served-By: cache-lga13626-LGA, cache-hhn-etou8220061-HHN
X-Timer: S1673177010.340218,VS0,VE0

GET
H/1.1 200
OK rd_log Show response
fra1-ib.adnxs.com/ Frame 3382 0
934 B 19ms
19ms Script
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QKyDvBMMgcAAAMA1gAFAQiwz-qdBhD36Pas_7OTtWYYrtKEspaDxZIcKjYJ9jsUBfpEfj8RQKJoqtfQdT8ZAAAAoEfhyj8hQKJoqtfQdT8p-DsJJNgxAAAA4FG4nj8wrev0CjiYUEDRB0gCUMmJtsMBWPLTlwFgAGj0-7QBeK3YBYABAYoBA1VTRJIBAQbwTJgBygegAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEAigJpdWYoJ2EnLCAzNjcxOTYzLCAwKTt1ZignaScsIDc3NzY4MzMsIDApBRQsZycsIDE5NTQwMjMxFSkwcycsIDI3OTkwNDQ4NxUWLHInLCA0MDk4MzA2MAks8LCSAu0EIWpYcmVrUWlCNFA4WkVNbUp0c01CR0FBZzh0T1hBVEFCT0FCQUFFalJCMUN0Nl9RS1dBQmdyZ1pvQUhBQWVBQ0FBUUNJQVFDUUFRR1lBUUdnQVFLb0FRS3dBUUM1QVpfRF9iZ0tCWGtfd1FFWmVFd19ZVUYtUDhrQkFBQUFBQUFBOERfWkFaLXJyZGhmZHVvXzRBSEIxTm9EOVFITnpNdy1tQUlBb0FJQ3RRSUEBMwh2UUkBB_BYQXdBSUF5QUlBMEFJQTJBSUE0QUlBNkFJQS1BSUFnQU1CbUFNQm9nTU9DS3FiOUNjUUJCZ0JMVy1zM2pxaUF4TUk2dlBzSnhBS0dBRXRBQUNBUURJRGRXNXIFNDBKYXZ1Q1lRQ3hnQ0xRAW_wQ0M2QXdsR1VrRXhPalUzTmpqZ0E1Y3dnQVRJaE5FSmlBVGduX3dKa0FRQm1BUUVzZ1FLQ05EMDV3a1F5NFdtRGNFRUFBAUgBAQhESkIBBw0BFDJBUUE4UQVlCQFcSWdGaUMyUUJmRzhNWmdGNTRHOGhRR3BCESMUUEFfc1FVCSwBAQhNRUYBBwkBBERKBSgcRUFUby1jXzAuKAAETmsVKPBDOERfZ0JlTUY4QVdIMHFnSi1BV2JqLUFCZ2dZRFIwSlFpQVlBa0FZQm1BWUFvUWFhbVptWm1ablpQNmdHQkxJR0pBa0EJcAxBQUFCHdsEQmsBEgkBAEMdGEBMZ0dDZy4umgKZASFqeG5DVz5xAjRQTFRsd0VnQUNnQU1acQVvFG1ka19PZy51AURoQWx6QkpuNnV0MkY5MjZqOVIJagEBBEJaAQYJAQRCaAkIAQEEQnABBgkBBEJ4CQgBARBCNEFJazWI8EA4RDgu2AIA4AKbhU7qAhFodHRwczovL2tyZXN5LnBsL_ICEQoGQURWX0lEEgczNjcxOTYz8gISCgZDUEdfSUQSCHGELPICEgoFQ1BfSUQSCXWDEPICDQoIAT4YRlJFURIBMAUQHFJFTV9VU0VSBRAADAkgGENPREUSAPIBDwFZEQ8QCwoHQ1AVDhAQCgVJTwFhIAc3Nzc2ODMz8gEhBElPFSE4EwoPQ1VTVE9NX01PREVMASsUAPICGgoWMhYAHExFQUZfTkFNBXEIHgoaNh0ACEFTVAE-EElGSUVEAT4cFQoIU1BMSVQBTRnZ8LCAAwCIAwGQAwCYAxegAwGqAwDAA6wCyAMA2AOR1lLgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQOMjE3LjExNC4yMTguMjeoBACyBBAIABABGMoHIPoBKAAwADgCuAQAwAQAyAQA0gQNOTc3I0ZSQTE6NTc2ONoEAggB4AQB8ATJibbDAYgFAZgFAKAF____________AcAFAMkFAAAAAAAA8D_SBQkJAAABDLgAANgFAeAFAfAFJ_oFBAgAEACQBgCYBgCiBg8xMDI2NCNGUkExOjU3Nzm4BgDBBgkzKPA_0AblAtoGFgoQCREZAVgQABgA4AYB8gaCAQjxvDESfEpSTVhCRmUK2ERBQWtDQlFFSW41alFCUkRzZ000QkdLMnhZQ0FIS0FCQW9OUzVBa2pjOWZRRFVKY3dXSk10Y1FBoQkBEGVBQ0JBcfpYQUFBaUFFQWtBRUFtZ0VDQ0FDb0FRQ3guIABEgAcBiAcAoAcByAet2AXSBw0JEakBpwjaBwYB8HAYAOAHAOoHAggA8Afn2QKKCAIQAJUIAACAP5gIAQ..&s=16e9fb0555d0e1a559d6e084f8818eeb58118768&bdref=https%3A%2F%2Fkresy.pl%2F&bdtop=true&bdifs=2&bstk=https%3A%2F%2Fkresy.pl%2F,https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Delbbkpf%26e%3D1586314810833,https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Delbbkpf%26e%3D1586314810833&

Requested by

Host: guandads.com
URL: https://guandads.com/r/p.html?f=elbbkpf&e=1586314810833

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:30 GMT
AN-X-Request-Uuid: 38f148c4-e506-4b21-bfc6-fba7a0d619b1
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK vevent
fra1-ib.adnxs.com/ Frame B182 0
953 B 21ms
21ms Ping
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QKYC_BMmAUAAAMA1gAFAQiwz-qdBhCk48vnw_LSv08YrtKEspaDxZIcKjYJjPM3oRABlz8RzyBw6iTXkj8ZAAAAgOtRyD8hzyBw6iTXkj8pjPMJJNgxAAAAQOF6lD8w4-v0CjiYUEC8CUhlUNbCqsMBWPLTlwFgAGj0-7QBeMuGBoABAYoBA1VTRJIBAQbwVZgBrAKgAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKbhU7qAhFodHRwczovL2tyZXN5LnBsL4ADAIgDAZADAJgDF6ADAaoDiQcK0gZoDSf0rARhZHguZy5kb3VibGVjbGljay5uZXQvcGFnZWFkL2Fkdmlldz9haT1DakY4RnNLZTZZOTZTTk1tRGxnVE81cG5vQ2RlcmthRnVvSW5uOVpzUi1DNFFBU0RtbDlZbFlKV0NnSUNzQjhnQkFxa0NQSk5GQk1yYnNUNm9Bd0hJQTVrRXFnU0NBa19RbTJjaWViVWdsR29KUVdyTkRxbXpWeUNqQUFhc04tTDdOdlc0S1ZVT0E0SU1fU19RTHVxTm5UMENGMXJhRmJXUU5ZTkxSQUpwaTJySmNvS3Z3QlhiWFZITWVhV2tQajBLbUw4TU96T3FHVjhLSDZPQXJtbTQ2bG9nUkY5ck1OQktpOEtvQUtHMEs0UFZ0YzdVRG5TLW5Gb1JFV0I4cjZ3YXJNTU0tMlN1djF1eHBrTkdFRFZGMFdyN0tyb3d4dnZlMFdYUlpZTXRIR2hvU1p0S3ZKMGNNQ2lnWkdIQW9jX2xpM2dFMlR3aVpvSWFkU2p4Q05Scml2RzNFV1BCbUZ2d09oYzNQZmFRTV9rN0dyc3pRVGdid0ExRXhQMW1Zd1U4S1RjNHFLSGQwQ2l0a2tBbWV0dTA5T0lrNEhZOWNlc1lJajlhUWVpTnlfQUxPVlNlSVB6UkpNQUVxSlNoOFlvRTRBUURpQVhrX19lYlFaSUZCZ2dkRUFRWUFaSUZCZ2dkRUFFWUFaSUZCZ2dlRUFFWUFaQUdBYUFHQW9BSDE3dTB4QUdvQjQ3T0c2Z0hrOWdicUFmdWxyRUNxQWYtbnJFQ3FBZWtvN0VDcUFmVnlSdW9CNmEtRzlnSEFQSUhDaERCcndFWWlPdUszUUhTQ0JFSWdPR0FFQkFCR0Y4eUFxb0NPZ0tBUVBJSURtSnBaR1JsY2kwMU56UXpNRFU0Z0FvRXlBc0JzQk9janVZUnlCUGxnOFBnQTlBVEFOZ1RFTmdVQWRBVkFZQVhBYklYQ0FvR0NBQVNBQmdBJnNpZ2g9TEZJZWF4eHBiUkEmdWFjaF9tPVtVQUNIXSZjaWQ9Q0FRU0d3RHEyNk45NXRyNk9FdS16Nkloc0h6YkRxdUs3emw4NXdhbmFCZ0JJQW8mcHI9MTA6JHtBVUNUSU9OX1BSSUNFfRoTNTcyODM4MDM1MTA4ODM1Nzc5NiIJNDA5NjQxMzAyKgc1NjI1MDMzOgk0NjM2NDgxMzbAA6wCyAMA2AOR1lLgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQOMjE3LjExNC4yMTguMjeoBACyBBAIABABGKwCIPoBKAAwADgCuAQAwAQAyAQA2gQCCAHgBAHwBNbCqsMBiAUBmAUAoAWwkc3RvYOXzWvABQDJBQAAAAAAAPA_0gUJCQAAAAAAAAAA2AUB4AUB8AXThQH6BQQIABAAkAYAmAYAuAYAwQYAAAAAAADwP9AGwosB2gYWChAAAAAAAAAAAAAAAAAAAAAAEAAYAOAGAfIGAggAgAcBiAcAoAcBqgcLMTc1MDY4OTM3OTbIB8uGBtIHDQkAAAAAAAAAABAAGADaBwYIABAAGADgBwDqBwIIAPAH59kCiggCEACVCAAAgD-YCAE.&s=83d8590b05bafbe3d9602507f49e051abd6cf46b&type=nv&nvt=5&jm=1003&px=0&py=0&bw=300&bh=250&sid=7403146411521057559&vd=ct~0|rr~0&sv=231&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=22885859&sw=1600&sh=1200&pw=300&ph=250&ww=300&wh=250&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/231/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:30 GMT
AN-X-Request-Uuid: 3a87e950-f441-4e47-babb-9e6317257690
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame B114 22 KB
8 KB 21ms
21ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: acdn.adnxs-simple.com
URL: https://acdn.adnxs-simple.com/strikeforce/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 111195
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 07 Jan 2023 04:30:15 GMT
expires: Sun, 07 Jan 2024 04:30:15 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame DE9D 52 KB
17 KB 22ms
21ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=2030592
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=dtbuvkzau&e=1250011214715
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 17772
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Sun, 08 Jan 2023 11:23:30 GMT
ETag: W/"623de86a-cf34"
Expires: Sun, 01 Jan 2023 17:03:48 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 7, 236613
X-Served-By: cache-lga13626-LGA, cache-hhn-etou8220061-HHN
X-Timer: S1673177010.369396,VS0,VE0

GET
H/1.1 200
OK rd_log Show response
fra1-ib.adnxs.com/ Frame 0ABF 0
934 B 20ms
20ms Script
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QK2DvBMNgcAAAMA1gAFAQiwz-qdBhCet76j0JeghDIYrtKEspaDxZIcKjYJ9jsUBfpEfj8RQKJoqtfQdT8ZAAAAgOtRyD8hQKJoqtfQdT8p-DsJJNgxAAAAQOF6lD8w4-v0CjiYUEDRB0gCUIWNtsMBWPLTlwFgAGj0-7QBeL3YBYABAYoBA1VTRJIBAQbwTJgBrAKgAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEAigJpdWYoJ2EnLCAzNjcxOTYzLCAwKTt1ZignaScsIDc3NzY4MzMsIDApBRQsZycsIDE5NTQwMjMxFSkwcycsIDI3OTkwNDQ4NxUWMHInLCA0MDk4MzEwNDUFFvCwkgLxBCEwM29RZXdpQjRQOFpFSVdOdHNNQkdBQWc4dE9YQVRBQk9BQkFBRWpSQjFEajZfUUtXQUJncmdab0FIQUFlQUNBQVFDSUFRQ1FBUUdZQVFHZ0FRS29BUUt3QVFDNUFaX0RfYmdLQlhrX3dRRVplRXdfWVVGLVA4a0JBQUFBQUFBQThEX1pBWi1ycmRoZmR1b180QUhCMU5vRDlRSE56TXctbUFJQW9BSUN0UUlBATMIdlFJAQfwWEF3QUlBeUFJQTBBSUEyQUlBNEFJQTZBSUEtQUlBZ0FNQm1BTUJvZ01PQ0txYjlDY1FCQmdCTGFhQlRUcWlBeE1JNnZQc0p4QUtHQUV0QUFDQVFESURkVzVyBTQwSmF2dUNZUUN4Z0NMUQFv8EZDNkF3bEdVa0V4T2pVMk56VGdBNWN3Z0FUSWhORUppQVRnbl93SmtBUUJtQVFFb0FRVXNnUUtDTkQwNXdrUXk0V21EY0VFQQFLBQEIREpCBQgJARQyQVFBOFEFaQkBXElnRnFpeVFCZkc4TVpnRjU0RzhoUUdwQhEjFFBBX3NRVQksAQEITUVGAQcJAQRESgUoHEVBVG8tY18wLigABE5rFSjwQzhEX2dCZU1GOEFXSDBxZ0otQVdiai1BQmdnWURSMEpRaUFZQWtBWUJtQVlBb1FhYW1abVptWm5aUDZnR0JMSUdKQWtBCXAQQUFBQkUBBgkBBEJrCQgBAQBDHRhETGdHQ2cuLpoCmQEhU3hubFBnOnUCNFBMVGx3RWdBQ2dBTVpxBW8UbWRrX09nLnkBRFJBbHpCSm42dXQyRjkyNmo5UgFoCQEEQloJCAEBBEJoAQYJAQRCcAkIAQEEQngBBgkBEEI0QUlrNYjwQDhEOC7YAgDgApuFTuoCEWh0dHBzOi8va3Jlc3kucGwv8gIRCgZBRFZfSUQSBzM2NzE5NjPyAhIKBkNQR19JRBIIcYgs8gISCgVDUF9JRBIJdYcQ8gINCggBPhhGUkVREgEwBRAcUkVNX1VTRVIFEAAMCSAYQ09ERRIA8gEPAVkRDxALCgdDUBUOEBAKBUlPAWEgBzc3NzY4MzPyASEESU8VITgTCg9DVVNUT01fTU9ERUwBKxQA8gIaChYyFgAcTEVBRl9OQU0FcQgeCho2HQAIQVNUAT4QSUZJRUQBPhwVCghTUExJVAFNGdnwhoADAIgDAZADAJgDF6ADAaoDAMADrALIAwDYA5HWUuADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBA4yMTcuMTE0LjIxOC4yN6gEALIEEAgAEAEYrAIg-gEoADAAOAK4BADABADIBADSBA05NzcjRlJBMTo1Njc02gQCCAHgBAHwBKV_IIgFAZgFAKAF_xEBGAHABQDJBQAFARTwP9IFCQkFC8AAAADYBQHgBQHwBSf6BQQIABAAkAYAmAYAogYPMTAyNjQjRlJBMTo2NjI2uAYAwQYAATIsAPA_0AblAtoGFgoQBRAdAVgQABgA4AYB8gaCAQjxvDESfGVoT3NFMWUK2ERBQWtDQlFFSW41alFCUkRzZ000QkdLMnhZQ0FIS0FCQW9OUzVBa2pjOWZRRFVKY3dXT0l6Y1FJowEBEGVBQ0JBcfpYQUFBaUFFQWtBRUFtZ0VDQ0FDb0FRQ3guIABAgAcBiAcAoAcByAe92AXSBw0V9QGnCNoHBgHwcBgA4AcA6gcCCADwB-fZAooIAhAAlQgAAIA_mAgB&s=f4229e15f80de7a2eede7d2b02f922f313687e28&bdref=https%3A%2F%2Fkresy.pl%2F&bdtop=true&bdifs=2&bstk=https%3A%2F%2Fkresy.pl%2F,https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Ddtbuvkzau%26e%3D1250011214715,https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Ddtbuvkzau%26e%3D1250011214715&

Requested by

Host: guandads.com
URL: https://guandads.com/r/p.html?f=dtbuvkzau&e=1250011214715

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:30 GMT
AN-X-Request-Uuid: aef2d809-f70a-4918-8ac4-fc10b9f64e5c
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK vevent
fra1-ib.adnxs.com/ Frame ADB6 0
953 B 20ms
20ms Ping
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QL1BfBM9QIAAAMA1gAFAQiwz-qdBhD_lMr0p-Ts2C8YrtKEspaDxZIcKjYJ7SjOUUfHdT8R_krxNSfWcT8ZAAAAoEfhyj8h_krxNSfWcT8p7SgJJNAxAAAA4FG4nj8wrev0CjiYUEDlHkhlUK2iyyVY8tOXAWAAaPT7tAF4s9gFgAEBigEDVVNEkgUG8FWYAcoHoAH6AagBAbABALgBAcABBcgBAtABANgBAOABAPABANgCAOACm4VO6gIRaHR0cHM6Ly9rcmVzeS5wbC-AAwCIAwGQAwCYAxegAwGqA-cBCr8BaA0ncHBhZ2VhZDIuZ29vZ2xlc3luZGljYXRpb24uY29tDR5EL2dlbl8yMDQ_aWQ9YXdiaWQmBQb0BQFfYj1BS0FtZi1CRnpkSVpEaHpBVVhlU3NrVGFXM2E1bWlnbXNPVlIzVEN1RlJmaUVNVjlCR19QWWRJcGJtdlNvNkNnTFQzczFTUHp2OW9Sa0ZjTlVMdUM5Z1NpZXFmNG1XZmxjQSZwcj0xMDoke0FVQ1RJT05fUFJJQ0V9GhMzNDM2NzI0OTUxMzk0MTkxOTk5Igg3ODgyNzgyMSoEMzk0McADrALIAwDYA5HWUuADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBA4yMTcuMTE0LjIxOC4yN6gEALIEEAgAEAEYygcg-gEoADAAOAK4BADABADIBADaBAIIAeAEAfAEIcFYiAUBmAUAoAW6neW-1caqixzABQDJBQAFARTwP9IFCQkFC3wAAADYBQHgBQHwBdGUO_oFBAgAEACQBgCYBgC4BgDBBgEhNAAA8D_QBu6PAdoGFgoQCRIZAbAQABgA4AYB8gYCCACABwGIBwCgBwGqBwwxNDAzODExMzA0NzbIB7PYBdIHDQkRNwE1CNoHBgFtcBgA4AcA6gcCCADwB-fZAooIAhAAlQgAAIA_mAgB&s=6c38a5221d46b1132686d2e093c22c3935c6850f&type=pv&jm=1003&px=0&py=0&bw=970&bh=250&sf=1&sid=7403146411521057559&vd=ct~0|rr~5&sv=231&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=22885805&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/231/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:30 GMT
AN-X-Request-Uuid: b7dba07f-a449-4160-bcef-0094d3bb8ce0
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.6.2/ Frame D49B 89 KB
32 KB 87ms
22ms Script
text/javascript 2a00:1450:4001:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js

Requested by

Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request_content.php?s=22272800078875306783187012198023&a=85005784

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 19:48:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 56085
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32245
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 07 Jan 2024 19:48:45 GMT

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame D49B 732 B
923 B 63ms
40ms Script
text/javascript 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=60271212;click=https://hal900023.redintelligence.net/c/pae0vhpa5of6hr6?tprd=

Requested by

Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request_content.php?s=22272800078875306783187012198023&a=85005784

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

2fdcbf37737e091dfdab0eefbf6a4799b271f3a19ee8dc63948a2437e3639201

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:30 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 531
expires: -1

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 85AA 42 B
64 B 165ms
121ms Fetch
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuyTyL7myaf6y2FjuqgamJzAiAjNpwLIiHc25rLf0n8DGJLu9MkN07CzfGw2tMTA8wWSBC1aNq51Yb5Hseq_-EJe06orqnrANA&sig=Cg0ArKJSzNvg69yHPj1VEAE&id=lidar2&mcvt=1165&p=0,0,250,300&mtos=1165,1165,1165,1165,1165&tos=1165,0,0,0,0&v=20230105&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=32&adk=0&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1673177007687&rpt=1546&wmsd=0&pbe=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 7DB5 34 KB
10 KB 36ms
35ms Script
text/html 23.2.211.147
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.2.211.147 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-211-147.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: ffced4e87474664ffd30ca0b6d928d9741d02ac09ab1fd6257fda0ecadfb46b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:30 GMT
Content-Encoding: gzip
Last-Modified: Sat, 07 Jan 2023 16:27:09 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=18177
Connection: keep-alive
Content-Length: 10067
Expires: Sun, 08 Jan 2023 16:26:27 GMT

GET
H3 200 OU_aD-3-G2pcaJqwlUagl315JVS_daCE4k47Wxj7Xso.js Show response
pagead2.googlesyndication.com/bg/ Frame AD07 36 KB
16 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/OU_aD-3-G2pcaJqwlUagl315JVS_daCE4k47Wxj7Xso.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

394fda0fedfe1b6a5c689ab09546a0977d792554bf75a084e24e3b5b18fb5eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 20:26:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 53817
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16095
x-xss-protection: 0
last-modified: Tue, 03 Jan 2023 14:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 07 Jan 2024 20:26:33 GMT

GET
H2 200 action
track.scoota.co/ Frame D424 42 B
123 B 44ms
44ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177010432&bid_id=7202460214858058873&delivery_id=3fdc4e55-f72c-4b5f-87e0-94ccff97d0e9&placement_id=31881&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27938&creative_version=17&action=p0&object_type=video&object_id=34
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=xebwvxkv&e=1250011214715
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 35771878df1374e2fa6b073e1fda404d
date: Sun, 08 Jan 2023 11:23:30 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

POST
H/1.1 200
OK vevent
fra1-ib.adnxs.com/ Frame BC77 0
953 B 20ms
19ms Ping
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QKHFvBMBwsAAAMA1gAFAQiwz-qdBhD3iKPosrLbongYrtKEspaDxZIcKjYJ9jsUBfpEfj8RQKJoqtfQdT8ZAAAAoEfhyj8hQKJoqtfQdT8p-DsJJNgxAAAA4FG4nj8wrev0CjiYUEDRB0gCUMmJtsMBWPLTlwFgAGj0-7QBeNXXBYABAYoBA1VTRJIBAQbwTJgBygegAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEAigJpdWYoJ2EnLCAzNjcxOTYzLCAwKTt1ZignaScsIDc3NzY4MzMsIDApBRQsZycsIDE5NTQwMjMxFSkwcycsIDI3OTkwNDQ4NxUWLHInLCA0MDk4MzA2MAks8LCSAtkOIW5YSzNLd2lCNFA4WkVNbUp0c01CR0FBZzh0T1hBVEFCT0FCQUFFalJCMUN0Nl9RS1dBQmdyZ1pvQUhBQWVBQ0FBUUNJQVFDUUFRR1lBUUdnQVFLb0FRS3dBUUM1QVpfRF9iZ0tCWGtfd1FFWmVFd19ZVUYtUDhrQkFBQUFBQUFBOERfWkFaLXJyZGhmZHVvXzRBSEIxTm9EOVFITnpNdy1tQUlBb0FJQ3RRSUEBMwh2UUkBB_BYQXdBSUF5QUlBMEFJQTJBSUE0QUlBNkFJQS1BSUFnQU1CbUFNQm9nTU9DS3FiOUNjUUJCZ0JMVy1zM2pxaUF4TUk2dlBzSnhBS0dBRXRBQUNBUURJRGRXNXIFNDBKYXZ1Q1lRQ3hnQ0xRAW_YQzZBd2xHVWtFeE9qVXpNVGZnQTVjd2dBVEloTkVKaUFUZ25fd0prQVFCbUFRRXFnU3VCd2pfXxUCDDhCRVAVDRBfX3dFWR0ODF9BU0QdDxQ4QktBZ3cdEQxfQVRqHQ8IOEJRMkwABEZJHR0IX0FWNkwAAFc2LAAAZzIsAABXNlgAAGM2LAAQNEFZQUIyMAAEWWc2EAAAWjogACRaZ0JrZFpTb0FIHTcIOEJxOhAAAHM6EAAAdToQAAB3OhAAAHk6EAAMMEFHdEGMADI6GAAANDoQAAA2OhAAADg6EAAcLUFHX0JvQUMdrQxfQVlnNhAAAFo6IAAAWjogAABhOiAAAGE6IAAAYjogAABiOiAAAGM6IAAAYzogAABkOiAAAGQ6IAAAZTogAABlOiAAAGY6IAAAZjogAARZQS4xAiEANhAAAFo6IAAAWjogAABhOiAAAGE6IAAAYjogAABiOiAAAGM6IAAAYzogAABkOiAAAGQ6IAAAZTogAABlOiAAAGY6IAAAZjogAAhZQUU6AAI2EAAAWjogAABaOiAAAGE6IAAAYTogAABiOiAAAGI6IAAAYzogAABjOiAAAGQ6IAAAZDogAABlOiAAAGU6IAAAZjogAABmOiAACFlBRjoAATYQAABaOiAAAFo6IABMYklFQ2dqUTlPY0pFTXVGcGczQkKhMw0BBHlRpUEJARhOZ0VBUEVFCQ0BAWBDSUJjVXBrQVh4dkRHWUJlZUJ2SVVCcVFVAR0gQUFBRHdQN0VGAQoJAQhEQkIdTwB5BSgcQkFFNlBuUDkyKAAAWhUoyFBBXzRBWGpCZkFGaDlLb0NmZ0ZtNF9nQVlJR0EwZENVSWdHQUpBR0FaZ0dBS0VHbXBtWgECLDJULW9CZ1N5QmlRSgl8BQEAUgUGCQEAWgkHBQEAaAUGBQFIQzRCZ28umgKZASFoUm41VmdpQjJdBzhQTFRsd0VnQUNnQU1acVoBbRRtZGtfT2cuYQZAZEFsekJKbjZ1dDJGOTI2ajkdeQBCHXkAQh15BEJwBYAFAQRCeAUHBQEQQjRBSWs1lPDQOEQ4LtgCAOACm4VO6gIRaHR0cHM6Ly9rcmVzeS5wbC-AAwCIAwGQAwCYAxegAwGqAwDAA6wCyAMA2AOR1lLgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQOMjE3LjExNC4yMTguMjeoBACyBBAIABABGMoHIPoBKAAwADgCuAQAwAQAyAQA0gQNOTc3I0ZSQTE6NTMxN9oEAggB4AQB8ATJibbDAYgFAZgFAKAF____________AcAFAMkFAAAAAAAA8D_SBQkJAAAJDrDYBQHgBQHwBSf6BQQIABAAkAYAmAYAogYPMTAyNjQjRlJBMTo1MTk3uAYAwQYJMyjwP9AG5QLaBhYKEAkRGQFcEAAYAOAGAfIGggEI8bwxEnxXaFBYRFZrIVDYREFBa0NCUUVJbjVqUUJSRHNnTTRCR0syeFlDQUhLQUJBb05TNUFramM5ZlFEVUpjd1dNMG9jUQE7CQEQZUFDQkFdx0xpQUVBa0FFQW1nRUNDQUNvQVFDeC4gAESABwGIBwCgBwHIB9XXBdIHDQkRqQGnCNoHBgHwcBgA4AcA6gcCCADwB-fZAooIAhAAlQgAAIA_mAgB&s=2f3fb7b57055cc61a6c2685b69f644baa1a76028&type=nv&nvt=5&jm=1003&sid=7403146411521057559&vd=ct~0|rr~0&sv=231&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=22885805&cid=3&cr=nv&sw=1600&sh=1200&pw=970&ph=250&ww=970&wh=250&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/231/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:30 GMT
AN-X-Request-Uuid: 9f882d0f-286e-480a-934f-0f6e4fb8a784
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK vevent
fra1-ib.adnxs.com/ Frame D424 0
953 B 21ms
21ms Ping
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QKbDPBMGwYAAAMA1gAFAQiwz-qdBhD5mP67--yR-mMYrtKEspaDxZIcKjYJ9jsUBfpEfj8RQKJoqtfQdT8ZAAAAgOtRyD8hQKJoqtfQdT8p-DsJJNgxAAAAQOF6lD8w4-v0CjiYUEDRB0gCUIWNtsMBWPLTlwFgAGj0-7QBeN6HBoABAYoBA1VTRJIBAQbwTJgBrAKgAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEAigJpdWYoJ2EnLCAzNjcxOTYzLCAwKTt1ZignaScsIDc3NzY4MzMsIDApBRQsZycsIDE5NTQwMjMxFSkwcycsIDI3OTkwNDQ4NxUWMHInLCA0MDk4MzEwNDUFFvCwkgLtBCFMSG96QlFpQjRQOFpFSVdOdHNNQkdBQWc4dE9YQVRBQk9BQkFBRWpSQjFEajZfUUtXQUJncmdab0FIQUFlQUNBQVFDSUFRQ1FBUUdZQVFHZ0FRS29BUUt3QVFDNUFaX0RfYmdLQlhrX3dRRVplRXdfWVVGLVA4a0JBQUFBQUFBQThEX1pBWi1ycmRoZmR1b180QUhCMU5vRDlRSE56TXctbUFJQW9BSUN0UUlBATMIdlFJAQfwWEF3QUlBeUFJQTBBSUEyQUlBNEFJQTZBSUEtQUlBZ0FNQm1BTUJvZ01PQ0txYjlDY1FCQmdCTGFhQlRUcWlBeE1JNnZQc0p4QUtHQUV0QUFDQVFESURkVzVyBTQwSmF2dUNZUUN4Z0NMUQFv8ENDNkF3bEdVa0V4T2pZMU56ZmdBNWN3Z0FUSWhORUppQVRnbl93SmtBUUJtQVFFc2dRS0NORDA1d2tReTRXbURjRUVBQQFIAQEIREpCAQcNARQyQVFBOFEFZQkBXElnRnNUT1FCZkc4TVpnRjU0RzhoUUdwQhEjFFBBX3NRVQksAQEITUVGAQcJAQRESgUoHEVBVG8tY18wLigABE5rFSjwQzhEX2dCZU1GOEFXSDBxZ0otQVdiai1BQmdnWURSMEpRaUFZQWtBWUJtQVlBb1FhYW1abVptWm5aUDZnR0JMSUdKQWtBCXAMQUFBQh3bBEJrARIJAQBDHRhETGdHQ2cuLpoCmQEhVGhtNFB3OnECNFBMVGx3RWdBQ2dBTVpxBW8UbWRrX09nLnUBRGRBbHpCSm42dXQyRjkyNmo5UglqAQEEQloBBgkBBEJoCQgBAQRCcAEGCQEEQngJCAEBEEI0QUlrNYjw0DhEOC7YAgDgApuFTuoCEWh0dHBzOi8va3Jlc3kucGwvgAMAiAMBkAMAmAMXoAMBqgMAwAOsAsgDANgDkdZS4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDjIxNy4xMTQuMjE4LjI3qAQAsgQQCAAQARisAiD6ASgAMAA4ArgEAMAEAMgEANIEDTk3NyNGUkExOjY1NzfaBAIIAeAEAfAEhY22wwGIBQGYBQCgBf___________wHABQDJBQAAAAAAAPA_0gUJCQAACQ6w2AUB4AUB8AUn-gUECAAQAJAGAJgGAKIGDzEwMjY0I0ZSQTE6NTE5OLgGAMEGCTMo8D_QBuUC2gYWChAJERkBWBAAGADgBgHyBoIBCPG8MRJ8YnhQZUVsJfPYREFBa0NCUUVJbjVqUUJSRHNnTTRCR0syeFlDQUhLQlJBb05TNUFramM5ZlFEVUpjd1dNNG9jUSGKCQEQZUFDQkFR41hBQUFpQUVBa0FFQW1nRUNDQUNvQVFDeC4gAESABwGIBwCgBwHIB96HBtIHDQkRqQGnCNoHBgHwcBgA4AcA6gcCCADwB-fZAooIAhAAlQgAAIA_mAgB&s=6fd020c5c480762bb953fb79d8996c6d164ea2d8&type=nv&nvt=5&jm=1003&px=0&py=168&bw=300&bh=82&sid=7403146411521057559&vd=ct~0|rr~0&sv=231&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=22885859&cid=3&cr=nv&sw=1600&sh=1200&pw=300&ph=250&ww=300&wh=250&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/231/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:30 GMT
AN-X-Request-Uuid: 8bc2d6aa-dfdd-4e8f-972b-f430b2509385
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame A419 52 KB
17 KB 21ms
20ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=2030592
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=ltbniayio&e=1977672056027
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 17772
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Sun, 08 Jan 2023 11:23:30 GMT
ETag: W/"623de86a-cf34"
Expires: Sun, 01 Jan 2023 17:03:48 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 7, 236617
X-Served-By: cache-lga13626-LGA, cache-hhn-etou8220061-HHN
X-Timer: S1673177010.459763,VS0,VE0

GET
H/1.1 200
OK rd_log Show response
fra1-ib.adnxs.com/ Frame C098 0
934 B 26ms
25ms Script
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QLiDPBMYgYAAAMA1gAFAQiwz-qdBhDaqKeCj7r9kSEYrtKEspaDxZIcKjYJ34RCBBxChT8RGIHqROavfz8ZAAAAgOtRyD8hGIHqROavfz8p4IQJJNgxAAAAQOF6lD8w4-v0CjiYUEDqP0gCUJ2B86UBWPLTlwFgAGj0-7QBeNyEBoABAYoBA1VTRJIBAQbwTJgBrAKgAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEAigJTdWYoJ2EnLCAyOTM4Nzk1LCAwKTt1ZignaScsIDQ4MjMyOTksIDApBRQsZycsIDEyNzI0NjM5FSkwcicsIDM0NzkxNDM5NwUW8IuSAqUEIV8yV1pkZ2pZMmRNVkVKMkI4NlVCR0FBZzh0T1hBVEFBT0FCQUFFanFQMURqNl9RS1dBQmdyZ1pvQUhBQWVBQ0FBUUNJQVFDUUFRR1lBUUdnQVFHb0FRR3dBUUM1QVUtRGlIdERRWVVfd1FGUGc0aDdRMEdGUDhrQkFBQUFBQUFBOERfWkFRQQkOdFBBXzRBR0RzcVlDOVFITnpNdzltQUlBb0FJQnRRSQUkAHYNCPBbd0FJQXlBSUEwQUlBMkFJQTRBSUE2QUlBLUFJQWdBTUJtQU1CdWdNSlJsSkJNVG8yTkRBMjRBT1hNSUFFaU5mRkJJZ0VoWmZMQkpBRUFaZ0VBYm9FR2dpRkJCRUEFaRRBRFFQeGsJCwEBJENDQ3hvc093UVEBDgBBBSAIOGtFAQoJARhEWUJBRHhCCQ0FARxpQVdHTXFrRgUNBewILXhCET8gQUFBd1FXYW1aBQIINVA4CSgcZ0pPUnVqX1IuKAAIMlFVAS8BdMB3UC1BRmpnandCWl9UaUFiNEJhdXZzd0dDQmdOVlUwU0lCZ0NRQmdHWUJnQ2hCcHFaBV4sYmtfcUFZRXNnWWtDHYAARR0MAEcdDABJHQw4dUFZS5oCmQEhNFJiRWtBOikCMFBMVGx3RWdBQ2dBTVoZbUxPZ2xHVWtFeE9qWTBNRFpBbHpCSgG_AQEMOEQ5UgEICQEEQloJCAEBBEJoAQYBAQwwRDlwAQgJAQRCeAkIAQEQQjRBSWs1ZPBAOEQ4LtgCAOACm4VO6gIRaHR0cHM6Ly9rcmVzeS5wbC_yAhEKBkFEVl9JRBIHMjkzODc5NfICEgoGQ1BHX0lEEghxJkTyAgoKBUNQX0lEEgEw8gINCggBNgxGUkVRERAcUkVNX1VTRVIFEAARCSA8Q09ERRIFMjIwNDHyAiMKCAFWBRQYFzAwazM5MAEBTG5RSldyQUFPX2RlXzXyAgsKB0NQCSUcAPICEAoFSU8BdTgHNDgyMzI5OfICHQoHSU8JIQwSMDA2DUZgcWZrMjZBQUHyAhMKD0NVU1RPTV9NT0RFTAE9FADyAhoKFjIWACBMRUFGX05BTUUBHQgeCho2HQAIQVNUAT4QSUZJRUQBIRwNCghTUExJVAFN8O0BMIADAIgDAZADAJgDF6ADAaoDAMADrALIAwDYA5HWUuADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBA4yMTcuMTE0LjIxOC4yN6gEALIEEAgAEAEYrAIg-gEoADAAOAK4BADABADIBADSBA44MTcwI0ZSQTE6NjQwNtoEAggB4AQB8ASdgfOlAYgFAZgFAKAF____________AcAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBdqdH_oFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AboKdoGFgoQAAAAAAAABRYFAXAQABgA4AYB8gYCCACABwGIBwCgBwHIB9yEBtIHDRVkASYM2gcGCAUJaOAHAOoHAggA8Afn2QKKCAIQAJUIAACAP5gIAQ..&s=ccb6e1d7ce406cc6a96f05efc2be3c0e8e9f738c&bdref=https%3A%2F%2Fkresy.pl%2F&bdtop=true&bdifs=2&bstk=https%3A%2F%2Fkresy.pl%2F,https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Dltbniayio%26e%3D1977672056027,https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Dltbniayio%26e%3D1977672056027&

Requested by

Host: guandads.com
URL: https://guandads.com/r/p.html?f=ltbniayio&e=1977672056027

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:30 GMT
AN-X-Request-Uuid: c9dc1f72-5f15-4da5-921d-805629773b01
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK vevent
fra1-ib.adnxs.com/ Frame 5C97 0
953 B 20ms
20ms Ping
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QKbDPBMGwYAAAMA1gAFAQiwz-qdBhDO3Mni_o6b0R4YrtKEspaDxZIcKjYJ9jsUBfpEfj8RQKJoqtfQdT8ZAAAAoEfhyj8hQKJoqtfQdT8p-DsJJNgxAAAA4FG4nj8wrev0CjiYUEDRB0gCUMmJtsMBWPLTlwFgAGj0-7QBePrXBYABAYoBA1VTRJIBAQbwTJgBygegAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEAigJpdWYoJ2EnLCAzNjcxOTYzLCAwKTt1ZignaScsIDc3NzY4MzMsIDApBRQsZycsIDE5NTQwMjMxFSkwcycsIDI3OTkwNDQ4NxUWLHInLCA0MDk4MzA2MAks8LCSAu0EIXVYcm1xQWlCNFA4WkVNbUp0c01CR0FBZzh0T1hBVEFCT0FCQUFFalJCMUN0Nl9RS1dBQmdyZ1pvQUhBQWVBQ0FBUUNJQVFDUUFRR1lBUUdnQVFLb0FRS3dBUUM1QVpfRF9iZ0tCWGtfd1FFWmVFd19ZVUYtUDhrQkFBQUFBQUFBOERfWkFaLXJyZGhmZHVvXzRBSEIxTm9EOVFITnpNdy1tQUlBb0FJQ3RRSUEBMwh2UUkBB_BYQXdBSUF5QUlBMEFJQTJBSUE0QUlBNkFJQS1BSUFnQU1CbUFNQm9nTU9DS3FiOUNjUUJCZ0JMVy1zM2pxaUF4TUk2dlBzSnhBS0dBRXRBQUNBUURJRGRXNXIFNDBKYXZ1Q1lRQ3hnQ0xRAW_wQ0M2QXdsR1VrRXhPalV6TWpEZ0E1Y3dnQVRJaE5FSmlBVGduX3dKa0FRQm1BUUVzZ1FLQ05EMDV3a1F5NFdtRGNFRUFBAUgBAQhESkIBBw0BFDJBUUE4UQVlCQFcSWdGeUNtUUJmRzhNWmdGNTRHOGhRR3BCESMUUEFfc1FVCSwBAQhNRUYBBwkBBERKBSgcRUFUby1jXzAuKAAETmsVKPBDOERfZ0JlTUY4QVdIMHFnSi1BV2JqLUFCZ2dZRFIwSlFpQVlBa0FZQm1BWUFvUWFhbVptWm1ablpQNmdHQkxJR0pBa0EJcAxBQUFCHdsEQmsBEgkBAEMdGERMZ0dDZy4umgKZASFmeGxXVlE6cQI0UExUbHdFZ0FDZ0FNWnEFbxRtZGtfT2cudQFEQkFsekJKbjZ1dDJGOTI2ajlSCWoBAQRCWgEGCQEEQmgJCAEBBEJwAQYJAQRCeAkIAQEQQjRBSWs1iPDQOEQ4LtgCAOACm4VO6gIRaHR0cHM6Ly9rcmVzeS5wbC-AAwCIAwGQAwCYAxegAwGqAwDAA6wCyAMA2AOR1lLgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQOMjE3LjExNC4yMTguMjeoBACyBBAIABABGMoHIPoBKAAwADgCuAQAwAQAyAQA0gQNOTc3I0ZSQTE6NTMyMNoEAggB4AQB8ATJibbDAYgFAZgFAKAF____________AcAFAMkFAAAAAAAA8D_SBQkJAAAJDrDYBQHgBQHwBSf6BQQIABAAkAYAmAYAogYPMTAyNjQjRlJBMTo1Njc1uAYAwQYJMyjwP9AG5QLaBhYKEAkRGQFYEAAYAOAGAfIGggEI8bwxEnxQQk5SQ0Yl89hEQUFrQ0JRRUluNWpRQlJEc2dNNEJHSzJ4WUNBSEtBQkFvTlM1QWtqYzlmUURVSmN3V0tzc2NRIYoJARBlQUNCQVHjWEFBQWlBRUFrQUVBbWdFQ0NBQ29BUUN4LiAARIAHAYgHAKAHAcgH-tcF0gcNCRGpAacI2gcGAfBwGADgBwDqBwIIAPAH59kCiggCEACVCAAAgD-YCAE.&s=06b9ccbd3bd7af4286475cf6ce7e8fcbf93cb736&type=nv&nvt=5&jm=1003&sid=7403146411521057559&vd=ct~0|rr~0&sv=231&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=22885805&cid=3&cr=nv&sw=1600&sh=1200&pw=970&ph=250&ww=970&wh=250&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/231/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:30 GMT
AN-X-Request-Uuid: ba5f257c-47f1-4d60-91f7-98be52536dee
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 124C 42 B
64 B 131ms
130ms Fetch
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvz46BbidW3dwQttA4onS8gNXkj3fncrxI1pef2ISi1Td3p9I_CDxe3o0uNYHW5iGnmKUxiwa9RkzemNpBOaQk0Pkd9Vx_nudwTn1g1FGqCfrZtERXh1iWeta1qXdB7TmllT-1Hww&sai=AMfl-YRTseTVYsRb-I5A1b2Ti-kcfpevuD-lCc7hh49xjWanRd7DMO0PAnZjNoOMxHfThaboCVHqRUNSPvTD_1k&sig=Cg0ArKJSzN91B7krzV3tEAE&cid=CAQSGwDq26N9hJPvX525jG2qdmc99wf1oMTwXdpYvRgBIAo&id=lidar2&mcvt=1130&p=0,0,250,970&mtos=1130,1130,1130,1130,1130&tos=1130,0,0,0,0&v=20230105&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=4122043605&rs=5&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1673177008544&rpt=728&met=mue&wmsd=0&pbe=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ca Show response
choices.truste.com/ Frame C098 28 KB
9 KB 119ms
119ms Script
text/javascript 143.204.215.88
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://choices.truste.com/ca?pid=sojern01&aid=sojern02&cid=27432037&js=st0

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.88 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-88.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

d902095fedb70c98ef504ef4124ea8e19e5bab24581c549c955f82a8d071a2b6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' ; font-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' ; frame-ancestors 'self' ; connect-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; media-src 'self' ; child-src 'self' ; worker-src 'self' ; manifest-src 'self' ; prefetch-src 'self' ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 511c8b6c7e903efca023a504d527516a.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *; prefetch-src 'self' *;
x-amz-cf-pop: FRA53-C1
cross-origin-embedder-policy: unsafe-none
x-cache: Miss from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 8030
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: origin
server: nginx
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=31536000
x-frame-options: SAMEORIGIN
vary: Accept-Encoding, Origin
content-type: text/javascript;charset=UTF-8
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: geolocation=(), microphone=(), payment=()
x-amz-cf-id: qxgFfGeEidBeRqL6--fcDU0VCPzA3aQwVnST3aefuLXfUlZTY9W_jw==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C098 156 KB
48 KB 33ms
32ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e7e65f5432de604cdf476d9ad55a2af5a933c715c639e4c36847023a3446f1ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48907
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1672933789069018"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 08 Jan 2023 11:23:30 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/5702536393117632765/ Frame 2CE4 18 KB
4 KB 22ms
22ms Document
text/html 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/5702536393117632765/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c413abebd13289f215d61d2da266a20ff91001195265f50f6641613cc8033f98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 62050
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 4501
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sat, 07 Jan 2023 18:09:20 GMT
expires: Sun, 07 Jan 2024 18:09:20 GMT
last-modified: Thu, 19 May 2022 16:46:41 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame C098 0
0 59ms
59ms Fetch
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst8J640wuF-OpkKPEqGGaDBLYv86_sLDpS_jP7Fu4q8LYPGHL24Ewqb9tPqieBMRw4BcJUKhXsJ_SmrQbcZVytuBKZFE9P01DrZOgN5VD99iWZy93MxXG_pUtGo0riTsgdYAGtdLOGni8KumntNOgI&sai=AMfl-YQYJNvJireqbgU1oZYlPCiLrGP-sqlZxxn1x8DMbqlJ1BQ0TMCHRSIfnwJnNDUb08o4c-S4VULTruuC-KLebRQMZO_-TZ25O16uBoSU&sig=Cg0ArKJSzP_dsrgvLnb-EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=553&cbvp=1&cstd=551&cisv=r20230104.79146&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:30 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 08 Jan 2023 11:23:30 GMT

GET
H3 200 dcm
beacon.sojern.com/imp/ Frame C098 42 B
56 B 53ms
31ms Image
image/gif 107.178.244.119
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.sojern.com/imp/dcm?auc=2388022505169867866&io=${INSERTION_ORDER_ID}&li=${CAMPAIGN_ID}&cr=347914397&io=${INSERTION_ORDER_ID}&seg=${PIXEL_ID_COMMA}&src=${SOURCE_URL}&ord=%c
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=ltbniayio&e=1977672056027
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 107.178.244.119 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 119.244.178.107.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

p3p: policyref="/w3c/p3p.xml", CP="ADMa OUR IND DSP NON LAW"
date: Sun, 08 Jan 2023 11:23:30 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
vary: Accept-Encoding
content-type: image/gif

POST
H/1.1 200
OK vevent
fra1-ib.adnxs.com/ Frame 55AC 0
953 B 20ms
19ms Ping
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QKbDPBMGwYAAAMA1gAFAQiwz-qdBhCFtcyM9smFixsYrtKEspaDxZIcKjYJ9jsUBfpEfj8RQKJoqtfQdT8ZAAAAoEfhyj8hQKJoqtfQdT8p-DsJJNgxAAAA4FG4nj8wrev0CjiYUEDRB0gCUMmJtsMBWPLTlwFgAGj0-7QBeLrZBYABAYoBA1VTRJIBAQbwTJgBygegAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEAigJpdWYoJ2EnLCAzNjcxOTYzLCAwKTt1ZignaScsIDc3NzY4MzMsIDApBRQsZycsIDE5NTQwMjMxFSkwcycsIDI3OTkwNDQ4NxUWLHInLCA0MDk4MzA2MAks8LCSAu0EIWxIcjRsUWlCNFA4WkVNbUp0c01CR0FBZzh0T1hBVEFCT0FCQUFFalJCMUN0Nl9RS1dBQmdyZ1pvQUhBQWVBQ0FBUUNJQVFDUUFRR1lBUUdnQVFLb0FRS3dBUUM1QVpfRF9iZ0tCWGtfd1FFWmVFd19ZVUYtUDhrQkFBQUFBQUFBOERfWkFaLXJyZGhmZHVvXzRBSEIxTm9EOVFITnpNdy1tQUlBb0FJQ3RRSUEBMwh2UUkBB_BYQXdBSUF5QUlBMEFJQTJBSUE0QUlBNkFJQS1BSUFnQU1CbUFNQm9nTU9DS3FiOUNjUUJCZ0JMVy1zM2pxaUF4TUk2dlBzSnhBS0dBRXRBQUNBUURJRGRXNXIFNDBKYXZ1Q1lRQ3hnQ0xRAW_wQ0M2QXdsR1VrRXhPalUzTnpiZ0E1Y3dnQVRJaE5FSmlBVGduX3dKa0FRQm1BUUVzZ1FLQ05EMDV3a1F5NFdtRGNFRUFBAUgBAQhESkIBBw0BFDJBUUE4UQVlCQFcSWdGa0MyUUJmRzhNWmdGNTRHOGhRR3BCESMUUEFfc1FVCSwBAQhNRUYBBwkBBERKBSgcRUFUby1jXzAuKAAETmsVKPBDOERfZ0JlTUY4QVdIMHFnSi1BV2JqLUFCZ2dZRFIwSlFpQVlBa0FZQm1BWUFvUWFhbVptWm1ablpQNmdHQkxJR0pBa0EJcAxBQUFCHdsEQmsBEgkBAEMdGEBMZ0dDZy4umgKZASFqaGw5Vz5xAjRQTFRsd0VnQUNnQU1acQVvFG1ka19PZy51AURaQWx6QkpuNnV0MkY5MjZqOVIJagEBBEJaAQYJAQRCaAkIAQEEQnABBgkBBEJ4CQgBARBCNEFJazWI8NA4RDgu2AIA4AKbhU7qAhFodHRwczovL2tyZXN5LnBsL4ADAIgDAZADAJgDF6ADAaoDAMADrALIAwDYA5HWUuADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBA4yMTcuMTE0LjIxOC4yN6gEALIEEAgAEAEYygcg-gEoADAAOAK4BADABADIBADSBA05NzcjRlJBMTo1Nzc22gQCCAHgBAHwBMmJtsMBiAUBmAUAoAX___________8BwAUAyQUAAAAAAADwP9IFCQkAAAkOsNgFAeAFAfAFJ_oFBAgAEACQBgCYBgCiBg8xMDI2NCNGUkExOjU2ODe4BgDBBgkzKPA_0AblAtoGFgoQCREZAVgQABgA4AYB8gaCAQjxvDESfFNCT0ZDbCXz2ERBQWtDQlFFSW41alFCUkRzZ000QkdLMnhZQ0FIS0FCQW9OUzVBa2pjOWZRRFVKY3dXTGNzY1EhigkBEGVBQ0JBUeNYQUFBaUFFQWtBRUFtZ0VDQ0FDb0FRQ3guIABEgAcBiAcAoAcByAe62QXSBw0JEakBpwjaBwYB8HAYAOAHAOoHAggA8Afn2QKKCAIQAJUIAACAP5gIAQ..&s=053fdf31124fa940a902e7edb2ef919684c63695&type=nv&nvt=5&jm=1003&sid=7403146411521057559&vd=ct~0|rr~0&sv=231&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=22885805&cid=3&cr=nv&sw=1600&sh=1200&pw=970&ph=250&ww=970&wh=250&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/231/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:30 GMT
AN-X-Request-Uuid: 692a8312-d92b-4b56-b140-3855689db5a2
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 action
track.scoota.co/ Frame 0ABF 42 B
123 B 44ms
44ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177010520&bid_id=3605273051021679518&delivery_id=9fb09995-9bdb-4590-9bdc-da93d9cb4c8f&placement_id=31881&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27938&creative_version=17&action=p0&object_type=video&object_id=34
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=dtbuvkzau&e=1250011214715
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: bc0fb7bc87f970de824431f542bf39aa
date: Sun, 08 Jan 2023 11:23:30 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

POST
H/1.1 200
OK vevent
fra1-ib.adnxs.com/ Frame 85AA 0
953 B 26ms
25ms Ping
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QKYC_BMmAUAAAMA1gAFAQiwz-qdBhD8kIL9vcLbrHsYrtKEspaDxZIcKjYJjPM3oRABlz8RzyBw6iTXkj8ZAAAAgOtRyD8hzyBw6iTXkj8pjPMJJNgxAAAAQOF6lD8w4-v0CjiYUEC8CUhlUNbCqsMBWPLTlwFgAGj0-7QBeJuIBoABAYoBA1VTRJIBAQbwVZgBrAKgAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKbhU7qAhFodHRwczovL2tyZXN5LnBsL4ADAIgDAZADAJgDF6ADAaoDiQcK0gZoDSf0rARhZHguZy5kb3VibGVjbGljay5uZXQvcGFnZWFkL2Fkdmlldz9haT1DeVdnaXNLZTZZOFhZSlliQnpRYmdyN3JJRE5lcmthRnVvSW5uOVpzUi1DNFFBU0RtbDlZbFlKV0NnSUNzQjhnQkFxa0NQSk5GQk1yYnNUNm9Bd0hJQTVrRXFnU0NBa19ROTA3cVk2QmdiUDhjUFc3YkZrQVNCUVZ3VHJ3ZVZZNGUydUVmVmMwNnFFMFhfcmNjZzRNa1dGZ0dYaWhCODBwXzBCZFN4NUxsaTVZZDdTcVlCb0RoZEVWZ1NCSndzdm8wSlNjT3Z0MUFmNVRDTW5YcnAtSEtrcC16aUQxclRxT2dJSXp2OGpadG9RTkRZR3dKWTlTZkQwY2VxblRPRmJIejYwOXJtcEhrVWNzSTdBMjhZUDM3T1Njai12anUxZ282SmZ3cmlJYVRsQnVpem5VSEFla2NxTHdHbUhjdXQ0aXpPVnhxcHhrLU5wOFQzLXNoS3FJMU9BaWVnQy1QRmlWOENBemx3Wlp5d0RmQXZLVzZwb013Zkd0YkhOMTFOQVpYRDFaRUtkUm9RQjdjT0xyYmZ0ZGtoN0l4WGtydGx1a1JzNXpKNDdyNUhxTTg4Uzl5RHFUeVRNQUVxSlNoOFlvRTRBUURpQVhrX19lYlFaSUZCZ2dkRUFRWUFaSUZCZ2dkRUFFWUFaSUZCZ2dlRUFFWUFaQUdBYUFHQW9BSDE3dTB4QUdvQjQ3T0c2Z0hrOWdicUFmdWxyRUNxQWYtbnJFQ3FBZWtvN0VDcUFmVnlSdW9CNmEtRzlnSEFQSUhDaERCcndFWWlPdUszUUhTQ0JFSWdPR0FFQkFCR0Y4eUFxb0NPZ0tBUVBJSURtSnBaR1JsY2kwMU56UXpNRFU0Z0FvRXlBc0JzQk9janVZUnlCUGxnOFBnQTlBVEFOZ1RFTmdVQWRBVkFZQVhBYklYQ0FvR0NBQVNBQmdBJnNpZ2g9dzhnTEFGbXR5ZWsmdWFjaF9tPVtVQUNIXSZjaWQ9Q0FRU0d3RHEyNk45MnhfOHRZQndkRHFmS0VrR0twV0xoV3pKNVR2SHhSZ0JJQW8mcHI9MTA6JHtBVUNUSU9OX1BSSUNFfRoTODg4ODI1NjM3MTIyNzY1ODM2NCIJNDA5NjQxMzAyKgc1NjI1MDMzOgk0NjM2NDgxMzbAA6wCyAMA2AOR1lLgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQOMjE3LjExNC4yMTguMjeoBACyBBAIABABGKwCIPoBKAAwADgCuAQAwAQAyAQA2gQCCAHgBAHwBNbCqsMBiAUBmAUAoAXZ7vqj4Lq_6RXABQDJBQAAAAAAAPA_0gUJCQAAAAAAAAAA2AUB4AUB8AXThQH6BQQIABAAkAYAmAYAuAYAwQYAAAAAAADwP9AGwosB2gYWChAAAAAAAAAAAAAAAAAAAAAAEAAYAOAGAfIGAggAgAcBiAcAoAcBqgcLMTc1MDY4OTM3OTbIB5uIBtIHDQkAAAAAAAAAABAAGADaBwYIABAAGADgBwDqBwIIAPAH59kCiggCEACVCAAAgD-YCAE.&s=e11c525eedabbb78b4435ee3c3b9d79624c4e07d&type=pv&jm=1003&px=0&py=0&bw=300&bh=250&sf=1&sid=7403146411521057559&vd=ct~0|rr~5&sv=231&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=22885859&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/231/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:30 GMT
AN-X-Request-Uuid: a62a1050-7da5-4930-b8c8-5f18d1be6c3b
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 COMMON.css
c.evidon.com/a/ Frame 5C97 2 KB
984 B 29ms
28ms Stylesheet
text/css 23.2.214.109
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/a/COMMON.css?r=0.27701213932526025
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/geo/ba.js?r221006
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.2.214.109 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-214-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: a3c92e8d35e4e636238e577da8cd44aaf8dd699b719e4125ba0029330edf6907

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:30 GMT
content-encoding: gzip
last-modified: Thu, 02 Feb 2017 16:26:10 GMT
server: AkamaiNetStorage
etag: "c3cc19ce8230df99c7835decc2d79ee8:1486052770"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: text/css
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
accept-ranges: bytes
access-control-allow-headers: *
content-length: 715

GET
H2 200 box_19_top-right.png
c.evidon.com/icon/ Frame 5C97 109 B
400 B 29ms
28ms Image
image/png 23.2.214.109
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.evidon.com/icon/box_19_top-right.png
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.2.214.109 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-214-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5c99dc27d465b2f8425daee704098e7335a880b4c757bfdded09721b9054d64d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:30 GMT
content-encoding: gzip
last-modified: Wed, 06 Feb 2013 22:25:18 GMT
server: AkamaiNetStorage
etag: "8c7c476ac28727b21040351fa3006c59:1360189518"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: image/png
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
cache-control: max-age=432000
accept-ranges: bytes
access-control-allow-headers: *
content-length: 118

GET
H2 200 ci.png
c.evidon.com/icon/ Frame 5C97 581 B
888 B 29ms
28ms Image
image/png 23.2.214.109
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.evidon.com/icon/ci.png
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.2.214.109 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-214-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 528b6b3e8edb272a61e1d3b10f11af0d241680684143fb5339fa2758a3e65187

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:30 GMT
content-encoding: gzip
last-modified: Wed, 06 Feb 2013 22:25:44 GMT
server: AkamaiNetStorage
etag: "2697f4b848d2400cd051312585a6bf42:1360189544"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: image/png
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
cache-control: max-age=432000
accept-ranges: bytes
access-control-allow-headers: *
content-length: 604

GET
H2 204 pixel.gif
l.betrad.com/ct/0_0_0_153615/de/0/1/0/0/0/0/970/250/242/1267/0/ Frame 5C97 0
121 B 344ms
112ms Image
text/plain 3.212.145.252
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://l.betrad.com/ct/0_0_0_153615/de/0/1/0/0/0/0/970/250/242/1267/0/pixel.gif?v=2_1&ttid=2&d=guandads.com&r=0.9083238355161636
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.212.145.252 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-212-145-252.compute-1.amazonaws.com
Software: / Express
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:30 GMT
content-encoding: gzip
x-powered-by: Express
etag: W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
vary: Accept-Encoding

POST
H/1.1 200
OK vevent
fra1-ib.adnxs.com/ Frame 3382 0
953 B 21ms
20ms Ping
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QKbDPBMGwYAAAMA1gAFAQiwz-qdBhD36Pas_7OTtWYYrtKEspaDxZIcKjYJ9jsUBfpEfj8RQKJoqtfQdT8ZAAAAoEfhyj8hQKJoqtfQdT8p-DsJJNgxAAAA4FG4nj8wrev0CjiYUEDRB0gCUMmJtsMBWPLTlwFgAGj0-7QBeK3YBYABAYoBA1VTRJIBAQbwTJgBygegAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEAigJpdWYoJ2EnLCAzNjcxOTYzLCAwKTt1ZignaScsIDc3NzY4MzMsIDApBRQsZycsIDE5NTQwMjMxFSkwcycsIDI3OTkwNDQ4NxUWLHInLCA0MDk4MzA2MAks8LCSAu0EIWpYcmVrUWlCNFA4WkVNbUp0c01CR0FBZzh0T1hBVEFCT0FCQUFFalJCMUN0Nl9RS1dBQmdyZ1pvQUhBQWVBQ0FBUUNJQVFDUUFRR1lBUUdnQVFLb0FRS3dBUUM1QVpfRF9iZ0tCWGtfd1FFWmVFd19ZVUYtUDhrQkFBQUFBQUFBOERfWkFaLXJyZGhmZHVvXzRBSEIxTm9EOVFITnpNdy1tQUlBb0FJQ3RRSUEBMwh2UUkBB_BYQXdBSUF5QUlBMEFJQTJBSUE0QUlBNkFJQS1BSUFnQU1CbUFNQm9nTU9DS3FiOUNjUUJCZ0JMVy1zM2pxaUF4TUk2dlBzSnhBS0dBRXRBQUNBUURJRGRXNXIFNDBKYXZ1Q1lRQ3hnQ0xRAW_wQ0M2QXdsR1VrRXhPalUzTmpqZ0E1Y3dnQVRJaE5FSmlBVGduX3dKa0FRQm1BUUVzZ1FLQ05EMDV3a1F5NFdtRGNFRUFBAUgBAQhESkIBBw0BFDJBUUE4UQVlCQFcSWdGaUMyUUJmRzhNWmdGNTRHOGhRR3BCESMUUEFfc1FVCSwBAQhNRUYBBwkBBERKBSgcRUFUby1jXzAuKAAETmsVKPBDOERfZ0JlTUY4QVdIMHFnSi1BV2JqLUFCZ2dZRFIwSlFpQVlBa0FZQm1BWUFvUWFhbVptWm1ablpQNmdHQkxJR0pBa0EJcAxBQUFCHdsEQmsBEgkBAEMdGEBMZ0dDZy4umgKZASFqeG5DVz5xAjRQTFRsd0VnQUNnQU1acQVvFG1ka19PZy51AURoQWx6QkpuNnV0MkY5MjZqOVIJagEBBEJaAQYJAQRCaAkIAQEEQnABBgkBBEJ4CQgBARBCNEFJazWI8NA4RDgu2AIA4AKbhU7qAhFodHRwczovL2tyZXN5LnBsL4ADAIgDAZADAJgDF6ADAaoDAMADrALIAwDYA5HWUuADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBA4yMTcuMTE0LjIxOC4yN6gEALIEEAgAEAEYygcg-gEoADAAOAK4BADABADIBADSBA05NzcjRlJBMTo1NzY42gQCCAHgBAHwBMmJtsMBiAUBmAUAoAX___________8BwAUAyQUAAAAAAADwP9IFCQkAAAkOsNgFAeAFAfAFJ_oFBAgAEACQBgCYBgCiBg8xMDI2NCNGUkExOjU3Nzm4BgDBBgkzKPA_0AblAtoGFgoQCREZAVgQABgA4AYB8gaCAQjxvDESfEpSTVhCRiXz2ERBQWtDQlFFSW41alFCUkRzZ000QkdLMnhZQ0FIS0FCQW9OUzVBa2pjOWZRRFVKY3dXSk10Y1EhigkBEGVBQ0JBUeNYQUFBaUFFQWtBRUFtZ0VDQ0FDb0FRQ3guIABEgAcBiAcAoAcByAet2AXSBw0JEakBpwjaBwYB8HAYAOAHAOoHAggA8Afn2QKKCAIQAJUIAACAP5gIAQ..&s=9a9ffd2fc78cc6074e9467d90033b9d0475ad25f&type=nv&nvt=5&jm=1003&sid=7403146411521057559&vd=ct~0|rr~0&sv=231&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=22885805&cid=3&cr=nv&sw=1600&sh=1200&pw=970&ph=250&ww=970&wh=250&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/231/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:30 GMT
AN-X-Request-Uuid: 41711804-bf21-451b-8b49-5c17da1ea835
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 OU_aD-3-G2pcaJqwlUagl315JVS_daCE4k47Wxj7Xso.js Show response
pagead2.googlesyndication.com/bg/ Frame 8FED 36 KB
16 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/OU_aD-3-G2pcaJqwlUagl315JVS_daCE4k47Wxj7Xso.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

394fda0fedfe1b6a5c689ab09546a0977d792554bf75a084e24e3b5b18fb5eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 20:26:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 53817
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16095
x-xss-protection: 0
last-modified: Tue, 03 Jan 2023 14:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 07 Jan 2024 20:26:33 GMT

POST
H/1.1 200
OK vevent
fra1-ib.adnxs.com/ Frame 0ABF 0
953 B 23ms
23ms Ping
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QKfDPBMHwYAAAMA1gAFAQiwz-qdBhCet76j0JeghDIYrtKEspaDxZIcKjYJ9jsUBfpEfj8RQKJoqtfQdT8ZAAAAgOtRyD8hQKJoqtfQdT8p-DsJJNgxAAAAQOF6lD8w4-v0CjiYUEDRB0gCUIWNtsMBWPLTlwFgAGj0-7QBeL3YBYABAYoBA1VTRJIBAQbwTJgBrAKgAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEAigJpdWYoJ2EnLCAzNjcxOTYzLCAwKTt1ZignaScsIDc3NzY4MzMsIDApBRQsZycsIDE5NTQwMjMxFSkwcycsIDI3OTkwNDQ4NxUWMHInLCA0MDk4MzEwNDUFFvCwkgLxBCEwM29RZXdpQjRQOFpFSVdOdHNNQkdBQWc4dE9YQVRBQk9BQkFBRWpSQjFEajZfUUtXQUJncmdab0FIQUFlQUNBQVFDSUFRQ1FBUUdZQVFHZ0FRS29BUUt3QVFDNUFaX0RfYmdLQlhrX3dRRVplRXdfWVVGLVA4a0JBQUFBQUFBQThEX1pBWi1ycmRoZmR1b180QUhCMU5vRDlRSE56TXctbUFJQW9BSUN0UUlBATMIdlFJAQfwWEF3QUlBeUFJQTBBSUEyQUlBNEFJQTZBSUEtQUlBZ0FNQm1BTUJvZ01PQ0txYjlDY1FCQmdCTGFhQlRUcWlBeE1JNnZQc0p4QUtHQUV0QUFDQVFESURkVzVyBTQwSmF2dUNZUUN4Z0NMUQFv8EZDNkF3bEdVa0V4T2pVMk56VGdBNWN3Z0FUSWhORUppQVRnbl93SmtBUUJtQVFFb0FRVXNnUUtDTkQwNXdrUXk0V21EY0VFQQFLBQEIREpCBQgJARQyQVFBOFEFaQkBXElnRnFpeVFCZkc4TVpnRjU0RzhoUUdwQhEjFFBBX3NRVQksAQEITUVGAQcJAQRESgUoHEVBVG8tY18wLigABE5rFSjwQzhEX2dCZU1GOEFXSDBxZ0otQVdiai1BQmdnWURSMEpRaUFZQWtBWUJtQVlBb1FhYW1abVptWm5aUDZnR0JMSUdKQWtBCXAQQUFBQkUBBgkBBEJrCQgBAQBDHRhETGdHQ2cuLpoCmQEhU3hubFBnOnUCNFBMVGx3RWdBQ2dBTVpxBW8UbWRrX09nLnkBRFJBbHpCSm42dXQyRjkyNmo5UgFoCQEEQloJCAEBBEJoAQYJAQRCcAkIAQEEQngBBgkBEEI0QUlrNYjw0DhEOC7YAgDgApuFTuoCEWh0dHBzOi8va3Jlc3kucGwvgAMAiAMBkAMAmAMXoAMBqgMAwAOsAsgDANgDkdZS4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDjIxNy4xMTQuMjE4LjI3qAQAsgQQCAAQARisAiD6ASgAMAA4ArgEAMAEAMgEANIEDTk3NyNGUkExOjU2NzTaBAIIAeAEAfAEhY22wwGIBQGYBQCgBf___________wHABQDJBQAAAAAAAPA_0gUJCQAACQ6w2AUB4AUB8AUn-gUECAAQAJAGAJgGAKIGDzEwMjY0I0ZSQTE6NjYyNrgGAMEGCTMo8D_QBuUC2gYWChAJERkBWBAAGADgBgHyBoIBCPG8MRJ8ZWhPc0UxJfPYREFBa0NCUUVJbjVqUUJSRHNnTTRCR0syeFlDQUhLQUJBb05TNUFramM5ZlFEVUpjd1dPSXpjUSmMAQEQZUFDQkFR41hBQUFpQUVBa0FFQW1nRUNDQUNvQVFDeC4gAESABwGIBwCgBwHIB73YBdIHDQkRqQGnCNoHBgHwcBgA4AcA6gcCCADwB-fZAooIAhAAlQgAAIA_mAgB&s=154e3905282e0c287fd27cf50bf34f9e96daa2a8&type=nv&nvt=5&jm=1003&px=0&py=168&bw=300&bh=82&sid=7403146411521057559&vd=ct~0|rr~0&sv=231&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=22885859&cid=3&cr=nv&sw=1600&sh=1200&pw=300&ph=250&ww=300&wh=250&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/231/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:30 GMT
AN-X-Request-Uuid: 42ce2c1b-cd87-498a-b5c8-3fbf35b58c15
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame B8BA 42 B
64 B 128ms
128ms Fetch
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuIoiVr0Ycj14UNV5uzQhoDzovQVpCPhAbKND-8k-vl8UKOEub5EA92Ovu9VVT9iP7fV3XvmCehBOliKxuIiEQC_9XirhSLMj-pdGMd54dj980HRlewOSJBd8FRhbG2zf4MRXu6Tw&sai=AMfl-YT-rOpKstiLp45F1NFWSAPWi35ZBLF13uv3lXQ0zIkS2fnsnGSf7jIeLvQzw6WQC3bmsTJ9CL23gX2a_sY&sig=Cg0ArKJSzOFHjCExoCVMEAE&cid=CAQSGwDq26N9i0eVTMpZBT2puta9H5nY6PQAqzGerRgBIAo&id=lidar2&mcvt=1088&p=0,0,250,970&mtos=1088,1088,1088,1088,1088&tos=1088,0,0,0,0&v=20230105&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=4&adk=4122043605&rs=5&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1673177008780&rpt=688&met=mue&wmsd=0&pbe=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 OU_aD-3-G2pcaJqwlUagl315JVS_daCE4k47Wxj7Xso.js Show response
pagead2.googlesyndication.com/bg/ Frame 3E6D 36 KB
16 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/OU_aD-3-G2pcaJqwlUagl315JVS_daCE4k47Wxj7Xso.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

394fda0fedfe1b6a5c689ab09546a0977d792554bf75a084e24e3b5b18fb5eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 20:26:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 53817
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16095
x-xss-protection: 0
last-modified: Tue, 03 Jan 2023 14:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 07 Jan 2024 20:26:33 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 785B 22 KB
8 KB 22ms
21ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 111195
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 07 Jan 2023 04:30:15 GMT
expires: Sun, 07 Jan 2024 04:30:15 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 b64344c8e55cd46ed9616069b5bec411.js Show response
s0.2mdn.net/sadbundle/5702536393117632765/ Frame 2CE4 74 KB
19 KB 23ms
23ms Script
application/x-javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/5702536393117632765/b64344c8e55cd46ed9616069b5bec411.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5702536393117632765/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65c2699d839960f04dedb0f3811eab8fbf2635be1ccd2a83f18d7d0dfd443861

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5702536393117632765/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 18:09:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 62050
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19395
x-xss-protection: 0
last-modified: Thu, 19 May 2022 16:46:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 07 Jan 2024 18:09:20 GMT

GET
H2 204 ic5.php Show response
data00.adlooxtracking.com/ads/ Frame BC77 0
448 B 92ms
43ms XHR
text/plain 35.241.31.249
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://data00.adlooxtracking.com/ads/ic5.php?d1=%7B%22tag_hash%22%3A%22platform%3D12%26scriptname%3Dadl_68%26tagid%3D1233%26typejs%3Dtvaf%26fwtype%3D2%26creatype%3D2%26targetelt%3D%26custom2area%3D0%26custom2sec%3D0%22%7D&adloox_io=1&client=affectv&campagne=68&banniere=0&visite_id=38890487937&seq=0&timezone=0&js=tfav_adl_68.js&date_regen=2021-12-14%2010%3A09%3A49&plat=12&tagid=1233&fw=log&version=2&type_crea=2&sl=%22sm%22%3A%22browser%22&id1=2030592&id2=279904487&id3=409830601&id4=970x250&id5=22885805&id6=3671963&id7=10264&id8=19540231&id9=2028049306522560814&id10=7776833&id12=%24ADLOOX_WEBSITE&id13=8666453536827556983&id20=614b730&p_d=1.993&d5=1088&tc=&d3=1600x1200&d6=found-wabbit&d7=0&appname=Netscape&fai=postbid_if_1673177007588%40https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Dygqcyx%26e%3D1586314810833&iframe=1&fake=010000&resolution=1600x1200&nav_lang=en-US&debug=6%3A%20top%20%21%3D%20window%20-%3E%20GLOBAL.document.referrer%20https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Dygqcyx%26e%3D1586314810833&url_referrer=https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Dygqcyx%26e%3D1586314810833&ao=https%3A%2F%2Fguandads.com&nb_cpu=4&data=522662463ftttttttffffffttttftffffffffttttf&activetab=1
Requested by: Host: j.adlooxtracking.com
URL: https://j.adlooxtracking.com/ads/js/tfav_adl_68.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.31.249 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 249.31.241.35.bc.googleusercontent.com
Software: / PHP/7.4.33
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:30 GMT
x-route: ads-prod-674b87ddc5-jfk68
via: 1.1 google
accept-ch: UA-Arch, UA-Model, UA-Platform, UA-Platform-Version, UA-Mobile, UA, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT, Platform, Arch, Model, Mobile
x-powered-by: PHP/7.4.33
access-control-max-age: 86400
accept-ch-lifetime: 86400
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: https://guandads.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type, X-Requested-With
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: 0

GET
H2 200 COMMON.css
c.evidon.com/a/ Frame 55AC 2 KB
984 B 28ms
28ms Stylesheet
text/css 23.2.214.109
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/a/COMMON.css?r=0.5718783212083436
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/geo/ba.js?r221006
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.2.214.109 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-214-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: a3c92e8d35e4e636238e577da8cd44aaf8dd699b719e4125ba0029330edf6907

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:30 GMT
content-encoding: gzip
last-modified: Thu, 02 Feb 2017 16:26:10 GMT
server: AkamaiNetStorage
etag: "c3cc19ce8230df99c7835decc2d79ee8:1486052770"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: text/css
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
accept-ranges: bytes
access-control-allow-headers: *
content-length: 715

GET
H2 200 box_19_top-right.png
c.evidon.com/icon/ Frame 55AC 109 B
400 B 28ms
27ms Image
image/png 23.2.214.109
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.evidon.com/icon/box_19_top-right.png
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/geo/ba.js?r221006
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.2.214.109 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-214-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5c99dc27d465b2f8425daee704098e7335a880b4c757bfdded09721b9054d64d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:30 GMT
content-encoding: gzip
last-modified: Wed, 06 Feb 2013 22:25:18 GMT
server: AkamaiNetStorage
etag: "8c7c476ac28727b21040351fa3006c59:1360189518"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: image/png
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
cache-control: max-age=432000
accept-ranges: bytes
access-control-allow-headers: *
content-length: 118

GET
H2 200 ci.png
c.evidon.com/icon/ Frame 55AC 581 B
888 B 29ms
28ms Image
image/png 23.2.214.109
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.evidon.com/icon/ci.png
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/geo/ba.js?r221006
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.2.214.109 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-214-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 528b6b3e8edb272a61e1d3b10f11af0d241680684143fb5339fa2758a3e65187

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:30 GMT
content-encoding: gzip
last-modified: Wed, 06 Feb 2013 22:25:44 GMT
server: AkamaiNetStorage
etag: "2697f4b848d2400cd051312585a6bf42:1360189544"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: image/png
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
cache-control: max-age=432000
accept-ranges: bytes
access-control-allow-headers: *
content-length: 604

GET
H2 204 pixel.gif
l.betrad.com/ct/0_0_0_153615/de/0/1/0/0/0/0/970/250/242/1267/0/ Frame 55AC 0
120 B 210ms
112ms Image
text/plain 3.212.145.252
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://l.betrad.com/ct/0_0_0_153615/de/0/1/0/0/0/0/970/250/242/1267/0/pixel.gif?v=2_1&ttid=2&d=guandads.com&r=0.3281557655495697
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.212.145.252 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-212-145-252.compute-1.amazonaws.com
Software: / Express
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:30 GMT
content-encoding: gzip
x-powered-by: Express
etag: W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
vary: Accept-Encoding

GET
H2 204 ic5.php Show response
data00.adlooxtracking.com/ads/ Frame D424 0
69 B 76ms
45ms XHR
text/plain 35.241.31.249
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://data00.adlooxtracking.com/ads/ic5.php?d1=%7B%22tag_hash%22%3A%22platform%3D12%26scriptname%3Dadl_68%26tagid%3D1233%26typejs%3Dtvaf%26fwtype%3D2%26creatype%3D2%26targetelt%3D%26custom2area%3D0%26custom2sec%3D0%22%7D&adloox_io=1&client=affectv&campagne=68&banniere=0&visite_id=50163032773&seq=0&timezone=0&js=tfav_adl_68.js&date_regen=2021-12-14%2010%3A09%3A49&plat=12&tagid=1233&fw=log&version=2&type_crea=2&sl=%22sm%22%3A%22browser%22&id1=2030592&id2=279904487&id3=409831045&id4=300x250&id5=22885859&id6=3671963&id7=10264&id8=19540231&id9=2028049306522560814&id10=7776833&id12=%24ADLOOX_WEBSITE&id13=7202460214858058873&id20=614b730&p_d=1.759&d5=1249&tc=&d3=1600x1200&d6=found-wabbit&d7=0&appname=Netscape&fai=postbid_if_1673177007682%40https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Dxebwvxkv%26e%3D1250011214715&iframe=1&fake=010000&resolution=1600x1200&nav_lang=en-US&debug=6%3A%20top%20%21%3D%20window%20-%3E%20GLOBAL.document.referrer%20https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Dxebwvxkv%26e%3D1250011214715&url_referrer=https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Dxebwvxkv%26e%3D1250011214715&ao=https%3A%2F%2Fguandads.com&nb_cpu=4&data=522662463ftttttttffffffttttftffffffffttttf&activetab=1
Requested by: Host: j.adlooxtracking.com
URL: https://j.adlooxtracking.com/ads/js/tfav_adl_68.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.31.249 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 249.31.241.35.bc.googleusercontent.com
Software: / PHP/7.4.33
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:30 GMT
x-route: ads-prod-674b87ddc5-77fdf
via: 1.1 google
accept-ch: UA-Arch, UA-Model, UA-Platform, UA-Platform-Version, UA-Mobile, UA, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT, Platform, Arch, Model, Mobile
x-powered-by: PHP/7.4.33
access-control-max-age: 86400
accept-ch-lifetime: 86400
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: https://guandads.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type, X-Requested-With
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: 0

GET
H2 200 session
track.scoota.co/ Frame BC77 42 B
123 B 40ms
39ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/session?ts=1673177010709&bid_id=8666453536827556983&delivery_id=5f6e1fb6-b0ed-4657-b676-7fb29b5006ae&placement_id=31880&ssp=appnexus_10264&role=desktop&stage=viewable&creative_id=27939&creative_version=12
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=ygqcyx&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 7e210d3676ebf2bda8ffe3a174f298c2
date: Sun, 08 Jan 2023 11:23:30 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 session
track.scoota.co/ Frame 55AC 42 B
123 B 41ms
40ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/session?ts=1673177010715&bid_id=1951772018706946693&delivery_id=a4063513-e4df-4114-b27e-eb96b5221ee8&placement_id=31880&ssp=appnexus_10264&role=desktop&stage=viewable&creative_id=27939&creative_version=12
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 98ef877cf07f9dba5a030afae06926db
date: Sun, 08 Jan 2023 11:23:30 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 session
track.scoota.co/ Frame 3382 42 B
123 B 41ms
41ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/session?ts=1673177010738&bid_id=7379796288815871095&delivery_id=fad5fb22-6ac2-4ccf-97ea-6eb12e46c096&placement_id=31880&ssp=appnexus_10264&role=desktop&stage=viewable&creative_id=27939&creative_version=12
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=elbbkpf&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 2b7628ab23ec8da190383727f1b8eaf9
date: Sun, 08 Jan 2023 11:23:30 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H3 204 ic5.php Show response
data00.adlooxtracking.com/ads/ Frame 5C97 0
20 B 99ms
59ms XHR
text/plain 35.241.31.249
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://data00.adlooxtracking.com/ads/ic5.php?d1=%7B%22tag_hash%22%3A%22platform%3D12%26scriptname%3Dadl_68%26tagid%3D1233%26typejs%3Dtvaf%26fwtype%3D2%26creatype%3D2%26targetelt%3D%26custom2area%3D0%26custom2sec%3D0%22%7D&adloox_io=1&client=affectv&campagne=68&banniere=0&visite_id=13219436675&seq=0&timezone=0&js=tfav_adl_68.js&date_regen=2021-12-14%2010%3A09%3A49&plat=12&tagid=1233&fw=log&version=2&type_crea=2&sl=%22sm%22%3A%22browser%22&id1=2030592&id2=279904487&id3=409830601&id4=970x250&id5=22885805&id6=3671963&id7=10264&id8=19540231&id9=2028049306522560814&id10=7776833&id12=%24ADLOOX_WEBSITE&id13=2207446029686697550&id20=614b730&p_d=1.894&d5=1220&tc=&d3=1600x1200&d6=found-wabbit&d7=0&appname=Netscape&fai=postbid_if_1673177007655%40https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Dhwvfnqo%26e%3D1586314810833&iframe=1&fake=010000&resolution=1600x1200&nav_lang=en-US&debug=6%3A%20top%20%21%3D%20window%20-%3E%20GLOBAL.document.referrer%20https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Dhwvfnqo%26e%3D1586314810833&url_referrer=https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Dhwvfnqo%26e%3D1586314810833&ao=https%3A%2F%2Fguandads.com&nb_cpu=4&data=522662463ftttttttffffffttttftffffffffttttf&activetab=1
Requested by: Host: j.adlooxtracking.com
URL: https://j.adlooxtracking.com/ads/js/tfav_adl_68.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.241.31.249 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 249.31.241.35.bc.googleusercontent.com
Software: / PHP/7.4.33
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:30 GMT
x-route: ads-prod-674b87ddc5-wf4nx
via: 1.1 google
accept-ch: UA-Arch, UA-Model, UA-Platform, UA-Platform-Version, UA-Mobile, UA, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT, Platform, Arch, Model, Mobile
x-powered-by: PHP/7.4.33
access-control-max-age: 86400
accept-ch-lifetime: 86400
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: https://guandads.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type, X-Requested-With
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: 0

POST
H/1.1 200
OK vevent
fra1-ib.adnxs.com/ Frame C098 0
953 B 21ms
20ms Ping
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QKtCvBMLQUAAAMA1gAFAQiwz-qdBhDaqKeCj7r9kSEYrtKEspaDxZIcKjYJ34RCBBxChT8RGIHqROavfz8ZAAAAgOtRyD8hGIHqROavfz8p4IQJJNgxAAAAQOF6lD8w4-v0CjiYUEDqP0gCUJ2B86UBWPLTlwFgAGj0-7QBeNyEBoABAYoBA1VTRJIBAQbwTJgBrAKgAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEAigJTdWYoJ2EnLCAyOTM4Nzk1LCAwKTt1ZignaScsIDQ4MjMyOTksIDApBRQsZycsIDEyNzI0NjM5FSkwcicsIDM0NzkxNDM5NwUW8IuSAqUEIV8yV1pkZ2pZMmRNVkVKMkI4NlVCR0FBZzh0T1hBVEFBT0FCQUFFanFQMURqNl9RS1dBQmdyZ1pvQUhBQWVBQ0FBUUNJQVFDUUFRR1lBUUdnQVFHb0FRR3dBUUM1QVUtRGlIdERRWVVfd1FGUGc0aDdRMEdGUDhrQkFBQUFBQUFBOERfWkFRQQkOdFBBXzRBR0RzcVlDOVFITnpNdzltQUlBb0FJQnRRSQUkAHYNCPBbd0FJQXlBSUEwQUlBMkFJQTRBSUE2QUlBLUFJQWdBTUJtQU1CdWdNSlJsSkJNVG8yTkRBMjRBT1hNSUFFaU5mRkJJZ0VoWmZMQkpBRUFaZ0VBYm9FR2dpRkJCRUEFaRRBRFFQeGsJCwEBJENDQ3hvc093UVEBDgBBBSAIOGtFAQoJARhEWUJBRHhCCQ0FARxpQVdHTXFrRgUNBewILXhCET8gQUFBd1FXYW1aBQIINVA4CSgcZ0pPUnVqX1IuKAAIMlFVAS8BdMB3UC1BRmpnandCWl9UaUFiNEJhdXZzd0dDQmdOVlUwU0lCZ0NRQmdHWUJnQ2hCcHFaBV4sYmtfcUFZRXNnWWtDHYAARR0MAEcdDABJHQw4dUFZS5oCmQEhNFJiRWtBOikCMFBMVGx3RWdBQ2dBTVoZbUxPZ2xHVWtFeE9qWTBNRFpBbHpCSgG_AQEMOEQ5UgEICQEEQloJCAEBBEJoAQYBAQwwRDlwAQgJAQRCeAkIAQEQQjRBSWs1ZPD1OEQ4LtgCAOACm4VO6gIRaHR0cHM6Ly9rcmVzeS5wbC-AAwCIAwGQAwCYAxegAwGqAwDAA6wCyAMA2AOR1lLgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQOMjE3LjExNC4yMTguMjeoBACyBBAIABABGKwCIPoBKAAwADgCuAQAwAQAyAQA0gQOODE3MCNGUkExOjY0MDbaBAIIAeAEAfAEnYHzpQGIBQGYBQCgBf___________wHABQDJBQAAAAAAAPA_0gUJCQAAAAAAAAAA2AUB4AUB8AXanR_6BQQIABAAkAYAmAYAuAYAwQYABSUo8D_QBugp2gYWChAFEB0BdBAAGADgBgHyBgIIAIAHAYgHAKAHAcgH3IQG0gcNCREpASYI2gcGAV1wGADgBwDqBwIIAPAH59kCiggCEACVCAAAgD-YCAE.&s=cbc4efc7331c09b0d6ff9eaa5d265b4b659cc3fe&type=nv&nvt=5&jm=1003&px=0&py=0&bw=300&bh=250&sid=7403146411521057559&vd=ct~0|rr~0&sv=231&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=22885859&sw=1600&sh=1200&pw=300&ph=250&ww=300&wh=250&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/231/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:30 GMT
AN-X-Request-Uuid: 35b45548-cca7-4649-8015-2e0df9e950b6
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 COMMON.css
c.evidon.com/a/ Frame D424 2 KB
984 B 32ms
30ms Stylesheet
text/css 23.2.214.109
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/a/COMMON.css?r=0.996767027731895
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/geo/ba.js?r221006
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.2.214.109 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-214-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: a3c92e8d35e4e636238e577da8cd44aaf8dd699b719e4125ba0029330edf6907

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:30 GMT
content-encoding: gzip
last-modified: Thu, 02 Feb 2017 16:26:10 GMT
server: AkamaiNetStorage
etag: "c3cc19ce8230df99c7835decc2d79ee8:1486052770"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: text/css
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
accept-ranges: bytes
access-control-allow-headers: *
content-length: 715

GET
H2 200 box_19_top-right.png
c.evidon.com/icon/ Frame D424 109 B
400 B 32ms
31ms Image
image/png 23.2.214.109
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.evidon.com/icon/box_19_top-right.png
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/geo/ba.js?r221006
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.2.214.109 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-214-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5c99dc27d465b2f8425daee704098e7335a880b4c757bfdded09721b9054d64d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:30 GMT
content-encoding: gzip
last-modified: Wed, 06 Feb 2013 22:25:18 GMT
server: AkamaiNetStorage
etag: "8c7c476ac28727b21040351fa3006c59:1360189518"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: image/png
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
cache-control: max-age=432000
accept-ranges: bytes
access-control-allow-headers: *
content-length: 118

GET
H2 200 ci.png
c.evidon.com/icon/ Frame D424 581 B
888 B 30ms
29ms Image
image/png 23.2.214.109
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.evidon.com/icon/ci.png
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/geo/ba.js?r221006
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.2.214.109 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-214-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 528b6b3e8edb272a61e1d3b10f11af0d241680684143fb5339fa2758a3e65187

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:30 GMT
content-encoding: gzip
last-modified: Wed, 06 Feb 2013 22:25:44 GMT
server: AkamaiNetStorage
etag: "2697f4b848d2400cd051312585a6bf42:1360189544"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: image/png
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
cache-control: max-age=432000
accept-ranges: bytes
access-control-allow-headers: *
content-length: 604

GET
H2 204 pixel.gif
l.betrad.com/ct/0_0_0_153615/de/0/1/0/0/0/0/300/250/242/1267/0/ Frame D424 0
120 B 114ms
113ms Image
text/plain 3.212.145.252
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://l.betrad.com/ct/0_0_0_153615/de/0/1/0/0/0/0/300/250/242/1267/0/pixel.gif?v=2_1&ttid=2&d=guandads.com&r=0.5687350989774134
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.212.145.252 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-212-145-252.compute-1.amazonaws.com
Software: / Express
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:30 GMT
content-encoding: gzip
x-powered-by: Express
etag: W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
vary: Accept-Encoding

GET
H3 200 OU_aD-3-G2pcaJqwlUagl315JVS_daCE4k47Wxj7Xso.js Show response
pagead2.googlesyndication.com/bg/ Frame E040 36 KB
16 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/OU_aD-3-G2pcaJqwlUagl315JVS_daCE4k47Wxj7Xso.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

394fda0fedfe1b6a5c689ab09546a0977d792554bf75a084e24e3b5b18fb5eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 20:26:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 53817
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16095
x-xss-protection: 0
last-modified: Tue, 03 Jan 2023 14:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 07 Jan 2024 20:26:33 GMT

GET
H3 204 ic5.php Show response
data00.adlooxtracking.com/ads/ Frame 55AC 0
20 B 63ms
62ms XHR
text/plain 35.241.31.249
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://data00.adlooxtracking.com/ads/ic5.php?d1=%7B%22tag_hash%22%3A%22platform%3D12%26scriptname%3Dadl_68%26tagid%3D1233%26typejs%3Dtvaf%26fwtype%3D2%26creatype%3D2%26targetelt%3D%26custom2area%3D0%26custom2sec%3D0%22%7D&adloox_io=1&client=affectv&campagne=68&banniere=0&visite_id=82383751879&seq=0&timezone=0&js=tfav_adl_68.js&date_regen=2021-12-14%2010%3A09%3A49&plat=12&tagid=1233&fw=log&version=2&type_crea=2&sl=%22sm%22%3A%22browser%22&id1=2030592&id2=279904487&id3=409830601&id4=970x250&id5=22885805&id6=3671963&id7=10264&id8=19540231&id9=2028049306522560814&id10=7776833&id12=%24ADLOOX_WEBSITE&id13=1951772018706946693&id20=614b730&p_d=2.204&d5=1052&tc=&d3=1600x1200&d6=found-wabbit&d7=0&appname=Netscape&fai=postbid_if_1673177007607%40https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Dyuptqxg%26e%3D1586314810833&iframe=1&fake=010000&resolution=1600x1200&nav_lang=en-US&debug=6%3A%20top%20%21%3D%20window%20-%3E%20GLOBAL.document.referrer%20https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Dyuptqxg%26e%3D1586314810833&url_referrer=https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Dyuptqxg%26e%3D1586314810833&ao=https%3A%2F%2Fguandads.com&nb_cpu=4&data=522662463ftttttttffffffttttftffffffffttttf&activetab=1
Requested by: Host: j.adlooxtracking.com
URL: https://j.adlooxtracking.com/ads/js/tfav_adl_68.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.241.31.249 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 249.31.241.35.bc.googleusercontent.com
Software: / PHP/7.4.33
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:30 GMT
x-route: ads-prod-674b87ddc5-jl25q
via: 1.1 google
accept-ch: UA-Arch, UA-Model, UA-Platform, UA-Platform-Version, UA-Mobile, UA, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT, Platform, Arch, Model, Mobile
x-powered-by: PHP/7.4.33
access-control-max-age: 86400
accept-ch-lifetime: 86400
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: https://guandads.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type, X-Requested-With
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: 0

GET
H3 200 OU_aD-3-G2pcaJqwlUagl315JVS_daCE4k47Wxj7Xso.js Show response
pagead2.googlesyndication.com/bg/ Frame 31A8 36 KB
16 KB 23ms
21ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/OU_aD-3-G2pcaJqwlUagl315JVS_daCE4k47Wxj7Xso.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

394fda0fedfe1b6a5c689ab09546a0977d792554bf75a084e24e3b5b18fb5eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 20:26:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 53817
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16095
x-xss-protection: 0
last-modified: Tue, 03 Jan 2023 14:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 07 Jan 2024 20:26:33 GMT

GET
H2 200 session
track.scoota.co/ Frame 0ABF 42 B
123 B 42ms
41ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/session?ts=1673177010916&bid_id=3605273051021679518&delivery_id=9fb09995-9bdb-4590-9bdc-da93d9cb4c8f&placement_id=31881&ssp=appnexus_10264&role=desktop&stage=viewable&creative_id=27938&creative_version=17
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=dtbuvkzau&e=1250011214715
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: ab2c8e647c38cf32a0b2f253e3b71fdd
date: Sun, 08 Jan 2023 11:23:30 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 session
track.scoota.co/ Frame D424 42 B
122 B 41ms
41ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/session?ts=1673177010919&bid_id=7202460214858058873&delivery_id=3fdc4e55-f72c-4b5f-87e0-94ccff97d0e9&placement_id=31881&ssp=appnexus_10264&role=desktop&stage=viewable&creative_id=27938&creative_version=17
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 1ce48907dadb2e82bc3acdb74caf1ea9
date: Sun, 08 Jan 2023 11:23:30 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 9940 42 B
64 B 128ms
127ms Fetch
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssLcq8X5RvlR2X_-mZl3wk3RPfDwc4Nxq7tR2T2GzVkw8JiXL9Esba4pJVFxbluieyCdjgNtqi2_YOWybHrXjriwf5zdAtgCQ6VKXYE2lzn3ZyvJ6gBhQgTKjla_6PFB4ld-Nn0Nw&sai=AMfl-YTfA_MB5CE_pSrEjzvoObOBnQk36zecnREw7LkaMk_osr8EoRBUVxegYrWJOrMpShkB_vdbUPLyZ2Tx6_M&sig=Cg0ArKJSzLoIxGLE1siFEAE&cid=CAQSGwDq26N9z6e6BD6VL6nU5QtQ7rFQrPuu3Fl-PxgBIAo&id=lidar2&mcvt=1227&p=0,0,250,970&mtos=1227,1227,1227,1227,1227&tos=1227,0,0,0,0&v=20230105&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=4122043605&rs=5&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1673177008736&rpt=939&met=mue&wmsd=0&pbe=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 publishertag.prebid.130.js Show response
static.criteo.net/js/ld/ Frame 3038 88 KB
29 KB 174ms
74ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.130.js

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a26695adab8d7538059dd2a25948c481f5a8fffefee171985a305f9fea9dd628

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:31 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Sat, 17 Sep 2022 19:59:55 GMT
server: nginx
etag: W/"6326273b-16120"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 09 Jan 2023 11:23:31 GMT

GET
H2 200 publishertag.prebid.130.js Show response
static.criteo.net/js/ld/ Frame C373 88 KB
29 KB 228ms
129ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.130.js

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a26695adab8d7538059dd2a25948c481f5a8fffefee171985a305f9fea9dd628

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:31 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Sat, 17 Sep 2022 19:59:55 GMT
server: nginx
etag: W/"6326273b-16120"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 09 Jan 2023 11:23:31 GMT

GET
H2 200 action
track.scoota.co/ Frame 5C97 42 B
122 B 42ms
42ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177010926&bid_id=2207446029686697550&delivery_id=db5e5970-dd4f-405f-b471-8d265112bec7&placement_id=31880&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27939&creative_version=12&action=p0&object_type=video&object_id=19
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 8beadf87ec96aec014241eb25ccc8173
date: Sun, 08 Jan 2023 11:23:30 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H3 204 ic5.php Show response
data00.adlooxtracking.com/ads/ Frame 3382 0
20 B 39ms
39ms XHR
text/plain 35.241.31.249
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://data00.adlooxtracking.com/ads/ic5.php?d1=%7B%22tag_hash%22%3A%22platform%3D12%26scriptname%3Dadl_68%26tagid%3D1233%26typejs%3Dtvaf%26fwtype%3D2%26creatype%3D2%26targetelt%3D%26custom2area%3D0%26custom2sec%3D0%22%7D&adloox_io=1&client=affectv&campagne=68&banniere=0&visite_id=10330458210&seq=0&timezone=0&js=tfav_adl_68.js&date_regen=2021-12-14%2010%3A09%3A49&plat=12&tagid=1233&fw=log&version=2&type_crea=2&sl=%22sm%22%3A%22browser%22&id1=2030592&id2=279904487&id3=409830601&id4=970x250&id5=22885805&id6=3671963&id7=10264&id8=19540231&id9=2028049306522560814&id10=7776833&id12=%24ADLOOX_WEBSITE&id13=7379796288815871095&id20=614b730&p_d=2.271&d5=1020&tc=&d3=1600x1200&d6=found-wabbit&d7=0&appname=Netscape&fai=postbid_if_1673177007646%40https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Delbbkpf%26e%3D1586314810833&iframe=1&fake=010000&resolution=1600x1200&nav_lang=en-US&debug=6%3A%20top%20%21%3D%20window%20-%3E%20GLOBAL.document.referrer%20https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Delbbkpf%26e%3D1586314810833&url_referrer=https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Delbbkpf%26e%3D1586314810833&ao=https%3A%2F%2Fguandads.com&nb_cpu=4&data=522662463ftttttttffffffttttftffffffffttttf&activetab=1
Requested by: Host: j.adlooxtracking.com
URL: https://j.adlooxtracking.com/ads/js/tfav_adl_68.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.241.31.249 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 249.31.241.35.bc.googleusercontent.com
Software: / PHP/7.4.33
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:30 GMT
x-route: ads-prod-674b87ddc5-4ggf9
via: 1.1 google
accept-ch: UA-Arch, UA-Model, UA-Platform, UA-Platform-Version, UA-Mobile, UA, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT, Platform, Arch, Model, Mobile
x-powered-by: PHP/7.4.33
access-control-max-age: 86400
accept-ch-lifetime: 86400
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: https://guandads.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type, X-Requested-With
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: 0

GET
H3 204 ic5.php Show response
data00.adlooxtracking.com/ads/ Frame 0ABF 0
20 B 34ms
34ms XHR
text/plain 35.241.31.249
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://data00.adlooxtracking.com/ads/ic5.php?d1=%7B%22tag_hash%22%3A%22platform%3D12%26scriptname%3Dadl_68%26tagid%3D1233%26typejs%3Dtvaf%26fwtype%3D2%26creatype%3D2%26targetelt%3D%26custom2area%3D0%26custom2sec%3D0%22%7D&adloox_io=1&client=affectv&campagne=68&banniere=0&visite_id=89640578593&seq=0&timezone=0&js=tfav_adl_68.js&date_regen=2021-12-14%2010%3A09%3A49&plat=12&tagid=1233&fw=log&version=2&type_crea=2&sl=%22sm%22%3A%22browser%22&id1=2030592&id2=279904487&id3=409831045&id4=300x250&id5=22885859&id6=3671963&id7=10264&id8=19540231&id9=2028049306522560814&id10=7776833&id12=%24ADLOOX_WEBSITE&id13=3605273051021679518&id20=614b730&p_d=2.02&d5=1253&tc=&d3=1600x1200&d6=found-wabbit&d7=0&appname=Netscape&fai=postbid_if_1673177007676%40https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Ddtbuvkzau%26e%3D1250011214715&iframe=1&fake=010000&resolution=1600x1200&nav_lang=en-US&debug=6%3A%20top%20%21%3D%20window%20-%3E%20GLOBAL.document.referrer%20https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Ddtbuvkzau%26e%3D1250011214715&url_referrer=https%3A%2F%2Fguandads.com%2Fr%2Fp.html%3Ff%3Ddtbuvkzau%26e%3D1250011214715&ao=https%3A%2F%2Fguandads.com&nb_cpu=4&data=522662463ftttttttffffffttttftffffffffttttf&activetab=1
Requested by: Host: j.adlooxtracking.com
URL: https://j.adlooxtracking.com/ads/js/tfav_adl_68.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.241.31.249 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 249.31.241.35.bc.googleusercontent.com
Software: / PHP/7.4.33
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:30 GMT
x-route: ads-prod-674b87ddc5-79565
via: 1.1 google
accept-ch: UA-Arch, UA-Model, UA-Platform, UA-Platform-Version, UA-Mobile, UA, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT, Platform, Arch, Model, Mobile
x-powered-by: PHP/7.4.33
access-control-max-age: 86400
accept-ch-lifetime: 86400
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: https://guandads.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: Content-Type, X-Requested-With
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: 0

GET
H3 200 OU_aD-3-G2pcaJqwlUagl315JVS_daCE4k47Wxj7Xso.js Show response
pagead2.googlesyndication.com/bg/ Frame B114 36 KB
16 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/OU_aD-3-G2pcaJqwlUagl315JVS_daCE4k47Wxj7Xso.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

394fda0fedfe1b6a5c689ab09546a0977d792554bf75a084e24e3b5b18fb5eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 20:26:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 53817
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16095
x-xss-protection: 0
last-modified: Tue, 03 Jan 2023 14:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 07 Jan 2024 20:26:33 GMT

GET
H/1.1 200
OK viewability Show response
hal900023.redintelligence.net/ Frame D49B 0
150 B 80ms
27ms Script
text/html 78.46.23.46
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900023.redintelligence.net/viewability?s=22272800078875306783187012198023&a=e66c4f17&vb=m
Requested by: Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request_content.php?s=22272800078875306783187012198023&a=85005784
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.23.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.46.23.46.78.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/request_content.php?s=22272800078875306783187012198023&a=85005784
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:31 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/626/s1.adform.net/ Frame D49B 34 KB
16 KB 249ms
86ms Script
text/javascript 37.157.5.72
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=60271212;click=https://hal900023.redintelligence.net/c/pae0vhpa5of6hr6?tprd=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 06d0965f0851d3936c68da6d6de73163a6bb32e3f134822ccfec6d28f185ff29

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:31 GMT
content-encoding: gzip
last-modified: Wed, 21 Dec 2022 11:59:41 GMT
server: nginx
x-cache-status: STALE
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Thu, 22 Dec 2022 19:29:50 GMT

GET
H2 200 action
track.scoota.co/ Frame BC77 42 B
123 B 57ms
57ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177010989&bid_id=8666453536827556983&delivery_id=5f6e1fb6-b0ed-4657-b676-7fb29b5006ae&placement_id=31880&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27939&creative_version=12&action=p0&object_type=video&object_id=19
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=ygqcyx&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 7672fa9259cc576e82cd69834ec55c6f
date: Sun, 08 Jan 2023 11:23:31 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 action
track.scoota.co/ Frame 3382 42 B
123 B 56ms
56ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177010991&bid_id=7379796288815871095&delivery_id=fad5fb22-6ac2-4ccf-97ea-6eb12e46c096&placement_id=31880&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27939&creative_version=12&action=p0&object_type=video&object_id=19
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=elbbkpf&e=1586314810833
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 6773f5720b96362343e8ac815d570549
date: Sun, 08 Jan 2023 11:23:31 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 action
track.scoota.co/ Frame 55AC 42 B
122 B 62ms
62ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177011014&bid_id=1951772018706946693&delivery_id=a4063513-e4df-4114-b27e-eb96b5221ee8&placement_id=31880&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27939&creative_version=12&action=p0&object_type=video&object_id=19
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 3ac210c598fc836a7d40d191ee02ea33
date: Sun, 08 Jan 2023 11:23:31 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 publishertag.prebid.130.js Show response
static.criteo.net/js/ld/ Frame F943 88 KB
29 KB 137ms
127ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.130.js

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a26695adab8d7538059dd2a25948c481f5a8fffefee171985a305f9fea9dd628

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:31 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Sat, 17 Sep 2022 19:59:55 GMT
server: nginx
etag: W/"6326273b-16120"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 09 Jan 2023 11:23:31 GMT

GET
H3 200 sU6CjPDj0xr2jbZF4y7IwEoRNSn0ddnQS8nRuvxnxiY.js Show response
pagead2.googlesyndication.com/bg/ Frame 785B 36 KB
16 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/sU6CjPDj0xr2jbZF4y7IwEoRNSn0ddnQS8nRuvxnxiY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b14e828cf0e3d31af68db645e32ec8c04a113529f475d9d04bc9d1bafc67c626

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 22:19:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 47067
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16096
x-xss-protection: 0
last-modified: Tue, 03 Jan 2023 14:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 07 Jan 2024 22:19:04 GMT

GET
H2 200 COMMON.css
c.evidon.com/a/ Frame 0ABF 2 KB
984 B 31ms
30ms Stylesheet
text/css 23.2.214.109
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/a/COMMON.css?r=0.8940736678399661
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/geo/ba.js?r221006
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.2.214.109 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-214-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: a3c92e8d35e4e636238e577da8cd44aaf8dd699b719e4125ba0029330edf6907

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:31 GMT
content-encoding: gzip
last-modified: Thu, 02 Feb 2017 16:26:10 GMT
server: AkamaiNetStorage
etag: "c3cc19ce8230df99c7835decc2d79ee8:1486052770"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: text/css
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
accept-ranges: bytes
access-control-allow-headers: *
content-length: 715

GET
H2 200 box_19_top-right.png
c.evidon.com/icon/ Frame 0ABF 109 B
400 B 31ms
30ms Image
image/png 23.2.214.109
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.evidon.com/icon/box_19_top-right.png
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/geo/ba.js?r221006
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.2.214.109 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-214-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5c99dc27d465b2f8425daee704098e7335a880b4c757bfdded09721b9054d64d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:31 GMT
content-encoding: gzip
last-modified: Wed, 06 Feb 2013 22:25:18 GMT
server: AkamaiNetStorage
etag: "8c7c476ac28727b21040351fa3006c59:1360189518"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: image/png
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
cache-control: max-age=432000
accept-ranges: bytes
access-control-allow-headers: *
content-length: 118

GET
H2 200 ci.png
c.evidon.com/icon/ Frame 0ABF 581 B
888 B 30ms
29ms Image
image/png 23.2.214.109
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.evidon.com/icon/ci.png
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/geo/ba.js?r221006
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.2.214.109 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-214-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 528b6b3e8edb272a61e1d3b10f11af0d241680684143fb5339fa2758a3e65187

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:31 GMT
content-encoding: gzip
last-modified: Wed, 06 Feb 2013 22:25:44 GMT
server: AkamaiNetStorage
etag: "2697f4b848d2400cd051312585a6bf42:1360189544"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: image/png
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
cache-control: max-age=432000
accept-ranges: bytes
access-control-allow-headers: *
content-length: 604

GET
H2 204 pixel.gif
l.betrad.com/ct/0_0_0_153615/de/0/1/0/0/0/0/300/250/242/1267/0/ Frame 0ABF 0
120 B 112ms
112ms Image
text/plain 3.212.145.252
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://l.betrad.com/ct/0_0_0_153615/de/0/1/0/0/0/0/300/250/242/1267/0/pixel.gif?v=2_1&ttid=2&d=guandads.com&r=0.8054092743525723
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.212.145.252 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-212-145-252.compute-1.amazonaws.com
Software: / Express
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:31 GMT
content-encoding: gzip
x-powered-by: Express
etag: W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
vary: Accept-Encoding

GET
H3 200 user_uploaded_din_700_normal.ttf
s0.2mdn.net/sadbundle/5702536393117632765/fonts/ Frame 2CE4 28 KB
15 KB 25ms
25ms Font
font/ttf 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/5702536393117632765/fonts/user_uploaded_din_700_normal.ttf

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5702536393117632765/b64344c8e55cd46ed9616069b5bec411.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aa121f9bdb891acdfbd269059f7c43ffe2897eadf84edcde869e8988d6986743

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/5702536393117632765/index.html
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 03:43:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 114026
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15398
x-xss-protection: 0
last-modified: Thu, 19 May 2022 16:46:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 07 Jan 2024 03:43:05 GMT

GET
H3 200 user_uploaded_din_500_normal.ttf
s0.2mdn.net/sadbundle/5702536393117632765/fonts/ Frame 2CE4 27 KB
15 KB 28ms
26ms Font
font/ttf 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/5702536393117632765/fonts/user_uploaded_din_500_normal.ttf

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5702536393117632765/b64344c8e55cd46ed9616069b5bec411.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

761035902658487ed48be0ff2ff82ec2f7359e4247510acdf909a346835420e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/5702536393117632765/index.html
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 18:09:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 62051
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15322
x-xss-protection: 0
last-modified: Thu, 19 May 2022 16:46:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 07 Jan 2024 18:09:20 GMT

GET
H3 200 d1412950269b596d77d4cce100d3633d.jpg
s0.2mdn.net/sadbundle/5702536393117632765/media/ Frame 2CE4 10 KB
10 KB 29ms
28ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5702536393117632765/media/d1412950269b596d77d4cce100d3633d.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5702536393117632765/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a21b3f6c49ca19ac60a1b22ba9b7856b10bb85db1ca36a26084ded7b16e83a1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5702536393117632765/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 18:09:20 GMT
x-content-type-options: nosniff
age: 62051
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10564
x-xss-protection: 0
last-modified: Thu, 19 May 2022 16:46:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 07 Jan 2024 18:09:20 GMT

GET
H3 200 0ac92a191fc88381561c0286711cdd6e.jpg
s0.2mdn.net/sadbundle/5702536393117632765/media/ Frame 2CE4 11 KB
11 KB 32ms
30ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5702536393117632765/media/0ac92a191fc88381561c0286711cdd6e.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5702536393117632765/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21002478c2b78b6afcade844728126fcaa4b525482e3c89fd094f4f5338efac5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5702536393117632765/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 18:09:20 GMT
x-content-type-options: nosniff
age: 62051
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11394
x-xss-protection: 0
last-modified: Thu, 19 May 2022 16:46:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 07 Jan 2024 18:09:20 GMT

GET
H3 200 2c2b45f16ea54f675090713464ec13d3.jpg
s0.2mdn.net/sadbundle/5702536393117632765/media/ Frame 2CE4 10 KB
10 KB 29ms
27ms Image
image/jpeg 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5702536393117632765/media/2c2b45f16ea54f675090713464ec13d3.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5702536393117632765/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e3cd22cdbb542bb052df36533b5bf3b6854c7efaf87364005705f91a4ba15b4e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5702536393117632765/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 18:09:20 GMT
x-content-type-options: nosniff
age: 62051
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10199
x-xss-protection: 0
last-modified: Thu, 19 May 2022 16:46:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 07 Jan 2024 18:09:20 GMT

GET
H3 200 6cd8e0c7582de7c5e681d52163236485.png
s0.2mdn.net/sadbundle/5702536393117632765/media/ Frame 2CE4 4 KB
4 KB 29ms
28ms Image
image/png 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/5702536393117632765/media/6cd8e0c7582de7c5e681d52163236485.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5702536393117632765/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

701f3f36af58702b039602dde440fc697cef1d1ec676a0fcaf77fb740d877a42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5702536393117632765/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 18:09:20 GMT
x-content-type-options: nosniff
age: 62051
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3811
x-xss-protection: 0
last-modified: Thu, 19 May 2022 16:46:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 07 Jan 2024 18:09:20 GMT

POST
H/1.1 200
OK prompt Show response
analytics.webpushr.com/impression/ 0
531 B 172ms
172ms Fetch
text/html 64.227.50.180
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webpushr.com/impression/prompt
Requested by: Host: cdn.webpushr.com
URL: https://cdn.webpushr.com/app.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.227.50.180 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://kresy.pl/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Sun, 08 Jan 2023 11:23:31 GMT
Content-Encoding: gzip
Server: nginx/1.14.0 (Ubuntu)
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: https://kresy.pl
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

GET
H2 200 COMMON.css
c.evidon.com/a/ Frame 3382 2 KB
984 B 32ms
29ms Stylesheet
text/css 23.2.214.109
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/a/COMMON.css?r=0.07851089965929225
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/geo/ba.js?r221006
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.2.214.109 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-214-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: a3c92e8d35e4e636238e577da8cd44aaf8dd699b719e4125ba0029330edf6907

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:31 GMT
content-encoding: gzip
last-modified: Thu, 02 Feb 2017 16:26:10 GMT
server: AkamaiNetStorage
etag: "c3cc19ce8230df99c7835decc2d79ee8:1486052770"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: text/css
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
accept-ranges: bytes
access-control-allow-headers: *
content-length: 715

GET
H2 200 box_19_top-right.png
c.evidon.com/icon/ Frame 3382 109 B
400 B 32ms
30ms Image
image/png 23.2.214.109
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.evidon.com/icon/box_19_top-right.png
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/geo/ba.js?r221006
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.2.214.109 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-214-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5c99dc27d465b2f8425daee704098e7335a880b4c757bfdded09721b9054d64d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:31 GMT
content-encoding: gzip
last-modified: Wed, 06 Feb 2013 22:25:18 GMT
server: AkamaiNetStorage
etag: "8c7c476ac28727b21040351fa3006c59:1360189518"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: image/png
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
cache-control: max-age=432000
accept-ranges: bytes
access-control-allow-headers: *
content-length: 118

GET
H2 200 ci.png
c.evidon.com/icon/ Frame 3382 581 B
888 B 31ms
29ms Image
image/png 23.2.214.109
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.evidon.com/icon/ci.png
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/geo/ba.js?r221006
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.2.214.109 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-214-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 528b6b3e8edb272a61e1d3b10f11af0d241680684143fb5339fa2758a3e65187

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:31 GMT
content-encoding: gzip
last-modified: Wed, 06 Feb 2013 22:25:44 GMT
server: AkamaiNetStorage
etag: "2697f4b848d2400cd051312585a6bf42:1360189544"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: image/png
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
cache-control: max-age=432000
accept-ranges: bytes
access-control-allow-headers: *
content-length: 604

GET
H2 204 pixel.gif
l.betrad.com/ct/0_0_0_153615/de/0/1/0/0/0/0/970/250/242/1267/0/ Frame 3382 0
120 B 114ms
112ms Image
text/plain 3.212.145.252
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://l.betrad.com/ct/0_0_0_153615/de/0/1/0/0/0/0/970/250/242/1267/0/pixel.gif?v=2_1&ttid=2&d=guandads.com&r=0.7746677347894773
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.212.145.252 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-212-145-252.compute-1.amazonaws.com
Software: / Express
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:31 GMT
content-encoding: gzip
x-powered-by: Express
etag: W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
vary: Accept-Encoding

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 83FB 42 B
64 B 124ms
123ms Fetch
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstRkgJ0E5yYMs3q2MaptdPvKoCslD6fdv-H6o_2vqMs2NS2G4j7P4zUQmDmN2um8fyJhPNhmplUjEHHUa7oLqMQ5uydcqTbud0&sig=Cg0ArKJSzJUT1VVHPU-aEAE&id=lidar2&mcvt=1051&p=0,0,250,300&mtos=1051,1051,1051,1051,1051&tos=1051,0,0,0,0&v=20230105&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=32&adk=0&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1673177007761&rpt=2310&wmsd=0&pbe=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 59B2 42 B
64 B 123ms
123ms Fetch
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsufxX43wJs3iUPsg9ZrCgZ2KqGkxByN2VQNjQRoA867y4vo5Vv31CjJduw37EvYkUaPpRH81AcaLbVHIayszmEdRRef8S-FUu4&sig=Cg0ArKJSzD3jn64g-vngEAE&id=lidar2&mcvt=1054&p=0,0,250,300&mtos=1054,1054,1054,1054,1054&tos=1054,0,0,0,0&v=20230105&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=32&adk=0&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1673177007772&rpt=2279&wmsd=0&pbe=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 2047 42 B
64 B 123ms
123ms Fetch
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvtNqo0PMUS1xSMIJD836iCAmGieheLMzQHxXoSrzlX7Zziy3xXwZwlhF5l0NNMhRHA7DRn90ge8uU0Qsox1rg5svzgZbQ-Ir4&sig=Cg0ArKJSzHIPctjvra9HEAE&id=lidar2&mcvt=1056&p=0,0,250,300&mtos=1056,1056,1056,1056,1056&tos=1056,0,0,0,0&v=20230105&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=32&adk=0&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1673177007766&rpt=2321&wmsd=0&pbe=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 COMMON.css
c.evidon.com/a/ Frame BC77 2 KB
984 B 27ms
27ms Stylesheet
text/css 23.2.214.109
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.evidon.com/a/COMMON.css?r=0.4735613542007451
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/geo/ba.js?r221006
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.2.214.109 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-214-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: a3c92e8d35e4e636238e577da8cd44aaf8dd699b719e4125ba0029330edf6907

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:31 GMT
content-encoding: gzip
last-modified: Thu, 02 Feb 2017 16:26:10 GMT
server: AkamaiNetStorage
etag: "c3cc19ce8230df99c7835decc2d79ee8:1486052770"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: text/css
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
accept-ranges: bytes
access-control-allow-headers: *
content-length: 715

GET
H2 200 box_19_top-right.png
c.evidon.com/icon/ Frame BC77 109 B
400 B 29ms
29ms Image
image/png 23.2.214.109
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.evidon.com/icon/box_19_top-right.png
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/geo/ba.js?r221006
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.2.214.109 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-214-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5c99dc27d465b2f8425daee704098e7335a880b4c757bfdded09721b9054d64d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:31 GMT
content-encoding: gzip
last-modified: Wed, 06 Feb 2013 22:25:18 GMT
server: AkamaiNetStorage
etag: "8c7c476ac28727b21040351fa3006c59:1360189518"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: image/png
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
cache-control: max-age=432000
accept-ranges: bytes
access-control-allow-headers: *
content-length: 118

GET
H2 200 ci.png
c.evidon.com/icon/ Frame BC77 581 B
888 B 28ms
28ms Image
image/png 23.2.214.109
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.evidon.com/icon/ci.png
Requested by: Host: c.evidon.com
URL: https://c.evidon.com/geo/ba.js?r221006
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 23.2.214.109 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-214-109.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 528b6b3e8edb272a61e1d3b10f11af0d241680684143fb5339fa2758a3e65187

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:31 GMT
content-encoding: gzip
last-modified: Wed, 06 Feb 2013 22:25:44 GMT
server: AkamaiNetStorage
etag: "2697f4b848d2400cd051312585a6bf42:1360189544"
vary: Accept-Encoding, Origin
access-control-max-age: 108000
content-type: image/png
access-control-allow-origin
access-control-allow-methods: GET,OPTIONS,POST
cache-control: max-age=432000
accept-ranges: bytes
access-control-allow-headers: *
content-length: 604

GET
H2 204 pixel.gif
l.betrad.com/ct/0_0_0_153615/de/0/1/0/0/0/0/970/250/242/1267/0/ Frame BC77 0
120 B 113ms
113ms Image
text/plain 3.212.145.252
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://l.betrad.com/ct/0_0_0_153615/de/0/1/0/0/0/0/970/250/242/1267/0/pixel.gif?v=2_1&ttid=2&d=guandads.com&r=0.6355328938325919
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.212.145.252 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-212-145-252.compute-1.amazonaws.com
Software: / Express
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:31 GMT
content-encoding: gzip
x-powered-by: Express
etag: W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
vary: Accept-Encoding

POST
H/1.1 200
OK vevent
fra1-ib.adnxs.com/ Frame 83FB 0
953 B 22ms
22ms Ping
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QKWC_BMlgUAAAMA1gAFAQiwz-qdBhCfgLWHn5DejQEYrtKEspaDxZIcKjYJjPM3oRABlz8RzyBw6iTXkj8ZAAAAgOtRyD8hzyBw6iTXkj8pjPMJJNgxAAAAQOF6lD8w4-v0CjiYUEC8CUhlUNbCqsMBWPLTlwFgAGj0-7QBeLSEBoABAYoBA1VTRJIBAQbwVZgBrAKgAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKbhU7qAhFodHRwczovL2tyZXN5LnBsL4ADAIgDAZADAJgDF6ADAaoDhwcK0gZoDSf0qgRhZHguZy5kb3VibGVjbGljay5uZXQvcGFnZWFkL2Fkdmlldz9haT1DWDJScnNLZTZZNm1hTzYtdHpBYkI5WTZ3QTllcmthRnVvSW5uOVpzUi1DNFFBU0RtbDlZbFlKV0NnSUNzQjhnQkFxa0NQSk5GQk1yYnNUNm9Bd0hJQTVrRXFnU0NBa19RUksyRFFvZ0VSWXY4enNwdzFfZXVrR2R1NjJuMXZ5TXQweUFEQXVNd2w4VmxXUzUzc09uMm16U2NBbjBIcmtLcHFpa0NDcEJCVE16MU9veTlsZTJ2b0FLQVBfMFFucml4RThvajFQdGwwTUFkOTBFbG5IcVpKcDlEMzhTMkNZUFZPdmw2NVloNFYyMEw1WFZmZElxOVJ5aTlkS1hZRGNMR1JRdWY2MzJHX1NmQ0RGSFpKNnhZQU4ydWREbE1JeHdFZVFUSEdnSHpDUE9rY0ttUVlKU09ZMzd1Rm1JQVNVMVBUVG1fck83SDU2OEZ5MFdwUEJwY0V4cklyYTFxOUplRkZoLUV1NnhRQXc1QjBycFlSemFvSEFtY0lnd3NzRVczVTZINHM3OXpTQ0ZabTEtT2N6a2NicEFocTRicXcyTkQ1VjRyaEZ3dUdscmZyY0RETVotWU5jQUVxSlNoOFlvRTRBUURpQVhrX19lYlFaSUZCZ2dkRUFRWUFaSUZCZ2dkRUFFWUFaSUZCZ2dlRUFFWUFaQUdBYUFHQW9BSDE3dTB4QUdvQjQ3T0c2Z0hrOWdicUFmdWxyRUNxQWYtbnJFQ3FBZWtvN0VDcUFmVnlSdW9CNmEtRzlnSEFQSUhDaERCcndFWWlPdUszUUhTQ0JFSWdPR0FFQkFCR0Y4eUFxb0NPZ0tBUVBJSURtSnBaR1JsY2kwMU56UXpNRFU0Z0FvRXlBc0JzQk9janVZUnlCUGxnOFBnQTlBVEFOZ1RFTmdVQWRBVkFZQVhBYklYQ0FvR0NBQVNBQmdBJnNpZ2g9My1zOGJoWXRVYjgmdWFjaF9tPVtVQUNIXSZjaWQ9Q0FRU0d3RHEyNk45dTRwSzNCazhZMVVQSDVpZzJ3RVBHd1h6YWZENF9SZ0JJQW8mcHI9MTA6JHtBVUNUSU9OX1BSSUNFfRoRNzk3ODk5MTc4OTczMTAyMzkiCTQwOTY0MTMwMioHNTYyNTAzMzoJNDYzNjQ4MTM2wAOsAsgDANgDkdZS4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDjIxNy4xMTQuMjE4LjI3qAQAsgQQCAAQARisAiD6ASgAMAA4ArgEAMAEAMgEANoEAggB4AQB8ATWwqrDAYgFAZgFAKAFreX7-82U--0lwAUAyQUAAAAAAADwP9IFCQkAAAAAAAAAANgFAeAFAfAF04UB-gUECAAQAJAGAJgGALgGAMEGAAAAAAAA8D_QBsKLAdoGFgoQAAAAAAAAAAAAAAAAAAAAABAAGADgBgHyBgIIAIAHAYgHAKAHAaoHCzE3NTA2ODkzNzk2yAe0hAbSBw0JAAAAAAAAAAAQABgA2gcGCAAQABgA4AcA6gcCCADwB-fZAooIAhAAlQgAAIA_mAgB&s=789f69d95a52c052bf6210285083fef4af3f286c&type=pv&jm=1003&px=0&py=0&bw=300&bh=250&sf=1&sid=7403146411521057559&vd=ct~0|rr~5&sv=231&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=22885859&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/231/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:31 GMT
AN-X-Request-Uuid: 73adc5a6-f784-483a-9cb0-56de86ede640
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK vevent
fra1-ib.adnxs.com/ Frame 2047 0
953 B 21ms
21ms Ping
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QKXC_BMlwUAAAMA1gAFAQiwz-qdBhCf2LC3ovX2zQYYrtKEspaDxZIcKjYJjPM3oRABlz8RzyBw6iTXkj8ZAAAAgOtRyD8hzyBw6iTXkj8pjPMJJNgxAAAAQOF6lD8w4-v0CjiYUEC8CUhlUNbCqsMBWPLTlwFgAGj0-7QBeLvXBYABAYoBA1VTRJIBAQbwVZgBrAKgAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKbhU7qAhFodHRwczovL2tyZXN5LnBsL4ADAIgDAZADAJgDF6ADAaoDiAcK0gZoDSf0qwRhZHguZy5kb3VibGVjbGljay5uZXQvcGFnZWFkL2Fkdmlldz9haT1DeDY5M3NLZTZZNmFkTk5xcm5zRVB3NUtuTU5lcmthRnVvSW5uOVpzUi1DNFFBU0RtbDlZbFlKV0NnSUNzQjhnQkFxa0NQSk5GQk1yYnNUNm9Bd0hJQTVrRXFnU0NBa19RVzhYT0JJMldxRGlabFVWVi1mS2xjbkJ5TmhuYk1EeWItV1Z0YjczV3NnalJscmc3b2xSOXh4NE5lRVJ4S2U3Y0xIWDdSMGhqTGJMRVNOT25lYnBETFVsamxhVW54Tjltdl9fekc4Tm42ZG83bzdMeHRwd05QY3Vfa3E5RkdRcklBZl90bzdyRTRkbm43c0dTTTVlS0FsUDR0aUdrRm9DUmZUckNXaTFsaVRJN1lqQzcwV01VWlRTODAwSGdVMzRObHVoeHJzRDhpa28tUHE1SUVVQjI1S3BOYzlkNmFhUjNaSHM4WDgtZ2VkYm9sbUNSTk5OWDRaLUxYVGtFby1PWXdvbnJXblFyajUxZ0JncHBGVm1kYVJPbkh4dVJ4RFNpOHE3dDlkNHVJNDJDR2VJZzNrWXZCRHhHZDBBTzZrY3dkalZRNEFaRWFLOWloZzBkMURBZU9zQUVxSlNoOFlvRTRBUURpQVhrX19lYlFaSUZCZ2dkRUFRWUFaSUZCZ2dkRUFFWUFaSUZCZ2dlRUFFWUFaQUdBYUFHQW9BSDE3dTB4QUdvQjQ3T0c2Z0hrOWdicUFmdWxyRUNxQWYtbnJFQ3FBZWtvN0VDcUFmVnlSdW9CNmEtRzlnSEFQSUhDaERCcndFWWlPdUszUUhTQ0JFSWdPR0FFQkFCR0Y4eUFxb0NPZ0tBUVBJSURtSnBaR1JsY2kwMU56UXpNRFU0Z0FvRXlBc0JzQk9janVZUnlCUGxnOFBnQTlBVEFOZ1RFTmdVQWRBVkFZQVhBYklYQ0FvR0NBQVNBQmdBJnNpZ2g9N2lIM1p2SS1jcU0mdWFjaF9tPVtVQUNIXSZjaWQ9Q0FRU0d3RHEyNk45Z19kRm1tMUI2S1o1WDFIcThpcDJmWXp0SURvQl94Z0JJQW8mcHI9MTA6JHtBVUNUSU9OX1BSSUNFfRoSNDc2MjE1NzA5NDYxNjU0NTU5Igk0MDk2NDEzMDIqBzU2MjUwMzM6CTQ2MzY0ODEzNsADrALIAwDYA5HWUuADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBA4yMTcuMTE0LjIxOC4yN6gEALIEEAgAEAEYrAIg-gEoADAAOAK4BADABADIBADaBAIIAeAEAfAE1sKqwwGIBQGYBQCgBZv9sPnP-uGoDMAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBdOFAfoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbCiwHaBhYKEAAAAAAAAAAAAAAAAAAAAAAQABgA4AYB8gYCCACABwGIBwCgBwGqBwsxNzUwNjg5Mzc5NsgHu9cF0gcNCQAAAAAAAAAAEAAYANoHBggAEAAYAOAHAOoHAggA8Afn2QKKCAIQAJUIAACAP5gIAQ..&s=637296a3167678cf2091c818b7da0aeaadbc4561&type=pv&jm=1003&px=0&py=0&bw=300&bh=250&sf=1&sid=7403146411521057559&vd=ct~0|rr~5&sv=231&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=22885859&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/231/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:31 GMT
AN-X-Request-Uuid: e438b1f4-146d-47e7-a24f-c29c69993235
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK vevent
fra1-ib.adnxs.com/ Frame 59B2 0
953 B 37ms
37ms Ping
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QKSC_BMkgUAAAMA1gAFAQiwz-qdBhDvsdSWm7LR_D0YrtKEspaDxZIcKjYJjPM3oRABlz8RzyBw6iTXkj8ZAAAAgOtRyD8hzyBw6iTXkj8pjPMJJNgxAAAAQOF6lD8w4-v0CjiYUEC8CUhlUNbCqsMBWPLTlwFgAGj0-7QBeL2EBoABAYoBA1VTRJIBAQbwVZgBrAKgAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKbhU7qAhFodHRwczovL2tyZXN5LnBsL4ADAIgDAZADAJgDF6ADAaoDgwcKzAZoDSf0pgRhZHguZy5kb3VibGVjbGljay5uZXQvcGFnZWFkL2Fkdmlldz9haT1DQWtnUHNLZTZZNnJVTi1ILW5zRVBvdXFKLUFUWHE1R2hicUNKNV9XYkVmZ3VFQUVnNXBmV0pXQ1Znb0NBckFmSUFRS3BBanlUUlFUSzI3RS1xQU1CeUFPWkJLb0VfQUZQMEV0MlBDWUplZ0VhWFpqcXNiS2MzTkpTZ05aZ05kRko5ZzE2WjMzMC1yZnl6akVMQXRtSU1pOXNBRjE3WmRDUm53dHgySldGVDJuVWVld08wX1RfZzY4aG9iT1lCUUt2cnh6Zl9pTl9Wb2F0UjlBbjVfV3ZDdUx4cWY1VWMxbHRLQXhwRUI4U0hNbGR2a19YdnI1anprN3RVczVFck03MkZiQ3VuWk9yN09yLVNkYlBhZFdZLVdoTG5CeVlVSkpFMzdrSGQ0OEpsNXlvUWIxY0t0SFhfMHlZS2lKc0ZPYk5FbnJvN1N6c1UtLXFJM0lrVkxlMUFlcUwxX01FVVZ4V2xxNzJCVExjeUVpTTdtVml0UVRYdlpydkgwZllMc0FFYkotMUhYVEFOYm9HdDVwTFEyQUEwd3kzRXdZWUQxRTVUVkx3bTVTbEJmdTBTUWZBQktpVW9mR0tCT0FFQTRnRjVQXzNtMEdTQlFZSUhSQUVHQUdTQlFZSUhSQUJHQUdTQlFZSUhoQUJHQUdRQmdHZ0JnS0FCOWU3dE1RQnFBZU96aHVvQjVQWUc2Z0g3cGF4QXFnSF9wNnhBcWdIcEtPeEFxZ0gxY2ticUFlbXZodllCd0R5QndvUXdhOEJHSWpyaXQwQjBnZ1JDSURoZ0JBUUFSaGZNZ0txQWpvQ2dFRHlDQTVpYVdSa1pYSXROVGMwTXpBMU9JQUtCTWdMQWJBVG5JN21FY2dUNVlQRDRBUFFFd0RZRXhEWUZBSFFGUUdBRndHeUZ3Z0tCZ2dBRWdBWUFBJnNpZ2g9QXNQZTJQV3h6NHMmdWFjaF9tPVtVQUNIXSZjaWQ9Q0FRU0d3RHEyNk45Tzk1X2hrd2dRRWpZdDZfdnJUd0VWWUdrOFF5WEZSZ0JJQW8mcHI9MTA6JHtBVUNUSU9OX1BSSUNFfRoTNDQ2NTY3Njk5NzU4NzQ0MTkwMyIJNDA5NjQxMzAyKgc1NjI1MDMzOgk0NjM2NDgxMzbAA6wCyAMA2AOR1lLgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQOMjE3LjExNC4yMTguMjeoBACyBBAIABABGKwCIPoBKAAwADgCuAQAwAQAyAQA2gQCCAHgBAHwBNbCqsMBiAUBmAUAoAXj0tKB4LTX4QHABQDJBQAAAAAAAPA_0gUJCQAAAAAAAAAA2AUB4AUB8AXThQH6BQQIABAAkAYAmAYAuAYAwQYAAAAAAADwP9AGwosB2gYWChAAAAAAAAAAAAAAAAAAAAAAEAAYAOAGAfIGAggAgAcBiAcAoAcBqgcLMTc1MDY4OTM3OTbIB72EBtIHDQkAAAAAAAAAABAAGADaBwYIABAAGADgBwDqBwIIAPAH59kCiggCEACVCAAAgD-YCAE.&s=9a82d2f511cc939d3f19ee654f7ec7772e154cdc&type=pv&jm=1003&px=0&py=0&bw=300&bh=250&sf=1&sid=7403146411521057559&vd=ct~0|rr~5&sv=231&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=22885859&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/231/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:31 GMT
AN-X-Request-Uuid: a34373d7-4cc2-4816-8e01-b40a2071f993
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame EE53 42 B
64 B 123ms
122ms Fetch
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssJPMk7EBOFOxm1S5lZoXisKPpGR2tnLq4nujrS5_AvD5zHXTmhdZPLf1TuXvv1hbsOlKWLPvoV7mI1r8yggi-FZpYDSrtNDvQ&sig=Cg0ArKJSzOG_Jll9s9RqEAE&id=lidar2&mcvt=1071&p=0,0,250,300&mtos=1071,1071,1071,1071,1071&tos=1071,0,0,0,0&v=20230105&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=32&adk=0&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1673177007732&rpt=2457&wmsd=0&pbe=0&spb=0

Requested by

Host: acdn.adnxs-simple.com
URL: https://acdn.adnxs-simple.com/strikeforce/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame D49B 4 KB
3 KB 41ms
41ms Script
text/javascript 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?CC=1&bn=60271212;click=https://hal900023.redintelligence.net/c/pae0vhpa5of6hr6?tprd=;js=1;adfxid=1x;8339;set=en-US|en-US|1600X1200|0|300|250|24|8|3|7|1|;cmpgdpr=;cmpgdprconsent=;fd=0|0&CREFURL=https%3A%2F%2Fkresy.pl

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

14e34e134e5207e51fdd86cfd75a9ab367900352c65561b7611a0c6ef6b79acc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:31 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 2059
expires: -1

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame C098 0
0 60ms
59ms Fetch
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst8J640wuF-OpkKPEqGGaDBLYv86_sLDpS_jP7Fu4q8LYPGHL24Ewqb9tPqieBMRw4BcJUKhXsJ_SmrQbcZVytuBKZFE9P01DrZOgN5VD99iWZy93MxXG_pUtGo0riTsgdYAGtdLOGni8KumntNOgI&sai=AMfl-YQYJNvJireqbgU1oZYlPCiLrGP-sqlZxxn1x8DMbqlJ1BQ0TMCHRSIfnwJnNDUb08o4c-S4VULTruuC-KLebRQMZO_-TZ25O16uBoSU&sig=Cg0ArKJSzP_dsrgvLnb-EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1389&vt=11&dtpt=836&dett=3&cstd=551&cisv=r20230104.79146&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:31 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 08 Jan 2023 11:23:31 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 19E8 0
20 B 127ms
127ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BQkEasKe6Y5HIMo6v-gbrzyQAAAAAOAHgBAI&bg=!BgWlBUHNAAYDMoyoIzI7ACkAdvg8WnsNPGTiA6XecxPdVYTpbN6VOQblIAI1epgCTZEm-vzFAJhSbQIAAAOaUgAAAAJoAQeZArocN4FcHFGy8GYRaMqbX1BGgbHw7DIiGORiOuA4-KJwkGJSrhOcOGBd0XXx7lYzP2czGbreHful6wv7upJ2WnS93MiTIfZ8AaFn2uxeCrDs0Auwd9C4T3Uc6QuGjPxgC8Qr_uGYl3VXxgsy26Vt6yyuDyJgp5XtIEpeeHlB1z5xd4Ty3AzqtG2e0zNArhTlEVMyXtoDQD3RTD0kNJpuKrByA3fMHuG8xKzJohWb_Hy6Gt_KN7oFhEj3Lc2uM2pI9v4QW9R43POp4HAdL6kWfk6jmRx9xrbnAUMsBMC35wCNHwrccFw_4nIxxjGin8101sb-dkt_NfYp_rBqz-ZqLZQK76iZOO6TBg63_gUoxyGYo6Vm6L9ajTKWe4hCiJpj7i4iAwLYF2qyXnhi3NmqvXnqpqSk9QehMY72aAkb4iqhmg3T31dpSlgpZuAGeTqJlbNXYwyFvBTpVZwlgGJ6jlQsGLZ1GmA4gu0Y2BW8UXSS_bK8ayJKZTyMtonY9htZ4dTM3zdCvD68HocyojYv55t8ziJRuRxg1EDmkBmL4hPXVbyucx4wS2ApPQTTfi8oNN0PPPmTzdjLNg28BbwY-BEd-rqGQS_AqBFfSX-AqtvAuD9S9NlL2zeVPA46uM8SgSfJwr0Jmo0RSNlZwdpvhNe93G_ocYYxlHlfM9xoD6RjhBREP37uQBfUihfh5dAVPk4YFbBKVnZHQ9Gxamw0q9nXJDAolMwa7JHwspY-GFOjuxKQgOvnkHlxCqGGo9j_tZEhXwHPZlSBnEkfihLAkwMfhWUKbggFSBnFeOhwCBPgOxJFez9GM_7w_14sibxMbNI1EKyRzoqszyjfx-g7Kze6c3646Jvh8Lah0CKKkxayjhm5QJcrKGVBuWdmbIqDJRYfkgnB5pmXEbHGXXNRUisJXdbVnSMY9X7jsQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame 3038 89 KB
29 KB 239ms
151ms XHR
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.130.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

61c1317e433c125a2ebbbdaf22fc3a0b3606bcb0c9cfea151425adf7b5195f48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:31 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
server: nginx
etag: W/"6356752f-16294"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 09 Jan 2023 11:23:31 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7DB5
Redirect Chain

https://token.rubiconproject.com/token?pid=25470
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TENOQUUxWEgtMTktQzdNVw==

170 B
188 B

31ms
30ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TENOQUUxWEgtMTktQzdNVw==

Requested by

Host: guandads.com
URL: https://guandads.com/r/p.html?f=ehgguw&e=1250011214715

Protocol

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TENOQUUxWEgtMTktQzdNVw==
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 7DB5
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEPmTsrFLaTtRuCjmL5U6yhI&google_cver=1

0
239 B

111ms
22ms

Image
image/gif

69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEPmTsrFLaTtRuCjmL5U6yhI&google_cver=1
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=ehgguw&e=1250011214715
Protocol: HTTP/1.1
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:31 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEPmTsrFLaTtRuCjmL5U6yhI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7DB5
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=OGY4NTQ4ZWNkZDUyYTg0MjBiM2M3MzY5MjcxY2RmYWU2Zjg4YTk1Yg

170 B
188 B

30ms
30ms

Image
image/png

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=OGY4NTQ4ZWNkZDUyYTg0MjBiM2M3MzY5MjcxY2RmYWU2Zjg4YTk1Yg

Requested by

Host: guandads.com
URL: https://guandads.com/r/p.html?f=ehgguw&e=1250011214715

Protocol

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=OGY4NTQ4ZWNkZDUyYTg0MjBiM2M3MzY5MjcxY2RmYWU2Zjg4YTk1Yg
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 4b510f0cc5fcbc9800016ef543086418
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 7DB5
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=TCIuxA2JSJG5LjzPkDYZ-g&rk=usync-na
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=TCIuxA2JSJG5LjzPkDYZ-g

43 B
479 B

109ms
109ms

Image
image/gif

52.46.130.91
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=TCIuxA2JSJG5LjzPkDYZ-g

Protocol

HTTP/1.1

Server

52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:32 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 7BGBBT3X7YYGQEQEGTW8
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=TCIuxA2JSJG5LjzPkDYZ-g
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

200

setuid
px.ads.linkedin.com/ Frame 7DB5
Redirect Chain

https://token.rubiconproject.com/token?pid=36584
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LCNAE1XH-19-C7MW

0
706 B

195ms
123ms

Image
text/plain

2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LCNAE1XH-19-C7MW
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=ehgguw&e=1250011214715
Protocol: H2
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:31 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 76647C731B984A06BBE500D6E7FF4BC9 Ref B: FRAEDGE1116 Ref C: 2023-01-08T11:23:31Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXxvuFujuM/OS4ZcDLnpw==

Redirect headers

Location: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LCNAE1XH-19-C7MW
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 7DB5
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
https://pr-bh.ybp.yahoo.com/sync/rubicon/k5ZRxy0wVXlIQAwZ6hzPp8n5EUdSAgOZEtemQ7w0kco?csrc=
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-dw2bgS1E2oKTWsfDlvrWEsVrrWSbGswq.0grsA--~A

0
239 B

24ms
23ms

Image
image/gif

69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-dw2bgS1E2oKTWsfDlvrWEsVrrWSbGswq.0grsA--~A
Protocol: HTTP/1.1
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

date: Sun, 08 Jan 2023 11:23:31 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-dw2bgS1E2oKTWsfDlvrWEsVrrWSbGswq.0grsA--~A
content-length: 0

GET
H2 200 rubicon
match.adsrvr.org/track/cmf/ Frame 7DB5 70 B
264 B 45ms
45ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/rubicon
Requested by: Host: guandads.com
URL: https://guandads.com/r/p.html?f=ehgguw&e=1250011214715
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sun, 08 Jan 2023 11:23:31 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

ecm3
aax-eu.amazon-adsystem.com/s/ Frame 7DB5
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=MKQmamumQdCLSG2MCqaZQw&rk=usync-other
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=MKQmamumQdCLSG2MCqaZQw

43 B
479 B

47ms
47ms

Image
image/gif

52.95.118.179
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=MKQmamumQdCLSG2MCqaZQw

Protocol

HTTP/1.1

Server

52.95.118.179 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:32 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: FNN8AKCJ8X2W00S4XE7F
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=MKQmamumQdCLSG2MCqaZQw
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame F943 89 KB
29 KB 174ms
127ms XHR
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.130.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

61c1317e433c125a2ebbbdaf22fc3a0b3606bcb0c9cfea151425adf7b5195f48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:31 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
server: nginx
etag: W/"6356752f-16294"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 09 Jan 2023 11:23:31 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame C373 89 KB
29 KB 92ms
45ms XHR
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.130.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

61c1317e433c125a2ebbbdaf22fc3a0b3606bcb0c9cfea151425adf7b5195f48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:31 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
server: nginx
etag: W/"6356752f-16294"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 09 Jan 2023 11:23:31 GMT

POST
H/1.1 200
OK vevent
fra1-ib.adnxs.com/ Frame EE53 0
953 B 31ms
30ms Ping
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QKSC_BMkgUAAAMA1gAFAQiwz-qdBhCNmfT7rNWY2SMYrtKEspaDxZIcKjYJjPM3oRABlz8RzyBw6iTXkj8ZAAAAgOtRyD8hzyBw6iTXkj8pjPMJJNgxAAAAQOF6lD8w4-v0CjiYUEC8CUhlUNbCqsMBWPLTlwFgAGj0-7QBeK_YBYABAYoBA1VTRJIBAQbwVZgBrAKgAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKbhU7qAhFodHRwczovL2tyZXN5LnBsL4ADAIgDAZADAJgDF6ADAaoDgwcKzAZoDSf0pgRhZHguZy5kb3VibGVjbGljay5uZXQvcGFnZWFkL2Fkdmlldz9haT1Dcl84enNLZTZZLUx1TElUSW1MQVB6YzI1eUFiWHE1R2hicUNKNV9XYkVmZ3VFQUVnNXBmV0pXQ1Znb0NBckFmSUFRS3BBanlUUlFUSzI3RS1xQU1CeUFPWkJLb0VfQUZQMElrVjR1ZFZXZUpMdVRZRFpWWVdaN2t5aC1pSHdsYmV6WDVNbDZFLUhMNUlkeWEweEhiczdmYU5wSk9mR1dFTmxTM0RYRXRscG9WRzE5NUFUa2ctMlgxVHhOUG9hUVI5LXJQOXp5UDl5SWloOEZkVENYRThyeU5tYlJyOTZJQm9jT2d0b0wxSnVEX2ltN0pFbERmb2RWZDRpajdSMml6T0ZEdlRZaVVCbGdPa2NWcVFqejJRaUxFd1l0Zm5IYVU3Rktoa1g5eFY2bHJFS2czU3FzMGk4WS1TS2ctWmduXy1acUlobnFGeWIyRXZrTmljejV1TkgyYWtweDFNMi0tdWJXQ1BEZ3lmNFgyOFZYaGFBakRGMWdaeC1WSHp3RjZfQUNkdDVHeVRXV3pWZGlfV2Z0OXo1a1RrNjNzRTMxdXhySzNQX05fZVZENTRkbzdBQktpVW9mR0tCT0FFQTRnRjVQXzNtMEdTQlFZSUhSQUVHQUdTQlFZSUhSQUJHQUdTQlFZSUhoQUJHQUdRQmdHZ0JnS0FCOWU3dE1RQnFBZU96aHVvQjVQWUc2Z0g3cGF4QXFnSF9wNnhBcWdIcEtPeEFxZ0gxY2ticUFlbXZodllCd0R5QndvUXdhOEJHSWpyaXQwQjBnZ1JDSURoZ0JBUUFSaGZNZ0txQWpvQ2dFRHlDQTVpYVdSa1pYSXROVGMwTXpBMU9JQUtCTWdMQWJBVG5JN21FY2dUNVlQRDRBUFFFd0RZRXhEWUZBSFFGUUdBRndHeUZ3Z0tCZ2dBRWdBWUFBJnNpZ2g9aGYydEJ6WDRKaHcmdWFjaF9tPVtVQUNIXSZjaWQ9Q0FRU0d3RHEyNk45NGtsalZqWk9jWG5RN3lWbElhSWVFNWo0NEtWazVoZ0JJQW8mcHI9MTA6JHtBVUNUSU9OX1BSSUNFfRoTMjU3MjIyNjgyMjk0NzAxNTgyMSIJNDA5NjQxMzAyKgc1NjI1MDMzOgk0NjM2NDgxMzbAA6wCyAMA2AOR1lLgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQOMjE3LjExNC4yMTguMjeoBACyBBAIABABGKwCIPoBKAAwADgCuAQAwAQAyAQA2gQCCAHgBAHwBNbCqsMBiAUBmAUAoAWK8b-ppY606BjABQDJBQAAAAAAAPA_0gUJCQAAAAAAAAAA2AUB4AUB8AXThQH6BQQIABAAkAYAmAYAuAYAwQYAAAAAAADwP9AGwosB2gYWChAAAAAAAAAAAAAAAAAAAAAAEAAYAOAGAfIGAggAgAcBiAcAoAcBqgcLMTc1MDY4OTM3OTbIB6_YBdIHDQkAAAAAAAAAABAAGADaBwYIABAAGADgBwDqBwIIAPAH59kCiggCEACVCAAAgD-YCAE.&s=2f65130b87945add6886d7c55789d3e7c44b8e26&type=pv&jm=1003&px=0&py=0&bw=300&bh=250&sf=1&sid=7403146411521057559&vd=ct~0|rr~5&sv=231&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=22885859&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/231/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:31 GMT
AN-X-Request-Uuid: 836378e4-701e-4d79-9f42-b1b1365e801a
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 Standard Show response
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.226/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/ Frame D49B 90 KB
39 KB 60ms
60ms Script
text/javascript 37.157.5.72
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.226/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 8e16ad2005bc4c19f8560189ef6e7b7475f2b3def2c60a57f9041fac5b4f94cf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:31 GMT
content-encoding: gzip
last-modified: Wed, 21 Dec 2022 11:59:41 GMT
server: nginx
x-cache-status: STALE
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Thu, 22 Dec 2022 17:22:48 GMT

GET
H2

204

ImgSync
image8.pubmatic.com/AdServer/ Frame C373
Redirect Chain

https://image8.pubmatic.com/AdServer/ImgSync?p=156383&us_privacy=1---
https://image8.pubmatic.com/AdServer/ImgSync?p=156383&us_privacy=1---&rdf=1
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=MDMwN0Y3MjAtMzlDNi00REE4LThFODctQkQyRUNGRjk5OENB&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=

0
43 B

167ms
167ms

Image
text/plain

104.36.113.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Protocol: H2
Server: 104.36.113.110 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:31 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
date: Sun, 08 Jan 2023 11:23:31 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 /
sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/ Frame C373 95 B
222 B 87ms
30ms Image
image/png 168.119.79.223
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?referrer=https%3A%2F%2Fkresy.pl%2Fwydarzenia%2Fwegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall%2F
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 168.119.79.223 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.223.79.119.168.clients.your-server.de
Software: nginx/1.14.2 /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-type: image/png
date: Sun, 08 Jan 2023 11:23:31 GMT
server: nginx/1.14.2
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

GET
H2

204

ImgSync
image8.pubmatic.com/AdServer/ Frame 3038
Redirect Chain

https://image8.pubmatic.com/AdServer/ImgSync?p=156383&us_privacy=1---
https://image8.pubmatic.com/AdServer/ImgSync?p=156383&us_privacy=1---&rdf=1
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NEU3QkRBOEUtNzhGMC00QTAxLUI2MTctNDk0N0RDOUU0MTk1&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=

0
43 B

169ms
169ms

Image
text/plain

104.36.113.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Protocol: H2
Server: 104.36.113.110 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:32 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
date: Sun, 08 Jan 2023 11:23:31 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 /
sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/ Frame 3038 95 B
223 B 86ms
30ms Image
image/png 168.119.79.223
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?referrer=https%3A%2F%2Fkresy.pl%2Fwydarzenia%2Fwegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall%2F
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 168.119.79.223 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.223.79.119.168.clients.your-server.de
Software: nginx/1.14.2 /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-type: image/png
date: Sun, 08 Jan 2023 11:23:31 GMT
server: nginx/1.14.2
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

GET
H2

204

ImgSync
image8.pubmatic.com/AdServer/ Frame F943
Redirect Chain

https://image8.pubmatic.com/AdServer/ImgSync?p=156383&us_privacy=1---
https://image8.pubmatic.com/AdServer/ImgSync?p=156383&us_privacy=1---&rdf=1
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NzY5OTFFRjgtQ0NGQy00RUYxLUI5ODctMTI2MTdCQTEyQzEx&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=

0
43 B

168ms
168ms

Image
text/plain

104.36.113.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Protocol: H2
Server: 104.36.113.110 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:32 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
date: Sun, 08 Jan 2023 11:23:32 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 /
sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/ Frame F943 95 B
222 B 84ms
31ms Image
image/png 168.119.79.223
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?referrer=https%3A%2F%2Fkresy.pl%2Fwydarzenia%2Fwegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall%2F
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 168.119.79.223 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.223.79.119.168.clients.your-server.de
Software: nginx/1.14.2 /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-type: image/png
date: Sun, 08 Jan 2023 11:23:31 GMT
server: nginx/1.14.2
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame B182 42 B
64 B 123ms
123ms Fetch
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvXLKbdRgXJvyPniCOjeTx-T3FIHmTUQeCPButKPDdLP2SY4d8SWwGM7WRPJuPkjl6KWu__xix9zkBXAmSa0a1oDGRZ-CsUKGI&sig=Cg0ArKJSzP0JaOfKDykkEAE&id=lidar2&mcvt=1036&p=0,0,250,300&mtos=1036,1036,1036,1036,1036&tos=1036,0,0,0,0&v=20230105&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=32&adk=0&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1673177007750&rpt=2626&wmsd=0&pbe=0&spb=0

Requested by

Host: acdn.adnxs-simple.com
URL: https://acdn.adnxs-simple.com/strikeforce/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame D49B 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/gif

POST
H/1.1 200
OK vevent
fra1-ib.adnxs.com/ Frame BC77 0
953 B 21ms
21ms Ping
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QKHFvBMBwsAAAMA1gAFAQiwz-qdBhD3iKPosrLbongYrtKEspaDxZIcKjYJ9jsUBfpEfj8RQKJoqtfQdT8ZAAAAoEfhyj8hQKJoqtfQdT8p-DsJJNgxAAAA4FG4nj8wrev0CjiYUEDRB0gCUMmJtsMBWPLTlwFgAGj0-7QBeNXXBYABAYoBA1VTRJIBAQbwTJgBygegAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEAigJpdWYoJ2EnLCAzNjcxOTYzLCAwKTt1ZignaScsIDc3NzY4MzMsIDApBRQsZycsIDE5NTQwMjMxFSkwcycsIDI3OTkwNDQ4NxUWLHInLCA0MDk4MzA2MAks8LCSAtkOIW5YSzNLd2lCNFA4WkVNbUp0c01CR0FBZzh0T1hBVEFCT0FCQUFFalJCMUN0Nl9RS1dBQmdyZ1pvQUhBQWVBQ0FBUUNJQVFDUUFRR1lBUUdnQVFLb0FRS3dBUUM1QVpfRF9iZ0tCWGtfd1FFWmVFd19ZVUYtUDhrQkFBQUFBQUFBOERfWkFaLXJyZGhmZHVvXzRBSEIxTm9EOVFITnpNdy1tQUlBb0FJQ3RRSUEBMwh2UUkBB_BYQXdBSUF5QUlBMEFJQTJBSUE0QUlBNkFJQS1BSUFnQU1CbUFNQm9nTU9DS3FiOUNjUUJCZ0JMVy1zM2pxaUF4TUk2dlBzSnhBS0dBRXRBQUNBUURJRGRXNXIFNDBKYXZ1Q1lRQ3hnQ0xRAW_YQzZBd2xHVWtFeE9qVXpNVGZnQTVjd2dBVEloTkVKaUFUZ25fd0prQVFCbUFRRXFnU3VCd2pfXxUCDDhCRVAVDRBfX3dFWR0ODF9BU0QdDxQ4QktBZ3cdEQxfQVRqHQ8IOEJRMkwABEZJHR0IX0FWNkwAAFc2LAAAZzIsAABXNlgAAGM2LAAQNEFZQUIyMAAEWWc2EAAAWjogACRaZ0JrZFpTb0FIHTcIOEJxOhAAAHM6EAAAdToQAAB3OhAAAHk6EAAMMEFHdEGMADI6GAAANDoQAAA2OhAAADg6EAAcLUFHX0JvQUMdrQxfQVlnNhAAAFo6IAAAWjogAABhOiAAAGE6IAAAYjogAABiOiAAAGM6IAAAYzogAABkOiAAAGQ6IAAAZTogAABlOiAAAGY6IAAAZjogAARZQS4xAiEANhAAAFo6IAAAWjogAABhOiAAAGE6IAAAYjogAABiOiAAAGM6IAAAYzogAABkOiAAAGQ6IAAAZTogAABlOiAAAGY6IAAAZjogAAhZQUU6AAI2EAAAWjogAABaOiAAAGE6IAAAYTogAABiOiAAAGI6IAAAYzogAABjOiAAAGQ6IAAAZDogAABlOiAAAGU6IAAAZjogAABmOiAACFlBRjoAATYQAABaOiAAAFo6IABMYklFQ2dqUTlPY0pFTXVGcGczQkKhMw0BBHlRpUEJARhOZ0VBUEVFCQ0BAWBDSUJjVXBrQVh4dkRHWUJlZUJ2SVVCcVFVAR0gQUFBRHdQN0VGAQoJAQhEQkIdTwB5BSgcQkFFNlBuUDkyKAAAWhUoyFBBXzRBWGpCZkFGaDlLb0NmZ0ZtNF9nQVlJR0EwZENVSWdHQUpBR0FaZ0dBS0VHbXBtWgECLDJULW9CZ1N5QmlRSgl8BQEAUgUGCQEAWgkHBQEAaAUGBQFIQzRCZ28umgKZASFoUm41VmdpQjJdBzhQTFRsd0VnQUNnQU1acVoBbRRtZGtfT2cuYQZAZEFsekJKbjZ1dDJGOTI2ajkdeQBCHXkAQh15BEJwBYAFAQRCeAUHBQEQQjRBSWs1lPDQOEQ4LtgCAOACm4VO6gIRaHR0cHM6Ly9rcmVzeS5wbC-AAwCIAwGQAwCYAxegAwGqAwDAA6wCyAMA2AOR1lLgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQOMjE3LjExNC4yMTguMjeoBACyBBAIABABGMoHIPoBKAAwADgCuAQAwAQAyAQA0gQNOTc3I0ZSQTE6NTMxN9oEAggB4AQB8ATJibbDAYgFAZgFAKAF____________AcAFAMkFAAAAAAAA8D_SBQkJAAAJDrDYBQHgBQHwBSf6BQQIABAAkAYAmAYAogYPMTAyNjQjRlJBMTo1MTk3uAYAwQYJMyjwP9AG5QLaBhYKEAkRGQFcEAAYAOAGAfIGggEI8bwxEnxXaFBYRFZrIVDYREFBa0NCUUVJbjVqUUJSRHNnTTRCR0syeFlDQUhLQUJBb05TNUFramM5ZlFEVUpjd1dNMG9jUQE7CQEQZUFDQkFdx0xpQUVBa0FFQW1nRUNDQUNvQVFDeC4gAESABwGIBwCgBwHIB9XXBdIHDQkRqQGnCNoHBgHwcBgA4AcA6gcCCADwB-fZAooIAhAAlQgAAIA_mAgB&s=2f3fb7b57055cc61a6c2685b69f644baa1a76028&type=pv&jm=1003&px=545&py=53&bw=129&bh=74&sf=1&sid=7403146411521057559&vd=ct~0|rr~6&sv=231&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=22885805&cid=3&cr=pv&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/231/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:31 GMT
AN-X-Request-Uuid: 56ee6182-8ccd-4dad-a73c-c61d0d5b85eb
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK vevent
fra1-ib.adnxs.com/ Frame B182 0
953 B 20ms
19ms Ping
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QKYC_BMmAUAAAMA1gAFAQiwz-qdBhCk48vnw_LSv08YrtKEspaDxZIcKjYJjPM3oRABlz8RzyBw6iTXkj8ZAAAAgOtRyD8hzyBw6iTXkj8pjPMJJNgxAAAAQOF6lD8w4-v0CjiYUEC8CUhlUNbCqsMBWPLTlwFgAGj0-7QBeMuGBoABAYoBA1VTRJIBAQbwVZgBrAKgAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEA2AIA4AKbhU7qAhFodHRwczovL2tyZXN5LnBsL4ADAIgDAZADAJgDF6ADAaoDiQcK0gZoDSf0rARhZHguZy5kb3VibGVjbGljay5uZXQvcGFnZWFkL2Fkdmlldz9haT1DakY4RnNLZTZZOTZTTk1tRGxnVE81cG5vQ2RlcmthRnVvSW5uOVpzUi1DNFFBU0RtbDlZbFlKV0NnSUNzQjhnQkFxa0NQSk5GQk1yYnNUNm9Bd0hJQTVrRXFnU0NBa19RbTJjaWViVWdsR29KUVdyTkRxbXpWeUNqQUFhc04tTDdOdlc0S1ZVT0E0SU1fU19RTHVxTm5UMENGMXJhRmJXUU5ZTkxSQUpwaTJySmNvS3Z3QlhiWFZITWVhV2tQajBLbUw4TU96T3FHVjhLSDZPQXJtbTQ2bG9nUkY5ck1OQktpOEtvQUtHMEs0UFZ0YzdVRG5TLW5Gb1JFV0I4cjZ3YXJNTU0tMlN1djF1eHBrTkdFRFZGMFdyN0tyb3d4dnZlMFdYUlpZTXRIR2hvU1p0S3ZKMGNNQ2lnWkdIQW9jX2xpM2dFMlR3aVpvSWFkU2p4Q05Scml2RzNFV1BCbUZ2d09oYzNQZmFRTV9rN0dyc3pRVGdid0ExRXhQMW1Zd1U4S1RjNHFLSGQwQ2l0a2tBbWV0dTA5T0lrNEhZOWNlc1lJajlhUWVpTnlfQUxPVlNlSVB6UkpNQUVxSlNoOFlvRTRBUURpQVhrX19lYlFaSUZCZ2dkRUFRWUFaSUZCZ2dkRUFFWUFaSUZCZ2dlRUFFWUFaQUdBYUFHQW9BSDE3dTB4QUdvQjQ3T0c2Z0hrOWdicUFmdWxyRUNxQWYtbnJFQ3FBZWtvN0VDcUFmVnlSdW9CNmEtRzlnSEFQSUhDaERCcndFWWlPdUszUUhTQ0JFSWdPR0FFQkFCR0Y4eUFxb0NPZ0tBUVBJSURtSnBaR1JsY2kwMU56UXpNRFU0Z0FvRXlBc0JzQk9janVZUnlCUGxnOFBnQTlBVEFOZ1RFTmdVQWRBVkFZQVhBYklYQ0FvR0NBQVNBQmdBJnNpZ2g9TEZJZWF4eHBiUkEmdWFjaF9tPVtVQUNIXSZjaWQ9Q0FRU0d3RHEyNk45NXRyNk9FdS16Nkloc0h6YkRxdUs3emw4NXdhbmFCZ0JJQW8mcHI9MTA6JHtBVUNUSU9OX1BSSUNFfRoTNTcyODM4MDM1MTA4ODM1Nzc5NiIJNDA5NjQxMzAyKgc1NjI1MDMzOgk0NjM2NDgxMzbAA6wCyAMA2AOR1lLgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQOMjE3LjExNC4yMTguMjeoBACyBBAIABABGKwCIPoBKAAwADgCuAQAwAQAyAQA2gQCCAHgBAHwBNbCqsMBiAUBmAUAoAWwkc3RvYOXzWvABQDJBQAAAAAAAPA_0gUJCQAAAAAAAAAA2AUB4AUB8AXThQH6BQQIABAAkAYAmAYAuAYAwQYAAAAAAADwP9AGwosB2gYWChAAAAAAAAAAAAAAAAAAAAAAEAAYAOAGAfIGAggAgAcBiAcAoAcBqgcLMTc1MDY4OTM3OTbIB8uGBtIHDQkAAAAAAAAAABAAGADaBwYIABAAGADgBwDqBwIIAPAH59kCiggCEACVCAAAgD-YCAE.&s=83d8590b05bafbe3d9602507f49e051abd6cf46b&type=pv&jm=1003&px=0&py=0&bw=300&bh=250&sf=1&sid=7403146411521057559&vd=ct~0|rr~5&sv=231&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=22885859&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/231/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:31 GMT
AN-X-Request-Uuid: 43fc5458-7d61-4f40-af0a-87586629b5ba
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame AD07 0
20 B 128ms
127ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B0Xe7sae6Y6L6Bba69u8PktmWqAEAAAAAOAHgBAI&bg=!MzClMHTNAAYDMoyoIzI7ACkAdvg8Wul_HoEyRHhwlxej9emr48nl2fYUYtWM2JtZo7PnAqVTVvHFhgIAAAJIUgAAAAJoAQeZAsEpuIZHoho7sZ4Yg9D0cFP5TpJ2_pJij9RRGJ0xrebUUxTbmuacF_g-rHzErGYLHC9LxNN7yrEttbQzJMPtcUmL-z3ONHO22T1yGYgXPPVJAfr-j2pJ1COeCoX4mAH1akJ0WcaQX_aJFAXHEanM1TU4PdVr8EYEDiQxgFBNZjEZDmlvCv8P8znVPuFJZpzY1oP5eKptROwcgnu6gn7SLRvK7zmwPI8v4qZ9jMPn1ul4C8tTptaoLsajgzb1Y5f9yGUd-bkr0ec6r5fBY0kN0vTC5C03tStgl6pYz92_egvfhaFX7Gib0jMBVcktfWlrr_rY37Dus29iK6VUcqzZFCvi4kNvWt2tAw62B8iEzsboZ5M9G2q2zsH5VChPZtZaXmxLEtqF8HIUPXZa3OKwK2_ZcGrY5wfNlR_2mjxTzxfNI6_5u04XUlnamhKzERtXQeOtaAG2Q3FPBO-pjLJCzUDvHiRFFhpfCEox6S7EcEmf27hXxsBWzzIxOXO0XGXTNIoGOhvCCRgsrLiMBksEx7VW_mDI58ixqNA5Tm1FuIXDIy2D_ikkRXtJ8_pBIl2cd8dGTsSPm3cJ51CYbk1yfth65eZ6CePHzwbJm6OrnJ_IYbM_uxfd_nKdhOFOYXgTIFdCQkCR5yeFMi3bgCGbLtxTebBr6SW9uQ9asRtLmVAkfq_uzjUpEfGnnbP4xGn6H_QXk1pev2bgb_m_i06Uk2gqissrs9538rt3lYDdGeaEX9Agej4TrxAbSjmNpfeZ4ins0PvGRof0Er92odfQhngvw7ZTz2KkDlsQ4djTUbola5IFCO8jw15AG2rSPYLFQBKCQehlbO888uDzEyWvHRstuth0mitC_1p3nHnrurl_z8WHKM-F0-63jCOhTeeretaaffFVGNYvUz5jYxWXGJexQJXaiBPtTs4ojx8PAGX879k

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8FED 0
20 B 131ms
130ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BXTtusae6Y4yaDMXJ3gOXgqoQAAAAADgB4AQC&bg=!KCulK2_NAAYDMoyoIzI7ACkAdvg8WqlqBX2G1iMdyyLbeL3iv2BPXeXWAP6LT_7VugZyvEzAA2HhwQIAAAHLUgAAAAJoAQeZArxtUNtCJJLrazeqg7Lwpxo5DGYTH-yWztcbpBYLnIZiDEZVirPg8xBwIVjbyUxSJJscvngLXEecXQOgswf4roKHhDxUocqdtbkUvK37PIzKce-7bimD3mW8Kx16H5sXGGQBNeeng5YgDCGcn_Z2I5mtiw33jKi0YVt2NmeOjIwoz32oZ6mzZSfj6vw1sjrYcb3l7OEEcZTEN6Q_h9o1wwOt1qVrMJb5_dV8Lr0CEPWH34XA5xNB9O7RT2Q-xHRcve5QcaTU6VRQhaPMwbzDuy1iwLfCaD-icIpHOMZWvCvwB6a0IVDx4ap6FM8lFRkTxYRVn4yChEije6gvOYSxru6De_Z1eI4_36EYT1apJX2aC3Js0705KrWMjA2aXSuYhxMUSTvBuOoC8cLYMSHFybDB0uXjNv_BJCFgwyTJfq11GDcqGbH8ZEfGRDfZstt4eYXqlBYGMfnjjtfswETaPx0EFvoZ5dIIaTZyPMltSQxdcE77sUbZRMigr7KVwHTxHeE1k0Vxcns2y8tZOVQ-iRzmY-QMGmDcc4Gggk-dMI7AgUcr71TP7SKJcLAgq9J57z3OdsFwQWupS3-BLvIQWYxIZNa95C_RTrPPUuIe8hyLzxkm0TSwBDj2Jm2R9Dc7cTe6zFXcxFoRs3If4xh7UIvpXvNQnAt7_92RzzhT4M8r-lctBz1f5Y4VgFmbJb-MRfbJvUuN8PlgCRvwH--z20ptfENtjIRdB4vkcaHaX1hFR_391epliKhOkkfv5nRQEDZPMTFGoSl8vklEiZXLctdVEd5YdeM0u1o3SHVZ11USFs-vb5dNskfYAVf0J2PNpz4Uffl9jqVSdZu-rRDBTcSkMIl5W4dOtPvusvy1huDafdedpjk3ZfDLXMt66-20dWBm6hIUF_gvvVegSyoBnRxLAYjFQfMAduLxTzdy

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 968F 52 KB
17 KB 21ms
20ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 17773
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Sun, 08 Jan 2023 11:23:31 GMT
ETag: W/"623de86a-cf34"
Expires: Sun, 01 Jan 2023 17:03:48 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 7, 236637
X-Served-By: cache-lga13626-LGA, cache-hhn-etou8220061-HHN
X-Timer: S1673177012.620185,VS0,VE0

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 0B05 281 B
554 B 28ms
28ms Document
text/html 23.2.211.147
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.2.211.147 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-211-147.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Sun, 08 Jan 2023 11:23:31 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 9D35 16 KB
6 KB 87ms
20ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=42064
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Sun, 08 Jan 2023 11:23:31 GMT
expires: Sun, 08 Jan 2023 23:04:35 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 689D 52 KB
17 KB 20ms
20ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 17773
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Sun, 08 Jan 2023 11:23:31 GMT
ETag: W/"623de86a-cf34"
Expires: Sun, 01 Jan 2023 17:03:48 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 7, 233583
X-Served-By: cache-lga13626-LGA, cache-hhn-etou8220088-HHN
X-Timer: S1673177012.627482,VS0,VE0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 0682 16 KB
6 KB 86ms
22ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=42064
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Sun, 08 Jan 2023 11:23:31 GMT
expires: Sun, 08 Jan 2023 23:04:35 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 8698 281 B
554 B 52ms
27ms Document
text/html 23.2.211.147
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.2.211.147 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-211-147.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Sun, 08 Jan 2023 11:23:31 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

POST
H/1.1 200
OK vevent
fra1-ib.adnxs.com/ Frame D424 0
953 B 29ms
29ms Ping
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QKbDPBMGwYAAAMA1gAFAQiwz-qdBhD5mP67--yR-mMYrtKEspaDxZIcKjYJ9jsUBfpEfj8RQKJoqtfQdT8ZAAAAgOtRyD8hQKJoqtfQdT8p-DsJJNgxAAAAQOF6lD8w4-v0CjiYUEDRB0gCUIWNtsMBWPLTlwFgAGj0-7QBeN6HBoABAYoBA1VTRJIBAQbwTJgBrAKgAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEAigJpdWYoJ2EnLCAzNjcxOTYzLCAwKTt1ZignaScsIDc3NzY4MzMsIDApBRQsZycsIDE5NTQwMjMxFSkwcycsIDI3OTkwNDQ4NxUWMHInLCA0MDk4MzEwNDUFFvCwkgLtBCFMSG96QlFpQjRQOFpFSVdOdHNNQkdBQWc4dE9YQVRBQk9BQkFBRWpSQjFEajZfUUtXQUJncmdab0FIQUFlQUNBQVFDSUFRQ1FBUUdZQVFHZ0FRS29BUUt3QVFDNUFaX0RfYmdLQlhrX3dRRVplRXdfWVVGLVA4a0JBQUFBQUFBQThEX1pBWi1ycmRoZmR1b180QUhCMU5vRDlRSE56TXctbUFJQW9BSUN0UUlBATMIdlFJAQfwWEF3QUlBeUFJQTBBSUEyQUlBNEFJQTZBSUEtQUlBZ0FNQm1BTUJvZ01PQ0txYjlDY1FCQmdCTGFhQlRUcWlBeE1JNnZQc0p4QUtHQUV0QUFDQVFESURkVzVyBTQwSmF2dUNZUUN4Z0NMUQFv8ENDNkF3bEdVa0V4T2pZMU56ZmdBNWN3Z0FUSWhORUppQVRnbl93SmtBUUJtQVFFc2dRS0NORDA1d2tReTRXbURjRUVBQQFIAQEIREpCAQcNARQyQVFBOFEFZQkBXElnRnNUT1FCZkc4TVpnRjU0RzhoUUdwQhEjFFBBX3NRVQksAQEITUVGAQcJAQRESgUoHEVBVG8tY18wLigABE5rFSjwQzhEX2dCZU1GOEFXSDBxZ0otQVdiai1BQmdnWURSMEpRaUFZQWtBWUJtQVlBb1FhYW1abVptWm5aUDZnR0JMSUdKQWtBCXAMQUFBQh3bBEJrARIJAQBDHRhETGdHQ2cuLpoCmQEhVGhtNFB3OnECNFBMVGx3RWdBQ2dBTVpxBW8UbWRrX09nLnUBRGRBbHpCSm42dXQyRjkyNmo5UglqAQEEQloBBgkBBEJoCQgBAQRCcAEGCQEEQngJCAEBEEI0QUlrNYjw0DhEOC7YAgDgApuFTuoCEWh0dHBzOi8va3Jlc3kucGwvgAMAiAMBkAMAmAMXoAMBqgMAwAOsAsgDANgDkdZS4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDjIxNy4xMTQuMjE4LjI3qAQAsgQQCAAQARisAiD6ASgAMAA4ArgEAMAEAMgEANIEDTk3NyNGUkExOjY1NzfaBAIIAeAEAfAEhY22wwGIBQGYBQCgBf___________wHABQDJBQAAAAAAAPA_0gUJCQAACQ6w2AUB4AUB8AUn-gUECAAQAJAGAJgGAKIGDzEwMjY0I0ZSQTE6NTE5OLgGAMEGCTMo8D_QBuUC2gYWChAJERkBWBAAGADgBgHyBoIBCPG8MRJ8YnhQZUVsJfPYREFBa0NCUUVJbjVqUUJSRHNnTTRCR0syeFlDQUhLQlJBb05TNUFramM5ZlFEVUpjd1dNNG9jUSGKCQEQZUFDQkFR41hBQUFpQUVBa0FFQW1nRUNDQUNvQVFDeC4gAESABwGIBwCgBwHIB96HBtIHDQkRqQGnCNoHBgHwcBgA4AcA6gcCCADwB-fZAooIAhAAlQgAAIA_mAgB&s=6fd020c5c480762bb953fb79d8996c6d164ea2d8&type=pv&jm=1003&px=12&py=200&bw=64&bh=37&sf=1&sid=7403146411521057559&vd=ct~0|rr~6&sv=231&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=22885859&cid=3&cr=pv&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/231/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:31 GMT
AN-X-Request-Uuid: 60bd8f1a-8738-49c1-9009-2378651fc3e9
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 0EC2 16 KB
6 KB 70ms
22ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=42064
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Sun, 08 Jan 2023 11:23:31 GMT
expires: Sun, 08 Jan 2023 23:04:35 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 993F 52 KB
17 KB 21ms
20ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 17773
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Sun, 08 Jan 2023 11:23:31 GMT
ETag: W/"623de86a-cf34"
Expires: Sun, 01 Jan 2023 17:03:48 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 7, 236638
X-Served-By: cache-lga13626-LGA, cache-hhn-etou8220061-HHN
X-Timer: S1673177012.646416,VS0,VE0

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 6F66 281 B
554 B 60ms
26ms Document
text/html 23.2.211.147
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.2.211.147 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-211-147.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Sun, 08 Jan 2023 11:23:31 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3E6D 0
20 B 128ms
127ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BwjKusae6Y4OyDJShrASNk4OYCgAAAAA4AeAEAg&bg=!lJell9PNAAYDMoyoIzI7ACkAdvg8WlwWmvQcLWG44TPCSVFk1pLfwiAb_3qaUy6mQEj8FqZmOac7HQIAAAHUUgAAAAdoAQcKAFn487Z0P0LP1WCQnkD54465brevtK00WVsP5EW_P43X-2YUhbj5tSdytiKxrMAur5w3MkNMFrciaIZdH830u5on51eVqwRotluA8Z8N0VbT1jheaA7T1js0ZpkCvyr8yY1sDGdEY0r65-bi--MNJcICkLCJD_N6u8UWj1Ot_Gt1IdV_uI7GUl82mP43yANEuKDJvHkqNmdq65dsoLzjP0DIeacOVkX3hKO4We3_nsNvfzEa1qbJCxw9egLv_lCavSY-Vy4Y98-kSmy72_mjAVfbFnkVqJ-ayFzRBmaexRqtWBnUSXP83cnDktGg-WSVy0cXluvbfMN35QQJgy5H78LuUWL2VMZEJuq2PVxg6QOjyzGAOGa-C3LVzknhp4jyUvQxmKbLME12wChH64rqELZj-x2exS-cFz90ESyHgXw9E08mTpxqDVeu7uQREjfwWZ3_hlAaoQdnH2U6Wq919xux42347-0FAUeoPtY0wFggbkRafyFa0SfVMIy1f02Hwpw0sPtsoDhVr-pxi1lw1v_PQKPmbWjrOjQbCGQfvpI22qEB8tN6IY9z6DsSynkjZ1yReYdnJxqlh8oDIlXmhGQmtUfQU4Qf0Pr42SQiM4ldEf5A2Apwdaq77gOZ3E_DAqKHMMfk0ur3-fl-b3ZTjCmzFk_g9VhDT9G9lQKiGAzMNROsO9i1LMaMFBExz448XxR297Gb4kJYCqyg8F8I2JET6HoEfwNRO9vl_X-Ns2qH4wpw_aQz8bWBAGTnKPRL13I_iw4ANAhBE-27OKVyY6B7iZFjU0cG3uq9LqJkp8Mvc2YIORjR20a3x5SOQ6IYBoxyM2Ei1chv33pCz60iXOl82Tgdb2TukR0u8U8sSvjTTWgh4blbZpMp1UXizyXVZB_o1GO1ta6sT4U1fzgfM-sP9o4CdRuQhahGaSvlHm3JaUY6O2ahTqx4VMerx4n-s2b4vLiIqVyitZbqXL0otr8tpm3Uk700twiEHAryRu1rT60E49_XUulq-eSLsOXK9l984NzELuaAtCOsZo-EsIS3DdYHRLtSL-rcCKo

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame C87A 16 KB
6 KB 78ms
37ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=42064
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Sun, 08 Jan 2023 11:23:31 GMT
expires: Sun, 08 Jan 2023 23:04:35 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 4B66 281 B
554 B 58ms
27ms Document
text/html 23.2.211.147
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.2.211.147 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-211-147.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Sun, 08 Jan 2023 11:23:31 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame DFC5 52 KB
17 KB 21ms
19ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 17773
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Sun, 08 Jan 2023 11:23:31 GMT
ETag: W/"623de86a-cf34"
Expires: Sun, 01 Jan 2023 17:03:48 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 7, 233584
X-Served-By: cache-lga13626-LGA, cache-hhn-etou8220088-HHN
X-Timer: S1673177012.653661,VS0,VE0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame F7F0 16 KB
6 KB 57ms
36ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=42064
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Sun, 08 Jan 2023 11:23:31 GMT
expires: Sun, 08 Jan 2023 23:04:35 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame F2F4 52 KB
17 KB 21ms
20ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 17773
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Sun, 08 Jan 2023 11:23:31 GMT
ETag: W/"623de86a-cf34"
Expires: Sun, 01 Jan 2023 17:03:48 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 7, 236640
X-Served-By: cache-lga13626-LGA, cache-hhn-etou8220061-HHN
X-Timer: S1673177012.672560,VS0,VE0

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 6518 281 B
554 B 62ms
27ms Document
text/html 23.2.211.147
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.2.211.147 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-211-147.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Sun, 08 Jan 2023 11:23:31 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 0B05 34 KB
10 KB 33ms
32ms Script
text/html 23.2.211.147
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.2.211.147 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-211-147.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: ffced4e87474664ffd30ca0b6d928d9741d02ac09ab1fd6257fda0ecadfb46b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:31 GMT
Content-Encoding: gzip
Last-Modified: Sat, 07 Jan 2023 16:27:09 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=18176
Connection: keep-alive
Content-Length: 10067
Expires: Sun, 08 Jan 2023 16:26:27 GMT

POST
H2 200 /
track.adform.net/csimpr/ Frame D49B 35 B
478 B 41ms
40ms Ping
image/gif 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=60271212&csi=s4hNaU1WA4pTE5NX05oXKpwXExvoWWLebrWtp0UYLazrygPkIxxfk6B1rTmtfKTxrDfxjQPv92qanKDpZcbK_96vWmW1dlSa0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://hal900023.redintelligence.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://hal900023.redintelligence.net
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 8698 34 KB
10 KB 32ms
31ms Script
text/html 23.2.211.147
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.2.211.147 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-211-147.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: ffced4e87474664ffd30ca0b6d928d9741d02ac09ab1fd6257fda0ecadfb46b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:31 GMT
Content-Encoding: gzip
Last-Modified: Sat, 07 Jan 2023 16:27:09 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=18176
Connection: keep-alive
Content-Length: 10067
Expires: Sun, 08 Jan 2023 16:26:27 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E040 0
20 B 128ms
128ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B4sUisae6Y7uJDNPP7_UPyc6HqAMAAAAAOAHgBAI&bg=!fn2lfTnNAAYDMoyoIzI7ACkAdvg8WqH22E-EpQ3XX87o4VcIDxrRmlA1tXbr4GO4C6H6up5or296kQIAAAIIUgAAAARoAQeZAsMubq1W7YPA5u1H__-1AfJPhwWHdVtE8e9BVfW5Kza6H7c5ioV_keSNBuTUFsycA14yrUY9_aZakOyxOkggK4IXC24P6CQtNR96o7NNBRiOuaWTAaw7BbA224l8hlC-PAa7_Z6-QhmawlgyKloWyjBmTAw9KZOoWmx7XFHgRP1wHsX-iduah7RMTBIaqeiIyyH84QsiWOVh0rawKUZxSbFS1ViXcGiWzk2paTlisT2Xq0bGSA9vspb7hDJgJ_J7ZG-53CsAywA4Ts9HuM5tKq5BRxz6fNgDASWC8HyWAzqDJMG3bhuZR-xiCsF14mQYb-TV6VfFBDEjI23OQQpk2ciaOddVXBNhssQlQqOX30rGBNj3IRTE85YXysKjGwzX_4qgWeHJVYPU-krCclzOVK_Sc7Y0TuY5Mx2w6MHNzut46QQUi6ILH9TG7PwNmxIavW9JVddVkiCa1Ll8bEDSLgJQdEN1ewkeEr2KZWpD-yMN5R0yiM40sO3u06i-NXq_oK9-Q7uF4dpzopi4eQym1pstJ_SHLxuoJJRAxcemwEvmPWgzUb-yciNZjN_z0OdvwyAAAPRiZfAEpjGfmoqF3ObxjrzEJu6XRNRf3x50eMcvOkbH5pwnk74lZCyyuOoSMiCS86mKTKfDKcNM3kvqkXywtZZkolbbavSyOH0aMbwpTd-z4RfxBFWnChci8Z8NchaVD8DtC7Q2IEhqOgKf1c1aoCbfFfPnwGnkDKsq_cw-zXwxfYmdFI7uXNPCGnyvFwM1Cc5qbvK82Nt53yqKVd8tfLaK06X2R-N6sVu5mFBg0XaVvG8D4CIaLGbNGJaQny51k7PMfQ0RnwVdk9kBkXrVNeTBAdypQSvA4dOHiufstVVs3_Qxdl_1UEeJ-SVvdSeUqSs38p3rNF65OW_ZN8zX3pd4MdnhbyhA6tk3vil-kOUwMQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 31A8 0
20 B 128ms
127ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BqLDLsae6Y6iYEpiHjuwP3siR6A4AAAAAOAHgBAI&bg=!KimlKW3NAAYDMoyoIzI7ACkAdvg8WuZIWv4XZa0Yu_1j_caY-yYoe0Gi8knjbAi1khAO3EgyDLDymQIAAAINUgAAAAJoAQcKALAgo6brM_kSYnBdlWicncP8rkc-rnlG48vLmvQRlHUpaCkLj0fSukeFL_P2xa2vC949Ll1FnEznQaUjIJc5sjLYX5onjc21UxkvoAD35-yjc0FxjU4yrNEvCVpoV-_pe4yeXxa9f34i6_UkB6kqRwCiLzfbkuJNV_gzNGkE4jsTjXUJ9nnX58qqXIOD8L7b4NLZS09Y4RifnkAUrk6tuHvd1AT1cns3iTN7w0X0w9iIq5kC1Sph2ZHJnRUsCeiENcuEx3RP2mAg4FCeVgzkgk0H03fwRI4U_W-zBdPgmmLmBtMkXPga38YKz16YIWV8a0Pn5bdJOZDsTQ8HaJz1RXlOulmobddNf7OXBu_7BGIpD0g787UX1ySCy7xItJQE_Qa_Ev_qLxNsgNMFKzMjFOQMTO3XA89mDWBZuRF8h1MpN0Qhl6lXNQ79fsuZonu774Cddb6auMdSZT5oHD61agz6JD8-dl6mE5OAArnwoNJUp5ePSxcscD5dyPcGfd20BVT72D9CExszU0dGRf1pkVoH1rsC8ngDwshv3yaVeeb0ipx3uyyFlYYFdgoaX2nbDjb9Wxb79XFXWrUtncQogms_pR84icO3BdVTdkWxeWObhhk3jVMYgsAeoV9YnfZtWurcMLH4KGn-kckkcN-Iqu2FHxHr-AW876HPl5jBMrrIVyJ2EzZscWyZ0FKbjXuEQioO8l4mb5Em2_LbeDxkarIRodHkVw1NE7zXDbWXIxOqJD6QLMus7GUGDPRIafDqLFuJzRLGtKjUfFf2yyLyfv_q94HdoaJdVk7g5c89K58maJeZ72n6zf3Z5tzaBv1U60TGmaqk0H-heyNenn0moxBcGWCVOieBW-Fil1IESOkCLCE_Oe7j38yFIq4rAGDE1kcsC3QhdnTRe2UWII7fYA70OFnMAn_zAInrcY7OCcdmLbHIzfAxa70Bk0c7e3L8LpB2BnEFmq34y9YBRyWmvu2Jiywx5eMwYmyEC6c-voEmN0fvy8xV6uE3foFaCr3-nyBdgDGhtvSsUZJBpCuUd0jxFOfOfrAun4FuHe_Vq0gI5MJo4fp3OLzUepoXMRoF8u81pGE4W0Gbr_DaxXn5BpEDa6D4YN57luLe0q2_wHCdSPvy4eC2hEx_LoUXdQ9nqsqW8BCxuHbiWl5yo6CBKrTmYfMmsiO4MzI_yGJVTwE8jZNHTQIr7o9X

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 6F66 34 KB
10 KB 28ms
28ms Script
text/html 23.2.211.147
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.2.211.147 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-211-147.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: ffced4e87474664ffd30ca0b6d928d9741d02ac09ab1fd6257fda0ecadfb46b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:31 GMT
Content-Encoding: gzip
Last-Modified: Sat, 07 Jan 2023 16:27:09 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=18176
Connection: keep-alive
Content-Length: 10067
Expires: Sun, 08 Jan 2023 16:26:27 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 4B66 34 KB
10 KB 32ms
32ms Script
text/html 23.2.211.147
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.2.211.147 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-211-147.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: ffced4e87474664ffd30ca0b6d928d9741d02ac09ab1fd6257fda0ecadfb46b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:31 GMT
Content-Encoding: gzip
Last-Modified: Sat, 07 Jan 2023 16:27:09 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=18176
Connection: keep-alive
Content-Length: 10067
Expires: Sun, 08 Jan 2023 16:26:27 GMT

POST
H/1.1 200
OK vevent
fra1-ib.adnxs.com/ Frame 55AC 0
953 B 20ms
20ms Ping
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QKbDPBMGwYAAAMA1gAFAQiwz-qdBhCFtcyM9smFixsYrtKEspaDxZIcKjYJ9jsUBfpEfj8RQKJoqtfQdT8ZAAAAoEfhyj8hQKJoqtfQdT8p-DsJJNgxAAAA4FG4nj8wrev0CjiYUEDRB0gCUMmJtsMBWPLTlwFgAGj0-7QBeLrZBYABAYoBA1VTRJIBAQbwTJgBygegAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEAigJpdWYoJ2EnLCAzNjcxOTYzLCAwKTt1ZignaScsIDc3NzY4MzMsIDApBRQsZycsIDE5NTQwMjMxFSkwcycsIDI3OTkwNDQ4NxUWLHInLCA0MDk4MzA2MAks8LCSAu0EIWxIcjRsUWlCNFA4WkVNbUp0c01CR0FBZzh0T1hBVEFCT0FCQUFFalJCMUN0Nl9RS1dBQmdyZ1pvQUhBQWVBQ0FBUUNJQVFDUUFRR1lBUUdnQVFLb0FRS3dBUUM1QVpfRF9iZ0tCWGtfd1FFWmVFd19ZVUYtUDhrQkFBQUFBQUFBOERfWkFaLXJyZGhmZHVvXzRBSEIxTm9EOVFITnpNdy1tQUlBb0FJQ3RRSUEBMwh2UUkBB_BYQXdBSUF5QUlBMEFJQTJBSUE0QUlBNkFJQS1BSUFnQU1CbUFNQm9nTU9DS3FiOUNjUUJCZ0JMVy1zM2pxaUF4TUk2dlBzSnhBS0dBRXRBQUNBUURJRGRXNXIFNDBKYXZ1Q1lRQ3hnQ0xRAW_wQ0M2QXdsR1VrRXhPalUzTnpiZ0E1Y3dnQVRJaE5FSmlBVGduX3dKa0FRQm1BUUVzZ1FLQ05EMDV3a1F5NFdtRGNFRUFBAUgBAQhESkIBBw0BFDJBUUE4UQVlCQFcSWdGa0MyUUJmRzhNWmdGNTRHOGhRR3BCESMUUEFfc1FVCSwBAQhNRUYBBwkBBERKBSgcRUFUby1jXzAuKAAETmsVKPBDOERfZ0JlTUY4QVdIMHFnSi1BV2JqLUFCZ2dZRFIwSlFpQVlBa0FZQm1BWUFvUWFhbVptWm1ablpQNmdHQkxJR0pBa0EJcAxBQUFCHdsEQmsBEgkBAEMdGEBMZ0dDZy4umgKZASFqaGw5Vz5xAjRQTFRsd0VnQUNnQU1acQVvFG1ka19PZy51AURaQWx6QkpuNnV0MkY5MjZqOVIJagEBBEJaAQYJAQRCaAkIAQEEQnABBgkBBEJ4CQgBARBCNEFJazWI8NA4RDgu2AIA4AKbhU7qAhFodHRwczovL2tyZXN5LnBsL4ADAIgDAZADAJgDF6ADAaoDAMADrALIAwDYA5HWUuADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBA4yMTcuMTE0LjIxOC4yN6gEALIEEAgAEAEYygcg-gEoADAAOAK4BADABADIBADSBA05NzcjRlJBMTo1Nzc22gQCCAHgBAHwBMmJtsMBiAUBmAUAoAX___________8BwAUAyQUAAAAAAADwP9IFCQkAAAkOsNgFAeAFAfAFJ_oFBAgAEACQBgCYBgCiBg8xMDI2NCNGUkExOjU2ODe4BgDBBgkzKPA_0AblAtoGFgoQCREZAVgQABgA4AYB8gaCAQjxvDESfFNCT0ZDbCXz2ERBQWtDQlFFSW41alFCUkRzZ000QkdLMnhZQ0FIS0FCQW9OUzVBa2pjOWZRRFVKY3dXTGNzY1EhigkBEGVBQ0JBUeNYQUFBaUFFQWtBRUFtZ0VDQ0FDb0FRQ3guIABEgAcBiAcAoAcByAe62QXSBw0JEakBpwjaBwYB8HAYAOAHAOoHAggA8Afn2QKKCAIQAJUIAACAP5gIAQ..&s=053fdf31124fa940a902e7edb2ef919684c63695&type=pv&jm=1003&px=545&py=52&bw=129&bh=74&sf=1&sid=7403146411521057559&vd=ct~0|rr~6&sv=231&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=22885805&cid=3&cr=pv&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/231/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:31 GMT
AN-X-Request-Uuid: 67e2c9c3-c73b-4a8e-afe2-c9763762439e
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 6518 34 KB
10 KB 32ms
32ms Script
text/html 23.2.211.147
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.2.211.147 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-211-147.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: ffced4e87474664ffd30ca0b6d928d9741d02ac09ab1fd6257fda0ecadfb46b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:31 GMT
Content-Encoding: gzip
Last-Modified: Sat, 07 Jan 2023 16:27:09 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=18176
Connection: keep-alive
Content-Length: 10067
Expires: Sun, 08 Jan 2023 16:26:27 GMT

POST
H/1.1 200
OK vevent
fra1-ib.adnxs.com/ Frame 3382 0
953 B 20ms
20ms Ping
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QKbDPBMGwYAAAMA1gAFAQiwz-qdBhD36Pas_7OTtWYYrtKEspaDxZIcKjYJ9jsUBfpEfj8RQKJoqtfQdT8ZAAAAoEfhyj8hQKJoqtfQdT8p-DsJJNgxAAAA4FG4nj8wrev0CjiYUEDRB0gCUMmJtsMBWPLTlwFgAGj0-7QBeK3YBYABAYoBA1VTRJIBAQbwTJgBygegAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEAigJpdWYoJ2EnLCAzNjcxOTYzLCAwKTt1ZignaScsIDc3NzY4MzMsIDApBRQsZycsIDE5NTQwMjMxFSkwcycsIDI3OTkwNDQ4NxUWLHInLCA0MDk4MzA2MAks8LCSAu0EIWpYcmVrUWlCNFA4WkVNbUp0c01CR0FBZzh0T1hBVEFCT0FCQUFFalJCMUN0Nl9RS1dBQmdyZ1pvQUhBQWVBQ0FBUUNJQVFDUUFRR1lBUUdnQVFLb0FRS3dBUUM1QVpfRF9iZ0tCWGtfd1FFWmVFd19ZVUYtUDhrQkFBQUFBQUFBOERfWkFaLXJyZGhmZHVvXzRBSEIxTm9EOVFITnpNdy1tQUlBb0FJQ3RRSUEBMwh2UUkBB_BYQXdBSUF5QUlBMEFJQTJBSUE0QUlBNkFJQS1BSUFnQU1CbUFNQm9nTU9DS3FiOUNjUUJCZ0JMVy1zM2pxaUF4TUk2dlBzSnhBS0dBRXRBQUNBUURJRGRXNXIFNDBKYXZ1Q1lRQ3hnQ0xRAW_wQ0M2QXdsR1VrRXhPalUzTmpqZ0E1Y3dnQVRJaE5FSmlBVGduX3dKa0FRQm1BUUVzZ1FLQ05EMDV3a1F5NFdtRGNFRUFBAUgBAQhESkIBBw0BFDJBUUE4UQVlCQFcSWdGaUMyUUJmRzhNWmdGNTRHOGhRR3BCESMUUEFfc1FVCSwBAQhNRUYBBwkBBERKBSgcRUFUby1jXzAuKAAETmsVKPBDOERfZ0JlTUY4QVdIMHFnSi1BV2JqLUFCZ2dZRFIwSlFpQVlBa0FZQm1BWUFvUWFhbVptWm1ablpQNmdHQkxJR0pBa0EJcAxBQUFCHdsEQmsBEgkBAEMdGEBMZ0dDZy4umgKZASFqeG5DVz5xAjRQTFRsd0VnQUNnQU1acQVvFG1ka19PZy51AURoQWx6QkpuNnV0MkY5MjZqOVIJagEBBEJaAQYJAQRCaAkIAQEEQnABBgkBBEJ4CQgBARBCNEFJazWI8NA4RDgu2AIA4AKbhU7qAhFodHRwczovL2tyZXN5LnBsL4ADAIgDAZADAJgDF6ADAaoDAMADrALIAwDYA5HWUuADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBA4yMTcuMTE0LjIxOC4yN6gEALIEEAgAEAEYygcg-gEoADAAOAK4BADABADIBADSBA05NzcjRlJBMTo1NzY42gQCCAHgBAHwBMmJtsMBiAUBmAUAoAX___________8BwAUAyQUAAAAAAADwP9IFCQkAAAkOsNgFAeAFAfAFJ_oFBAgAEACQBgCYBgCiBg8xMDI2NCNGUkExOjU3Nzm4BgDBBgkzKPA_0AblAtoGFgoQCREZAVgQABgA4AYB8gaCAQjxvDESfEpSTVhCRiXz2ERBQWtDQlFFSW41alFCUkRzZ000QkdLMnhZQ0FIS0FCQW9OUzVBa2pjOWZRRFVKY3dXSk10Y1EhigkBEGVBQ0JBUeNYQUFBaUFFQWtBRUFtZ0VDQ0FDb0FRQ3guIABEgAcBiAcAoAcByAet2AXSBw0JEakBpwjaBwYB8HAYAOAHAOoHAggA8Afn2QKKCAIQAJUIAACAP5gIAQ..&s=9a9ffd2fc78cc6074e9467d90033b9d0475ad25f&type=pv&jm=1003&px=545&py=52&bw=129&bh=74&sf=1&sid=7403146411521057559&vd=ct~0|rr~6&sv=231&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=22885805&cid=3&cr=pv&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/231/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:31 GMT
AN-X-Request-Uuid: d0662a9a-087e-4167-abc9-fe6859c02561
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 6D1F 52 KB
17 KB 21ms
20ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 17774
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Sun, 08 Jan 2023 11:23:31 GMT
ETag: W/"623de86a-cf34"
Expires: Sun, 01 Jan 2023 17:03:48 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 7, 236643
X-Served-By: cache-lga13626-LGA, cache-hhn-etou8220061-HHN
X-Timer: S1673177012.859631,VS0,VE0

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame F63E 281 B
554 B 37ms
37ms Document
text/html 23.2.211.147
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.2.211.147 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-211-147.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Sun, 08 Jan 2023 11:23:31 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame E948 16 KB
6 KB 21ms
21ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=42064
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Sun, 08 Jan 2023 11:23:31 GMT
expires: Sun, 08 Jan 2023 23:04:35 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 2DFA 52 KB
17 KB 19ms
19ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 17774
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Sun, 08 Jan 2023 11:23:31 GMT
ETag: W/"623de86a-cf34"
Expires: Sun, 01 Jan 2023 17:03:48 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 7, 233586
X-Served-By: cache-lga13626-LGA, cache-hhn-etou8220088-HHN
X-Timer: S1673177012.868331,VS0,VE0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame F332 16 KB
6 KB 21ms
21ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=42064
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Sun, 08 Jan 2023 11:23:31 GMT
expires: Sun, 08 Jan 2023 23:04:35 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 0072 281 B
554 B 30ms
29ms Document
text/html 23.2.211.147
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.2.211.147 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-211-147.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Sun, 08 Jan 2023 11:23:31 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 603C 16 KB
6 KB 23ms
22ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=42064
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Sun, 08 Jan 2023 11:23:31 GMT
expires: Sun, 08 Jan 2023 23:04:35 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame EFFC 281 B
554 B 28ms
27ms Document
text/html 23.2.211.147
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.2.211.147 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-211-147.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Sun, 08 Jan 2023 11:23:31 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame F2D3 52 KB
17 KB 22ms
21ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 17773
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Sun, 08 Jan 2023 11:23:31 GMT
ETag: W/"623de86a-cf34"
Expires: Sun, 01 Jan 2023 17:03:48 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 7, 232323
X-Served-By: cache-lga13626-LGA, cache-hhn-etou8220041-HHN
X-Timer: S1673177012.875688,VS0,VE0

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 3E08 281 B
554 B 29ms
29ms Document
text/html 23.2.211.147
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.2.211.147 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-211-147.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Sun, 08 Jan 2023 11:23:31 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 249C 52 KB
17 KB 23ms
23ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 17774
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Sun, 08 Jan 2023 11:23:31 GMT
ETag: W/"623de86a-cf34"
Expires: Sun, 01 Jan 2023 17:03:48 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 7, 236659
X-Served-By: cache-lga13626-LGA, cache-hhn-etou8220065-HHN
X-Timer: S1673177012.885363,VS0,VE0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 80F4 16 KB
6 KB 24ms
23ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=42064
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Sun, 08 Jan 2023 11:23:31 GMT
expires: Sun, 08 Jan 2023 23:04:35 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame B11B 16 KB
6 KB 24ms
22ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=42064
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Sun, 08 Jan 2023 11:23:31 GMT
expires: Sun, 08 Jan 2023 23:04:35 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame DB73 52 KB
17 KB 23ms
21ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 17774
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Sun, 08 Jan 2023 11:23:31 GMT
ETag: W/"623de86a-cf34"
Expires: Sun, 01 Jan 2023 17:03:48 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 7, 236644
X-Served-By: cache-lga13626-LGA, cache-hhn-etou8220061-HHN
X-Timer: S1673177012.887760,VS0,VE0

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame A51E 281 B
554 B 28ms
27ms Document
text/html 23.2.211.147
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.2.211.147 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-211-147.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Sun, 08 Jan 2023 11:23:31 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H2 200 12153522.js Show response
s1.adform.net/Banners/Elements/Files/160090/12153522/ Frame 5EE2 3 KB
1 KB 44ms
44ms Script
application/x-javascript 37.157.5.72
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/12153522/12153522.js?ADFassetID=12153522&bv=516
Requested by: Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 7c407ab078a5e62b3a0002b22ebe856e96774039899296b2c7216a96f1b93c68

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:31 GMT
content-encoding: gzip
last-modified: Wed, 14 Dec 2022 11:14:48 GMT
server: nginx
x-amz-request-id: tx000001dab1c2fa2e315f5-0063ba3200-32941e2b-default
etag: W/"9cebbfd6cdb5c5a8e5c5c82b0266e441"
x-cache-status: STALE
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 785B 0
20 B 128ms
127ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B0wsRsae6Y-mjJPSxx_APm9mv2AQAAAAAOAHgBAI&bg=!4OOl46fNAAYDMoyoIzI7ACkAdvg8WsXKhJKZxEzI4mlviiQzG6iljJabhxRzsbZd44C29x1aYN93dgIAAAGYUgAAAAJoAQcKAEBojG9N75iPEEHEuXcYKJuaa_FpZD_lprJvzJWAfpsVLCLJkrCbla9KqItePNxS_FFAIsp4znWXt2Tt2g7iCY3jmQLGygOXIDAvruuiGvqcgEiuFtr1YV3-pqnuzhP464iuk98GbrjSOaoCKgAh2oZiy1CDHa5iSc11_8SswUhKc6Ok3fx660UmemR0Xw--8KRw_u_jMePAfZiMklHFhHVimQw0LcYDlLSWC-XUXvOYBaEGHYa8JutwtLhBxfLocWvI7DJFzwPMtiT7O4y_VjMdGl-ZQGJHoVSagYoVbNi6CBWA-YjWgpiyzCAFTwtftZqQ8r0PZbIq0kM_kwDH6EKjReY6UWI_u4WdDV30TDH0CBt9fU0YJR3_iudXAnIvkV-0yrACeKQh2gsXV4jX4fs2lvvgbeiaHkGFnLa92EE0BiFl0h-driVshBM5UbQsuSbEz9GUp4MeKJIpQnU2rhhmNume9epLB526mGu_mKzpCUqSobieGsrk1eJ68SSragH6ixIo3nGDerOJl_sV1cSz5EXLjxuGzVU01X0Ur-vRVJQHVSntSI1ZKGcYlCMF8VNaZRqBWzSqNWXqUZoYqq5NmYTEFp1bobZfOQtUOHo-dmud7mgGXZLYdfsf8UX4J6h4mPwFkiR7Yp6zrh-b4b3OyYy9dYUq8Mz-EjoZl4hJcB7c-2IUdlHe0YQA0009QWmM0idteMib1IuKWGYboBha7-KJrpkPhSWy7U_WbqRQKFiz4GJWDJebdbjdb4DwHEvyJe4xL_KLD_3H0pLvEjNPjIj9B9qVLtYvepM3ntSPjky76h2zK7sSZ9iNHNMriDfn9_7yhOpWN1FC4oNVTmJs7luvpiczytDjs6bSBHVhw4lYe-S-Yo7YxJcZ3_6sl8o6zsVR-DEheNZot45SjzBspwaj2pjWE32X_bOqPuvo1NiwfcIo6ARkpF5_cp5qcAIW0oXb1o3dIhOn8D9LNfEtlKCEC0pb3AKZIreSvHlaOlXmSlCv_8YhmOR3B_E3RLIceB57ht7NcN0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B114 0
20 B 127ms
126ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BhGNcsae6Y8fnFJLhgQf4gZHQAgAAAAA4AeAEAg&bg=!9fal9rLNAAYDMoyoIzI7ACkAdvg8WtCGY4mSupkojJF9q3R-_O_JBneJAcynoYNUgVTQj1GPUliILgIAAAI-UgAAAAJoAQeZAslJk0Loacb4nSY--ZHg4MXUg9Zwt3KIlh7_iF3ph3y2f04VYySrHHzmLbJoxsZBsaYu1R2myeBvSYYzgoz8FbdETG8W1y56TbI2dSUW-BStgw5Kpei0s_wHxpUdNZC5g4gf94AE6wgOVrpOVEgkbn28eoKcFBGaEtoJxWSsWSMts-pLRJ-fbsRN9X9avOOtgLLX1zT9yVcfjOqNNo-rjxFkXmoUKD8KZJ8ul-DUo_2oNCusxdt4z9C-wu-3-iJXoVDNkgyXKvUMr_FeGRUS-H6F2t0UPJu4iXFk27PGEVJXn44Wd-MHBnVk4nhxPLyDJiVXMpU_X_kDJg1Bgy__t8rGqu6sC4LksLMMocVMwdT2j4ZiY4fAYvgKfOILyfS1wOwWYhuLHo6x4WZmGmPtv8z-doAtnfWnAT9mrB89wdfxwJq51DUAScbsFaE_T7ahn7FaiEkXvVQMkagttmntNH6tNyQPf59Hq1M2vJ96gdLSwF_7A-ttQyfz3xM9W2DRmO1KPzw1utTSoAAPdIbELooR_gF62iRWRXxI0kU1jNQv7nXERsV5YvMSijgI-j5OUIRLufsk53QygLbYOtRtVZTSQ4aSAZzSI50uZMzFiKYF8TRUetTWwFWcrB7KSpWm2fjGZO3e6wCNXWqF1x8d2CWHzodE2d0LvMhRvJ0jfDLu1VzyfUrKR9VSch7OYPXMdNpl7SegQ6WW2sxWCllne1Kxa0Tjte75NDHM53VdUki88UdFgwI4OZaD55heCVc9I9ZlSyR2iMJBYERzHm6IJb2IQHrGch26967qrpHpzeOwUZdRy_EcPQnbTFCaA-R3aauhrMJbMUftrTNKUdaxQOrP-3qk75_TofcPvCxh_DVRMty1daTX_Cfth7OBN4TiZE8q0j3ytq9yvrQxSDqt9Y58p-Gfrbry3Mi0pVe5O_YtXzbSOMiaPakgeA

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame F63E 34 KB
10 KB 27ms
27ms Script
text/html 23.2.211.147
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.2.211.147 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-211-147.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: ffced4e87474664ffd30ca0b6d928d9741d02ac09ab1fd6257fda0ecadfb46b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:31 GMT
Content-Encoding: gzip
Last-Modified: Sat, 07 Jan 2023 16:27:09 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=18176
Connection: keep-alive
Content-Length: 10067
Expires: Sun, 08 Jan 2023 16:26:27 GMT

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 9D35 5 KB
6 KB 536ms
168ms Script
text/html 104.36.113.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=62361085&p=156383&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.112 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e013449f27e8594668a9c9f5421f68212b340bcbd6a1fbf2b3d1a4b038fc87c9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8
date: Sun, 08 Jan 2023 11:23:31 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 0072 34 KB
10 KB 29ms
28ms Script
text/html 23.2.211.147
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.2.211.147 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-211-147.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: ffced4e87474664ffd30ca0b6d928d9741d02ac09ab1fd6257fda0ecadfb46b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:31 GMT
Content-Encoding: gzip
Last-Modified: Sat, 07 Jan 2023 16:27:09 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=18176
Connection: keep-alive
Content-Length: 10067
Expires: Sun, 08 Jan 2023 16:26:27 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame EFFC 34 KB
10 KB 32ms
31ms Script
text/html 23.2.211.147
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.2.211.147 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-211-147.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: ffced4e87474664ffd30ca0b6d928d9741d02ac09ab1fd6257fda0ecadfb46b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:31 GMT
Content-Encoding: gzip
Last-Modified: Sat, 07 Jan 2023 16:27:09 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=18176
Connection: keep-alive
Content-Length: 10067
Expires: Sun, 08 Jan 2023 16:26:27 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 3E08 34 KB
10 KB 32ms
32ms Script
text/html 23.2.211.147
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.2.211.147 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-211-147.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: ffced4e87474664ffd30ca0b6d928d9741d02ac09ab1fd6257fda0ecadfb46b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:32 GMT
Content-Encoding: gzip
Last-Modified: Sat, 07 Jan 2023 16:27:09 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=18175
Connection: keep-alive
Content-Length: 10067
Expires: Sun, 08 Jan 2023 16:26:27 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame A51E 34 KB
10 KB 32ms
32ms Script
text/html 23.2.211.147
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.2.211.147 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-211-147.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: ffced4e87474664ffd30ca0b6d928d9741d02ac09ab1fd6257fda0ecadfb46b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:32 GMT
Content-Encoding: gzip
Last-Modified: Sat, 07 Jan 2023 16:27:09 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=18175
Connection: keep-alive
Content-Length: 10067
Expires: Sun, 08 Jan 2023 16:26:27 GMT

POST
H/1.1 200
OK vevent
fra1-ib.adnxs.com/ Frame 0ABF 0
953 B 20ms
19ms Ping
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QKfDPBMHwYAAAMA1gAFAQiwz-qdBhCet76j0JeghDIYrtKEspaDxZIcKjYJ9jsUBfpEfj8RQKJoqtfQdT8ZAAAAgOtRyD8hQKJoqtfQdT8p-DsJJNgxAAAAQOF6lD8w4-v0CjiYUEDRB0gCUIWNtsMBWPLTlwFgAGj0-7QBeL3YBYABAYoBA1VTRJIBAQbwTJgBrAKgAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEAigJpdWYoJ2EnLCAzNjcxOTYzLCAwKTt1ZignaScsIDc3NzY4MzMsIDApBRQsZycsIDE5NTQwMjMxFSkwcycsIDI3OTkwNDQ4NxUWMHInLCA0MDk4MzEwNDUFFvCwkgLxBCEwM29RZXdpQjRQOFpFSVdOdHNNQkdBQWc4dE9YQVRBQk9BQkFBRWpSQjFEajZfUUtXQUJncmdab0FIQUFlQUNBQVFDSUFRQ1FBUUdZQVFHZ0FRS29BUUt3QVFDNUFaX0RfYmdLQlhrX3dRRVplRXdfWVVGLVA4a0JBQUFBQUFBQThEX1pBWi1ycmRoZmR1b180QUhCMU5vRDlRSE56TXctbUFJQW9BSUN0UUlBATMIdlFJAQfwWEF3QUlBeUFJQTBBSUEyQUlBNEFJQTZBSUEtQUlBZ0FNQm1BTUJvZ01PQ0txYjlDY1FCQmdCTGFhQlRUcWlBeE1JNnZQc0p4QUtHQUV0QUFDQVFESURkVzVyBTQwSmF2dUNZUUN4Z0NMUQFv8EZDNkF3bEdVa0V4T2pVMk56VGdBNWN3Z0FUSWhORUppQVRnbl93SmtBUUJtQVFFb0FRVXNnUUtDTkQwNXdrUXk0V21EY0VFQQFLBQEIREpCBQgJARQyQVFBOFEFaQkBXElnRnFpeVFCZkc4TVpnRjU0RzhoUUdwQhEjFFBBX3NRVQksAQEITUVGAQcJAQRESgUoHEVBVG8tY18wLigABE5rFSjwQzhEX2dCZU1GOEFXSDBxZ0otQVdiai1BQmdnWURSMEpRaUFZQWtBWUJtQVlBb1FhYW1abVptWm5aUDZnR0JMSUdKQWtBCXAQQUFBQkUBBgkBBEJrCQgBAQBDHRhETGdHQ2cuLpoCmQEhU3hubFBnOnUCNFBMVGx3RWdBQ2dBTVpxBW8UbWRrX09nLnkBRFJBbHpCSm42dXQyRjkyNmo5UgFoCQEEQloJCAEBBEJoAQYJAQRCcAkIAQEEQngBBgkBEEI0QUlrNYjw0DhEOC7YAgDgApuFTuoCEWh0dHBzOi8va3Jlc3kucGwvgAMAiAMBkAMAmAMXoAMBqgMAwAOsAsgDANgDkdZS4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDjIxNy4xMTQuMjE4LjI3qAQAsgQQCAAQARisAiD6ASgAMAA4ArgEAMAEAMgEANIEDTk3NyNGUkExOjU2NzTaBAIIAeAEAfAEhY22wwGIBQGYBQCgBf___________wHABQDJBQAAAAAAAPA_0gUJCQAACQ6w2AUB4AUB8AUn-gUECAAQAJAGAJgGAKIGDzEwMjY0I0ZSQTE6NjYyNrgGAMEGCTMo8D_QBuUC2gYWChAJERkBWBAAGADgBgHyBoIBCPG8MRJ8ZWhPc0UxJfPYREFBa0NCUUVJbjVqUUJSRHNnTTRCR0syeFlDQUhLQUJBb05TNUFramM5ZlFEVUpjd1dPSXpjUSmMAQEQZUFDQkFR41hBQUFpQUVBa0FFQW1nRUNDQUNvQVFDeC4gAESABwGIBwCgBwHIB73YBdIHDQkRqQGnCNoHBgHwcBgA4AcA6gcCCADwB-fZAooIAhAAlQgAAIA_mAgB&s=154e3905282e0c287fd27cf50bf34f9e96daa2a8&type=pv&jm=1003&px=12&py=192&bw=64&bh=37&sf=1&sid=7403146411521057559&vd=ct~0|rr~6&sv=231&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=22885859&cid=3&cr=pv&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/231/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:32 GMT
AN-X-Request-Uuid: 19e4b4ae-7166-4218-929d-a714e399b8bc
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal900023.redintelligence.net/ Frame D49B 0
150 B 77ms
27ms Script
text/html 78.46.23.46
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900023.redintelligence.net/viewability?s=22272800078875306783187012198023&a=e66c4f17&vb=v
Requested by: Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request_content.php?s=22272800078875306783187012198023&a=85005784
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.23.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.46.23.46.78.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/request_content.php?s=22272800078875306783187012198023&a=85005784
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:32 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

POST
H/1.1 200
OK vevent
fra1-ib.adnxs.com/ Frame C098 0
953 B 23ms
23ms Ping
text/html 37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fkresy.pl%2F&e=wqT_3QKtCvBMLQUAAAMA1gAFAQiwz-qdBhDaqKeCj7r9kSEYrtKEspaDxZIcKjYJ34RCBBxChT8RGIHqROavfz8ZAAAAgOtRyD8hGIHqROavfz8p4IQJJNgxAAAAQOF6lD8w4-v0CjiYUEDqP0gCUJ2B86UBWPLTlwFgAGj0-7QBeNyEBoABAYoBA1VTRJIBAQbwTJgBrAKgAfoBqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEAigJTdWYoJ2EnLCAyOTM4Nzk1LCAwKTt1ZignaScsIDQ4MjMyOTksIDApBRQsZycsIDEyNzI0NjM5FSkwcicsIDM0NzkxNDM5NwUW8IuSAqUEIV8yV1pkZ2pZMmRNVkVKMkI4NlVCR0FBZzh0T1hBVEFBT0FCQUFFanFQMURqNl9RS1dBQmdyZ1pvQUhBQWVBQ0FBUUNJQVFDUUFRR1lBUUdnQVFHb0FRR3dBUUM1QVUtRGlIdERRWVVfd1FGUGc0aDdRMEdGUDhrQkFBQUFBQUFBOERfWkFRQQkOdFBBXzRBR0RzcVlDOVFITnpNdzltQUlBb0FJQnRRSQUkAHYNCPBbd0FJQXlBSUEwQUlBMkFJQTRBSUE2QUlBLUFJQWdBTUJtQU1CdWdNSlJsSkJNVG8yTkRBMjRBT1hNSUFFaU5mRkJJZ0VoWmZMQkpBRUFaZ0VBYm9FR2dpRkJCRUEFaRRBRFFQeGsJCwEBJENDQ3hvc093UVEBDgBBBSAIOGtFAQoJARhEWUJBRHhCCQ0FARxpQVdHTXFrRgUNBewILXhCET8gQUFBd1FXYW1aBQIINVA4CSgcZ0pPUnVqX1IuKAAIMlFVAS8BdMB3UC1BRmpnandCWl9UaUFiNEJhdXZzd0dDQmdOVlUwU0lCZ0NRQmdHWUJnQ2hCcHFaBV4sYmtfcUFZRXNnWWtDHYAARR0MAEcdDABJHQw4dUFZS5oCmQEhNFJiRWtBOikCMFBMVGx3RWdBQ2dBTVoZbUxPZ2xHVWtFeE9qWTBNRFpBbHpCSgG_AQEMOEQ5UgEICQEEQloJCAEBBEJoAQYBAQwwRDlwAQgJAQRCeAkIAQEQQjRBSWs1ZPD1OEQ4LtgCAOACm4VO6gIRaHR0cHM6Ly9rcmVzeS5wbC-AAwCIAwGQAwCYAxegAwGqAwDAA6wCyAMA2AOR1lLgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQOMjE3LjExNC4yMTguMjeoBACyBBAIABABGKwCIPoBKAAwADgCuAQAwAQAyAQA0gQOODE3MCNGUkExOjY0MDbaBAIIAeAEAfAEnYHzpQGIBQGYBQCgBf___________wHABQDJBQAAAAAAAPA_0gUJCQAAAAAAAAAA2AUB4AUB8AXanR_6BQQIABAAkAYAmAYAuAYAwQYABSUo8D_QBugp2gYWChAFEB0BdBAAGADgBgHyBgIIAIAHAYgHAKAHAcgH3IQG0gcNCREpASYI2gcGAV1wGADgBwDqBwIIAPAH59kCiggCEACVCAAAgD-YCAE.&s=cbc4efc7331c09b0d6ff9eaa5d265b4b659cc3fe&type=pv&jm=1003&px=0&py=0&bw=300&bh=250&sf=1&sid=7403146411521057559&vd=ct~0|rr~5&sv=231&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=22885859&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/231/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:32 GMT
AN-X-Request-Uuid: b3aaf7fc-de98-443c-948e-62f6f08b6c21
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://guandads.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.114.218.27; 217.114.218.27; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 screen.css
s1.adform.net/Banners/Elements/Files/160090/12153522/bvpath_516/ Frame 5EE2 1 KB
932 B 49ms
45ms Stylesheet
text/css 37.157.5.72
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/12153522/bvpath_516/screen.css
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.226/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 7173df27cc5672e5656e16ecd021970ca3fcb66355a04666b080338e08bab1b8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:32 GMT
content-encoding: gzip
last-modified: Wed, 14 Dec 2022 11:14:48 GMT
server: nginx
x-amz-request-id: tx000009d8636af36ca0a5a-0063ba3201-32940f80-default
etag: W/"4e2a911b88a2d404e3ddd3bad8b0126a"
x-cache-status: STALE
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800

GET
H2 200 Adform.DHTML.js Show response
s1.adform.net/banners/scripts/rmb/ Frame 5EE2 30 KB
14 KB 54ms
49ms Script
application/javascript 37.157.5.72
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/banners/scripts/rmb/Adform.DHTML.js?bv=626
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.226/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:32 GMT
content-encoding: gzip
last-modified: Wed, 08 Jun 2022 12:02:22 GMT
server: nginx
x-amz-request-id: tx00000a3594564e653314a-0063765fcb-3293868f-default
etag: W/"4731aef0a5114a59b4311776d270e848"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-rgw-object-type: Normal
cache-control: public, max-age=604800

GET
H2 200 introfill.png
s1.adform.net/Banners/Elements/Files/160090/12153522/bvpath_516/ Frame 5EE2 106 B
435 B 56ms
51ms Image
image/png 37.157.5.72
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/12153522/bvpath_516/introfill.png
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.226/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 9c454254e41f5ff111583251f149649ebfe67a36438522efafa11630d60cb9dc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:32 GMT
last-modified: Wed, 14 Dec 2022 11:14:48 GMT
server: nginx
x-amz-request-id: tx00000e4805554b8c6a471-0063ba3201-32940f80-default
etag: "c86209959b9da29b209c3d5bcac3ca3f"
x-cache-status: STALE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 106

GET
H2 200 stoerer.png
s1.adform.net/Banners/Elements/Files/160090/12153522/bvpath_516/ Frame 5EE2 14 KB
14 KB 60ms
55ms Image
image/png 37.157.5.72
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/12153522/bvpath_516/stoerer.png
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.226/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 18fafee2883a755b6107e094c19800432b5f57d90c97f756b77db2d399b6b4d7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:32 GMT
last-modified: Wed, 14 Dec 2022 11:14:48 GMT
server: nginx
x-amz-request-id: tx00000a9bad9f32d8d1487-0063ba3201-32941e2b-default
etag: "0d4a4ae9e06fb5050b29b76c92c9d6fe"
x-cache-status: STALE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 14326

GET
H2 200 text0.png
s1.adform.net/Banners/Elements/Files/160090/12153522/bvpath_516/ Frame 5EE2 5 KB
5 KB 62ms
57ms Image
image/png 37.157.5.72
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/12153522/bvpath_516/text0.png
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.226/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 8b88ca4a987d6c5299031cb992fda2ef3b2ea67f56b3daa754b3ff65459f7f91

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:32 GMT
last-modified: Wed, 14 Dec 2022 11:14:48 GMT
server: nginx
x-amz-request-id: tx000002dcf20cf3baa1b1e-0063ba3201-32940419-default
etag: "0a87c58bcbafb5da609bf6bc76084d25"
x-cache-status: STALE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 5080

GET
H2 200 text1.png
s1.adform.net/Banners/Elements/Files/160090/12153522/bvpath_516/ Frame 5EE2 5 KB
5 KB 64ms
59ms Image
image/png 37.157.5.72
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/12153522/bvpath_516/text1.png
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.226/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 27481e155c01313f0af43c4274b2beb59d0efc3ada6c92cbe444f47ab60afd3f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:32 GMT
last-modified: Wed, 14 Dec 2022 11:14:48 GMT
server: nginx
x-amz-request-id: tx0000091d8012eb10d8414-0063ba3201-3293aae9-default
etag: "515d89936e64bae245f260ae0c420f62"
x-cache-status: STALE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 4728

GET
H2 200 disclaimer.png
s1.adform.net/Banners/Elements/Files/160090/12153522/bvpath_516/ Frame 5EE2 5 KB
5 KB 66ms
62ms Image
image/png 37.157.5.72
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/12153522/bvpath_516/disclaimer.png
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.226/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 9e242a4418d71693d7d5f18f73911012cb9f4baf849675c301b8dd8621dbf242

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:32 GMT
last-modified: Wed, 14 Dec 2022 11:14:48 GMT
server: nginx
x-amz-request-id: tx00000885eb286e0bd0772-0063ba3201-32941e2b-default
etag: "77d56ab8cca3347809ee8903c81db10f"
x-cache-status: STALE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 5139

GET
H2 200 date.png
s1.adform.net/Banners/Elements/Files/160090/12153522/bvpath_516/ Frame 5EE2 2 KB
2 KB 68ms
64ms Image
image/png 37.157.5.72
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/12153522/bvpath_516/date.png
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.226/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 527806da729fe373b7f2f19c243d607a75627d3d83d05993246963344f5472da

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:32 GMT
last-modified: Wed, 14 Dec 2022 11:14:48 GMT
server: nginx
x-amz-request-id: tx00000df8983e5fc424843-0063ba3201-32941e2b-default
etag: "82eefad5477f73f3d2d0ba8a024a02ee"
x-cache-status: STALE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 1577

GET
H2 200 cta.png
s1.adform.net/Banners/Elements/Files/160090/12153522/bvpath_516/ Frame 5EE2 1 KB
2 KB 69ms
65ms Image
image/png 37.157.5.72
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/12153522/bvpath_516/cta.png
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.226/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 7c171fa5cc4f523932400246396a39ba81cd47e4471f53c422bf1efdbf6b42b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:32 GMT
last-modified: Wed, 14 Dec 2022 11:14:48 GMT
server: nginx
x-amz-request-id: tx000001483fd22f8b06bcf-0063ba3201-32940419-default
etag: "e96fb44526e5b4da254dc2527ac9fc51"
x-cache-status: STALE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 1379

GET
H2 200 logostart.png
s1.adform.net/Banners/Elements/Files/160090/12153522/bvpath_516/ Frame 5EE2 5 KB
5 KB 92ms
88ms Image
image/png 37.157.5.72
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/12153522/bvpath_516/logostart.png
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.226/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: e8f202084637582b82e40a8ee2976c15a4b7c13d92275a98e015359a35fabd46

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:32 GMT
last-modified: Wed, 14 Dec 2022 11:14:48 GMT
server: nginx
x-amz-request-id: tx00000597f01c7dca13e35-0063ba3201-32941e2b-default
etag: "7af07209f0f6a7d04a2639b2f3ed76c2"
x-cache-status: STALE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 5240

GET
H2 200 logo.png
s1.adform.net/Banners/Elements/Files/160090/12153522/bvpath_516/ Frame 5EE2 4 KB
4 KB 92ms
89ms Image
image/png 37.157.5.72
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/12153522/bvpath_516/logo.png
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.226/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 5136f69023fda514b989f357cee8a4470cae950d10d220349c879e2e32021ce1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:32 GMT
last-modified: Wed, 14 Dec 2022 11:14:48 GMT
server: nginx
x-amz-request-id: tx00000be2a39c193c5c854-0063ba3201-3293aae9-default
etag: "eb0f3b18e415591b9a5d4d0b6706dd32"
x-cache-status: STALE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 3595

GET
H2 200 model.jpg
s1.adform.net/Banners/Elements/Files/160090/12153522/bvpath_516/ Frame 5EE2 46 KB
46 KB 100ms
97ms Image
image/jpeg 37.157.5.72
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/12153522/bvpath_516/model.jpg
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.226/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: a2f08044e447af98626b1672ab467ca07ccefdfbdb6760b2a2e5d9210eb7e1a1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:32 GMT
last-modified: Wed, 14 Dec 2022 11:14:48 GMT
server: nginx
x-amz-request-id: tx00000cd6cf5d1a34ca642-0063ba3201-3293aae9-default
etag: "d06d2a0d690a00fc6a3ced87a54b517e"
x-cache-status: STALE
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 46760

GET
H2 200 background.jpg
s1.adform.net/Banners/Elements/Files/160090/12153522/bvpath_516/ Frame 5EE2 22 KB
23 KB 117ms
114ms Image
image/jpeg 37.157.5.72
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/12153522/bvpath_516/background.jpg
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.226/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: c5fec6f257a42c2cff3dc6c89a21e38e43f9612c3314956a7a381acd85ffb021

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:32 GMT
last-modified: Wed, 14 Dec 2022 11:14:48 GMT
server: nginx
x-amz-request-id: tx00000bb9990cdcf80132a-0063ba3201-329373d4-default
etag: "16ed943b9f3702c4fee69181fa12f8fd"
x-cache-status: STALE
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 22885

GET
H2 200 CSSPlugin.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/plugins/ Frame 5EE2 38 KB
14 KB 76ms
25ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/plugins/CSSPlugin.min.js

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.226/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cbf2228ab439f89b83feb79ea549213521a81212fde9ff67f9c73d002d586198

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 18465150
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13669
last-modified: Mon, 04 May 2020 16:10:25 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e71-9833"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EM0zXjYihlBshamwamuRRvib9NzGq94X0WNXiUUYxnbykkqaSLSc6Ccb7bLDsHP%2FX8DwV2Q6pHKnDY2wvYSGnt7peWmqcJ6Wg8%2F%2FioUN3d33iw26SiFlhU49%2B12PqJNvW6FV5AJ7m%2FSzLUA9d4nSvIir"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 78648fc5987d6969-FRA
expires: Fri, 29 Dec 2023 11:23:32 GMT

GET
H2 200 EasePack.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/easing/ Frame 5EE2 5 KB
2 KB 78ms
28ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/easing/EasePack.min.js

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.226/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

37bc930c63149650677d732eea9526432bd8494c55737f45c98e7f8ad7c1e7ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 14831572
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1730
last-modified: Mon, 04 May 2020 16:10:25 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e71-146f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4VMRZ4WRTHOkA8l0omuhsQV88UVJT7b%2FaeFS1sKbcnUKmo4hgV6EwxKPAFwo9v58e%2BCDxSAAnjtrRZA7Q86RH4%2FS2LoIPFoVKZeP3HO20uV9OTnCJxfWDZktvxFdoPpbBmhC2eZIMG0qYmhIk6RobAvh"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 78648fc5987f6969-FRA
expires: Fri, 29 Dec 2023 11:23:32 GMT

GET
H2 200 TweenLite.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/ Frame 5EE2 26 KB
9 KB 79ms
29ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/TweenLite.min.js

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.226/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e5b4dd28e58e76dbe83eb2b357fdad7e54b85a9def9bf953063d5970a91ee6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 19759106
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 8578
last-modified: Mon, 04 May 2020 16:10:25 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e71-697f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KXy0riDNFoFu%2Fk5Z64UrR9m0k5QnpaDhfkY%2Fe477otPPMB58hkdbxTbjC2vtwrneq7MZJMWW%2B7C2F4RWh6e1K%2FnuWxwQOpqzpnvsZJPazfUc9Zv5%2BLfcN54EXRFJEn62KgdfBNJXpk1Z%2F9owNWMUaEnt"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 78648fc598826969-FRA
expires: Fri, 29 Dec 2023 11:23:32 GMT

GET
H2 200 script.js Show response
s1.adform.net/Banners/Elements/Files/160090/12153522/bvpath_516/ Frame 5EE2 9 KB
2 KB 52ms
50ms Script
application/x-javascript 37.157.5.72
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/12153522/bvpath_516/script.js
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.226/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.72 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 7b20d395c268efe3267739b189c0490cd22f82f2c58f79dfb58ea48e9fd9fcb2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:32 GMT
content-encoding: gzip
last-modified: Wed, 14 Dec 2022 11:14:48 GMT
server: nginx
x-amz-request-id: tx000001a7646b3ac5ee8d3-0063ba3201-32941e2b-default
etag: W/"91b4a6abc30c802b07c11d5b117e7a57"
x-cache-status: STALE
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 35B6 16 KB
6 KB 22ms
22ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=42063
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Sun, 08 Jan 2023 11:23:32 GMT
expires: Sun, 08 Jan 2023 23:04:35 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 226E 281 B
554 B 30ms
30ms Document
text/html 23.2.211.147
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.2.211.147 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-211-147.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Sun, 08 Jan 2023 11:23:32 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 8864 52 KB
17 KB 22ms
22ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 17774
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Sun, 08 Jan 2023 11:23:32 GMT
ETag: W/"623de86a-cf34"
Expires: Sun, 01 Jan 2023 17:03:48 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 7, 236647
X-Served-By: cache-lga13626-LGA, cache-hhn-etou8220061-HHN
X-Timer: S1673177012.073073,VS0,VE0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 75D2 16 KB
6 KB 21ms
21ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=42063
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Sun, 08 Jan 2023 11:23:32 GMT
expires: Sun, 08 Jan 2023 23:04:35 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame C546 281 B
554 B 30ms
29ms Document
text/html 23.2.211.147
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.2.211.147 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-211-147.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Sun, 08 Jan 2023 11:23:32 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame B3FA 52 KB
17 KB 21ms
20ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 17774
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Sun, 08 Jan 2023 11:23:32 GMT
ETag: W/"623de86a-cf34"
Expires: Sun, 01 Jan 2023 17:03:48 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 7, 236662
X-Served-By: cache-lga13626-LGA, cache-hhn-etou8220065-HHN
X-Timer: S1673177012.084309,VS0,VE0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C098 42 B
64 B 124ms
123ms Fetch
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsszj3cXl6mg4TAwEZCeRZQXmLFNs0JCo1sTzq7BRh04SFlTvzEhaPZaJ93UPCTfBwjbymv4npd6SW5J5u17OoMom2sqqMIm&sig=Cg0ArKJSzO8ld0tf4rqtEAE&id=lidar2&mcvt=1024&p=0,0,250,300&mtos=1024,1024,1024,1024,1024&tos=1024,0,0,0,0&v=20230105&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=34&adk=1221982918&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1673177007782&rpt=3223&met=mue&wmsd=0&pbe=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 4DF5 281 B
554 B 29ms
26ms Document
text/html 23.2.211.147
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.2.211.147 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-211-147.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Sun, 08 Jan 2023 11:23:32 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 1D24 52 KB
17 KB 26ms
24ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 17774
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Sun, 08 Jan 2023 11:23:32 GMT
ETag: W/"623de86a-cf34"
Expires: Sun, 01 Jan 2023 17:03:48 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 7, 236648
X-Served-By: cache-lga13626-LGA, cache-hhn-etou8220061-HHN
X-Timer: S1673177012.103180,VS0,VE0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame FF1D 16 KB
6 KB 25ms
23ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=42063
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Sun, 08 Jan 2023 11:23:32 GMT
expires: Sun, 08 Jan 2023 23:04:35 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 226E 34 KB
10 KB 34ms
34ms Script
text/html 23.2.211.147
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.2.211.147 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-211-147.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: ffced4e87474664ffd30ca0b6d928d9741d02ac09ab1fd6257fda0ecadfb46b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:32 GMT
Content-Encoding: gzip
Last-Modified: Sat, 07 Jan 2023 16:27:09 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=18175
Connection: keep-alive
Content-Length: 10067
Expires: Sun, 08 Jan 2023 16:26:27 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame C546 34 KB
10 KB 68ms
67ms Script
text/html 23.2.211.147
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.2.211.147 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-211-147.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: ffced4e87474664ffd30ca0b6d928d9741d02ac09ab1fd6257fda0ecadfb46b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:32 GMT
Content-Encoding: gzip
Last-Modified: Sat, 07 Jan 2023 16:27:09 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=18175
Connection: keep-alive
Content-Length: 10067
Expires: Sun, 08 Jan 2023 16:26:27 GMT

GET
H2 200 ca Show response
choices.trustarc.com/ Frame C098 6 KB
3 KB 119ms
117ms Script
text/javascript 99.86.4.64
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://choices.trustarc.com/ca?aid=sojern02_d&pid=sojern01&cid=0&w=300&h=250&c=528318265&js=pmw1&base=te-clr1-7bc88500-f4b6-4ada-938a-68c02bf0830b

Requested by

Host: choices.trustarc.com
URL: https://choices.trustarc.com/ca?sz=300x250&c=528318265&cid=0&aid=sojern02_d&pid=sojern01&js=pmw0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.64 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-64.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

4a299099b75b286cf5db67bbc8078e139e0583ac2f3754aa64d42ef9699cf7f9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' ; font-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' ; frame-ancestors 'self' ; connect-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; media-src 'self' ; child-src 'self' ; worker-src 'self' ; manifest-src 'self' ; prefetch-src 'self' ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 21da0a66bafe2c8de8be4a4d8039346a.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *; prefetch-src 'self' *;
x-amz-cf-pop: FRA6-C1
cross-origin-embedder-policy: unsafe-none
x-cache: Miss from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 2329
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: origin
server: nginx
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=31536000
x-frame-options: SAMEORIGIN
vary: Accept-Encoding, Origin
content-type: text/javascript;charset=UTF-8
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: geolocation=(), microphone=(), payment=()
x-amz-cf-id: mmbJ4qwayZFphQiJpssa2eEiVUQvXq3anel23FNDvJt28-z24Upx8Q==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 ca Show response
choices.trustarc.com/ Frame C098 38 KB
12 KB 126ms
125ms Script
text/javascript 99.86.4.64
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://choices.trustarc.com/ca?aid=sojern02_d&pid=sojern01&cid=0&w=300&h=250&c=528318265&js=pmw2

Requested by

Host: choices.trustarc.com
URL: https://choices.trustarc.com/ca?sz=300x250&c=528318265&cid=0&aid=sojern02_d&pid=sojern01&js=pmw0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.64 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-64.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

e15a095adc9899b592ceccdd4885a3be3674a6bf6ec4be762566360424deb1f3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' ; font-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' ; frame-ancestors 'self' ; connect-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; media-src 'self' ; child-src 'self' ; worker-src 'self' ; manifest-src 'self' ; prefetch-src 'self' ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 21da0a66bafe2c8de8be4a4d8039346a.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *; prefetch-src 'self' *;
x-amz-cf-pop: FRA6-C1
cross-origin-embedder-policy: unsafe-none
x-cache: Miss from cloudfront
cross-origin-resource-policy: cross-origin
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: origin
server: nginx
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=31536000
x-frame-options: SAMEORIGIN
vary: Accept-Encoding, Origin
content-type: text/javascript;charset=UTF-8
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: geolocation=(), microphone=(), payment=()
x-amz-cf-id: lZAyNFns6F17A7-12MLk2UaBvpV3_9EoidzWdQGUx7VOT71OveyEXg==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 cap
choices.trustarc.com/ Frame C098 43 B
1 KB 117ms
116ms Image
image/gif 99.86.4.64
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://choices.trustarc.com/cap?aid=sojern02_d&pid=sojern01&cid=0&w=300&h=250&c=fc8c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.64 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-64.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' ; font-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' ; frame-ancestors 'self' ; connect-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; media-src 'self' ; child-src 'self' ; worker-src 'self' ; manifest-src 'self' ; prefetch-src 'self' ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *; prefetch-src 'self' *;
via: 1.1 21da0a66bafe2c8de8be4a4d8039346a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
cross-origin-embedder-policy: unsafe-none
x-cache: Miss from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: origin
server: nginx
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=31536000
x-frame-options: SAMEORIGIN
vary: Origin
content-type: image/gif
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: geolocation=(), microphone=(), payment=()
x-amz-cf-id: O33aL1mLFBg9ZziN_ZaPXgD9kUjR0F2QgyXIHvSJcZNWG_RVuJT8VQ==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 4660 52 KB
17 KB 20ms
20ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 17774
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Sun, 08 Jan 2023 11:23:32 GMT
ETag: W/"623de86a-cf34"
Expires: Sun, 01 Jan 2023 17:03:48 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 7, 236649
X-Served-By: cache-lga13626-LGA, cache-hhn-etou8220061-HHN
X-Timer: S1673177012.168380,VS0,VE0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 21F9 16 KB
6 KB 21ms
21ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=42063
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Sun, 08 Jan 2023 11:23:32 GMT
expires: Sun, 08 Jan 2023 23:04:35 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 92D3 281 B
554 B 30ms
30ms Document
text/html 23.2.211.147
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.2.211.147 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-211-147.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Sun, 08 Jan 2023 11:23:32 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H2 200 ca Show response
choices.trustarc.com/ Frame C098 6 KB
3 KB 118ms
117ms Script
text/javascript 99.86.4.64
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://choices.trustarc.com/ca?aid=sojern02&pid=sojern01&cid=27432037&js=st_1&sz=300x250&c=te-08f5

Requested by

Host: choices.truste.com
URL: https://choices.truste.com/ca?pid=sojern01&aid=sojern02&cid=27432037&js=st0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.64 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-64.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

4d33dcc40cabce0eff3da93154276844cbe867d042d96361eb9fbffe6350848e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' ; font-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' ; frame-ancestors 'self' ; connect-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; media-src 'self' ; child-src 'self' ; worker-src 'self' ; manifest-src 'self' ; prefetch-src 'self' ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 21da0a66bafe2c8de8be4a4d8039346a.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *; prefetch-src 'self' *;
x-amz-cf-pop: FRA6-C1
cross-origin-embedder-policy: unsafe-none
x-cache: Miss from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 2248
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: origin
server: nginx
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=31536000
x-frame-options: SAMEORIGIN
vary: Accept-Encoding, Origin
content-type: text/javascript;charset=UTF-8
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: geolocation=(), microphone=(), payment=()
x-amz-cf-id: jkXBzKAyH-nVPzmVaLi6hmg4ny3ZdPZ2S3mJAxVtns09g38nmYvq1g==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 ca Show response
choices.trustarc.com/ Frame C098 38 KB
12 KB 32ms
32ms Script
text/javascript 99.86.4.64
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://choices.trustarc.com/ca?aid=sojern02&pid=sojern01&cid=27432037&js=st_2

Requested by

Host: choices.truste.com
URL: https://choices.truste.com/ca?pid=sojern01&aid=sojern02&cid=27432037&js=st0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.64 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-64.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

ce02a171fe79c0155c0e09b826d4e6542ab09be711d05cf4d75d569622a9d24c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' ; font-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' ; frame-ancestors 'self' ; connect-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; media-src 'self' ; child-src 'self' ; worker-src 'self' ; manifest-src 'self' ; prefetch-src 'self' ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 21:28:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 21da0a66bafe2c8de8be4a4d8039346a.cloudfront.net (CloudFront)
content-security-policy: default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *; prefetch-src 'self' *;
x-amz-cf-pop: FRA6-C1
cross-origin-embedder-policy: unsafe-none
age: 50120
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: origin
server: nginx
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=31536000
x-frame-options: SAMEORIGIN
vary: Accept-Encoding, Origin
content-type: text/javascript;charset=UTF-8
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: geolocation=(), microphone=(), payment=()
x-amz-cf-id: 2O06jXgW9vqkeSzgnVnFzeyI4RxEQeSmtcxABZU1AqsAPyws2pOBVw==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 cap
choices.trustarc.com/ Frame C098 43 B
1 KB 124ms
124ms Image
image/gif 99.86.4.64
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://choices.trustarc.com/cap?aid=sojern02&pid=sojern01&cid=27432037&w=300&h=250&c=c1f0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.64 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-64.fra6.r.cloudfront.net

Software

nginx /

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' ; font-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src 'self' data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' ; frame-ancestors 'self' ; connect-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; media-src 'self' ; child-src 'self' ; worker-src 'self' ; manifest-src 'self' ; prefetch-src 'self' ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *; prefetch-src 'self' *;
via: 1.1 21da0a66bafe2c8de8be4a4d8039346a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
cross-origin-embedder-policy: unsafe-none
x-cache: Miss from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: origin
server: nginx
cross-origin-opener-policy: unsafe-none
expect-ct: max-age=31536000
x-frame-options: SAMEORIGIN
vary: Origin
content-type: image/gif
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: geolocation=(), microphone=(), payment=()
x-amz-cf-id: GFVA7y1ECgdEFbP0rZf96YI5-pFZN3fP3rq2Cq0xcHryvaAQLg_pvQ==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 4DF5 34 KB
10 KB 31ms
30ms Script
text/html 23.2.211.147
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.2.211.147 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-211-147.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: ffced4e87474664ffd30ca0b6d928d9741d02ac09ab1fd6257fda0ecadfb46b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:32 GMT
Content-Encoding: gzip
Last-Modified: Sat, 07 Jan 2023 16:27:09 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=18175
Connection: keep-alive
Content-Length: 10067
Expires: Sun, 08 Jan 2023 16:26:27 GMT

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 0E81 16 KB
6 KB 42ms
42ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=42063
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Sun, 08 Jan 2023 11:23:32 GMT
expires: Sun, 08 Jan 2023 23:04:35 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame E957 52 KB
17 KB 21ms
21ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 17774
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Sun, 08 Jan 2023 11:23:32 GMT
ETag: W/"623de86a-cf34"
Expires: Sun, 01 Jan 2023 17:03:48 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 7, 236650
X-Served-By: cache-lga13626-LGA, cache-hhn-etou8220061-HHN
X-Timer: S1673177012.219567,VS0,VE0

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 1308 281 B
554 B 28ms
28ms Document
text/html 23.2.211.147
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.2.211.147 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-211-147.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Sun, 08 Jan 2023 11:23:32 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 964E 16 KB
6 KB 38ms
33ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=42063
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Sun, 08 Jan 2023 11:23:32 GMT
expires: Sun, 08 Jan 2023 23:04:35 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame C6F7 281 B
554 B 31ms
27ms Document
text/html 23.2.211.147
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.2.211.147 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-211-147.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Sun, 08 Jan 2023 11:23:32 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame C378 52 KB
17 KB 25ms
21ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 17774
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Sun, 08 Jan 2023 11:23:32 GMT
ETag: W/"623de86a-cf34"
Expires: Sun, 01 Jan 2023 17:03:48 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 7, 236666
X-Served-By: cache-lga13626-LGA, cache-hhn-etou8220065-HHN
X-Timer: S1673177012.229284,VS0,VE0

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 2D7A 281 B
554 B 30ms
27ms Document
text/html 23.2.211.147
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.2.211.147 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-211-147.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Sun, 08 Jan 2023 11:23:32 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 8723 52 KB
17 KB 23ms
21ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 17774
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Sun, 08 Jan 2023 11:23:32 GMT
ETag: W/"623de86a-cf34"
Expires: Sun, 01 Jan 2023 17:03:48 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 7, 232327
X-Served-By: cache-lga13626-LGA, cache-hhn-etou8220041-HHN
X-Timer: S1673177012.228975,VS0,VE0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 88EA 16 KB
6 KB 32ms
31ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=42063
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Sun, 08 Jan 2023 11:23:32 GMT
expires: Sun, 08 Jan 2023 23:04:35 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 92D3 34 KB
10 KB 34ms
32ms Script
text/html 23.2.211.147
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.2.211.147 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-211-147.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: ffced4e87474664ffd30ca0b6d928d9741d02ac09ab1fd6257fda0ecadfb46b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:32 GMT
Content-Encoding: gzip
Last-Modified: Sat, 07 Jan 2023 16:27:09 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=18175
Connection: keep-alive
Content-Length: 10067
Expires: Sun, 08 Jan 2023 16:26:27 GMT

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 42C4 16 KB
6 KB 24ms
24ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=42063
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Sun, 08 Jan 2023 11:23:32 GMT
expires: Sun, 08 Jan 2023 23:04:35 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame BC55 281 B
554 B 28ms
28ms Document
text/html 23.2.211.147
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.2.211.147 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-211-147.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Sun, 08 Jan 2023 11:23:32 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 1C00 52 KB
17 KB 21ms
20ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://guandads.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 17774
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Sun, 08 Jan 2023 11:23:32 GMT
ETag: W/"623de86a-cf34"
Expires: Sun, 01 Jan 2023 17:03:48 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 7, 232328
X-Served-By: cache-lga13626-LGA, cache-hhn-etou8220041-HHN
X-Timer: S1673177012.257798,VS0,VE0

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 1308 34 KB
10 KB 32ms
32ms Script
text/html 23.2.211.147
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.2.211.147 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-211-147.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: ffced4e87474664ffd30ca0b6d928d9741d02ac09ab1fd6257fda0ecadfb46b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:32 GMT
Content-Encoding: gzip
Last-Modified: Sat, 07 Jan 2023 16:27:09 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=18175
Connection: keep-alive
Content-Length: 10067
Expires: Sun, 08 Jan 2023 16:26:27 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame C6F7 34 KB
10 KB 34ms
33ms Script
text/html 23.2.211.147
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.2.211.147 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-211-147.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: ffced4e87474664ffd30ca0b6d928d9741d02ac09ab1fd6257fda0ecadfb46b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:32 GMT
Content-Encoding: gzip
Last-Modified: Sat, 07 Jan 2023 16:27:09 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=18175
Connection: keep-alive
Content-Length: 10067
Expires: Sun, 08 Jan 2023 16:26:27 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 2D7A 34 KB
10 KB 27ms
27ms Script
text/html 23.2.211.147
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.2.211.147 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-211-147.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: ffced4e87474664ffd30ca0b6d928d9741d02ac09ab1fd6257fda0ecadfb46b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:32 GMT
Content-Encoding: gzip
Last-Modified: Sat, 07 Jan 2023 16:27:09 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=18175
Connection: keep-alive
Content-Length: 10067
Expires: Sun, 08 Jan 2023 16:26:27 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame BC55 34 KB
10 KB 43ms
42ms Script
text/html 23.2.211.147
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.2.211.147 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-211-147.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: ffced4e87474664ffd30ca0b6d928d9741d02ac09ab1fd6257fda0ecadfb46b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:32 GMT
Content-Encoding: gzip
Last-Modified: Sat, 07 Jan 2023 16:27:09 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=18175
Connection: keep-alive
Content-Length: 10067
Expires: Sun, 08 Jan 2023 16:26:27 GMT

GET
H2 200 action
track.scoota.co/ Frame D424 42 B
123 B 42ms
42ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177012361&bid_id=7202460214858058873&delivery_id=3fdc4e55-f72c-4b5f-87e0-94ccff97d0e9&placement_id=31881&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27938&creative_version=17&action=p10&object_type=video&object_id=34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: a1c300733c9e3066dd23a5e91f7e9d9c
date: Sun, 08 Jan 2023 11:23:32 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 get
choices.trustarc.com/ Frame C098 287 B
627 B 21ms
21ms Image
image/png 99.86.4.64
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/get?name=admarker-icon-tr.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-64.fra6.r.cloudfront.net
Software: nginx /
Resource Hash: 821262a8c32b52639f97ddf4f34c494e82156651752608fa6a23ffa3df2f84b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: public
date: Sun, 25 Dec 2022 18:05:30 GMT
via: 1.1 21da0a66bafe2c8de8be4a4d8039346a.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA6-C1
age: 1185482
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
timing-allow-origin: *
content-length: 287
x-amz-cf-id: vUUFdkC1Gry6L7hvOVx0SyPs_npyjmy5O1-Z41x0iljpk4TYu_J7PA==
expires: Tue, 24 Jan 2023 18:05:30 GMT

GET
H2 200 action
track.scoota.co/ Frame 0ABF 42 B
123 B 97ms
97ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177012421&bid_id=3605273051021679518&delivery_id=9fb09995-9bdb-4590-9bdc-da93d9cb4c8f&placement_id=31881&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27938&creative_version=17&action=p10&object_type=video&object_id=34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 21d6f50b2a7d29a96a4cbf462d4aa189
date: Sun, 08 Jan 2023 11:23:32 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 match Show response
c1.adform.net/serving/cookie/ Frame 8F92 35 B
477 B 77ms
40ms Document
image/gif 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://c1.adform.net/serving/cookie/match?party=14&cid=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
content-type: image/gif
date: Sun, 08 Jan 2023 11:23:32 GMT
expires: -1
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2

204

CookieSyncPubMatic&gdpr=0&gdpr_consent=
rtb.adentifi.com/ Frame 5974
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%...
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Y7qntAAAANM4KwAp&gdpr=0&gdpr_consent=&_test=Y7qntAAAANM4KwAp
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent=

0
0

347ms
113ms

Document
text/plain

54.147.255.25
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.147.255.25 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-147-255-25.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

date: Sun, 08 Jan 2023 11:23:33 GMT

Redirect headers

content-length: 95
content-type: text/html; charset=utf-8
date: Sun, 08 Jan 2023 11:23:32 GMT
location: https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent=
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H/1.1 200
OK dcm Show response
s.amazon-adsystem.com/ Frame 5D49 43 B
855 B 109ms
109ms Document
image/gif 52.46.130.91
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/dcm?pid=3b882453-6770-4785-baf8-a598533c054a&id=FC664E40-1D0C-4169-A69F-C6161527EB7F&redir=true&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif
Date: Sun, 08 Jan 2023 11:23:32 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid: TBR1KGGAPAQ8K9GR424Y

GET
H2 200 bridge Show response
cm.adgrx.com/ Frame 1D18 43 B
283 B 137ms
27ms Document
image/gif 72.251.245.179
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 72.251.245.179 Amsterdam, Netherlands, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: Cowboy /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, proxy-revalidate
content-length: 43
content-type: image/gif
date: Sun, 08 Jan 2023 11:23:32 GMT
expires: Thu, 23 Sep 2004 17:42:04 GMT
p3p: CP="NOI OTC OTP OUR NOR"
pragma: no-cache
server: Cowboy
x-realserver-nx: ams-delivery-7

GET
H2

204

services
sync.technoratimedia.com/ Frame B627
Redirect Chain

https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent=
https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent=&_bee_ppp=1
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUE1Y0JVN0hkVThBQUNDNmoydkNaZw&gdpr=0&gdpr_consent=&bee_sync_partners=pp%2Csas%2Csyn%2Cpm&bee_sync_current_partner=adx&b...
https://match.prod.bidr.io/cookie-sync/adx?gdpr=0&gdpr_consent=&bee_sync_partners=pp%2Csas%2Csyn%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AA5cBU7HdU8AACC6j2vCZg&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26bee_sync_partners%3Dsas%252Csyn%252Cpm%26bee_sync_cur...
https://match.prod.bidr.io/cookie-sync?gdpr=0&bee_sync_partners=sas%2Csyn%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AA5cBU7HdU8AACC6j2vCZg&pid=558502&do=add&gd...
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AA5cBU7HdU8AACC6j2vCZg&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26gdpr%3D0%26bee_sync_partners%3Dsyn%...
https://match.prod.bidr.io/cookie-sync?gdpr=0&gdpr=0&bee_sync_partners=syn%2Cpm&bee_sync_current_partner=sas&bee_sync_initiator=adx&bee_sync_hop_count=3&userid=3142036600569924402&gdpr=0&gdpr_consent=
https://sync.technoratimedia.com/services?srv=cs&pid=73&uid=AA5cBU7HdU8AACC6j2vCZg&cb=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26gdpr%3D0%26userid%3D3142036600569924402%26gdpr%3D0%...

0
0

345ms
111ms

Document
text/plain

193.122.130.38
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.technoratimedia.com/services?srv=cs&pid=73&uid=AA5cBU7HdU8AACC6j2vCZg&cb=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26gdpr%3D0%26userid%3D3142036600569924402%26gdpr%3D0%26gdpr_consent%3D%26bee_sync_partners%3Dpm%26bee_sync_current_partner%3Dsyn%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D4&gdpr=0
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 193.122.130.38 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-methods: POST,GET,HEAD,OPTIONS
access-control-allow-origin: https://ads.pubmatic.com/
age: 0
date: Sun, 08 Jan 2023 11:23:35 GMT
server: nginx
via: 1.1 varnish
x-varnish: 366709921

Redirect headers

Connection: keep-alive
Content-Length: 0
Date: Sun, 08 Jan 2023 11:23:34 GMT
Server: gunicorn
location: https://sync.technoratimedia.com/services?srv=cs&pid=73&uid=AA5cBU7HdU8AACC6j2vCZg&cb=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26gdpr%3D0%26userid%3D3142036600569924402%26gdpr%3D0%26gdpr_consent%3D%26bee_sync_partners%3Dpm%26bee_sync_current_partner%3Dsyn%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D4&gdpr=0
strict-transport-security: max-age=2592000; includeSubDomains

GET
H2

204

CookieSyncPubMatic&gdpr=0&gdpr_consent=
rtb.adentifi.com/ Frame 2A1F
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:695b63ba-a7b1-4001-a45b-b92890f35042&gdpr=0&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent=

0
0

333ms
113ms

Document
text/plain

54.147.255.25
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.147.255.25 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-147-255-25.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

date: Sun, 08 Jan 2023 11:23:33 GMT

Redirect headers

content-length: 95
content-type: text/html; charset=utf-8
date: Sun, 08 Jan 2023 11:23:32 GMT
location: https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent=
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2

204

CookieSyncPubMatic&gdpr=0&gdpr_consent=
rtb.adentifi.com/ Frame 3B9E
Redirect Chain

https://ib.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=2028049306522560814&gdpr=0&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent=

0
0

350ms
115ms

Document
text/plain

54.147.255.25
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.147.255.25 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-147-255-25.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

date: Sun, 08 Jan 2023 11:23:33 GMT

Redirect headers

content-length: 95
content-type: text/html; charset=utf-8
date: Sun, 08 Jan 2023 11:23:32 GMT
location: https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent=
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 usersync.aspx Show response
dis.criteo.com/dis/ Frame E918 43 B
363 B 95ms
31ms Document
image/gif 178.250.0.163
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.163 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache
content-type: image/gif
cross-origin-resource-policy: cross-origin
date: Sun, 08 Jan 2023 11:23:31 GMT
expires: Sun, 08 Jan 2023 00:00:00 GMT
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 956560
strict-transport-security: max-age=31536000; preload;
x-errorlevel: 0

GET
H2

204

ImgSync
image8.pubmatic.com/AdServer/ Frame 20D8
Redirect Chain

https://cms.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=6GMubL9nLjnzaXg-5jJhOu5mdTTzNXQ15jGRldIR
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=

0
0

168ms
167ms

Document
text/plain

104.36.113.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.110 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

date: Sun, 08 Jan 2023 11:23:32 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

cache-control: no-store, no-cache, private
date: Sun, 08 Jan 2023 11:23:31 GMT
location: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

GET
H2 200 141 Show response
match.deepintent.com/usersync/ Frame AF1F 0
44 B 360ms
112ms Document
text/plain 169.197.150.7
DEEPINTENT

General

Check archive.org

Show headers Download Go to

Full URL: https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 169.197.150.7 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS: g.deepintent.com
Software: a /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 0
date: Sun, 08 Jan 2023 11:23:32 GMT
server: a

GET tum
ums.acuityplatform.com/ Frame CF43 0
0

GET
H2

204

CookieSyncPubMatic&gdpr=0&gdpr_consent=
rtb.adentifi.com/ Frame 8412
Redirect Chain

https://ad.mrtnsvr.com/sync/pubmatic
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTgmdGw9MTI5NjAw&piggybackCookie=RgOaZg3aM
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent=

0
0

346ms
112ms

Document
text/plain

54.147.255.25
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.147.255.25 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-147-255-25.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

date: Sun, 08 Jan 2023 11:23:33 GMT

Redirect headers

content-length: 95
content-type: text/html; charset=utf-8
date: Sun, 08 Jan 2023 11:23:31 GMT
location: https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent=
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 4E41
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent=
https://pm.w55c.net/ping_match.gif?scc=1&ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:sqat4b7Z1PetM15&gdpr=0&gdpr_consent=

42 B
236 B

168ms
167ms

Document
image/gif

204.237.133.120
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:sqat4b7Z1PetM15&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.120 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sun, 08 Jan 2023 11:23:32 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Date: Sun, 08 Jan 2023 11:23:32 GMT
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:sqat4b7Z1PetM15&gdpr=0&gdpr_consent=
Pragma: no-cache
Server: PingMatch/595ea14#595ea1444a96c0bdac4aa333a73d7028cf966fc7 i-06d3fa71a06966461@us-west-2c@dxedge-app-us-west-2-prod-asg
Strict-Transport-Security: max-age=2592000; includeSubDomains

GET
H2

200

i.match Show response
s.tribalfusion.com/z/ Frame 4327
Redirect Chain

https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATI...
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMA...

43 B
414 B

207ms
197ms

Document
image/gif

2606:4700::6812:19ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:19ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache private
cf-cache-status: DYNAMIC
cf-ray: 78648fc9ec369048-FRA
content-length: 43
content-type: image/gif; charset=utf-8
date: Sun, 08 Jan 2023 11:23:32 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: CP="NOI DEVo TAIa OUR BUS"
pragma: no-cache
server: cloudflare
x-function: 302

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache private
cf-cache-status: DYNAMIC
cf-ray: 78648fc88a1e9048-FRA
content-type: text/html
date: Sun, 08 Jan 2023 11:23:32 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
p3p: CP="NOI DEVo TAIa OUR BUS"
pragma: no-cache
server: cloudflare
x-function: 206
x-reuse-index: 1427

GET
H/1.1

200
OK

noop Show response
px.owneriq.net/ Frame 6864
Redirect Chain

https://px.owneriq.net/epm?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=$UID
https://px.owneriq.net/noop?ct=image%2Fgif

0
287 B

26ms
26ms

Document
image/gif

23.2.234.181
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://px.owneriq.net/noop?ct=image%2Fgif
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.2.234.181 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-2-234-181.deploy.static.akamaitechnologies.com
Software: Apache/2.4.6 (CentOS) / PHP/7.3.33
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Length: 0
Content-Type: image/gif
Date: Sun, 08 Jan 2023 11:23:32 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: Apache/2.4.6 (CentOS)
X-Powered-By: PHP/7.3.33

Redirect headers

Connection: keep-alive
Content-Length: 0
Date: Sun, 08 Jan 2023 11:23:32 GMT
Location: https://px.owneriq.net/noop?ct=image%2Fgif
Server: AkamaiGHost

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 1353
Redirect Chain

https://cm-supply-web.gammaplatform.com/adx/usersyncsupply?pid=7&t=pixel
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTkmdGw9NDMyMDA=&piggybackCookie=t0wmqaag8ow2

42 B
227 B

170ms
169ms

Document
image/gif

104.36.113.107
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTkmdGw9NDMyMDA=&piggybackCookie=t0wmqaag8ow2
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sun, 08 Jan 2023 11:23:32 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

accept-encoding: utf-8
cache-control: no-cache, no-store
content-length: 0
date: Sun, 08 Jan 2023 11:23:33 GMT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0NTkmdGw9NDMyMDA=&piggybackCookie=t0wmqaag8ow2
lws: 20
strict-transport-security: max-age=31536000; includeSubDomains
time-ms: 1

GET
H/1.1

200
OK

pbmtc.gif Show response
beacon.lynx.cognitivlabs.com/ Frame 9133
Redirect Chain

https://beacon.lynx.cognitivlabs.com/pbmtc.gif?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTM0MzkmdGw9MTI5NjAw&piggybackCookie=$UID
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTM0MzkmdGw9MTI5NjAw&piggybackCookie=d5fca368-d3d4-4446-b270-369f78c103ce&r=https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=$...
https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=FC664E40-1D0C-4169-A69F-C6161527EB7F

42 B
493 B

111ms
111ms

Document
image/gif

54.81.205.56
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=FC664E40-1D0C-4169-A69F-C6161527EB7F
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.81.205.56 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-81-205-56.compute-1.amazonaws.com
Software: Kestrel /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Length: 42
Content-Type: image/gif
Date: Sun, 08 Jan 2023 11:23:33 GMT
Server: Kestrel

Redirect headers

cache-control: no-store, no-cache, private
date: Sun, 08 Jan 2023 11:23:33 GMT
location: https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=FC664E40-1D0C-4169-A69F-C6161527EB7F
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

GET
H2

200

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 9D35
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=_GZOQB0MQWmmn8YWFSfrfw%3D%3D&gdpr=0&gdpr_consent=
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=

16 KB
16 KB

35ms
35ms

Image
text/html

2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
Protocol: H2
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:32 GMT
content-encoding: gzip
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
server: Apache
vary: Accept-Encoding
content-type: text/html
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=42063
accept-ranges: bytes
content-length: 5554
expires: Sun, 08 Jan 2023 23:04:35 GMT

Redirect headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 451 420486.gif
idsync.rlcdn.com/ Frame 9D35 0
98 B 192ms
134ms Image
text/plain 35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/420486.gif?partner_uid=FC664E40-1D0C-4169-A69F-C6161527EB7F
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:32 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2

404

gdpr_consent=
sync.crwdcntrl.net/map/c=8587/tp=CLOD/tpid=d4bc4804f5384c53/gdpr=0/ Frame 9D35
Redirect Chain

https://pixel.onaudience.com/?partner=214&mapped=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=0&gdpr_consent=
https://sync.crwdcntrl.net/map/c=8587/tp=CLOD/tpid=d4bc4804f5384c53/gdpr=0/gdpr_consent=?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%...

49 B
265 B

523ms
171ms

Image
image/gif

54.176.29.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/map/c=8587/tp=CLOD/tpid=d4bc4804f5384c53/gdpr=0/gdpr_consent=?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%24%7Bgdpr%7D
Protocol: H2
Server: 54.176.29.121 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-176-29-121.us-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:33 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.41.0.116
content-length: 49
expires: 0

Redirect headers

location: https://sync.crwdcntrl.net/map/c=8587/tp=CLOD/tpid=d4bc4804f5384c53/gdpr=0/gdpr_consent=?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%24%7Bgdpr%7D
content-length: 0

GET
H2

204

ImgSync
image8.pubmatic.com/AdServer/ Frame 9D35
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RkM2NjRFNDAtMUQwQy00MTY5LUE2OUYtQzYxNjE1MjdFQjdG&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=

0
43 B

168ms
167ms

Image
text/plain

104.36.113.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Protocol: H2
Server: 104.36.113.110 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:32 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
date: Sun, 08 Jan 2023 11:23:32 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2

204

ImgSync
image8.pubmatic.com/AdServer/ Frame 9D35
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEEyHceFOap_mgXm_1clAi9A&google_cver=1
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=

0
43 B

168ms
167ms

Image
text/plain

104.36.113.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Protocol: H2
Server: 104.36.113.110 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:32 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
date: Sun, 08 Jan 2023 11:23:32 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 pubmatic
um.simpli.fi/ Frame 9D35 43 B
610 B 98ms
27ms Image
image/gif 34.91.62.186
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

34.91.62.186 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

186.62.91.34.bc.googleusercontent.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:32 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Sat, 07 Jan 2023 11:23:32 GMT

GET
H2

204

CookieSyncPubMatic&gdpr=0&gdpr_consent=
rtb.adentifi.com/ Frame 9D35
Redirect Chain

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=2636074057763413096&gdpr=0&gdpr_consent=&us_privacy=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent=

0
34 B

348ms
115ms

Image
text/plain

54.147.255.25
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent=
Protocol: H2
Server: 54.147.255.25 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-147-255-25.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:33 GMT

Redirect headers

location: https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent=
date: Sun, 08 Jan 2023 11:23:32 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 95
content-type: text/html; charset=utf-8

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame 9D35 70 B
264 B 48ms
44ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sun, 08 Jan 2023 11:23:32 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 FC664E40-1D0C-4169-A69F-C6161527EB7F
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame 9D35 43 B
601 B 56ms
52ms Image
image/gif 2a05:d018:d29:3602:f84d:3d72:727e:650c
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/FC664E40-1D0C-4169-A69F-C6161527EB7F?gdpr=0&gdpr_consent=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:d29:3602:f84d:3d72:727e:650c Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:32 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
content-length: 43

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame 9D35
Redirect Chain

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=FC664E40-1D0C-4169-A69F-C6161527EB7F&redir=true&gdpr=0&gdpr_consent=
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-IK1IYeRE2uXGgiuxIYUfOKMCfPcHut0-~A&gdpr=0

0
260 B

549ms
179ms

Image
text/plain

104.36.113.111
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-IK1IYeRE2uXGgiuxIYUfOKMCfPcHut0-~A&gdpr=0
Protocol: H2
Server: 104.36.113.111 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:33 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-IK1IYeRE2uXGgiuxIYUfOKMCfPcHut0-~A&gdpr=0
date: Sun, 08 Jan 2023 11:23:32 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

204

ImgSync
image8.pubmatic.com/AdServer/ Frame 9D35
Redirect Chain

https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_cons...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=f25844d6-9ad0-4f4a-a2eb-79ce86055426&gdpr=0&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=

0
128 B

168ms
167ms

Image
text/plain

104.36.113.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Protocol: H2
Server: 104.36.113.110 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:32 GMT
cache-control: private,max-age=86400
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
date: Sun, 08 Jan 2023 11:23:33 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 9D35
Redirect Chain

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://m.fg8dgt.com/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&ssp_uuid=a4093597-115c-40fd-bf55-4722f694dec2
https://m.fg8dgt.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&ssp_uuid=a4093597-115c-40fd-bf55-4722f694dec2
https://x.bidswitch.net/sync?dsp_id=108&expires=14&ssp=pubmatic&user_id=f9d31042-9151-4600-afcd-fc01e6f72929
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=a4093597-115c-40fd-bf55-4722f694dec2&gdpr=&gdpr_consent=&gdpr_pd=

1 B
263 B

168ms
167ms

Image
text/html

204.237.133.120
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=a4093597-115c-40fd-bf55-4722f694dec2&gdpr=&gdpr_consent=&gdpr_pd=
Protocol: H2
Server: 204.237.133.120 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-type: text/html; charset=utf-8
date: Sun, 08 Jan 2023 11:23:34 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location: //simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=a4093597-115c-40fd-bf55-4722f694dec2&gdpr=&gdpr_consent=&gdpr_pd=
Date: Sun, 08 Jan 2023 11:23:35 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame 9D35 0
191 B 559ms
179ms Image
text/plain 209.25.233.254
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 209.25.233.254 , Canada, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma: no-cache
date: Sun, 08 Jan 2023 11:23:32 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2 204 current
pubmatic-match.dotomi.com/match/bounce/ Frame 9D35 0
104 B 205ms
79ms Image
text/plain 2a02:fa8:8806:13::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:13::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:32 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2

204

CookieSyncPubMatic&gdpr=0&gdpr_consent=
rtb.adentifi.com/ Frame 9D35
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=1735583901080397550
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent=

0
34 B

347ms
114ms

Image
text/plain

54.147.255.25
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent=
Protocol: H2
Server: 54.147.255.25 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-147-255-25.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:33 GMT

Redirect headers

location: https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent=
date: Sun, 08 Jan 2023 11:23:32 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 95
content-type: text/html; charset=utf-8

GET
H/1.1

200
OK

sn.ashx
pmp.mxptint.net/ Frame 9D35
Redirect Chain

https://pmp.mxptint.net/sn.ashx?&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjc0NCZ0bD0xNTc2ODAw&piggybackCookie=R1B342_FC2AD26A_2E60DF7&r=https://pmp.mxptint.net/sn.ashx?ak=1
https://pmp.mxptint.net/sn.ashx?ak=1

43 B
266 B

144ms
142ms

Image
image/gif

204.2.255.233
NTT-LTD-2914

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pmp.mxptint.net/sn.ashx?ak=1

Protocol

HTTP/1.1

Server

204.2.255.233 , United States, ASN2914 (NTT-LTD-2914, US),

Reverse DNS

Software

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=-356163813; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Expires: -1
Pragma: no-cache
Date: Sun, 08 Jan 2023 11:23:33 GMT
Cache-Control: no-cache
Strict-Transport-Security: max-age=-356163813; includeSubDomains
Content-Length: 43
Content-Type: image/gif

Redirect headers

location: https://pmp.mxptint.net/sn.ashx?ak=1
date: Sun, 08 Jan 2023 11:23:33 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2

204

CookieSyncPubMatic&gdpr=0&gdpr_consent=
rtb.adentifi.com/ Frame 9D35
Redirect Chain

https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=2028049306522560814
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent=

0
34 B

335ms
114ms

Image
text/plain

54.147.255.25
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent=
Protocol: H2
Server: 54.147.255.25 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-147-255-25.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:33 GMT

Redirect headers

location: https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent=
date: Sun, 08 Jan 2023 11:23:32 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 95
content-type: text/html; charset=utf-8

GET
H2 200 get
choices.trustarc.com/ Frame DC27 287 B
627 B 22ms
21ms Image
image/png 99.86.4.64
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/get?name=admarker-icon-tr.png
Requested by: Host: choices.trustarc.com
URL: https://choices.trustarc.com/ca?aid=sojern02&pid=sojern01&cid=27432037&js=st_2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-64.fra6.r.cloudfront.net
Software: nginx /
Resource Hash: 821262a8c32b52639f97ddf4f34c494e82156651752608fa6a23ffa3df2f84b1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: public
date: Sun, 25 Dec 2022 18:05:30 GMT
via: 1.1 21da0a66bafe2c8de8be4a4d8039346a.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA6-C1
age: 1185482
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
timing-allow-origin: *
content-length: 287
x-amz-cf-id: UPrdtXSprZc_8pmZW38QFAaXCyxS4dpHltaQn9agPCyEYX37v2hT0Q==
expires: Tue, 24 Jan 2023 18:05:30 GMT

GET
H2 200 get
choices.trustarc.com/ Frame DC27 739 B
1 KB 23ms
22ms Image
image/png 99.86.4.64
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/get?name=admarker-full-tr.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-64.fra6.r.cloudfront.net
Software: nginx /
Resource Hash: 093d94d4b660253c55e87d4503dffcb6cedc8f222f9d85d1faa68ff619ac9d3e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: public
date: Sun, 25 Dec 2022 18:05:30 GMT
via: 1.1 21da0a66bafe2c8de8be4a4d8039346a.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA6-C1
age: 1185482
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
timing-allow-origin: *
content-length: 739
x-amz-cf-id: VevTn1xqJpguVM-PO5U-doazLxDbVg78r-oV2Kw7TMJnmkRli0nJqQ==
expires: Tue, 24 Jan 2023 18:05:30 GMT

GET
H2 200 get
choices.trustarc.com/ Frame 8DA3 287 B
627 B 22ms
21ms Image
image/png 99.86.4.64
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/get?name=admarker-icon-tr.png
Requested by: Host: choices.trustarc.com
URL: https://choices.trustarc.com/ca?aid=sojern02_d&pid=sojern01&cid=0&w=300&h=250&c=528318265&js=pmw2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-64.fra6.r.cloudfront.net
Software: nginx /
Resource Hash: 821262a8c32b52639f97ddf4f34c494e82156651752608fa6a23ffa3df2f84b1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: public
date: Sun, 25 Dec 2022 18:05:30 GMT
via: 1.1 21da0a66bafe2c8de8be4a4d8039346a.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA6-C1
age: 1185482
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
timing-allow-origin: *
content-length: 287
x-amz-cf-id: uh2F5ux8UKdwNCDFS6bOMBOZgL6lCjs0GeJa8ux747nzFTzVS8G6Ag==
expires: Tue, 24 Jan 2023 18:05:30 GMT

GET
H2 200 get
choices.trustarc.com/ Frame 8DA3 739 B
1 KB 22ms
21ms Image
image/png 99.86.4.64
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/get?name=admarker-full-tr.png
Requested by: Host: choices.trustarc.com
URL: https://choices.trustarc.com/ca?aid=sojern02_d&pid=sojern01&cid=0&w=300&h=250&c=528318265&js=pmw2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-64.fra6.r.cloudfront.net
Software: nginx /
Resource Hash: 093d94d4b660253c55e87d4503dffcb6cedc8f222f9d85d1faa68ff619ac9d3e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: public
date: Sun, 25 Dec 2022 18:05:30 GMT
via: 1.1 21da0a66bafe2c8de8be4a4d8039346a.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA6-C1
age: 1185482
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
timing-allow-origin: *
content-length: 739
x-amz-cf-id: hD7gCf-HcZdf8fqFu4jurhtk-VNrJAI7OBccCjcAKaG-NGMGmjTXew==
expires: Tue, 24 Jan 2023 18:05:30 GMT

GET
H2 200 action
track.scoota.co/ Frame BC77 42 B
123 B 56ms
55ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177012945&bid_id=8666453536827556983&delivery_id=5f6e1fb6-b0ed-4657-b676-7fb29b5006ae&placement_id=31880&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27939&creative_version=12&action=p10&object_type=video&object_id=19
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 5e32e5c392b9185beddd3075ae1173a0
date: Sun, 08 Jan 2023 11:23:32 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 action
track.scoota.co/ Frame 55AC 42 B
123 B 54ms
54ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177012946&bid_id=1951772018706946693&delivery_id=a4063513-e4df-4114-b27e-eb96b5221ee8&placement_id=31880&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27939&creative_version=12&action=p10&object_type=video&object_id=19
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: d5d6a1d1fedb9f344dcb598dc4a90b83
date: Sun, 08 Jan 2023 11:23:32 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 action
track.scoota.co/ Frame 3382 42 B
123 B 53ms
53ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177012946&bid_id=7379796288815871095&delivery_id=fad5fb22-6ac2-4ccf-97ea-6eb12e46c096&placement_id=31880&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27939&creative_version=12&action=p10&object_type=video&object_id=19
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 212aa58fa90f8a15d3bd003b7208f719
date: Sun, 08 Jan 2023 11:23:32 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

POST
H2 200 /
track.adform.net/serving/unload/ Frame D49B 35 B
478 B 41ms
41ms Ping
image/gif 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=1735583901080397550@@60271212,5504152812458487879,100|1058|0|0|0|0|0|0|0||41|1|||||1|0|0|KmpIBGf8vz1cPlakbYq96QFK9TzGBS3wj1-l-YM3V3sdX3LItdB6TfL_QlhaeLlf0|||11||0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://hal900023.redintelligence.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://hal900023.redintelligence.net
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 action
track.scoota.co/ Frame D424 42 B
123 B 43ms
42ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177014345&bid_id=7202460214858058873&delivery_id=3fdc4e55-f72c-4b5f-87e0-94ccff97d0e9&placement_id=31881&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27938&creative_version=17&action=p20&object_type=video&object_id=34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 2fb5ed34974c0c00e71f50b82791676d
date: Sun, 08 Jan 2023 11:23:34 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 action
track.scoota.co/ Frame 0ABF 42 B
123 B 43ms
43ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177014412&bid_id=3605273051021679518&delivery_id=9fb09995-9bdb-4590-9bdc-da93d9cb4c8f&placement_id=31881&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27938&creative_version=17&action=p20&object_type=video&object_id=34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 9b686f459be333a0f2acf3d1d9855150
date: Sun, 08 Jan 2023 11:23:34 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame 9D35 0
48 B 180ms
169ms Script
text/plain 104.36.113.111
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=156383&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.111 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:33 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 action
track.scoota.co/ Frame BC77 42 B
123 B 42ms
41ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177014945&bid_id=8666453536827556983&delivery_id=5f6e1fb6-b0ed-4657-b676-7fb29b5006ae&placement_id=31880&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27939&creative_version=12&action=p20&object_type=video&object_id=19
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 1c883bdbe0abe707c6d950798ca023b8
date: Sun, 08 Jan 2023 11:23:34 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 action
track.scoota.co/ Frame 3382 42 B
123 B 42ms
42ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177014946&bid_id=7379796288815871095&delivery_id=fad5fb22-6ac2-4ccf-97ea-6eb12e46c096&placement_id=31880&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27939&creative_version=12&action=p20&object_type=video&object_id=19
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: c712b716108664ee631fa0a7a9fc6831
date: Sun, 08 Jan 2023 11:23:34 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 0682 1 KB
2 KB 168ms
167ms Script
text/html 104.36.113.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=22097275&p=156383&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.112 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: a4304b6c8ffb1f400068f7f368726fac43fe2c830b936d0d4aec9fca690e8827

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Sun, 08 Jan 2023 11:23:34 GMT
content-length: 1506
content-type: text/html; charset=UTF-8

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 0EC2 1 KB
2 KB 168ms
167ms Script
text/html 104.36.113.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=14489978&p=156383&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.112 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: a4304b6c8ffb1f400068f7f368726fac43fe2c830b936d0d4aec9fca690e8827

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Sun, 08 Jan 2023 11:23:34 GMT
content-length: 1506
content-type: text/html; charset=UTF-8

GET
H2 200 action
track.scoota.co/ Frame 55AC 42 B
123 B 41ms
41ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177014962&bid_id=1951772018706946693&delivery_id=a4063513-e4df-4114-b27e-eb96b5221ee8&placement_id=31880&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27939&creative_version=12&action=p20&object_type=video&object_id=19
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 31114b02b1bb6f79741da1999a7747ec
date: Sun, 08 Jan 2023 11:23:34 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame F7F0 1 KB
2 KB 169ms
168ms Script
text/html 104.36.113.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=5142046&p=156383&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.112 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: a4304b6c8ffb1f400068f7f368726fac43fe2c830b936d0d4aec9fca690e8827

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Sun, 08 Jan 2023 11:23:34 GMT
content-length: 1506
content-type: text/html; charset=UTF-8

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame C87A 1 KB
2 KB 168ms
167ms Script
text/html 104.36.113.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=93410301&p=156383&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.112 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: a4304b6c8ffb1f400068f7f368726fac43fe2c830b936d0d4aec9fca690e8827

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Sun, 08 Jan 2023 11:23:33 GMT
content-length: 1506
content-type: text/html; charset=UTF-8

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame E948 1 KB
2 KB 168ms
167ms Script
text/html 104.36.113.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=48418415&p=156383&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.112 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: a4304b6c8ffb1f400068f7f368726fac43fe2c830b936d0d4aec9fca690e8827

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Sun, 08 Jan 2023 11:23:33 GMT
content-length: 1506
content-type: text/html; charset=UTF-8

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame F332 1 KB
2 KB 168ms
168ms Script
text/html 104.36.113.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=22941298&p=156383&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.112 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: a4304b6c8ffb1f400068f7f368726fac43fe2c830b936d0d4aec9fca690e8827

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Sun, 08 Jan 2023 11:23:34 GMT
content-length: 1506
content-type: text/html; charset=UTF-8

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 603C 1 KB
2 KB 169ms
169ms Script
text/html 104.36.113.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=83260742&p=156383&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.112 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: a4304b6c8ffb1f400068f7f368726fac43fe2c830b936d0d4aec9fca690e8827

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Sun, 08 Jan 2023 11:23:34 GMT
content-length: 1506
content-type: text/html; charset=UTF-8

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 80F4 1 KB
2 KB 168ms
168ms Script
text/html 104.36.113.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=11186177&p=156383&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.112 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: a4304b6c8ffb1f400068f7f368726fac43fe2c830b936d0d4aec9fca690e8827

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Sun, 08 Jan 2023 11:23:34 GMT
content-length: 1506
content-type: text/html; charset=UTF-8

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame B11B 1 KB
2 KB 168ms
168ms Script
text/html 104.36.113.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=61972235&p=156383&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.112 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: a4304b6c8ffb1f400068f7f368726fac43fe2c830b936d0d4aec9fca690e8827

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Sun, 08 Jan 2023 11:23:34 GMT
content-length: 1506
content-type: text/html; charset=UTF-8

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 2F14
Redirect Chain

https://csync.loopme.me/?pubid=11331&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={viewer_token}
https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}

0
74 B

170ms
168ms

Document
text/html

204.237.133.120
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.120 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Sun, 08 Jan 2023 11:23:56 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

content-length: 0
date: Sun, 08 Jan 2023 11:23:35 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
server: _

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame BB61
Redirect Chain

https://mweb.ck.inmobi.com/sync/15?redirect=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA%3D%3D%26piggybackCookie%3D%24DSP_CKID
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=caec47e7-dde4-4ea7-b761-a6ead9c679dd

1 B
72 B

171ms
169ms

Document
text/html

104.36.113.107
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=caec47e7-dde4-4ea7-b761-a6ead9c679dd
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 1
content-type: text/html; charset=utf-8
date: Sun, 08 Jan 2023 11:23:34 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

content-length: 0
date: Sun, 08 Jan 2023 11:23:35 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=caec47e7-dde4-4ea7-b761-a6ead9c679dd
strict-transport-security: max-age=15724800; includeSubDomains

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 04D4
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=4wbEUFcJQPdDnuC6bXjU1Nly2hs

42 B
378 B

168ms
167ms

Document
image/gif

204.237.133.120
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=4wbEUFcJQPdDnuC6bXjU1Nly2hs
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.120 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sun, 08 Jan 2023 11:23:35 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Connection: keep-alive
Content-Length: 159
Content-Type: text/html; charset=utf-8
Date: Sun, 08 Jan 2023 11:23:35 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=4wbEUFcJQPdDnuC6bXjU1Nly2hs

GET
H2

200

generic Show response
match.adsrvr.org/track/cmf/ Frame C361
Redirect Chain

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
https://sync.1rx.io/usersync2/pubmatic?zcc=1&cb=1673177015419
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=690074008

70 B
264 B

45ms
45ms

Document
image/gif

35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=690074008
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private,no-cache, must-revalidate
content-length: 70
content-type: image/gif
date: Sun, 08 Jan 2023 11:23:35 GMT
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma: no-cache
x-aspnet-version: 4.0.30319

Redirect headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/html
Date: Sun, 08 Jan 2023 11:23:35 GMT
ETag: RX4a4e3dfe245b406cab12aa7886310786005
Expires: 0
Location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=690074008
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Pragma: no-cache
Server: Tengine
Transfer-Encoding: chunked

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame D4AC
Redirect Chain

https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:69523958190D401695BC3F4D843FF8B6&gdpr=0&gdpr_consent=

1 B
53 B

168ms
167ms

Document
text/html

204.237.133.120
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:69523958190D401695BC3F4D843FF8B6&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.120 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 1
content-type: text/html; charset=utf-8
date: Sun, 08 Jan 2023 11:23:35 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-length: 142
content-type: text/html
date: Sun, 08 Jan 2023 11:23:35 GMT
expires: Sat, 07 Jan 2023 11:23:35 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:69523958190D401695BC3F4D843FF8B6&gdpr=0&gdpr_consent=
server: openresty
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 814E
Redirect Chain

https://gocm.c.appier.net/pubmatic
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=orsw1G7wD12i6ubEt6e6Yw

42 B
198 B

170ms
170ms

Document
image/gif

104.36.113.107
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=orsw1G7wD12i6ubEt6e6Yw
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sun, 08 Jan 2023 11:23:35 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

cache-control: no-store
content-length: 153
content-type: text/html; charset=utf-8
date: Sun, 08 Jan 2023 11:23:35 GMT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=orsw1G7wD12i6ubEt6e6Yw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: nginx

GET
H2

202

Artemis
aud.pubmatic.com/AdServer/ Frame 0682
Redirect Chain

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=
https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=&fbounce=1
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=FC664E40-1D0C-4169-A69F-C6161527EB7F&addseg=19,36,42

0
0

539ms
170ms

Image
application/json

104.36.113.68
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=FC664E40-1D0C-4169-A69F-C6161527EB7F&addseg=19,36,42
Protocol: H2
Server: 104.36.113.68 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Redirect headers

date: Sun, 08 Jan 2023 11:23:35 GMT
via: 1.1 google
content-type: text/html; charset=utf-8
location: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=FC664E40-1D0C-4169-A69F-C6161527EB7F&addseg=19,36,42
p3p: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 141

GET
H/1.1

200
OK

info2
uipglob.semasio.net/pubmatic/1/ Frame 0682
Redirect Chain

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent=
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent=

42 B
603 B

93ms
40ms

Image
image/gif

77.243.60.138
NETIC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Server: 77.243.60.138 Norresundby, Denmark, ASN42697 (NETIC-AS, DK),
Reverse DNS
Software: /
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:39 GMT
frontend-id: 6
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
content-type: image/gif
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-origin: *
content-length: 42
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:39 GMT
frontend-id: 10
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
location: /pubmatic/1/info2?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent=
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-origin: *
content-length: 0
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

GET
H2 200 g.pixel
aa.agkn.com/adscores/ Frame 0682 43 B
502 B 198ms
80ms Image
image/gif 54.78.245.184
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aa.agkn.com/adscores/g.pixel?sid=9212308278&puid=FC664E40-1D0C-4169-A69F-C6161527EB7F
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.78.245.184 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-78-245-184.eu-west-1.compute.amazonaws.com
Software: AAWebServer /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:35 GMT
server: AAWebServer
access-control-allow-methods: GET, POST, OPTIONS
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: accept, cache-control, origin, x-requested-with, x-file-name, content-type
content-length: 43
expires: 0

GET
H/1.1

204
No Content

/
io.narrative.io/ Frame 0682
Redirect Chain

https://io.narrative.io/?companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F
https://io.narrative.io/?io.narrative.guid.v2=e43da000-8f46-11ed-a2ff-061bc173b447&companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F

0
135 B

240ms
191ms

Image
text/plain

35.162.174.47
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://io.narrative.io/?io.narrative.guid.v2=e43da000-8f46-11ed-a2ff-061bc173b447&companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F
Protocol: HTTP/1.1
Server: 35.162.174.47 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-162-174-47.us-west-2.compute.amazonaws.com
Software: nginx/1.22.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:36 GMT
Cache-Control: no-cache
Server: nginx/1.22.0
Connection: keep-alive

Redirect headers

Location: https://io.narrative.io/?io.narrative.guid.v2=e43da000-8f46-11ed-a2ff-061bc173b447&companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F
Date: Sun, 08 Jan 2023 11:23:35 GMT
Server: nginx/1.22.0
Connection: keep-alive
Content-Length: 0

GET
H2

202

Artemis
aud.pubmatic.com/AdServer/ Frame 0EC2
Redirect Chain

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=
https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=&fbounce=1
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=FC664E40-1D0C-4169-A69F-C6161527EB7F&addseg=19,36,42

0
0

541ms
171ms

Image
application/json

104.36.113.68
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=FC664E40-1D0C-4169-A69F-C6161527EB7F&addseg=19,36,42
Protocol: H2
Server: 104.36.113.68 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Redirect headers

date: Sun, 08 Jan 2023 11:23:35 GMT
via: 1.1 google
content-type: text/html; charset=utf-8
location: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=FC664E40-1D0C-4169-A69F-C6161527EB7F&addseg=19,36,42
p3p: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 141

GET
H/1.1

200
OK

info2
uipglob.semasio.net/pubmatic/1/ Frame 0EC2
Redirect Chain

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent=
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent=

42 B
603 B

63ms
39ms

Image
image/gif

77.243.60.138
NETIC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Server: 77.243.60.138 Norresundby, Denmark, ASN42697 (NETIC-AS, DK),
Reverse DNS
Software: /
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:39 GMT
frontend-id: 6
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
content-type: image/gif
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-origin: *
content-length: 42
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:39 GMT
frontend-id: 12
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
location: /pubmatic/1/info2?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent=
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-origin: *
content-length: 0
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

GET
H2 200 g.pixel
aa.agkn.com/adscores/ Frame 0EC2 43 B
499 B 158ms
46ms Image
image/gif 54.78.245.184
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aa.agkn.com/adscores/g.pixel?sid=9212308278&puid=FC664E40-1D0C-4169-A69F-C6161527EB7F
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.78.245.184 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-78-245-184.eu-west-1.compute.amazonaws.com
Software: AAWebServer /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:35 GMT
server: AAWebServer
access-control-allow-methods: GET, POST, OPTIONS
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: accept, cache-control, origin, x-requested-with, x-file-name, content-type
content-length: 43
expires: 0

GET
H/1.1

204
No Content

/
io.narrative.io/ Frame 0EC2
Redirect Chain

https://io.narrative.io/?companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F
https://io.narrative.io/?io.narrative.guid.v2=e43dc710-8f46-11ed-92de-0acf81a41c3f&companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F

0
247 B

276ms
191ms

Image
text/plain

35.162.174.47
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://io.narrative.io/?io.narrative.guid.v2=e43dc710-8f46-11ed-92de-0acf81a41c3f&companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F
Protocol: HTTP/1.1
Server: 35.162.174.47 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-162-174-47.us-west-2.compute.amazonaws.com
Software: nginx/1.22.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:36 GMT
Cache-Control: no-cache
Server: nginx/1.22.0
Connection: keep-alive

Redirect headers

Location: https://io.narrative.io/?io.narrative.guid.v2=e43dc710-8f46-11ed-92de-0acf81a41c3f&companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F
Date: Sun, 08 Jan 2023 11:23:35 GMT
Server: nginx/1.22.0
Connection: keep-alive
Content-Length: 0

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 5D66
Redirect Chain

https://csync.loopme.me/?pubid=11331&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={viewer_token}
https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}

0
74 B

169ms
169ms

Document
text/html

204.237.133.120
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.120 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Sun, 08 Jan 2023 11:23:35 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

content-length: 0
date: Sun, 08 Jan 2023 11:23:35 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
server: _

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 9E5B
Redirect Chain

https://mweb.ck.inmobi.com/sync/15?redirect=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA%3D%3D%26piggybackCookie%3D%24DSP_CKID
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=a4ae893c-a80e-4412-b6a8-56766896647c

1 B
53 B

169ms
169ms

Document
text/html

104.36.113.107
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=a4ae893c-a80e-4412-b6a8-56766896647c
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 1
content-type: text/html; charset=utf-8
date: Sun, 08 Jan 2023 11:23:34 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

content-length: 0
date: Sun, 08 Jan 2023 11:23:35 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=a4ae893c-a80e-4412-b6a8-56766896647c
strict-transport-security: max-age=15724800; includeSubDomains

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 3B5F
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=1JH85z35QSVjoGTgVAcQc9ly2hs

42 B
296 B

169ms
168ms

Document
image/gif

204.237.133.120
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=1JH85z35QSVjoGTgVAcQc9ly2hs
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.120 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sun, 08 Jan 2023 11:23:35 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Connection: keep-alive
Content-Length: 159
Content-Type: text/html; charset=utf-8
Date: Sun, 08 Jan 2023 11:23:35 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=1JH85z35QSVjoGTgVAcQc9ly2hs

GET
H2

200

generic Show response
match.adsrvr.org/track/cmf/ Frame 4EC3
Redirect Chain

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
https://sync.1rx.io/usersync2/pubmatic?zcc=1&cb=1673177015429
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=739940594

70 B
264 B

44ms
44ms

Document
image/gif

35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=739940594
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private,no-cache, must-revalidate
content-length: 70
content-type: image/gif
date: Sun, 08 Jan 2023 11:23:35 GMT
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma: no-cache
x-aspnet-version: 4.0.30319

Redirect headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/html
Date: Sun, 08 Jan 2023 11:23:35 GMT
ETag: RX3d811a6d951242b8b386b2ae4cf458ce005
Expires: 0
Location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=739940594
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Pragma: no-cache
Server: Tengine
Transfer-Encoding: chunked

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 3EEA
Redirect Chain

https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:69523958190D401695BC3F4D843FF8B6&gdpr=0&gdpr_consent=

1 B
53 B

168ms
167ms

Document
text/html

204.237.133.120
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:69523958190D401695BC3F4D843FF8B6&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.120 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 1
content-type: text/html; charset=utf-8
date: Sun, 08 Jan 2023 11:23:34 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-length: 142
content-type: text/html
date: Sun, 08 Jan 2023 11:23:35 GMT
expires: Sat, 07 Jan 2023 11:23:35 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:69523958190D401695BC3F4D843FF8B6&gdpr=0&gdpr_consent=
server: openresty
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame E7E2
Redirect Chain

https://gocm.c.appier.net/pubmatic
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=s1yRClZyCn28geQdt6e6Yw

42 B
278 B

170ms
170ms

Document
image/gif

104.36.113.107
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=s1yRClZyCn28geQdt6e6Yw
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sun, 08 Jan 2023 11:23:35 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

cache-control: no-store
content-length: 153
content-type: text/html; charset=utf-8
date: Sun, 08 Jan 2023 11:23:35 GMT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=s1yRClZyCn28geQdt6e6Yw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: nginx

GET
H2

202

Artemis
aud.pubmatic.com/AdServer/ Frame F7F0
Redirect Chain

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=
https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=&fbounce=1
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=FC664E40-1D0C-4169-A69F-C6161527EB7F&addseg=19,36,42

0
0

539ms
169ms

Image
application/json

104.36.113.68
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=FC664E40-1D0C-4169-A69F-C6161527EB7F&addseg=19,36,42
Protocol: H2
Server: 104.36.113.68 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Redirect headers

date: Sun, 08 Jan 2023 11:23:35 GMT
via: 1.1 google
content-type: text/html; charset=utf-8
location: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=FC664E40-1D0C-4169-A69F-C6161527EB7F&addseg=19,36,42
p3p: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 141

GET
H/1.1

200
OK

info2
uipglob.semasio.net/pubmatic/1/ Frame F7F0
Redirect Chain

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent=
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent=

42 B
603 B

90ms
39ms

Image
image/gif

77.243.60.138
NETIC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Server: 77.243.60.138 Norresundby, Denmark, ASN42697 (NETIC-AS, DK),
Reverse DNS
Software: /
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:39 GMT
frontend-id: 6
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
content-type: image/gif
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-origin: *
content-length: 42
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:39 GMT
frontend-id: 12
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
location: /pubmatic/1/info2?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent=
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-origin: *
content-length: 0
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

GET
H2 200 g.pixel
aa.agkn.com/adscores/ Frame F7F0 43 B
502 B 116ms
46ms Image
image/gif 54.78.245.184
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aa.agkn.com/adscores/g.pixel?sid=9212308278&puid=FC664E40-1D0C-4169-A69F-C6161527EB7F
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.78.245.184 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-78-245-184.eu-west-1.compute.amazonaws.com
Software: AAWebServer /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:35 GMT
server: AAWebServer
access-control-allow-methods: GET, POST, OPTIONS
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: accept, cache-control, origin, x-requested-with, x-file-name, content-type
content-length: 43
expires: 0

GET
H/1.1

204
No Content

/
io.narrative.io/ Frame F7F0
Redirect Chain

https://io.narrative.io/?companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F
https://io.narrative.io/?io.narrative.guid.v2=e444cbf0-8f46-11ed-92de-0acf81a41c3f&companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F

0
247 B

245ms
188ms

Image
text/plain

35.162.174.47
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://io.narrative.io/?io.narrative.guid.v2=e444cbf0-8f46-11ed-92de-0acf81a41c3f&companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F
Protocol: HTTP/1.1
Server: 35.162.174.47 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-162-174-47.us-west-2.compute.amazonaws.com
Software: nginx/1.22.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:36 GMT
Cache-Control: no-cache
Server: nginx/1.22.0
Connection: keep-alive

Redirect headers

Location: https://io.narrative.io/?io.narrative.guid.v2=e444cbf0-8f46-11ed-92de-0acf81a41c3f&companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F
Date: Sun, 08 Jan 2023 11:23:35 GMT
Server: nginx/1.22.0
Connection: keep-alive
Content-Length: 0

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 59D2
Redirect Chain

https://csync.loopme.me/?pubid=11331&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={viewer_token}
https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}

0
74 B

454ms
453ms

Document
text/html

204.237.133.120
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.120 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Sun, 08 Jan 2023 11:23:35 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

content-length: 0
date: Sun, 08 Jan 2023 11:23:35 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
server: _

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 91B9
Redirect Chain

https://mweb.ck.inmobi.com/sync/15?redirect=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA%3D%3D%26piggybackCookie%3D%24DSP_CKID
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=0d9f2299-90e5-4eff-8aee-a8642bc34c32

1 B
53 B

173ms
170ms

Document
text/html

104.36.113.107
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=0d9f2299-90e5-4eff-8aee-a8642bc34c32
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 1
content-type: text/html; charset=utf-8
date: Sun, 08 Jan 2023 11:23:34 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

content-length: 0
date: Sun, 08 Jan 2023 11:23:35 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=0d9f2299-90e5-4eff-8aee-a8642bc34c32
strict-transport-security: max-age=15724800; includeSubDomains

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 0A9F
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=FqDBpn7NSMdMDrAxZvlNmdly2hs

42 B
429 B

168ms
167ms

Document
image/gif

204.237.133.120
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=FqDBpn7NSMdMDrAxZvlNmdly2hs
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.120 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sun, 08 Jan 2023 11:23:35 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Connection: keep-alive
Content-Length: 159
Content-Type: text/html; charset=utf-8
Date: Sun, 08 Jan 2023 11:23:35 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=FqDBpn7NSMdMDrAxZvlNmdly2hs

GET
H2

200

generic Show response
match.adsrvr.org/track/cmf/ Frame 5610
Redirect Chain

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
https://sync.1rx.io/usersync2/pubmatic?zcc=1&cb=1673177015470
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=6248985971

70 B
264 B

45ms
44ms

Document
image/gif

35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=6248985971
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private,no-cache, must-revalidate
content-length: 70
content-type: image/gif
date: Sun, 08 Jan 2023 11:23:35 GMT
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma: no-cache
x-aspnet-version: 4.0.30319

Redirect headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/html
Date: Sun, 08 Jan 2023 11:23:35 GMT
ETag: RXcf380b617e884657b34b1ef41f52c2ac005
Expires: 0
Location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=6248985971
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Pragma: no-cache
Server: Tengine
Transfer-Encoding: chunked

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 1FF5
Redirect Chain

https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:69523958190D401695BC3F4D843FF8B6&gdpr=0&gdpr_consent=

1 B
53 B

168ms
167ms

Document
text/html

204.237.133.120
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:69523958190D401695BC3F4D843FF8B6&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.120 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 1
content-type: text/html; charset=utf-8
date: Sun, 08 Jan 2023 11:23:35 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-length: 142
content-type: text/html
date: Sun, 08 Jan 2023 11:23:35 GMT
expires: Sat, 07 Jan 2023 11:23:35 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:69523958190D401695BC3F4D843FF8B6&gdpr=0&gdpr_consent=
server: openresty
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame BBB0
Redirect Chain

https://gocm.c.appier.net/pubmatic
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=nZkck4hYAn63dI-ct6e6Yw

42 B
199 B

170ms
169ms

Document
image/gif

104.36.113.107
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=nZkck4hYAn63dI-ct6e6Yw
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sun, 08 Jan 2023 11:23:35 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

cache-control: no-store
content-length: 153
content-type: text/html; charset=utf-8
date: Sun, 08 Jan 2023 11:23:35 GMT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=nZkck4hYAn63dI-ct6e6Yw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: nginx

GET
H2

202

Artemis
aud.pubmatic.com/AdServer/ Frame C87A
Redirect Chain

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=
https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=&fbounce=1
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=FC664E40-1D0C-4169-A69F-C6161527EB7F&addseg=19,36,42

0
0

540ms
172ms

Image
application/json

104.36.113.68
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=FC664E40-1D0C-4169-A69F-C6161527EB7F&addseg=19,36,42
Protocol: H2
Server: 104.36.113.68 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Redirect headers

date: Sun, 08 Jan 2023 11:23:35 GMT
via: 1.1 google
content-type: text/html; charset=utf-8
location: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=FC664E40-1D0C-4169-A69F-C6161527EB7F&addseg=19,36,42
p3p: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 141

GET
H/1.1

200
OK

info2
uipglob.semasio.net/pubmatic/1/ Frame C87A
Redirect Chain

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent=
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent=

42 B
603 B

80ms
38ms

Image
image/gif

77.243.60.138
NETIC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Server: 77.243.60.138 Norresundby, Denmark, ASN42697 (NETIC-AS, DK),
Reverse DNS
Software: /
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:39 GMT
frontend-id: 7
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
content-type: image/gif
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-origin: *
content-length: 42
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:39 GMT
frontend-id: 0
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
location: /pubmatic/1/info2?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent=
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-origin: *
content-length: 0
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

GET
H2 200 g.pixel
aa.agkn.com/adscores/ Frame C87A 43 B
501 B 100ms
45ms Image
image/gif 54.78.245.184
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aa.agkn.com/adscores/g.pixel?sid=9212308278&puid=FC664E40-1D0C-4169-A69F-C6161527EB7F
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.78.245.184 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-78-245-184.eu-west-1.compute.amazonaws.com
Software: AAWebServer /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:35 GMT
server: AAWebServer
access-control-allow-methods: GET, POST, OPTIONS
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: accept, cache-control, origin, x-requested-with, x-file-name, content-type
content-length: 43
expires: 0

GET
H/1.1

204
No Content

/
io.narrative.io/ Frame C87A
Redirect Chain

https://io.narrative.io/?companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F
https://io.narrative.io/?io.narrative.guid.v2=e44679a0-8f46-11ed-a2ff-061bc173b447&companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F

0
247 B

318ms
189ms

Image
text/plain

35.162.174.47
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://io.narrative.io/?io.narrative.guid.v2=e44679a0-8f46-11ed-a2ff-061bc173b447&companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F
Protocol: HTTP/1.1
Server: 35.162.174.47 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-162-174-47.us-west-2.compute.amazonaws.com
Software: nginx/1.22.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:36 GMT
Cache-Control: no-cache
Server: nginx/1.22.0
Connection: keep-alive

Redirect headers

Location: https://io.narrative.io/?io.narrative.guid.v2=e44679a0-8f46-11ed-a2ff-061bc173b447&companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F
Date: Sun, 08 Jan 2023 11:23:35 GMT
Server: nginx/1.22.0
Connection: keep-alive
Content-Length: 0

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame CA8E
Redirect Chain

https://csync.loopme.me/?pubid=11331&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={viewer_token}
https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}

0
74 B

169ms
168ms

Document
text/html

204.237.133.120
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.120 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Sun, 08 Jan 2023 11:23:35 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

content-length: 0
date: Sun, 08 Jan 2023 11:23:35 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
server: _

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame CAB4
Redirect Chain

https://mweb.ck.inmobi.com/sync/15?redirect=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA%3D%3D%26piggybackCookie%3D%24DSP_CKID
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=fc1b8e89-8410-43c2-9d98-f3c0c8db2ded

1 B
53 B

172ms
170ms

Document
text/html

104.36.113.107
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=fc1b8e89-8410-43c2-9d98-f3c0c8db2ded
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 1
content-type: text/html; charset=utf-8
date: Sun, 08 Jan 2023 08:42:25 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

content-length: 0
date: Sun, 08 Jan 2023 11:23:35 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=fc1b8e89-8410-43c2-9d98-f3c0c8db2ded
strict-transport-security: max-age=15724800; includeSubDomains

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame FC26
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=GxDfqZMxT8BO0TMmFOA5f9ly2hs

42 B
300 B

168ms
167ms

Document
image/gif

204.237.133.120
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=GxDfqZMxT8BO0TMmFOA5f9ly2hs
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.120 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sun, 08 Jan 2023 11:23:35 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Connection: keep-alive
Content-Length: 159
Content-Type: text/html; charset=utf-8
Date: Sun, 08 Jan 2023 11:23:35 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=GxDfqZMxT8BO0TMmFOA5f9ly2hs

GET
H2

200

generic Show response
match.adsrvr.org/track/cmf/ Frame DA4A
Redirect Chain

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
https://sync.1rx.io/usersync2/pubmatic?zcc=1&cb=1673177015485
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=3581863977

70 B
264 B

46ms
46ms

Document
image/gif

35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=3581863977
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private,no-cache, must-revalidate
content-length: 70
content-type: image/gif
date: Sun, 08 Jan 2023 11:23:35 GMT
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma: no-cache
x-aspnet-version: 4.0.30319

Redirect headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/html
Date: Sun, 08 Jan 2023 11:23:35 GMT
ETag: RXe23d335b88fe41728d289b39d21bb61f005
Expires: 0
Location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=3581863977
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Pragma: no-cache
Server: Tengine
Transfer-Encoding: chunked

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 9A98
Redirect Chain

https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:69523958190D401695BC3F4D843FF8B6&gdpr=0&gdpr_consent=

1 B
53 B

176ms
167ms

Document
text/html

204.237.133.120
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:69523958190D401695BC3F4D843FF8B6&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.120 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 1
content-type: text/html; charset=utf-8
date: Sun, 08 Jan 2023 11:23:35 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-length: 142
content-type: text/html
date: Sun, 08 Jan 2023 11:23:35 GMT
expires: Sat, 07 Jan 2023 11:23:35 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:69523958190D401695BC3F4D843FF8B6&gdpr=0&gdpr_consent=
server: openresty
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 40CC
Redirect Chain

https://gocm.c.appier.net/pubmatic
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=tzJyaYULA6WAeMCVt6e6Yw

42 B
199 B

170ms
170ms

Document
image/gif

104.36.113.107
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=tzJyaYULA6WAeMCVt6e6Yw
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sun, 08 Jan 2023 11:23:35 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

cache-control: no-store
content-length: 153
content-type: text/html; charset=utf-8
date: Sun, 08 Jan 2023 11:23:35 GMT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=tzJyaYULA6WAeMCVt6e6Yw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: nginx

GET
H2

202

Artemis
aud.pubmatic.com/AdServer/ Frame E948
Redirect Chain

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=FC664E40-1D0C-4169-A69F-C6161527EB7F&addseg=19,36,42

0
0

541ms
171ms

Image
application/json

104.36.113.68
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=FC664E40-1D0C-4169-A69F-C6161527EB7F&addseg=19,36,42
Protocol: H2
Server: 104.36.113.68 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Redirect headers

date: Sun, 08 Jan 2023 11:23:35 GMT
via: 1.1 google
content-type: text/html; charset=utf-8
location: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=FC664E40-1D0C-4169-A69F-C6161527EB7F&addseg=19,36,42
p3p: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 141

GET
H/1.1

200
OK

info2
uipglob.semasio.net/pubmatic/1/ Frame E948
Redirect Chain

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent=
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent=

42 B
602 B

49ms
39ms

Image
image/gif

77.243.60.138
NETIC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Server: 77.243.60.138 Norresundby, Denmark, ASN42697 (NETIC-AS, DK),
Reverse DNS
Software: /
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:39 GMT
frontend-id: 0
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
content-type: image/gif
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-origin: *
content-length: 42
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:39 GMT
frontend-id: 15
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
location: /pubmatic/1/info2?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent=
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-origin: *
content-length: 0
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

GET
H2 200 g.pixel
aa.agkn.com/adscores/ Frame E948 43 B
502 B 66ms
45ms Image
image/gif 54.78.245.184
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aa.agkn.com/adscores/g.pixel?sid=9212308278&puid=FC664E40-1D0C-4169-A69F-C6161527EB7F
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.78.245.184 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-78-245-184.eu-west-1.compute.amazonaws.com
Software: AAWebServer /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:35 GMT
server: AAWebServer
access-control-allow-methods: GET, POST, OPTIONS
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: accept, cache-control, origin, x-requested-with, x-file-name, content-type
content-length: 43
expires: 0

GET
H/1.1

204
No Content

/
io.narrative.io/ Frame E948
Redirect Chain

https://io.narrative.io/?companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F
https://io.narrative.io/?io.narrative.guid.v2=e44c9420-8f46-11ed-a2ff-061bc173b447&companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F

0
247 B

286ms
191ms

Image
text/plain

35.162.174.47
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://io.narrative.io/?io.narrative.guid.v2=e44c9420-8f46-11ed-a2ff-061bc173b447&companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F
Protocol: HTTP/1.1
Server: 35.162.174.47 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-162-174-47.us-west-2.compute.amazonaws.com
Software: nginx/1.22.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:36 GMT
Cache-Control: no-cache
Server: nginx/1.22.0
Connection: keep-alive

Redirect headers

Location: https://io.narrative.io/?io.narrative.guid.v2=e44c9420-8f46-11ed-a2ff-061bc173b447&companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F
Date: Sun, 08 Jan 2023 11:23:35 GMT
Server: nginx/1.22.0
Connection: keep-alive
Content-Length: 0

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 9010
Redirect Chain

https://csync.loopme.me/?pubid=11331&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={viewer_token}
https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}

0
74 B

198ms
167ms

Document
text/html

204.237.133.120
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.120 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Sun, 08 Jan 2023 11:23:35 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

content-length: 0
date: Sun, 08 Jan 2023 11:23:35 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
server: _

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 0942
Redirect Chain

https://mweb.ck.inmobi.com/sync/15?redirect=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA%3D%3D%26piggybackCookie%3D%24DSP_CKID
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=7e7c368b-58d1-43e3-88b6-1699a55b307e

1 B
53 B

172ms
171ms

Document
text/html

104.36.113.107
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=7e7c368b-58d1-43e3-88b6-1699a55b307e
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 1
content-type: text/html; charset=utf-8
date: Sun, 08 Jan 2023 11:23:34 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

content-length: 0
date: Sun, 08 Jan 2023 11:23:35 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=7e7c368b-58d1-43e3-88b6-1699a55b307e
strict-transport-security: max-age=15724800; includeSubDomains

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 3629
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=gn3kVDKYSAFiVGjzKhv-vdly2hs

42 B
299 B

169ms
169ms

Document
image/gif

204.237.133.120
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=gn3kVDKYSAFiVGjzKhv-vdly2hs
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.120 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sun, 08 Jan 2023 11:23:35 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Connection: keep-alive
Content-Length: 159
Content-Type: text/html; charset=utf-8
Date: Sun, 08 Jan 2023 11:23:35 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=gn3kVDKYSAFiVGjzKhv-vdly2hs

GET
H2

200

generic Show response
match.adsrvr.org/track/cmf/ Frame E514
Redirect Chain

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
https://sync.1rx.io/usersync2/pubmatic?zcc=1&cb=1673177015513
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=7764146630

70 B
264 B

45ms
45ms

Document
image/gif

35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=7764146630
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private,no-cache, must-revalidate
content-length: 70
content-type: image/gif
date: Sun, 08 Jan 2023 11:23:35 GMT
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma: no-cache
x-aspnet-version: 4.0.30319

Redirect headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/html
Date: Sun, 08 Jan 2023 11:23:35 GMT
ETag: RX7f3db8f5677e4958b3a80e7c8ee1b9b4005
Expires: 0
Location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=7764146630
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Pragma: no-cache
Server: Tengine
Transfer-Encoding: chunked

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 6CC9
Redirect Chain

https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:69523958190D401695BC3F4D843FF8B6&gdpr=0&gdpr_consent=

1 B
53 B

192ms
191ms

Document
text/html

204.237.133.120
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:69523958190D401695BC3F4D843FF8B6&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.120 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 1
content-type: text/html; charset=utf-8
date: Sun, 08 Jan 2023 11:23:35 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-length: 142
content-type: text/html
date: Sun, 08 Jan 2023 11:23:35 GMT
expires: Sat, 07 Jan 2023 11:23:35 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:69523958190D401695BC3F4D843FF8B6&gdpr=0&gdpr_consent=
server: openresty
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 308F
Redirect Chain

https://gocm.c.appier.net/pubmatic
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=lj1R9_HpDMOeh6fVt6e6Yw

42 B
199 B

170ms
170ms

Document
image/gif

104.36.113.107
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=lj1R9_HpDMOeh6fVt6e6Yw
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sun, 08 Jan 2023 11:23:34 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

cache-control: no-store
content-length: 153
content-type: text/html; charset=utf-8
date: Sun, 08 Jan 2023 11:23:35 GMT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=lj1R9_HpDMOeh6fVt6e6Yw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: nginx

GET
H2

202

Artemis
aud.pubmatic.com/AdServer/ Frame F332
Redirect Chain

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=FC664E40-1D0C-4169-A69F-C6161527EB7F&addseg=19,36,42

0
0

689ms
334ms

Image
application/json

104.36.113.68
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=FC664E40-1D0C-4169-A69F-C6161527EB7F&addseg=19,36,42
Protocol: H2
Server: 104.36.113.68 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Redirect headers

date: Sun, 08 Jan 2023 11:23:35 GMT
via: 1.1 google
content-type: text/html; charset=utf-8
location: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=FC664E40-1D0C-4169-A69F-C6161527EB7F&addseg=19,36,42
p3p: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 141

GET
H/1.1

200
OK

info2
uipglob.semasio.net/pubmatic/1/ Frame F332
Redirect Chain

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent=
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent=

42 B
602 B

48ms
40ms

Image
image/gif

77.243.60.138
NETIC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Server: 77.243.60.138 Norresundby, Denmark, ASN42697 (NETIC-AS, DK),
Reverse DNS
Software: /
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:39 GMT
frontend-id: 0
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
content-type: image/gif
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-origin: *
content-length: 42
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:39 GMT
frontend-id: 3
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
location: /pubmatic/1/info2?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent=
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-origin: *
content-length: 0
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

GET
H2 200 g.pixel
aa.agkn.com/adscores/ Frame F332 43 B
502 B 87ms
80ms Image
image/gif 54.78.245.184
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aa.agkn.com/adscores/g.pixel?sid=9212308278&puid=FC664E40-1D0C-4169-A69F-C6161527EB7F
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.78.245.184 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-78-245-184.eu-west-1.compute.amazonaws.com
Software: AAWebServer /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:35 GMT
server: AAWebServer
access-control-allow-methods: GET, POST, OPTIONS
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: accept, cache-control, origin, x-requested-with, x-file-name, content-type
content-length: 43
expires: 0

GET
H/1.1

204
No Content

/
io.narrative.io/ Frame F332
Redirect Chain

https://io.narrative.io/?companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F
https://io.narrative.io/?io.narrative.guid.v2=e44d3060-8f46-11ed-a2ff-061bc173b447&companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F

0
247 B

324ms
191ms

Image
text/plain

35.162.174.47
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://io.narrative.io/?io.narrative.guid.v2=e44d3060-8f46-11ed-a2ff-061bc173b447&companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F
Protocol: HTTP/1.1
Server: 35.162.174.47 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-162-174-47.us-west-2.compute.amazonaws.com
Software: nginx/1.22.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:36 GMT
Cache-Control: no-cache
Server: nginx/1.22.0
Connection: keep-alive

Redirect headers

Location: https://io.narrative.io/?io.narrative.guid.v2=e44d3060-8f46-11ed-a2ff-061bc173b447&companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F
Date: Sun, 08 Jan 2023 11:23:35 GMT
Server: nginx/1.22.0
Connection: keep-alive
Content-Length: 0

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 306A
Redirect Chain

https://csync.loopme.me/?pubid=11331&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={viewer_token}
https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}

0
74 B

226ms
167ms

Document
text/html

204.237.133.120
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.120 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Sun, 08 Jan 2023 11:23:35 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

content-length: 0
date: Sun, 08 Jan 2023 11:23:35 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
server: _

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame E85C
Redirect Chain

https://mweb.ck.inmobi.com/sync/15?redirect=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA%3D%3D%26piggybackCookie%3D%24DSP_CKID
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=c4b576a8-2c49-4e71-bdc1-f3322cfe72fd

1 B
53 B

173ms
171ms

Document
text/html

104.36.113.107
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=c4b576a8-2c49-4e71-bdc1-f3322cfe72fd
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 1
content-type: text/html; charset=utf-8
date: Sat, 07 Jan 2023 18:41:04 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

content-length: 0
date: Sun, 08 Jan 2023 11:23:35 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=c4b576a8-2c49-4e71-bdc1-f3322cfe72fd
strict-transport-security: max-age=15724800; includeSubDomains

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 726D
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=fm9Twt9USxxuBk6SPlPKFdly2hs

42 B
299 B

168ms
168ms

Document
image/gif

204.237.133.120
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=fm9Twt9USxxuBk6SPlPKFdly2hs
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.120 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sun, 08 Jan 2023 11:23:35 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Connection: keep-alive
Content-Length: 159
Content-Type: text/html; charset=utf-8
Date: Sun, 08 Jan 2023 11:23:35 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=fm9Twt9USxxuBk6SPlPKFdly2hs

GET
H2

200

generic Show response
match.adsrvr.org/track/cmf/ Frame BF8C
Redirect Chain

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
https://sync.1rx.io/usersync2/pubmatic?zcc=1&cb=1673177015521
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=4018854905

70 B
264 B

45ms
45ms

Document
image/gif

35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=4018854905
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private,no-cache, must-revalidate
content-length: 70
content-type: image/gif
date: Sun, 08 Jan 2023 11:23:35 GMT
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma: no-cache
x-aspnet-version: 4.0.30319

Redirect headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/html
Date: Sun, 08 Jan 2023 11:23:35 GMT
ETag: RXca71315094554410be4884a34f939231005
Expires: 0
Location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=4018854905
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Pragma: no-cache
Server: Tengine
Transfer-Encoding: chunked

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame E867
Redirect Chain

https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:69523958190D401695BC3F4D843FF8B6&gdpr=0&gdpr_consent=

1 B
53 B

220ms
167ms

Document
text/html

204.237.133.120
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:69523958190D401695BC3F4D843FF8B6&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.120 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 1
content-type: text/html; charset=utf-8
date: Sun, 08 Jan 2023 11:23:35 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-length: 142
content-type: text/html
date: Sun, 08 Jan 2023 11:23:35 GMT
expires: Sat, 07 Jan 2023 11:23:35 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:69523958190D401695BC3F4D843FF8B6&gdpr=0&gdpr_consent=
server: openresty
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame B27A
Redirect Chain

https://gocm.c.appier.net/pubmatic
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=RCwb06O2DxON-N4Yt6e6Yw

42 B
199 B

172ms
171ms

Document
image/gif

104.36.113.107
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=RCwb06O2DxON-N4Yt6e6Yw
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sun, 08 Jan 2023 11:23:35 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

cache-control: no-store
content-length: 153
content-type: text/html; charset=utf-8
date: Sun, 08 Jan 2023 11:23:35 GMT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=RCwb06O2DxON-N4Yt6e6Yw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: nginx

GET
H2

202

Artemis
aud.pubmatic.com/AdServer/ Frame 603C
Redirect Chain

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=FC664E40-1D0C-4169-A69F-C6161527EB7F&addseg=19,36,42

0
0

540ms
172ms

Image
application/json

104.36.113.68
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=FC664E40-1D0C-4169-A69F-C6161527EB7F&addseg=19,36,42
Protocol: H2
Server: 104.36.113.68 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Redirect headers

date: Sun, 08 Jan 2023 11:23:35 GMT
via: 1.1 google
content-type: text/html; charset=utf-8
location: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=FC664E40-1D0C-4169-A69F-C6161527EB7F&addseg=19,36,42
p3p: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 141

GET
H/1.1

200
OK

info2
uipglob.semasio.net/pubmatic/1/ Frame 603C
Redirect Chain

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent=
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent=

42 B
602 B

72ms
39ms

Image
image/gif

77.243.60.138
NETIC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Server: 77.243.60.138 Norresundby, Denmark, ASN42697 (NETIC-AS, DK),
Reverse DNS
Software: /
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:39 GMT
frontend-id: 0
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
content-type: image/gif
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-origin: *
content-length: 42
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:39 GMT
frontend-id: 0
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
location: /pubmatic/1/info2?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent=
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-origin: *
content-length: 0
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

GET
H2 200 g.pixel
aa.agkn.com/adscores/ Frame 603C 43 B
501 B 73ms
71ms Image
image/gif 54.78.245.184
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aa.agkn.com/adscores/g.pixel?sid=9212308278&puid=FC664E40-1D0C-4169-A69F-C6161527EB7F
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.78.245.184 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-78-245-184.eu-west-1.compute.amazonaws.com
Software: AAWebServer /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:35 GMT
server: AAWebServer
access-control-allow-methods: GET, POST, OPTIONS
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: accept, cache-control, origin, x-requested-with, x-file-name, content-type
content-length: 43
expires: 0

GET
H/1.1

204
No Content

/
io.narrative.io/ Frame 603C
Redirect Chain

https://io.narrative.io/?companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F
https://io.narrative.io/?io.narrative.guid.v2=e45a9de0-8f46-11ed-a2ff-061bc173b447&companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F

0
247 B

253ms
190ms

Image
text/plain

35.162.174.47
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://io.narrative.io/?io.narrative.guid.v2=e45a9de0-8f46-11ed-a2ff-061bc173b447&companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F
Protocol: HTTP/1.1
Server: 35.162.174.47 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-162-174-47.us-west-2.compute.amazonaws.com
Software: nginx/1.22.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:36 GMT
Cache-Control: no-cache
Server: nginx/1.22.0
Connection: keep-alive

Redirect headers

Location: https://io.narrative.io/?io.narrative.guid.v2=e45a9de0-8f46-11ed-a2ff-061bc173b447&companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F
Date: Sun, 08 Jan 2023 11:23:35 GMT
Server: nginx/1.22.0
Connection: keep-alive
Content-Length: 0

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame FE43
Redirect Chain

https://csync.loopme.me/?pubid=11331&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={viewer_token}
https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}

0
74 B

259ms
167ms

Document
text/html

204.237.133.120
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.120 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Sun, 08 Jan 2023 11:23:34 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

content-length: 0
date: Sun, 08 Jan 2023 11:23:35 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
server: _

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame BF89
Redirect Chain

https://mweb.ck.inmobi.com/sync/15?redirect=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA%3D%3D%26piggybackCookie%3D%24DSP_CKID
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=ea47ba91-8c63-4275-9788-2436797abc15

1 B
53 B

173ms
172ms

Document
text/html

104.36.113.107
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=ea47ba91-8c63-4275-9788-2436797abc15
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 1
content-type: text/html; charset=utf-8
date: Sun, 08 Jan 2023 11:23:34 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

content-length: 0
date: Sun, 08 Jan 2023 11:23:35 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=ea47ba91-8c63-4275-9788-2436797abc15
strict-transport-security: max-age=15724800; includeSubDomains

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 2CB9
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=SiUKDfyOQL9aZjF23dHXt9ly2hs

42 B
298 B

168ms
168ms

Document
image/gif

204.237.133.120
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=SiUKDfyOQL9aZjF23dHXt9ly2hs
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.120 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sun, 08 Jan 2023 11:23:35 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Connection: keep-alive
Content-Length: 159
Content-Type: text/html; charset=utf-8
Date: Sun, 08 Jan 2023 11:23:35 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=SiUKDfyOQL9aZjF23dHXt9ly2hs

GET
H2

200

generic Show response
match.adsrvr.org/track/cmf/ Frame 294E
Redirect Chain

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
https://sync.1rx.io/usersync2/pubmatic?zcc=1&cb=1673177015527
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=6082781188

70 B
264 B

45ms
44ms

Document
image/gif

35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=6082781188
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private,no-cache, must-revalidate
content-length: 70
content-type: image/gif
date: Sun, 08 Jan 2023 11:23:35 GMT
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma: no-cache
x-aspnet-version: 4.0.30319

Redirect headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/html
Date: Sun, 08 Jan 2023 11:23:35 GMT
ETag: RX80ebb7ff71334876aa5d0659ef3cfb7b005
Expires: 0
Location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=6082781188
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Pragma: no-cache
Server: Tengine
Transfer-Encoding: chunked

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 31B5
Redirect Chain

https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:69523958190D401695BC3F4D843FF8B6&gdpr=0&gdpr_consent=

1 B
53 B

282ms
167ms

Document
text/html

204.237.133.120
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:69523958190D401695BC3F4D843FF8B6&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.120 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 1
content-type: text/html; charset=utf-8
date: Sun, 08 Jan 2023 11:23:35 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-length: 142
content-type: text/html
date: Sun, 08 Jan 2023 11:23:35 GMT
expires: Sat, 07 Jan 2023 11:23:35 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:69523958190D401695BC3F4D843FF8B6&gdpr=0&gdpr_consent=
server: openresty
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 2826
Redirect Chain

https://gocm.c.appier.net/pubmatic
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=RYi49kTlDXW78HfJt6e6Yw

42 B
200 B

171ms
170ms

Document
image/gif

104.36.113.107
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=RYi49kTlDXW78HfJt6e6Yw
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sun, 08 Jan 2023 11:23:34 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

cache-control: no-store
content-length: 153
content-type: text/html; charset=utf-8
date: Sun, 08 Jan 2023 11:23:35 GMT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=RYi49kTlDXW78HfJt6e6Yw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: nginx

GET
H2

202

Artemis
aud.pubmatic.com/AdServer/ Frame 80F4
Redirect Chain

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=FC664E40-1D0C-4169-A69F-C6161527EB7F&addseg=19,36,42

0
0

538ms
170ms

Image
application/json

104.36.113.68
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=FC664E40-1D0C-4169-A69F-C6161527EB7F&addseg=19,36,42
Protocol: H2
Server: 104.36.113.68 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Redirect headers

date: Sun, 08 Jan 2023 11:23:35 GMT
via: 1.1 google
content-type: text/html; charset=utf-8
location: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=FC664E40-1D0C-4169-A69F-C6161527EB7F&addseg=19,36,42
p3p: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 141

GET
H/1.1

200
OK

info2
uipglob.semasio.net/pubmatic/1/ Frame 80F4
Redirect Chain

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent=
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent=

42 B
603 B

40ms
40ms

Image
image/gif

77.243.60.138
NETIC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Server: 77.243.60.138 Norresundby, Denmark, ASN42697 (NETIC-AS, DK),
Reverse DNS
Software: /
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:39 GMT
frontend-id: 9
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
content-type: image/gif
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-origin: *
content-length: 42
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:39 GMT
frontend-id: 7
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
location: /pubmatic/1/info2?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent=
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-origin: *
content-length: 0
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

GET
H2 200 g.pixel
aa.agkn.com/adscores/ Frame 80F4 43 B
499 B 68ms
66ms Image
image/gif 54.78.245.184
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aa.agkn.com/adscores/g.pixel?sid=9212308278&puid=FC664E40-1D0C-4169-A69F-C6161527EB7F
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.78.245.184 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-78-245-184.eu-west-1.compute.amazonaws.com
Software: AAWebServer /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:35 GMT
server: AAWebServer
access-control-allow-methods: GET, POST, OPTIONS
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: accept, cache-control, origin, x-requested-with, x-file-name, content-type
content-length: 43
expires: 0

GET
H/1.1

204
No Content

/
io.narrative.io/ Frame 80F4
Redirect Chain

https://io.narrative.io/?companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F
https://io.narrative.io/?io.narrative.guid.v2=e45ac4f0-8f46-11ed-92de-0acf81a41c3f&companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F

0
247 B

288ms
190ms

Image
text/plain

35.162.174.47
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://io.narrative.io/?io.narrative.guid.v2=e45ac4f0-8f46-11ed-92de-0acf81a41c3f&companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F
Protocol: HTTP/1.1
Server: 35.162.174.47 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-162-174-47.us-west-2.compute.amazonaws.com
Software: nginx/1.22.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:36 GMT
Cache-Control: no-cache
Server: nginx/1.22.0
Connection: keep-alive

Redirect headers

Location: https://io.narrative.io/?io.narrative.guid.v2=e45ac4f0-8f46-11ed-92de-0acf81a41c3f&companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F
Date: Sun, 08 Jan 2023 11:23:35 GMT
Server: nginx/1.22.0
Connection: keep-alive
Content-Length: 0

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 27E2
Redirect Chain

https://csync.loopme.me/?pubid=11331&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={viewer_token}
https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}

0
74 B

282ms
169ms

Document
text/html

204.237.133.120
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.120 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Sun, 08 Jan 2023 11:23:35 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

content-length: 0
date: Sun, 08 Jan 2023 11:23:35 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
server: _

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 2132
Redirect Chain

https://mweb.ck.inmobi.com/sync/15?redirect=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA%3D%3D%26piggybackCookie%3D%24DSP_CKID
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=98f1ee8b-74ad-47bd-9a6b-c84cdde59c69

1 B
53 B

170ms
170ms

Document
text/html

104.36.113.107
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=98f1ee8b-74ad-47bd-9a6b-c84cdde59c69
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 1
content-type: text/html; charset=utf-8
date: Sun, 08 Jan 2023 11:23:34 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

content-length: 0
date: Sun, 08 Jan 2023 11:23:35 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=98f1ee8b-74ad-47bd-9a6b-c84cdde59c69
strict-transport-security: max-age=15724800; includeSubDomains

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame AF16
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=T1GOtTFnQjhQgGvNt6Qipdly2hs

42 B
297 B

168ms
168ms

Document
image/gif

204.237.133.120
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=T1GOtTFnQjhQgGvNt6Qipdly2hs
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.120 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sun, 08 Jan 2023 11:23:35 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Connection: keep-alive
Content-Length: 159
Content-Type: text/html; charset=utf-8
Date: Sun, 08 Jan 2023 11:23:35 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=T1GOtTFnQjhQgGvNt6Qipdly2hs

GET
H2

200

generic Show response
match.adsrvr.org/track/cmf/ Frame E1CB
Redirect Chain

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
https://sync.1rx.io/usersync2/pubmatic?zcc=1&cb=1673177015540
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=735525043

70 B
264 B

44ms
44ms

Document
image/gif

35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=735525043
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private,no-cache, must-revalidate
content-length: 70
content-type: image/gif
date: Sun, 08 Jan 2023 11:23:35 GMT
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma: no-cache
x-aspnet-version: 4.0.30319

Redirect headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/html
Date: Sun, 08 Jan 2023 11:23:35 GMT
ETag: RX38e30f1acdad4ca983e8168fc2c2f927005
Expires: 0
Location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=735525043
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Pragma: no-cache
Server: Tengine
Transfer-Encoding: chunked

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 36F0
Redirect Chain

https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:69523958190D401695BC3F4D843FF8B6&gdpr=0&gdpr_consent=

1 B
53 B

280ms
168ms

Document
text/html

204.237.133.120
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:69523958190D401695BC3F4D843FF8B6&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.120 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 1
content-type: text/html; charset=utf-8
date: Sun, 08 Jan 2023 11:23:57 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-length: 142
content-type: text/html
date: Sun, 08 Jan 2023 11:23:35 GMT
expires: Sat, 07 Jan 2023 11:23:35 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:69523958190D401695BC3F4D843FF8B6&gdpr=0&gdpr_consent=
server: openresty
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 0B95
Redirect Chain

https://gocm.c.appier.net/pubmatic
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=1_PqpcCsADG-BhAEt6e6Yw

42 B
278 B

170ms
169ms

Document
image/gif

104.36.113.107
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=1_PqpcCsADG-BhAEt6e6Yw
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sun, 08 Jan 2023 11:23:34 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

cache-control: no-store
content-length: 153
content-type: text/html; charset=utf-8
date: Sun, 08 Jan 2023 11:23:35 GMT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=1_PqpcCsADG-BhAEt6e6Yw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: nginx

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 35B6 598 B
1 KB 167ms
167ms Script
text/html 104.36.113.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=34497142&p=156383&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.112 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 22aabf6373bffc83a3b7ed986da18b310165b62cf9e82be4609b0ada5c7924dc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Sun, 08 Jan 2023 11:23:33 GMT
content-length: 598
content-type: text/html; charset=UTF-8

GET
H2

202

Artemis
aud.pubmatic.com/AdServer/ Frame B11B
Redirect Chain

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=FC664E40-1D0C-4169-A69F-C6161527EB7F&addseg=19,36,42

0
0

683ms
333ms

Image
application/json

104.36.113.68
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=FC664E40-1D0C-4169-A69F-C6161527EB7F&addseg=19,36,42
Protocol: H2
Server: 104.36.113.68 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Redirect headers

date: Sun, 08 Jan 2023 11:23:35 GMT
via: 1.1 google
content-type: text/html; charset=utf-8
location: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=FC664E40-1D0C-4169-A69F-C6161527EB7F&addseg=19,36,42
p3p: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 141

GET
H/1.1 200
OK info
uipglob.semasio.net/pubmatic/1/ Frame B11B 42 B
602 B 64ms
41ms Image
image/gif 77.243.60.138
NETIC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=FC664E40-1D0C-4169-A69F-C6161527EB7F&sInitiator=external&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 77.243.60.138 Norresundby, Denmark, ASN42697 (NETIC-AS, DK),
Reverse DNS
Software: /
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:39 GMT
frontend-id: 0
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
content-type: image/gif
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-origin: *
content-length: 42
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

GET
H2 200 g.pixel
aa.agkn.com/adscores/ Frame B11B 43 B
503 B 56ms
45ms Image
image/gif 54.78.245.184
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aa.agkn.com/adscores/g.pixel?sid=9212308278&puid=FC664E40-1D0C-4169-A69F-C6161527EB7F
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.78.245.184 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-78-245-184.eu-west-1.compute.amazonaws.com
Software: AAWebServer /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:35 GMT
server: AAWebServer
access-control-allow-methods: GET, POST, OPTIONS
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: accept, cache-control, origin, x-requested-with, x-file-name, content-type
content-length: 43
expires: 0

GET
H/1.1

204
No Content

/
io.narrative.io/ Frame B11B
Redirect Chain

https://io.narrative.io/?companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F
https://io.narrative.io/?io.narrative.guid.v2=e461f0e0-8f46-11ed-92de-0acf81a41c3f&companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F

0
247 B

243ms
189ms

Image
text/plain

35.162.174.47
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://io.narrative.io/?io.narrative.guid.v2=e461f0e0-8f46-11ed-92de-0acf81a41c3f&companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F
Protocol: HTTP/1.1
Server: 35.162.174.47 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-162-174-47.us-west-2.compute.amazonaws.com
Software: nginx/1.22.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:36 GMT
Cache-Control: no-cache
Server: nginx/1.22.0
Connection: keep-alive

Redirect headers

Location: https://io.narrative.io/?io.narrative.guid.v2=e461f0e0-8f46-11ed-92de-0acf81a41c3f&companyId=673&id=pubmatic_id:FC664E40-1D0C-4169-A69F-C6161527EB7F
Date: Sun, 08 Jan 2023 11:23:36 GMT
Server: nginx/1.22.0
Connection: keep-alive
Content-Length: 0

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame A1B2
Redirect Chain

https://csync.loopme.me/?pubid=11331&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={viewer_token}
https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}

0
74 B

294ms
167ms

Document
text/html

204.237.133.120
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.120 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Sun, 08 Jan 2023 11:23:35 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

content-length: 0
date: Sun, 08 Jan 2023 11:23:35 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
server: _

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame E5A4
Redirect Chain

https://mweb.ck.inmobi.com/sync/15?redirect=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA%3D%3D%26piggybackCookie%3D%24DSP_CKID
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=46898e21-a644-4df4-aca9-9ce428421390

1 B
53 B

169ms
169ms

Document
text/html

104.36.113.107
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=46898e21-a644-4df4-aca9-9ce428421390
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 1
content-type: text/html; charset=utf-8
date: Sun, 08 Jan 2023 11:23:34 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

content-length: 0
date: Sun, 08 Jan 2023 11:23:35 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=46898e21-a644-4df4-aca9-9ce428421390
strict-transport-security: max-age=15724800; includeSubDomains

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 59D8
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=WjyCYBVaTQxwI3CkahAPq9ly2hs

42 B
300 B

168ms
168ms

Document
image/gif

204.237.133.120
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=WjyCYBVaTQxwI3CkahAPq9ly2hs
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.120 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sun, 08 Jan 2023 11:23:35 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Connection: keep-alive
Content-Length: 159
Content-Type: text/html; charset=utf-8
Date: Sun, 08 Jan 2023 11:23:35 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=WjyCYBVaTQxwI3CkahAPq9ly2hs

GET
H2

200

generic Show response
match.adsrvr.org/track/cmf/ Frame 242F
Redirect Chain

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
https://sync.1rx.io/usersync2/pubmatic?zcc=1&cb=1673177015581
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=1864459052

70 B
264 B

45ms
45ms

Document
image/gif

35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=1864459052
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private,no-cache, must-revalidate
content-length: 70
content-type: image/gif
date: Sun, 08 Jan 2023 11:23:35 GMT
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma: no-cache
x-aspnet-version: 4.0.30319

Redirect headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/html
Date: Sun, 08 Jan 2023 11:23:35 GMT
ETag: RX8eeedcc8b06d49aba3af394dc5d848bf005
Expires: 0
Location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=1864459052
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Pragma: no-cache
Server: Tengine
Transfer-Encoding: chunked

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame A39D
Redirect Chain

https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:69523958190D401695BC3F4D843FF8B6&gdpr=0&gdpr_consent=

1 B
53 B

254ms
168ms

Document
text/html

204.237.133.120
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:69523958190D401695BC3F4D843FF8B6&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.120 Ambler, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 1
content-type: text/html; charset=utf-8
date: Sun, 08 Jan 2023 11:23:35 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-length: 142
content-type: text/html
date: Sun, 08 Jan 2023 11:23:35 GMT
expires: Sat, 07 Jan 2023 11:23:35 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:69523958190D401695BC3F4D843FF8B6&gdpr=0&gdpr_consent=
server: openresty
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 6EBD
Redirect Chain

https://gocm.c.appier.net/pubmatic
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=g41ldnf1C1-669XguKe6Yw

42 B
199 B

170ms
170ms

Document
image/gif

104.36.113.107
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=g41ldnf1C1-669XguKe6Yw
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.107 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sun, 08 Jan 2023 11:23:35 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

cache-control: no-store
content-length: 153
content-type: text/html; charset=utf-8
date: Sun, 08 Jan 2023 11:23:36 GMT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=g41ldnf1C1-669XguKe6Yw
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: nginx

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 75D2 598 B
766 B 168ms
167ms Script
text/html 104.36.113.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=86467777&p=156383&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.112 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 22aabf6373bffc83a3b7ed986da18b310165b62cf9e82be4609b0ada5c7924dc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Sun, 08 Jan 2023 11:23:34 GMT
content-length: 598
content-type: text/html; charset=UTF-8

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame FF1D 598 B
766 B 168ms
167ms Script
text/html 104.36.113.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=6362518&p=156383&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.112 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 22aabf6373bffc83a3b7ed986da18b310165b62cf9e82be4609b0ada5c7924dc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Sun, 08 Jan 2023 11:23:34 GMT
content-length: 598
content-type: text/html; charset=UTF-8

GET
H2 200 action
track.scoota.co/ Frame D424 42 B
124 B 41ms
41ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177015355&bid_id=7202460214858058873&delivery_id=3fdc4e55-f72c-4b5f-87e0-94ccff97d0e9&placement_id=31881&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27938&creative_version=17&action=p25&object_type=video&object_id=34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: ff3157520cc42e942209ddfdadd0cf49
date: Sun, 08 Jan 2023 11:23:35 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 21F9 598 B
825 B 167ms
167ms Script
text/html 104.36.113.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=6174205&p=156383&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.112 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 22aabf6373bffc83a3b7ed986da18b310165b62cf9e82be4609b0ada5c7924dc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Sun, 08 Jan 2023 11:23:34 GMT
content-length: 598
content-type: text/html; charset=UTF-8

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 88EA 598 B
766 B 168ms
168ms Script
text/html 104.36.113.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=51403429&p=156383&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.112 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 22aabf6373bffc83a3b7ed986da18b310165b62cf9e82be4609b0ada5c7924dc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Sun, 08 Jan 2023 11:23:34 GMT
content-length: 598
content-type: text/html; charset=UTF-8

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 0E81 598 B
766 B 168ms
167ms Script
text/html 104.36.113.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=91766643&p=156383&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.112 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 22aabf6373bffc83a3b7ed986da18b310165b62cf9e82be4609b0ada5c7924dc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Sun, 08 Jan 2023 11:23:33 GMT
content-length: 598
content-type: text/html; charset=UTF-8

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 964E 598 B
766 B 168ms
167ms Script
text/html 104.36.113.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=68274836&p=156383&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.112 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 22aabf6373bffc83a3b7ed986da18b310165b62cf9e82be4609b0ada5c7924dc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Sun, 08 Jan 2023 11:23:34 GMT
content-length: 598
content-type: text/html; charset=UTF-8

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 42C4 598 B
766 B 167ms
167ms Script
text/html 104.36.113.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=3353915&p=156383&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.112 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 22aabf6373bffc83a3b7ed986da18b310165b62cf9e82be4609b0ada5c7924dc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Sun, 08 Jan 2023 11:23:34 GMT
content-length: 598
content-type: text/html; charset=UTF-8

GET
H2 200 action
track.scoota.co/ Frame 0ABF 42 B
123 B 101ms
95ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177015450&bid_id=3605273051021679518&delivery_id=9fb09995-9bdb-4590-9bdc-da93d9cb4c8f&placement_id=31881&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27938&creative_version=17&action=p25&object_type=video&object_id=34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 28c30dc02c7ff27dd16066d1a95ee0e6
date: Sun, 08 Jan 2023 11:23:35 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 404 qmap
sync.crwdcntrl.net/ Frame 35B6 49 B
264 B 172ms
171ms Image
image/gif 54.176.29.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.176.29.121 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-176-29-121.us-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:35 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.41.3.184
content-length: 49
expires: 0

GET
H2

200

generic
match.adsrvr.org/track/cmf/ Frame 35B6
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_id=3371&partner_device_id=FC664E40-1D0C-4169-A69F-C6161527EB7F
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3371&partner_device_id=FC664E40-1D0C-4169-A69F-C6161527EB7F
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=ec184b35-0543-496e-b30e-55e87b4a67c4%252C%252C&gdpr=0&gdpr_consent=

70 B
264 B

46ms
45ms

Image
image/gif

35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=ec184b35-0543-496e-b30e-55e87b4a67c4%252C%252C&gdpr=0&gdpr_consent=
Protocol: H2
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sun, 08 Jan 2023 11:23:35 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Redirect headers

date: Sun, 08 Jan 2023 11:23:35 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=ec184b35-0543-496e-b30e-55e87b4a67c4%252C%252C&gdpr=0&gdpr_consent=
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H/1.1

200
OK

75145
i6.liadm.com/s/ Frame 35B6
Redirect Chain

https://i.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F
https://i.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F&_li_chk=true&previous_uuid=e1acd6192bf54062a78cf5689f30da2e
https://i6.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F

43 B
436 B

347ms
112ms

Image
image/gif

2600:1f18:ed:550e:8a5c:b0cf:9d7c:272c

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i6.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F

Protocol

HTTP/1.1

Server

2600:1f18:ed:550e:8a5c:b0cf:9d7c:272c -, , ASN (),

Reverse DNS

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:36 GMT
Cache-Control: no-store
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Content-Length: 43
Request-Time: 1
Content-Type: image/gif

Redirect headers

Location: https://i6.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F
Date: Sun, 08 Jan 2023 11:23:35 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Content-Length: 0
Request-Time: 3

GET
H2 200 /
bpi.rtactivate.com/tag/ Frame 35B6 43 B
108 B 381ms
136ms Image
image/gif 3.218.77.41
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bpi.rtactivate.com/tag/?id=20909&user_id=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.218.77.41 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-218-77-41.compute-1.amazonaws.com
Software: awselb/2.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:35 GMT
server: awselb/2.0
content-length: 43
content-type: image/gif

GET
H2 404 qmap
sync.crwdcntrl.net/ Frame 75D2 49 B
264 B 171ms
170ms Image
image/gif 54.176.29.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.176.29.121 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-176-29-121.us-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:35 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.41.29.43
content-length: 49
expires: 0

GET
H2

200

generic
match.adsrvr.org/track/cmf/ Frame 75D2
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_id=3371&partner_device_id=FC664E40-1D0C-4169-A69F-C6161527EB7F
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3371&partner_device_id=FC664E40-1D0C-4169-A69F-C6161527EB7F
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=3587c183-bfc6-4764-a2c0-264294fa7848%252C%252C&gdpr=0&gdpr_consent=

70 B
264 B

46ms
46ms

Image
image/gif

35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=3587c183-bfc6-4764-a2c0-264294fa7848%252C%252C&gdpr=0&gdpr_consent=
Protocol: H2
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sun, 08 Jan 2023 11:23:35 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Redirect headers

date: Sun, 08 Jan 2023 11:23:35 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=3587c183-bfc6-4764-a2c0-264294fa7848%252C%252C&gdpr=0&gdpr_consent=
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H/1.1

200
OK

75145
i6.liadm.com/s/ Frame 75D2
Redirect Chain

https://i.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F
https://i.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F&_li_chk=true&previous_uuid=c1dacd99c1724fc4b6ddf2f0dfefdb98
https://i6.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F

43 B
436 B

336ms
112ms

Image
image/gif

2600:1f18:ed:550e:8a5c:b0cf:9d7c:272c

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i6.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F

Protocol

HTTP/1.1

Server

2600:1f18:ed:550e:8a5c:b0cf:9d7c:272c -, , ASN (),

Reverse DNS

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:36 GMT
Cache-Control: no-store
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Content-Length: 43
Request-Time: 1
Content-Type: image/gif

Redirect headers

Location: https://i6.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F
Date: Sun, 08 Jan 2023 11:23:35 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Content-Length: 0
Request-Time: 3

GET
H2 200 /
bpi.rtactivate.com/tag/ Frame 75D2 43 B
108 B 391ms
155ms Image
image/gif 3.218.77.41
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bpi.rtactivate.com/tag/?id=20909&user_id=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.218.77.41 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-218-77-41.compute-1.amazonaws.com
Software: awselb/2.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:35 GMT
server: awselb/2.0
content-length: 43
content-type: image/gif

GET
H2 404 qmap
sync.crwdcntrl.net/ Frame FF1D 49 B
264 B 172ms
170ms Image
image/gif 54.176.29.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.176.29.121 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-176-29-121.us-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:35 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.41.23.72
content-length: 49
expires: 0

GET
H2

200

generic
match.adsrvr.org/track/cmf/ Frame FF1D
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_id=3371&partner_device_id=FC664E40-1D0C-4169-A69F-C6161527EB7F
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3371&partner_device_id=FC664E40-1D0C-4169-A69F-C6161527EB7F
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=3587c183-bfc6-4764-a2c0-264294fa7848%252C%252C&gdpr=0&gdpr_consent=

70 B
264 B

45ms
44ms

Image
image/gif

35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=3587c183-bfc6-4764-a2c0-264294fa7848%252C%252C&gdpr=0&gdpr_consent=
Protocol: H2
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sun, 08 Jan 2023 11:23:35 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Redirect headers

date: Sun, 08 Jan 2023 11:23:35 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=3587c183-bfc6-4764-a2c0-264294fa7848%252C%252C&gdpr=0&gdpr_consent=
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H/1.1

200
OK

75145
i6.liadm.com/s/ Frame FF1D
Redirect Chain

https://i.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F
https://i.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F&_li_chk=true&previous_uuid=d18129fd74b04692ba5bf296739cf852
https://i6.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F

43 B
436 B

337ms
113ms

Image
image/gif

2600:1f18:ed:550e:8a5c:b0cf:9d7c:272c

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i6.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F

Protocol

HTTP/1.1

Server

2600:1f18:ed:550e:8a5c:b0cf:9d7c:272c -, , ASN (),

Reverse DNS

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:36 GMT
Cache-Control: no-store
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Content-Length: 43
Request-Time: 1
Content-Type: image/gif

Redirect headers

Location: https://i6.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F
Date: Sun, 08 Jan 2023 11:23:36 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Content-Length: 0
Request-Time: 3

GET
H2 200 /
bpi.rtactivate.com/tag/ Frame FF1D 43 B
108 B 362ms
158ms Image
image/gif 3.218.77.41
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bpi.rtactivate.com/tag/?id=20909&user_id=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.218.77.41 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-218-77-41.compute-1.amazonaws.com
Software: awselb/2.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:35 GMT
server: awselb/2.0
content-length: 43
content-type: image/gif

GET
H2 404 qmap
sync.crwdcntrl.net/ Frame 21F9 49 B
264 B 172ms
171ms Image
image/gif 54.176.29.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.176.29.121 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-176-29-121.us-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:35 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.41.0.116
content-length: 49
expires: 0

GET
H2

200

generic
match.adsrvr.org/track/cmf/ Frame 21F9
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_id=3371&partner_device_id=FC664E40-1D0C-4169-A69F-C6161527EB7F
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3371&partner_device_id=FC664E40-1D0C-4169-A69F-C6161527EB7F
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=ec184b35-0543-496e-b30e-55e87b4a67c4%252C%252C&gdpr=0&gdpr_consent=

70 B
264 B

45ms
45ms

Image
image/gif

35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=ec184b35-0543-496e-b30e-55e87b4a67c4%252C%252C&gdpr=0&gdpr_consent=
Protocol: H2
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sun, 08 Jan 2023 11:23:35 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Redirect headers

date: Sun, 08 Jan 2023 11:23:35 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=ec184b35-0543-496e-b30e-55e87b4a67c4%252C%252C&gdpr=0&gdpr_consent=
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H/1.1

200
OK

75145
i6.liadm.com/s/ Frame 21F9
Redirect Chain

https://i.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F
https://i.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F&_li_chk=true&previous_uuid=ef178846056745288eee9fcab60092a7
https://i6.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F

43 B
436 B

333ms
111ms

Image
image/gif

2600:1f18:ed:550e:8a5c:b0cf:9d7c:272c

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i6.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F

Protocol

HTTP/1.1

Server

2600:1f18:ed:550e:8a5c:b0cf:9d7c:272c -, , ASN (),

Reverse DNS

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:36 GMT
Cache-Control: no-store
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Content-Length: 43
Request-Time: 0
Content-Type: image/gif

Redirect headers

Location: https://i6.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F
Date: Sun, 08 Jan 2023 11:23:36 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Content-Length: 0
Request-Time: 2

GET
H2 200 /
bpi.rtactivate.com/tag/ Frame 21F9 43 B
108 B 406ms
224ms Image
image/gif 3.218.77.41
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bpi.rtactivate.com/tag/?id=20909&user_id=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.218.77.41 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-218-77-41.compute-1.amazonaws.com
Software: awselb/2.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:35 GMT
server: awselb/2.0
content-length: 43
content-type: image/gif

GET
H2 404 qmap
sync.crwdcntrl.net/ Frame 88EA 49 B
265 B 174ms
169ms Image
image/gif 54.176.29.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.176.29.121 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-176-29-121.us-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:35 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.41.12.225
content-length: 49
expires: 0

GET
H2

200

generic
match.adsrvr.org/track/cmf/ Frame 88EA
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_id=3371&partner_device_id=FC664E40-1D0C-4169-A69F-C6161527EB7F
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3371&partner_device_id=FC664E40-1D0C-4169-A69F-C6161527EB7F
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=1d91ef35-9e81-4eb8-afc2-cffc63709d7a%252C%252C&gdpr=0&gdpr_consent=

70 B
264 B

48ms
45ms

Image
image/gif

35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=1d91ef35-9e81-4eb8-afc2-cffc63709d7a%252C%252C&gdpr=0&gdpr_consent=
Protocol: H2
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sun, 08 Jan 2023 11:23:36 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Redirect headers

date: Sun, 08 Jan 2023 11:23:35 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=1d91ef35-9e81-4eb8-afc2-cffc63709d7a%252C%252C&gdpr=0&gdpr_consent=
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H/1.1

200
OK

75145
i6.liadm.com/s/ Frame 88EA
Redirect Chain

https://i.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F
https://i.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F&_li_chk=true&previous_uuid=ac289b8d07534239a25895b437b06bd6
https://i6.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F

43 B
436 B

336ms
112ms

Image
image/gif

2600:1f18:ed:550e:8a5c:b0cf:9d7c:272c

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i6.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F

Protocol

HTTP/1.1

Server

2600:1f18:ed:550e:8a5c:b0cf:9d7c:272c -, , ASN (),

Reverse DNS

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:36 GMT
Cache-Control: no-store
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Content-Length: 43
Request-Time: 0
Content-Type: image/gif

Redirect headers

Location: https://i6.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F
Date: Sun, 08 Jan 2023 11:23:36 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Content-Length: 0
Request-Time: 3

GET
H2 200 /
bpi.rtactivate.com/tag/ Frame 88EA 43 B
108 B 273ms
159ms Image
image/gif 3.218.77.41
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bpi.rtactivate.com/tag/?id=20909&user_id=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.218.77.41 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-218-77-41.compute-1.amazonaws.com
Software: awselb/2.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:35 GMT
server: awselb/2.0
content-length: 43
content-type: image/gif

GET
H2 404 qmap
sync.crwdcntrl.net/ Frame 0E81 49 B
263 B 210ms
206ms Image
image/gif 54.176.29.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.176.29.121 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-176-29-121.us-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:35 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.41.2.26
content-length: 49
expires: 0

GET
H2

200

generic
match.adsrvr.org/track/cmf/ Frame 0E81
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_id=3371&partner_device_id=FC664E40-1D0C-4169-A69F-C6161527EB7F
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3371&partner_device_id=FC664E40-1D0C-4169-A69F-C6161527EB7F
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=1d91ef35-9e81-4eb8-afc2-cffc63709d7a%252C%252C&gdpr=0&gdpr_consent=

70 B
264 B

48ms
48ms

Image
image/gif

35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=1d91ef35-9e81-4eb8-afc2-cffc63709d7a%252C%252C&gdpr=0&gdpr_consent=
Protocol: H2
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sun, 08 Jan 2023 11:23:36 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Redirect headers

date: Sun, 08 Jan 2023 11:23:35 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=1d91ef35-9e81-4eb8-afc2-cffc63709d7a%252C%252C&gdpr=0&gdpr_consent=
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H/1.1

200
OK

75145
i6.liadm.com/s/ Frame 0E81
Redirect Chain

https://i.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F
https://i.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F&_li_chk=true&previous_uuid=b6b1e390c2684ac59beb1d968d335f0f
https://i6.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F

43 B
436 B

334ms
112ms

Image
image/gif

2600:1f18:ed:550e:8a5c:b0cf:9d7c:272c

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i6.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F

Protocol

HTTP/1.1

Server

2600:1f18:ed:550e:8a5c:b0cf:9d7c:272c -, , ASN (),

Reverse DNS

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:36 GMT
Cache-Control: no-store
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Content-Length: 43
Request-Time: 1
Content-Type: image/gif

Redirect headers

Location: https://i6.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F
Date: Sun, 08 Jan 2023 11:23:36 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Content-Length: 0
Request-Time: 2

GET
H2 200 /
bpi.rtactivate.com/tag/ Frame 0E81 43 B
108 B 270ms
157ms Image
image/gif 3.218.77.41
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bpi.rtactivate.com/tag/?id=20909&user_id=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.218.77.41 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-218-77-41.compute-1.amazonaws.com
Software: awselb/2.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:35 GMT
server: awselb/2.0
content-length: 43
content-type: image/gif

GET
H2 404 qmap
sync.crwdcntrl.net/ Frame 964E 49 B
264 B 209ms
207ms Image
image/gif 54.176.29.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.176.29.121 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-176-29-121.us-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:35 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.41.3.184
content-length: 49
expires: 0

GET
H2

200

generic
match.adsrvr.org/track/cmf/ Frame 964E
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_id=3371&partner_device_id=FC664E40-1D0C-4169-A69F-C6161527EB7F
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3371&partner_device_id=FC664E40-1D0C-4169-A69F-C6161527EB7F
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=1d91ef35-9e81-4eb8-afc2-cffc63709d7a%252C%252C&gdpr=0&gdpr_consent=

70 B
264 B

48ms
47ms

Image
image/gif

35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=1d91ef35-9e81-4eb8-afc2-cffc63709d7a%252C%252C&gdpr=0&gdpr_consent=
Protocol: H2
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sun, 08 Jan 2023 11:23:36 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Redirect headers

date: Sun, 08 Jan 2023 11:23:35 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=1d91ef35-9e81-4eb8-afc2-cffc63709d7a%252C%252C&gdpr=0&gdpr_consent=
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H/1.1

200
OK

75145
i6.liadm.com/s/ Frame 964E
Redirect Chain

https://i.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F
https://i.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F&_li_chk=true&previous_uuid=7f01d7b4f7b14ba4be7867f464565644
https://i6.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F

43 B
436 B

343ms
111ms

Image
image/gif

2600:1f18:ed:550e:8a5c:b0cf:9d7c:272c

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i6.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F

Protocol

HTTP/1.1

Server

2600:1f18:ed:550e:8a5c:b0cf:9d7c:272c -, , ASN (),

Reverse DNS

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:36 GMT
Cache-Control: no-store
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Content-Length: 43
Request-Time: 0
Content-Type: image/gif

Redirect headers

Location: https://i6.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F
Date: Sun, 08 Jan 2023 11:23:36 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Content-Length: 0
Request-Time: 1

GET
H2 200 /
bpi.rtactivate.com/tag/ Frame 964E 43 B
108 B 248ms
137ms Image
image/gif 3.218.77.41
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bpi.rtactivate.com/tag/?id=20909&user_id=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.218.77.41 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-218-77-41.compute-1.amazonaws.com
Software: awselb/2.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:35 GMT
server: awselb/2.0
content-length: 43
content-type: image/gif

GET
H2 404 qmap
sync.crwdcntrl.net/ Frame 42C4 49 B
264 B 207ms
206ms Image
image/gif 54.176.29.121
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.176.29.121 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-176-29-121.us-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:35 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.41.29.43
content-length: 49
expires: 0

GET
H2

200

generic
match.adsrvr.org/track/cmf/ Frame 42C4
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_id=3371&partner_device_id=FC664E40-1D0C-4169-A69F-C6161527EB7F
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3371&partner_device_id=FC664E40-1D0C-4169-A69F-C6161527EB7F
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=1d91ef35-9e81-4eb8-afc2-cffc63709d7a%252C%252C&gdpr=0&gdpr_consent=

70 B
264 B

48ms
46ms

Image
image/gif

35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=1d91ef35-9e81-4eb8-afc2-cffc63709d7a%252C%252C&gdpr=0&gdpr_consent=
Protocol: H2
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sun, 08 Jan 2023 11:23:36 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Redirect headers

date: Sun, 08 Jan 2023 11:23:35 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=1d91ef35-9e81-4eb8-afc2-cffc63709d7a%252C%252C&gdpr=0&gdpr_consent=
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H/1.1

200
OK

75145
i6.liadm.com/s/ Frame 42C4
Redirect Chain

https://i.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F
https://i.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F&_li_chk=true&previous_uuid=a3c8d8b57aae424f99bd27db777073b4
https://i6.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F

43 B
436 B

333ms
112ms

Image
image/gif

2600:1f18:ed:550e:8a5c:b0cf:9d7c:272c

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i6.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F

Protocol

HTTP/1.1

Server

2600:1f18:ed:550e:8a5c:b0cf:9d7c:272c -, , ASN (),

Reverse DNS

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Sun, 08 Jan 2023 11:23:36 GMT
Cache-Control: no-store
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Content-Length: 43
Request-Time: 1
Content-Type: image/gif

Redirect headers

Location: https://i6.liadm.com/s/75145?bidder_id=195755&bidder_uuid=FC664E40-1D0C-4169-A69F-C6161527EB7F
Date: Sun, 08 Jan 2023 11:23:36 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Content-Length: 0
Request-Time: 2

GET
H2 200 /
bpi.rtactivate.com/tag/ Frame 42C4 43 B
109 B 242ms
131ms Image
image/gif 3.218.77.41
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bpi.rtactivate.com/tag/?id=20909&user_id=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.218.77.41 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-218-77-41.compute-1.amazonaws.com
Software: awselb/2.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:35 GMT
server: awselb/2.0
content-length: 43
content-type: image/gif

GET
H2 200 action
track.scoota.co/ Frame BC77 42 B
124 B 43ms
42ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177015962&bid_id=8666453536827556983&delivery_id=5f6e1fb6-b0ed-4657-b676-7fb29b5006ae&placement_id=31880&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27939&creative_version=12&action=p25&object_type=video&object_id=19
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 2f9a90d7eace5b7892c92e6683fd6519
date: Sun, 08 Jan 2023 11:23:35 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 action
track.scoota.co/ Frame 55AC 42 B
124 B 43ms
43ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177015962&bid_id=1951772018706946693&delivery_id=a4063513-e4df-4114-b27e-eb96b5221ee8&placement_id=31880&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27939&creative_version=12&action=p25&object_type=video&object_id=19
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 8367ced049c9d7b6afdd653c009e863d
date: Sun, 08 Jan 2023 11:23:35 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 action
track.scoota.co/ Frame 3382 42 B
124 B 43ms
42ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177015963&bid_id=7379796288815871095&delivery_id=fad5fb22-6ac2-4ccf-97ea-6eb12e46c096&placement_id=31880&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27939&creative_version=12&action=p25&object_type=video&object_id=19
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 07d17cc3bb86dde0ef293f077ac2748c
date: Sun, 08 Jan 2023 11:23:35 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 action
track.scoota.co/ Frame D424 42 B
123 B 42ms
41ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177016363&bid_id=7202460214858058873&delivery_id=3fdc4e55-f72c-4b5f-87e0-94ccff97d0e9&placement_id=31881&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27938&creative_version=17&action=p30&object_type=video&object_id=34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 30c7120c3ad80fccb07cf91eecbafc75
date: Sun, 08 Jan 2023 11:23:36 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 action
track.scoota.co/ Frame 0ABF 42 B
124 B 42ms
41ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177016461&bid_id=3605273051021679518&delivery_id=9fb09995-9bdb-4590-9bdc-da93d9cb4c8f&placement_id=31881&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27938&creative_version=17&action=p30&object_type=video&object_id=34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 25a425a04d52a9400c89598285c5b546
date: Sun, 08 Jan 2023 11:23:36 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

POST
H2 200 /
track.adform.net/serving/unload/ Frame D49B 35 B
478 B 41ms
40ms Ping
image/gif 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=1735583901080397550@@60271212,5504152812458487879,100|4359|0|0|0|0|0|0|0||170|1|||||1|0|0|KmpIBGf8vz1cPlakbYq96QFK9TzGBS3wj1-l-YM3V3sdX3LItdB6TfL_QlhaeLlf0|||01||0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://hal900023.redintelligence.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:36 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://hal900023.redintelligence.net
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 action
track.scoota.co/ Frame BC77 42 B
123 B 42ms
41ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177016962&bid_id=8666453536827556983&delivery_id=5f6e1fb6-b0ed-4657-b676-7fb29b5006ae&placement_id=31880&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27939&creative_version=12&action=p30&object_type=video&object_id=19
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 9eab3e02bc33d3f60585caa0eae19331
date: Sun, 08 Jan 2023 11:23:36 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 action
track.scoota.co/ Frame 3382 42 B
124 B 47ms
47ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177016963&bid_id=7379796288815871095&delivery_id=fad5fb22-6ac2-4ccf-97ea-6eb12e46c096&placement_id=31880&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27939&creative_version=12&action=p30&object_type=video&object_id=19
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 9f0d0aa69e4c275ec872507c1243b046
date: Sun, 08 Jan 2023 11:23:36 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 action
track.scoota.co/ Frame 55AC 42 B
124 B 41ms
40ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177016979&bid_id=1951772018706946693&delivery_id=a4063513-e4df-4114-b27e-eb96b5221ee8&placement_id=31880&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27939&creative_version=12&action=p30&object_type=video&object_id=19
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 9ea1f80b819086f6d7f3eb929c584436
date: Sun, 08 Jan 2023 11:23:37 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame 0682 0
128 B 170ms
169ms Script
text/plain 104.36.113.111
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=156383&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.111 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:36 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame 0EC2 0
128 B 175ms
175ms Script
text/plain 104.36.113.111
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=156383&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.111 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:35 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame F7F0 0
128 B 170ms
170ms Script
text/plain 104.36.113.111
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=156383&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.111 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:37 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame C87A 0
48 B 170ms
169ms Script
text/plain 104.36.113.111
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=156383&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.111 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:36 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame E948 0
129 B 171ms
170ms Script
text/plain 104.36.113.111
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=156383&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.111 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 05:53:44 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame F332 0
48 B 180ms
180ms Script
text/plain 104.36.113.111
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=156383&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.111 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:37 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame 603C 0
48 B 184ms
183ms Script
text/plain 104.36.113.111
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=156383&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.111 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:37 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame 80F4 0
48 B 170ms
169ms Script
text/plain 104.36.113.111
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=156383&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.111 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:36 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame B11B 0
49 B 171ms
170ms Script
text/plain 104.36.113.111
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=156383&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.111 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 05:53:44 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame 88EA 0
48 B 170ms
169ms Script
text/plain 104.36.113.111
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=156383&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.111 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:37 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame 42C4 0
48 B 171ms
170ms Script
text/plain 104.36.113.111
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=156383&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156383
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.113.111 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:37 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 publishertag.prebid.130.js Show response
static.criteo.net/js/ld/ Frame A962 88 KB
29 KB 45ms
45ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.130.js

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a26695adab8d7538059dd2a25948c481f5a8fffefee171985a305f9fea9dd628

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:38 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Sat, 17 Sep 2022 19:59:55 GMT
server: nginx
etag: W/"6326273b-16120"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 09 Jan 2023 11:23:38 GMT

GET
H2 200 publishertag.prebid.130.js Show response
static.criteo.net/js/ld/ Frame D182 88 KB
29 KB 50ms
50ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.130.js

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a26695adab8d7538059dd2a25948c481f5a8fffefee171985a305f9fea9dd628

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:38 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Sat, 17 Sep 2022 19:59:55 GMT
server: nginx
etag: W/"6326273b-16120"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 09 Jan 2023 11:23:38 GMT

GET
H2 200 publishertag.prebid.130.js Show response
static.criteo.net/js/ld/ Frame AC8E 88 KB
29 KB 54ms
54ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.130.js

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a26695adab8d7538059dd2a25948c481f5a8fffefee171985a305f9fea9dd628

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:38 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Sat, 17 Sep 2022 19:59:55 GMT
server: nginx
etag: W/"6326273b-16120"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 09 Jan 2023 11:23:38 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame A962 89 KB
29 KB 51ms
50ms XHR
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.130.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

61c1317e433c125a2ebbbdaf22fc3a0b3606bcb0c9cfea151425adf7b5195f48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:38 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
server: nginx
etag: W/"6356752f-16294"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 09 Jan 2023 11:23:38 GMT

GET
H2 200 publishertag.prebid.130.js Show response
static.criteo.net/js/ld/ Frame 8278 88 KB
29 KB 44ms
44ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.130.js

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a26695adab8d7538059dd2a25948c481f5a8fffefee171985a305f9fea9dd628

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:38 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Sat, 17 Sep 2022 19:59:55 GMT
server: nginx
etag: W/"6326273b-16120"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 09 Jan 2023 11:23:38 GMT

GET
H2 200 publishertag.prebid.130.js Show response
static.criteo.net/js/ld/ Frame 0F1D 88 KB
29 KB 44ms
44ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.130.js

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a26695adab8d7538059dd2a25948c481f5a8fffefee171985a305f9fea9dd628

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:38 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Sat, 17 Sep 2022 19:59:55 GMT
server: nginx
etag: W/"6326273b-16120"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 09 Jan 2023 11:23:38 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame D182 89 KB
29 KB 50ms
50ms XHR
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.130.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

61c1317e433c125a2ebbbdaf22fc3a0b3606bcb0c9cfea151425adf7b5195f48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:38 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
server: nginx
etag: W/"6356752f-16294"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 09 Jan 2023 11:23:38 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame AC8E 89 KB
29 KB 48ms
47ms XHR
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.130.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

61c1317e433c125a2ebbbdaf22fc3a0b3606bcb0c9cfea151425adf7b5195f48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:38 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
server: nginx
etag: W/"6356752f-16294"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 09 Jan 2023 11:23:38 GMT

GET
H2 200 publishertag.prebid.130.js Show response
static.criteo.net/js/ld/ Frame 1A70 88 KB
29 KB 48ms
48ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.130.js

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a26695adab8d7538059dd2a25948c481f5a8fffefee171985a305f9fea9dd628

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:38 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Sat, 17 Sep 2022 19:59:55 GMT
server: nginx
etag: W/"6326273b-16120"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 09 Jan 2023 11:23:38 GMT

GET
H2 200 publishertag.prebid.130.js Show response
static.criteo.net/js/ld/ Frame FE97 88 KB
29 KB 53ms
53ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.130.js

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a26695adab8d7538059dd2a25948c481f5a8fffefee171985a305f9fea9dd628

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:38 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Sat, 17 Sep 2022 19:59:55 GMT
server: nginx
etag: W/"6326273b-16120"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 09 Jan 2023 11:23:38 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame 8278 89 KB
29 KB 50ms
50ms XHR
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.130.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

61c1317e433c125a2ebbbdaf22fc3a0b3606bcb0c9cfea151425adf7b5195f48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:38 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
server: nginx
etag: W/"6356752f-16294"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 09 Jan 2023 11:23:38 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame 0F1D 89 KB
29 KB 59ms
59ms XHR
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.130.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

61c1317e433c125a2ebbbdaf22fc3a0b3606bcb0c9cfea151425adf7b5195f48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:38 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
server: nginx
etag: W/"6356752f-16294"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 09 Jan 2023 11:23:38 GMT

GET
H2 200 publishertag.prebid.130.js Show response
static.criteo.net/js/ld/ Frame B65F 88 KB
29 KB 44ms
44ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.130.js

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a26695adab8d7538059dd2a25948c481f5a8fffefee171985a305f9fea9dd628

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:38 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Sat, 17 Sep 2022 19:59:55 GMT
server: nginx
etag: W/"6326273b-16120"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 09 Jan 2023 11:23:38 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame 1A70 89 KB
29 KB 51ms
51ms XHR
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.130.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

61c1317e433c125a2ebbbdaf22fc3a0b3606bcb0c9cfea151425adf7b5195f48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:38 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
server: nginx
etag: W/"6356752f-16294"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 09 Jan 2023 11:23:38 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame FE97 89 KB
29 KB 53ms
52ms XHR
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.130.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

61c1317e433c125a2ebbbdaf22fc3a0b3606bcb0c9cfea151425adf7b5195f48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:38 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
server: nginx
etag: W/"6356752f-16294"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 09 Jan 2023 11:23:38 GMT

GET
H2 200 publishertag.prebid.130.js Show response
static.criteo.net/js/ld/ Frame 6FFB 88 KB
29 KB 43ms
43ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.130.js

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a26695adab8d7538059dd2a25948c481f5a8fffefee171985a305f9fea9dd628

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:38 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Sat, 17 Sep 2022 19:59:55 GMT
server: nginx
etag: W/"6326273b-16120"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 09 Jan 2023 11:23:38 GMT

GET
H2 200 publishertag.prebid.130.js Show response
static.criteo.net/js/ld/ Frame 9CE5 88 KB
29 KB 66ms
65ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.130.js

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a26695adab8d7538059dd2a25948c481f5a8fffefee171985a305f9fea9dd628

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:38 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Sat, 17 Sep 2022 19:59:55 GMT
server: nginx
etag: W/"6326273b-16120"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 09 Jan 2023 11:23:38 GMT

GET
H2 200 publishertag.prebid.130.js Show response
static.criteo.net/js/ld/ Frame 541C 88 KB
29 KB 42ms
42ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.130.js

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a26695adab8d7538059dd2a25948c481f5a8fffefee171985a305f9fea9dd628

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:38 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Sat, 17 Sep 2022 19:59:55 GMT
server: nginx
etag: W/"6326273b-16120"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 09 Jan 2023 11:23:38 GMT

GET
H2 200 action
track.scoota.co/ Frame D424 42 B
124 B 42ms
42ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177018379&bid_id=7202460214858058873&delivery_id=3fdc4e55-f72c-4b5f-87e0-94ccff97d0e9&placement_id=31881&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27938&creative_version=17&action=p40&object_type=video&object_id=34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 467afd3d34c8b2f220537bcab186cdd9
date: Sun, 08 Jan 2023 11:23:38 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 publishertag.prebid.130.js Show response
static.criteo.net/js/ld/ Frame 9C00 88 KB
29 KB 45ms
45ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.130.js

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a26695adab8d7538059dd2a25948c481f5a8fffefee171985a305f9fea9dd628

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:38 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Sat, 17 Sep 2022 19:59:55 GMT
server: nginx
etag: W/"6326273b-16120"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 09 Jan 2023 11:23:38 GMT

GET
H2 200 publishertag.prebid.130.js Show response
static.criteo.net/js/ld/ Frame 8E80 88 KB
29 KB 44ms
41ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.130.js

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a26695adab8d7538059dd2a25948c481f5a8fffefee171985a305f9fea9dd628

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:38 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Sat, 17 Sep 2022 19:59:55 GMT
server: nginx
etag: W/"6326273b-16120"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 09 Jan 2023 11:23:38 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame B65F 89 KB
29 KB 45ms
45ms XHR
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.130.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

61c1317e433c125a2ebbbdaf22fc3a0b3606bcb0c9cfea151425adf7b5195f48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:38 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
server: nginx
etag: W/"6356752f-16294"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 09 Jan 2023 11:23:38 GMT

GET
H2 200 publishertag.prebid.130.js Show response
static.criteo.net/js/ld/ Frame 81D4 88 KB
29 KB 43ms
43ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.130.js

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a26695adab8d7538059dd2a25948c481f5a8fffefee171985a305f9fea9dd628

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:38 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Sat, 17 Sep 2022 19:59:55 GMT
server: nginx
etag: W/"6326273b-16120"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 09 Jan 2023 11:23:38 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame 6FFB 89 KB
29 KB 46ms
46ms XHR
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.130.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

61c1317e433c125a2ebbbdaf22fc3a0b3606bcb0c9cfea151425adf7b5195f48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:38 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
server: nginx
etag: W/"6356752f-16294"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 09 Jan 2023 11:23:38 GMT

GET
H2 200 publishertag.prebid.130.js Show response
static.criteo.net/js/ld/ Frame 6E84 88 KB
29 KB 44ms
44ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.130.js

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a26695adab8d7538059dd2a25948c481f5a8fffefee171985a305f9fea9dd628

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:38 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Sat, 17 Sep 2022 19:59:55 GMT
server: nginx
etag: W/"6326273b-16120"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 09 Jan 2023 11:23:38 GMT

GET
H2 200 publishertag.prebid.130.js Show response
static.criteo.net/js/ld/ Frame A610 88 KB
29 KB 42ms
42ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.130.js

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a26695adab8d7538059dd2a25948c481f5a8fffefee171985a305f9fea9dd628

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:38 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Sat, 17 Sep 2022 19:59:55 GMT
server: nginx
etag: W/"6326273b-16120"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 09 Jan 2023 11:23:38 GMT

GET
H2 200 publishertag.prebid.130.js Show response
static.criteo.net/js/ld/ Frame 56AD 88 KB
29 KB 46ms
45ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.130.js

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a26695adab8d7538059dd2a25948c481f5a8fffefee171985a305f9fea9dd628

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:38 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Sat, 17 Sep 2022 19:59:55 GMT
server: nginx
etag: W/"6326273b-16120"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 09 Jan 2023 11:23:38 GMT

GET
H2 200 action
track.scoota.co/ Frame 0ABF 42 B
124 B 43ms
42ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177018433&bid_id=3605273051021679518&delivery_id=9fb09995-9bdb-4590-9bdc-da93d9cb4c8f&placement_id=31881&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27938&creative_version=17&action=p40&object_type=video&object_id=34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: d8e2e4c4adf5f9189e8f94ad2d683720
date: Sun, 08 Jan 2023 11:23:38 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame 541C 89 KB
29 KB 49ms
49ms XHR
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.130.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

61c1317e433c125a2ebbbdaf22fc3a0b3606bcb0c9cfea151425adf7b5195f48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:38 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
server: nginx
etag: W/"6356752f-16294"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 09 Jan 2023 11:23:38 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame 9CE5 89 KB
29 KB 54ms
54ms XHR
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.130.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

61c1317e433c125a2ebbbdaf22fc3a0b3606bcb0c9cfea151425adf7b5195f48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:38 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
server: nginx
etag: W/"6356752f-16294"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 09 Jan 2023 11:23:38 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame 9C00 89 KB
29 KB 50ms
48ms XHR
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.130.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

61c1317e433c125a2ebbbdaf22fc3a0b3606bcb0c9cfea151425adf7b5195f48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:38 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
server: nginx
etag: W/"6356752f-16294"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 09 Jan 2023 11:23:38 GMT

GET
H2 200 publishertag.prebid.130.js Show response
static.criteo.net/js/ld/ Frame 37E9 88 KB
29 KB 48ms
48ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.130.js

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid7.19.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a26695adab8d7538059dd2a25948c481f5a8fffefee171985a305f9fea9dd628

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:38 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Sat, 17 Sep 2022 19:59:55 GMT
server: nginx
etag: W/"6326273b-16120"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 09 Jan 2023 11:23:38 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame 8E80 89 KB
29 KB 48ms
47ms XHR
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.130.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

61c1317e433c125a2ebbbdaf22fc3a0b3606bcb0c9cfea151425adf7b5195f48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:38 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
server: nginx
etag: W/"6356752f-16294"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 09 Jan 2023 11:23:38 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame 81D4 89 KB
29 KB 48ms
48ms XHR
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.130.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

61c1317e433c125a2ebbbdaf22fc3a0b3606bcb0c9cfea151425adf7b5195f48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:38 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
server: nginx
etag: W/"6356752f-16294"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 09 Jan 2023 11:23:38 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame 6E84 89 KB
29 KB 45ms
45ms XHR
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.130.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

61c1317e433c125a2ebbbdaf22fc3a0b3606bcb0c9cfea151425adf7b5195f48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:38 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
server: nginx
etag: W/"6356752f-16294"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 09 Jan 2023 11:23:38 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame A610 89 KB
29 KB 47ms
47ms XHR
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.130.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

61c1317e433c125a2ebbbdaf22fc3a0b3606bcb0c9cfea151425adf7b5195f48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:38 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
server: nginx
etag: W/"6356752f-16294"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 09 Jan 2023 11:23:38 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame 56AD 89 KB
29 KB 49ms
48ms XHR
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.130.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

61c1317e433c125a2ebbbdaf22fc3a0b3606bcb0c9cfea151425adf7b5195f48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:38 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
server: nginx
etag: W/"6356752f-16294"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 09 Jan 2023 11:23:38 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame 37E9 89 KB
29 KB 48ms
48ms XHR
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.130.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

61c1317e433c125a2ebbbdaf22fc3a0b3606bcb0c9cfea151425adf7b5195f48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:38 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 24 Oct 2022 11:21:19 GMT
server: nginx
etag: W/"6356752f-16294"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 09 Jan 2023 11:23:38 GMT

GET
H2 200 action
track.scoota.co/ Frame BC77 42 B
125 B 43ms
42ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177018978&bid_id=8666453536827556983&delivery_id=5f6e1fb6-b0ed-4657-b676-7fb29b5006ae&placement_id=31880&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27939&creative_version=12&action=p40&object_type=video&object_id=19
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 274918cf59e548736aa154b2a04c680d
date: Sun, 08 Jan 2023 11:23:39 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 action
track.scoota.co/ Frame 55AC 42 B
124 B 42ms
42ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177018979&bid_id=1951772018706946693&delivery_id=a4063513-e4df-4114-b27e-eb96b5221ee8&placement_id=31880&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27939&creative_version=12&action=p40&object_type=video&object_id=19
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 9aa073bf5852f51d1ce6ab03fd6d1912
date: Sun, 08 Jan 2023 11:23:39 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 action
track.scoota.co/ Frame 3382 42 B
126 B 43ms
43ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177018979&bid_id=7379796288815871095&delivery_id=fad5fb22-6ac2-4ccf-97ea-6eb12e46c096&placement_id=31880&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27939&creative_version=12&action=p40&object_type=video&object_id=19
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: db0c311e39b9d32c8354a79f04f8562a
date: Sun, 08 Jan 2023 11:23:39 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 action
track.scoota.co/ Frame D424 42 B
126 B 42ms
41ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177020395&bid_id=7202460214858058873&delivery_id=3fdc4e55-f72c-4b5f-87e0-94ccff97d0e9&placement_id=31881&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27938&creative_version=17&action=p50&object_type=video&object_id=34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 93a076e8a42120d5d26cc94118464ccf
date: Sun, 08 Jan 2023 11:23:40 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 action
track.scoota.co/ Frame 0ABF 42 B
126 B 43ms
43ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177020445&bid_id=3605273051021679518&delivery_id=9fb09995-9bdb-4590-9bdc-da93d9cb4c8f&placement_id=31881&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27938&creative_version=17&action=p50&object_type=video&object_id=34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 3940b3302011b101aa694d24f7fa46b8
date: Sun, 08 Jan 2023 11:23:40 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 action
track.scoota.co/ Frame BC77 42 B
126 B 48ms
47ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177020995&bid_id=8666453536827556983&delivery_id=5f6e1fb6-b0ed-4657-b676-7fb29b5006ae&placement_id=31880&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27939&creative_version=12&action=p50&object_type=video&object_id=19
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 0eb60ca4eee33855c9b084f477392070
date: Sun, 08 Jan 2023 11:23:41 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 action
track.scoota.co/ Frame 55AC 42 B
126 B 47ms
47ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177020996&bid_id=1951772018706946693&delivery_id=a4063513-e4df-4114-b27e-eb96b5221ee8&placement_id=31880&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27939&creative_version=12&action=p50&object_type=video&object_id=19
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: e1b5d32320f5c31ba98567cef9585e78
date: Sun, 08 Jan 2023 11:23:41 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 action
track.scoota.co/ Frame 3382 42 B
126 B 46ms
45ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177020996&bid_id=7379796288815871095&delivery_id=fad5fb22-6ac2-4ccf-97ea-6eb12e46c096&placement_id=31880&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27939&creative_version=12&action=p50&object_type=video&object_id=19
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 84173c9596673d18a4ea1549c045a78b
date: Sun, 08 Jan 2023 11:23:41 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 dc_oe=ChMIqcC2iu63_AIV9NgRCB2b7AtLEAAYACCztqxQ;met=1;&timestamp=1673177021351;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame C098 42 B
494 B 196ms
69ms Image
image/gif 142.251.208.98

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIqcC2iu63_AIV9NgRCB2b7AtLEAAYACCztqxQ;met=1;&timestamp=1673177021351;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.208.98 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Jan 2023 11:23:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 action
track.scoota.co/ Frame D424 42 B
126 B 43ms
43ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177022395&bid_id=7202460214858058873&delivery_id=3fdc4e55-f72c-4b5f-87e0-94ccff97d0e9&placement_id=31881&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27938&creative_version=17&action=p60&object_type=video&object_id=34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 1cf0a934fe53b76c1dde052e1cbc99b5
date: Sun, 08 Jan 2023 11:23:42 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 action
track.scoota.co/ Frame 0ABF 42 B
126 B 42ms
42ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177022462&bid_id=3605273051021679518&delivery_id=9fb09995-9bdb-4590-9bdc-da93d9cb4c8f&placement_id=31881&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27938&creative_version=17&action=p60&object_type=video&object_id=34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 816d42642dda39336856f50882e61fbf
date: Sun, 08 Jan 2023 11:23:42 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 action
track.scoota.co/ Frame BC77 42 B
125 B 48ms
47ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177022995&bid_id=8666453536827556983&delivery_id=5f6e1fb6-b0ed-4657-b676-7fb29b5006ae&placement_id=31880&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27939&creative_version=12&action=p60&object_type=video&object_id=19
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: b193597dedc00ec2d0a25e0172fdc4fa
date: Sun, 08 Jan 2023 11:23:43 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 action
track.scoota.co/ Frame 3382 42 B
126 B 49ms
49ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177022995&bid_id=7379796288815871095&delivery_id=fad5fb22-6ac2-4ccf-97ea-6eb12e46c096&placement_id=31880&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27939&creative_version=12&action=p60&object_type=video&object_id=19
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: e645971348b9f9b289bc87ed7eb0e855
date: Sun, 08 Jan 2023 11:23:43 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 action
track.scoota.co/ Frame 55AC 42 B
126 B 50ms
50ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177023012&bid_id=1951772018706946693&delivery_id=a4063513-e4df-4114-b27e-eb96b5221ee8&placement_id=31880&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27939&creative_version=12&action=p60&object_type=video&object_id=19
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 390c8c2b13f5ac9ae3fc61af3519740a
date: Sun, 08 Jan 2023 11:23:43 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H3 200 ls-slider-57-slide-2.jpg
kresy.pl/wp-content/uploads/2021/04/ 30 KB
31 KB 43ms
43ms Image
image/webp 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kresy.pl/wp-content/uploads/2021/04/ls-slider-57-slide-2.jpg

Requested by

Host: kresy.pl
URL: https://kresy.pl/wp-includes/js/jquery/jquery.min.js?ver=1663596984

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

715b046cb6ee42f460d43f888ceca495c6360a0c81661efffa8356acf63c8eab

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:43 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 139743
cf-polished: qual=85, origFmt=jpeg, origSize=79336
content-disposition: inline; filename="ls-slider-57-slide-2.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 31174
last-modified: Sat, 10 Dec 2022 18:36:01 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "135e8-5ef7d8ac65123"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=crLa5V9vX%2BlLfrqQpWwv3mK%2BTDcP3Eok%2FeizXWgHgN67lFvw28ibudZLAFMqVvUQiRNQpNFzDpQ5I4o35s21noh8T55tPJ2NwiXQtERWAa3MgM3cd%2BK6HnVYEBVfyxEfgGyzj6Hl"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7864900d2bd49b67-FRA
expires: Sat, 06 Jan 2024 20:34:40 GMT

GET
H3 200 tshirt-orzel03-n.jpg
kresy.pl/wp-content/uploads/2020/12/ 3 KB
3 KB 64ms
63ms Image
image/webp 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kresy.pl/wp-content/uploads/2020/12/tshirt-orzel03-n.jpg

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2f38666c1bcbdc06bceadb1a880aa37bd3a7d9b66a754ba0e12831a3ded3c87e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:43 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 139018
cf-polished: qual=85, origFmt=jpeg, origSize=3610
content-disposition: inline; filename="tshirt-orzel03-n.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2748
last-modified: Sat, 10 Dec 2022 18:17:31 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "e1a-5ef7d4891b978"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mTOvXkfdWx1wMUHXWLA4Ck4uU0EMs9%2BHzMpkQYJq0n5rzYl3UI0EampOc%2FWF%2FMcy57beF561NaaIP5KRp7GdgXiuSQPxeQ9R%2FlvCuzlvsbgDn6FCvOZRLFFmdy2LhGaM75JBhUK2"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7864900d2bd99b67-FRA
expires: Sat, 06 Jan 2024 20:46:45 GMT

GET
H3 200 Polska.jpg
kresy.pl/wp-content/uploads/2020/12/ 3 KB
4 KB 46ms
44ms Image
image/webp 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kresy.pl/wp-content/uploads/2020/12/Polska.jpg

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f29f806b79cdda258633f6e1418d9405262bc32d9ab653b985dba538ae949a95

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:43 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2044388
cf-polished: qual=85, origFmt=jpeg, origSize=3688
content-disposition: inline; filename="Polska.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3086
last-modified: Sat, 10 Dec 2022 18:15:08 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "e68-5ef7d40160b7c"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F154IDIjw7BGspUaUVcMOtJUBwquhKNd3DoPuTvGT0oxQdLMz5gLtBvxtxBowBxiZXfTFRrZkgnPBThqs%2F2JixOhUjsB8RAIaBufLc6Br88XMhE8JgNNuw7v4RS0zs5oDFEDpqhs"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7864900d2be99b67-FRA
expires: Fri, 15 Dec 2023 19:30:35 GMT

GET
H3 200 IMG-09491.jpg
kresy.pl/wp-content/uploads/2020/12/ 3 KB
3 KB 49ms
47ms Image
image/webp 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kresy.pl/wp-content/uploads/2020/12/IMG-09491.jpg

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b9edbded417e761fc9fdafd4e3a16ff46d95b98de1283dccb28341636ab3b541

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:43 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4391513
cf-polished: qual=85, origFmt=jpeg, origSize=3773
content-disposition: inline; filename="IMG-09491.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2880
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 08 Dec 2020 07:27:45 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "ebd-5b5eee0fbde40"
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eTAxxM1vODqFTc0yucEPz%2Fwg0uF8ahClLmEt15D5O2XUzMfopBJ%2B05g4vTK%2Bvw0FiosecdpvTCCgFl%2BgIxgytSVenA8TdclTh43vvM73ZnhFQCoDO15zOm64iKTMXDWWouDBDdSg"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=5184000
accept-ranges: bytes
cf-ray: 7864900d2bed9b67-FRA
expires: Tue, 17 Jan 2023 15:31:52 GMT

GET
H3 200 husarz_wizual.jpg
kresy.pl/wp-content/uploads/2020/12/ 4 KB
5 KB 50ms
48ms Image
image/webp 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kresy.pl/wp-content/uploads/2020/12/husarz_wizual.jpg

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0af162e212996ea3c5d2112a9cc447e8943396c24699e9fc0dc0533b0fea6527

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:43 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 137521
cf-polished: qual=85, origFmt=jpeg, origSize=4739
content-disposition: inline; filename="husarz_wizual.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4556
last-modified: Sat, 10 Dec 2022 18:16:52 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "1283-5ef7d46430776"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gaFItMqD%2BvK3yP2HU0yfpEmg8mNdESfyLrf0N5VN0LQ2IJY%2BClVch2wiO05qOhcDtP1laB6xbDBziRK3sHVR2hadkg%2BnSxFyN%2BkxalvEkTeQRgH%2FuaMMM%2BcVbIbHuSpOJkAYwh%2BJ"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7864900d2bf19b67-FRA
expires: Sat, 06 Jan 2024 21:11:42 GMT

GET
H3 200 Bodaj-was-1.jpg
kresy.pl/wp-content/uploads/2020/12/ 3 KB
4 KB 43ms
41ms Image
image/webp 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kresy.pl/wp-content/uploads/2020/12/Bodaj-was-1.jpg

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

08cc23bbd13daa4ef20314563381c36173a4ed28d23291e3fdd807528374f6a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:43 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 135678
cf-polished: qual=85, origFmt=jpeg, origSize=3529
content-disposition: inline; filename="Bodaj-was-1.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3088
last-modified: Sat, 10 Dec 2022 18:13:57 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "dc9-5ef7d3bdb8883"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oGm5DWnQPJTQXCl3t%2FjG33CIr3F6P%2BdBaPefrwaoL53rYAstxcOfq3qQ1vubirmnkGATZv4FMJWFPbEtnwvw4dSJueYGzKRJkMHUJlc2Rh1bZv146J06asEBrbHvdro8w%2F9HgwRi"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7864900d2bf69b67-FRA
expires: Sat, 06 Jan 2024 21:42:25 GMT

GET
H3 200 27.jpg
kresy.pl/wp-content/uploads/2020/12/ 3 KB
4 KB 46ms
44ms Image
image/webp 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kresy.pl/wp-content/uploads/2020/12/27.jpg

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cad8a51e9f1a27c09ae39601527334154f9a2fac6d98f54b7fc879a7cd00fe29

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:43 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 135077
cf-polished: qual=85, origFmt=jpeg, origSize=3799
content-disposition: inline; filename="27.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3322
last-modified: Sat, 10 Dec 2022 18:13:31 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "ed7-5ef7d3a4b34fa"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9JozJN3ekw8FaUaxTksFlfhZI%2F9IUagmoAEnQYqVGsVBA%2Frh4JrnBXSayYN5pTLLGN9VJg%2FGcDGOhz2P%2FsWznE1%2BGnuTmOMV%2B9WxgtyH9VKcdt5rwAKotdPp6RBvWr2TkfBckzWe"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7864900d2bfa9b67-FRA
expires: Sat, 06 Jan 2024 21:52:26 GMT

GET
H3 200 heaven-hell-2018-tshirt-male.jpg
kresy.pl/wp-content/uploads/2020/12/ 2 KB
3 KB 47ms
46ms Image
image/webp 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kresy.pl/wp-content/uploads/2020/12/heaven-hell-2018-tshirt-male.jpg

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

18100726a615740d4b8a05a9286a99d2b427010a5e0c4ab3dfb10d9d49e28c8d

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:43 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3219675
cf-polished: qual=85, origFmt=jpeg, origSize=2733
content-disposition: inline; filename="heaven-hell-2018-tshirt-male.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2016
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 04 Dec 2020 12:17:57 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "aad-5b5a277746740"
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QZNiM2G8ve%2Bz4%2FKt4%2B6qhPzn4owqAl7zNL802KbYOv2SeHnn%2BZOuPDJHlteHWNtt5Cl9fY5qPIMT7%2FLXsVxGWlUOnOmirVTfSJlmQIjNnhI0gJNoMMeBvqkNKRhbqnfeWhsaBG2p"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=5184000
accept-ranges: bytes
cf-ray: 7864900d2bfb9b67-FRA
expires: Tue, 31 Jan 2023 05:02:28 GMT

GET
H3 200 tshirt-serenissima2018-e1.jpg
kresy.pl/wp-content/uploads/2020/12/ 3 KB
4 KB 63ms
62ms Image
image/webp 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kresy.pl/wp-content/uploads/2020/12/tshirt-serenissima2018-e1.jpg

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

290c1e8a0d29b025714f4a0917c05ede5e875023b267627e1ffc5bdc6b453912

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:43 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 236409
cf-polished: qual=85, origFmt=jpeg, origSize=3785
content-disposition: inline; filename="tshirt-serenissima2018-e1.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3140
last-modified: Sat, 10 Dec 2022 18:17:31 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "ec9-5ef7d4891f7f8"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jan0EksTZRvtWyjKNoWEYj9%2BGEp3hQscDAOLzhGxQR%2BcOBO955pJXPeMF5psEbGL6NpULCvNM945xkGonXvq98vAGbn7ITO09A%2Fc1hs4W6KSOT5K1DP7v3PYHMD4mq0mcHoOVHNB"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 7864900d2bfc9b67-FRA
expires: Fri, 05 Jan 2024 17:43:34 GMT

GET
H3 200 koniec-imprezy-tshirt-meski-black.jpg
kresy.pl/wp-content/uploads/2020/12/ 3 KB
4 KB 53ms
51ms Image
image/webp 2606:4700:20::681a:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kresy.pl/wp-content/uploads/2020/12/koniec-imprezy-tshirt-meski-black.jpg

Requested by

Host: kresy.pl
URL: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c9f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

182ad8a8d5ad0e2b51650f263bb2c856050b885f8b011ae9236139127463d4ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sun, 08 Jan 2023 11:23:43 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2304442
cf-polished: qual=85, origFmt=jpeg, origSize=3662
content-disposition: inline; filename="koniec-imprezy-tshirt-meski-black.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3192
pragma: public
referrer-policy: no-referrer-when-downgrade
last-modified: Sat, 05 Dec 2020 13:19:33 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "e4e-5b5b771984340"
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JMYOCJKoetsza0NuPMYlk5gEHzyWXBXoYQOrI2XDUkpfJ0PDd0KRyJY6oMhHccoJBrUMo5OEBq7WP7g5jveWMKaaL8I%2Bj8KOMDzODAg2v0LMCKVQVSTH8%2BobS0RX%2FYltwMqoLo2l"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=5184000
accept-ranges: bytes
cf-ray: 7864900d2bfd9b67-FRA
expires: Fri, 10 Feb 2023 19:16:23 GMT

GET
H2 200 action
track.scoota.co/ Frame D424 42 B
126 B 45ms
45ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177024412&bid_id=7202460214858058873&delivery_id=3fdc4e55-f72c-4b5f-87e0-94ccff97d0e9&placement_id=31881&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27938&creative_version=17&action=p70&object_type=video&object_id=34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: d76294aebf5610536c158803cbf3a7ec
date: Sun, 08 Jan 2023 11:23:44 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 action
track.scoota.co/ Frame 0ABF 42 B
127 B 43ms
43ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177024478&bid_id=3605273051021679518&delivery_id=9fb09995-9bdb-4590-9bdc-da93d9cb4c8f&placement_id=31881&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27938&creative_version=17&action=p70&object_type=video&object_id=34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: bff9e8bfd888f9505ff13b53d3241f6d
date: Sun, 08 Jan 2023 11:23:44 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 action
track.scoota.co/ Frame BC77 42 B
126 B 42ms
42ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177025012&bid_id=8666453536827556983&delivery_id=5f6e1fb6-b0ed-4657-b676-7fb29b5006ae&placement_id=31880&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27939&creative_version=12&action=p70&object_type=video&object_id=19
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 0926ee428fad9df00770941292c54354
date: Sun, 08 Jan 2023 11:23:45 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 action
track.scoota.co/ Frame 3382 42 B
126 B 46ms
46ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177025012&bid_id=7379796288815871095&delivery_id=fad5fb22-6ac2-4ccf-97ea-6eb12e46c096&placement_id=31880&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27939&creative_version=12&action=p70&object_type=video&object_id=19
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: c29231106d7a70f9c36c656fa3b775cb
date: Sun, 08 Jan 2023 11:23:45 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 action
track.scoota.co/ Frame 55AC 42 B
126 B 43ms
43ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177025028&bid_id=1951772018706946693&delivery_id=a4063513-e4df-4114-b27e-eb96b5221ee8&placement_id=31880&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27939&creative_version=12&action=p70&object_type=video&object_id=19
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 99631e4f0467947b26dacd4e682ca2f8
date: Sun, 08 Jan 2023 11:23:45 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 action
track.scoota.co/ Frame D424 42 B
126 B 43ms
42ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177025412&bid_id=7202460214858058873&delivery_id=3fdc4e55-f72c-4b5f-87e0-94ccff97d0e9&placement_id=31881&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27938&creative_version=17&action=p75&object_type=video&object_id=34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 8b685ada0733d966272ceabba16e8400
date: Sun, 08 Jan 2023 11:23:45 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET
H2 200 action
track.scoota.co/ Frame 0ABF 42 B
127 B 42ms
42ms Image
image/gif 2001:4860:4802:36::15
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.scoota.co/action?ts=1673177025478&bid_id=3605273051021679518&delivery_id=9fb09995-9bdb-4590-9bdc-da93d9cb4c8f&placement_id=31881&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27938&creative_version=17&action=p75&object_type=video&object_id=34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://guandads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cloud-trace-context: 2b3dceddcd3f7db474e96d9d66f64a97
date: Sun, 08 Jan 2023 11:23:45 GMT
server: Google Frontend
content-length: 42
content-type: image/gif

GET action
track.scoota.co/ Frame BC77 0
0

GET action
track.scoota.co/ Frame 3382 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ums.acuityplatform.com
URL: https://ums.acuityplatform.com/tum?umid=6

Domain: track.scoota.co
URL: https://track.scoota.co/action?ts=1673177026012&bid_id=8666453536827556983&delivery_id=5f6e1fb6-b0ed-4657-b676-7fb29b5006ae&placement_id=31880&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27939&creative_version=12&action=p75&object_type=video&object_id=19

Domain: track.scoota.co
URL: https://track.scoota.co/action?ts=1673177026012&bid_id=7379796288815871095&delivery_id=fad5fb22-6ac2-4ccf-97ea-6eb12e46c096&placement_id=31880&ssp=appnexus_10264&role=desktop&stage=first&creative_id=27939&creative_version=12&action=p75&object_type=video&object_id=19

Verdicts & Comments Add Verdict or Comment

3432 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

124 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall	1969-12-31 23:59:59	Name: ls-popup-11 Value: 1673177004
kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall	1969-12-31 23:59:59	Name: ls-popup-37 Value: 1673177004
kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall	1969-12-31 23:59:59	Name: ls-popup-43 Value: 1673177004
kresy.pl/wydarzenia/wegry-zbuduja-fabryke-materialow-wybuchowych-we-wspolpracy-z-niemieckim-rheinmetall	1969-12-31 23:59:59	Name: ls-popup-56 Value: 1673177004
map.go.affec.tv/map/af	1969-12-31 23:59:59	Name: oo Value: 1
map.go.affec.tv/map/an	1969-12-31 23:59:59	Name: oo Value: 1
.mrtnsvr.com/sync	1970-01-20 17:33:19	Name: userId Value: RgOaZg3aM
i.liadm.com/s	1970-01-20 09:29:29	Name: _li_ss Value: MgkI_____wcQkxQ
kresy.pl/	1970-01-20 08:46:18	Name: ppwp_wp_session Value: fb084a0e403df22ea758c879ae65d549%7C%7C1673178803%7C%7C1673178443
kresy.pl/	1970-01-20 18:22:17	Name: ls-popup-last-displayed Value: 1673177004
.kresy.pl/	1970-01-20 08:47:43	Name: _gid Value: GA1.2.878729205.1673177007
.kresy.pl/	1970-01-20 08:46:17	Name: _dc_gtm_UA-15290908-1 Value: 1
.kresy.pl/	1970-01-20 08:46:17	Name: _gat_gtag_UA_15290908_1 Value: 1
kresy.pl/	1970-01-20 17:31:53	Name: cookielawinfo-checkbox-necessary Value: yes
kresy.pl/	1970-01-20 17:31:53	Name: cookielawinfo-checkbox-non-necessary Value: yes
.kresy.pl/	1970-01-20 18:22:17	Name: _ga_4K9XFBFZKZ Value: GS1.1.1673177007.1.0.1673177007.60.0.0
.kresy.pl/	1970-01-20 18:22:17	Name: _ga Value: GA1.1.419236167.1673177007
.kresy.pl/	1970-01-20 10:55:53	Name: _fbp Value: fb.1.1673177007951.1954678104
.rubiconproject.com/	1970-01-20 17:31:53	Name: khaos Value: LCNAE1XH-19-C7MW
.rubiconproject.com/	1970-01-20 17:31:53	Name: audit Value: 1\|hLZGFuTafB3ezXC4jvgUPrU1ZxogGjlwOA+xFj1I9scPlNhSTbzUQz9dAsQogTc5gXAYTPxuIwngcRgjl6EitUpnyw34PUwK3OlDu/ORdD8=
.adnxs.com/	1970-01-20 10:55:53	Name: uuid2 Value: 2028049306522560814
.go.affec.tv/	1970-01-20 17:31:53	Name: oo Value: 1
.adnxs.com/	1970-01-20 10:55:53	Name: icu Value: ChgIgPh7EAoYAyADKAMwsc_qnQY4A0ADSAMQsc_qnQYYAg..
.mathtag.com/	1970-01-20 17:31:53	Name: uuid Value: 695b63ba-a7b1-4001-a45b-b92890f35042
.doubleclick.net/	1970-01-20 18:07:53	Name: IDE Value: AHWqTUnt_42a8DzG8_xCUfpU6pXY07ZDODvBsoDRxxKq7i3EdJBy9en7JpvipNwIt1c
ads.smartstream.tv/	1970-01-20 17:31:53	Name: DID Value: 2ed9109f867c3a37caaed37b26bb98a8
ads.smartstream.tv/	1970-01-20 17:31:53	Name: idt Value: 100
ads.smartstream.tv/	1970-01-20 17:31:53	Name: permanent Value: 1
.sxp.smartclip.net/	1970-01-20 09:29:29	Name: uuid Value: 5f07aec2-b1a7-ba63-78d5-5325bbb4aeff
.go.affec.tv/	1970-01-20 17:31:53	Name: ck Value: 63baa7b0de13f8000143f763
.sxp.smartclip.net/	1970-01-20 09:29:29	Name: dspuuid Value: 10.CAESEDwzdaZjPX6RcOMaCWM4puE
.sxp.smartclip.net/	1970-01-20 09:29:29	Name: psyn Value: 19365.10
.casalemedia.com/	1970-01-20 17:31:53	Name: CMID Value: Y7qnsWW3zaGr-WnHUJbxbgAA
.casalemedia.com/	1970-01-20 10:55:53	Name: CMPS Value: 1103
.casalemedia.com/	1970-01-20 10:55:53	Name: CMPRO Value: 1103
.redintelligence.net/	1970-01-20 10:55:53	Name: 8lcfmzhxc8d6_uid Value: 186aa89686586da7
.go.affec.tv/	1970-01-20 17:31:53	Name: pt Value: eyJhbiI6eyJkdCI6MTY3MzE3NzAwOSwiaWQiOiIyMDI4MDQ5MzA2NTIyNTYwODE0IiwibHMiOjE2NzMxNzcwMDl9LCJ2IjowfQ==\|1673177009\|8eb11e96d2c52ddabdbace7b886438cc24dc22c3
.adnxs.com/	1970-01-20 10:55:53	Name: anj Value: dTM7k!M41.D>6NRF']wIg2IlemYYJI!]tbPl1M>e)ZlrFUfJ+tGXxoa:Z'CEaq7BaFnsj[@L6poVGUH4YZSsD^RI/c3If)y3KL9D3I?+Tqp`K@
.doubleclick.net/	1970-01-20 08:46:20	Name: DSID Value: NO_DATA
cm.adsafety.net/	1970-01-20 17:31:53	Name: UID Value: CM12023010811dd3e309c0b6fafcd1ae
.adsafety.net/	1970-01-20 17:31:53	Name: cm_uid Value: CM12023010811dd3e309c0b6fafcd1ae
cm.adsafety.net/	1970-01-20 17:31:53	Name: cache0 Value: L2UzeGVJMkNTL0pzMlRFUXR5b1cvbC9FU3NkWXR6dkxZams2ekZUR1VtSFl0YjB6bTNEcWFpOEx6RjRKQkhpZGN0dXdlREdzcWozOGdwUDVDZmpZZG9HcXUyVmphQXgvQW5tTGdvUjF2SkVkeThRbmFNaEhweHRpcjBidTBwTTlzY0d1SW1hVlZsa1orNEVHTE0xUnJSZG5Tb2lvNkZGSlBMRUlhOGxSUm1HSGRSNUJOY3pmd0lBQnB2SjB6dDN6cUJzdkJxWFZlNWEzNTducG1ScmRXSmwrN0xOS0FYT045OS8zZXROQUJHTlpYRUVLTS9rNXJldk11N0x2SlFER21iTzBQZXJuaGl3UncvSHBQV05qSlB2WnZBMEJmaDF2cEJFLzBLRm05ekU4U2loYThOa1hBMS91TXUwNE9mcEoySTdabXE2SXhGT2gvdG1PVlprL1B3PT0%3D
.adform.net/	1970-01-20 09:30:55	Name: C Value: 1
.adform.net/	1970-01-20 10:12:41	Name: uid Value: 1735583901080397550
.adform.net/	1970-01-20 08:56:21	Name: TPC Value: 1673177011329
.yahoo.com/	1970-01-20 17:32:14	Name: A3 Value: d=AQABBLOnumMCEFbBgTmfFfw4YmMnpcyUYbwFEgEBAQH5u2PEYwAAAAAA_eMAAA&S=AQAAAg7t9avg1qdkVZkxvW571m8
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 17:31:53	Name: bcookie Value: "v=2&822501f2-fd68-4349-80e8-8a83f444f2dc"
.linkedin.com/	1970-01-20 13:05:29	Name: li_gc Value: MTswOzE2NzMxNzcwMTE7MjswMjFYB6r8J8JnwfwKtM6K0/FwJu2Phi+r2iaO0koOsHIerQ==
.linkedin.com/	1970-01-20 08:47:43	Name: lidc Value: "b=VGST07:s=V:r=V:a=V:p=V:g=2524:u=1:x=1:i=1673177011:t=1673263411:v=2:sig=AQGRzRRxhprqq120WDpkIsi6YLWEhNLv"
.amazon-adsystem.com/	1970-01-20 15:09:19	Name: ad-id Value: AyOrPDiBxUQ8p_Mg9fWr6Ys
.amazon-adsystem.com/	1970-01-20 18:22:17	Name: ad-privacy Value: 0
.pubmatic.com/	1970-01-20 17:31:53	Name: KADUSERCOOKIE Value: FC664E40-1D0C-4169-A69F-C6161527EB7F
.simpli.fi/	1970-01-20 17:33:19	Name: suid Value: 69523958190D401695BC3F4D843FF8B6
.onaudience.com/	1970-01-20 17:31:53	Name: cookie Value: d4bc4804f5384c53
.onaudience.com/	1970-01-20 08:47:43	Name: done_redirects104 Value: 1
.turn.com/	1970-01-20 13:05:29	Name: uid Value: 2636074057763413096
.everesttech.net/	1970-01-20 17:31:53	Name: everest_g_v2 Value: g_surferid~Y7qntAAAANM4KwAp
.quantserve.com/	1970-01-20 10:55:53	Name: d Value: EOgBCwGAKPijAA
.quantserve.com/	1970-01-20 18:16:31	Name: mc Value: 63baa7b4-9438b-70699-e888a
ads.playground.xyz/	1970-01-20 08:56:13	Name: connect.sid Value: s%3A5sCMbNlAGitLbNJD9BFZy6upHswXBXsS.u7NfRm0l%2Brz2peSZSmfIs%2FOCAUq6dwMcLvLaOMZtwdU
.pubmatic.com/	1970-01-20 09:29:29	Name: KRTBCOOKIE_80 Value: 16514-CAESEEyHceFOap_mgXm_1clAi9A&KRTB&22987-CAESEEyHceFOap_mgXm_1clAi9A&KRTB&23025-CAESEEyHceFOap_mgXm_1clAi9A&KRTB&23386-CAESEEyHceFOap_mgXm_1clAi9A
.pubmatic.com/	1970-01-20 09:29:29	Name: KRTBCOOKIE_153 Value: 1923-6GMubL9nLjnzaXg-5jJhOu5mdTTzNXQ15jGRldIR&KRTB&19420-6GMubL9nLjnzaXg-5jJhOu5mdTTzNXQ15jGRldIR&KRTB&22979-6GMubL9nLjnzaXg-5jJhOu5mdTTzNXQ15jGRldIR&KRTB&23403-6GMubL9nLjnzaXg-5jJhOu5mdTTzNXQ15jGRldIR
.ipredictive.com/	1970-01-20 17:31:53	Name: cu Value: f25844d6-9ad0-4f4a-a2eb-79ce86055426\|1673177012906
.tribalfusion.com/	1970-01-20 10:55:53	Name: ANON_ID Value: a1nseFMwTkF6Xlypr9jHkcxHBvrl7ZaiIl7WV53Loxd1S3CXSP0YE52LpFyfmkY81dZcH2vVXZbrHPAnS3YcfG1
.mxptint.net/	1970-01-20 18:22:17	Name: mxpim Value: R1B342_FC2AD26A_2E60DF7.1.000000000000000063BAA7B4
.analytics.yahoo.com/	1970-01-20 17:31:53	Name: IDSYNC Value: 18z8~29az
.pubmatic.com/	1970-01-20 09:29:29	Name: KRTBCOOKIE_1305 Value: 23408-RgOaZg3aM&KRTB&23413-RgOaZg3aM
.pubmatic.com/	1970-01-20 09:29:29	Name: KRTBCOOKIE_218 Value: 4056-Y7qntAAAANM4KwAp&KRTB&22978-Y7qntAAAANM4KwAp&KRTB&23194-Y7qntAAAANM4KwAp&KRTB&23209-Y7qntAAAANM4KwAp
.pubmatic.com/	1970-01-20 09:29:29	Name: KRTBCOOKIE_22 Value: 14911-2636074057763413096&KRTB&23150-2636074057763413096
.pubmatic.com/	1970-01-20 09:29:29	Name: KRTBCOOKIE_391 Value: 22924-1735583901080397550&KRTB&23263-1735583901080397550
.pubmatic.com/	1970-01-20 09:29:29	Name: KRTBCOOKIE_57 Value: 22776-2028049306522560814&KRTB&23339-2028049306522560814
.pubmatic.com/	1970-01-20 09:29:29	Name: KRTBCOOKIE_1278 Value: 23329-d5fca368-d3d4-4446-b270-369f78c103ce&KRTB&23340-d5fca368-d3d4-4446-b270-369f78c103ce
.pubmatic.com/	1970-01-20 09:29:29	Name: KRTBCOOKIE_27 Value: 16735-uid:695b63ba-a7b1-4001-a45b-b92890f35042&KRTB&16736-uid:695b63ba-a7b1-4001-a45b-b92890f35042&KRTB&23019-uid:695b63ba-a7b1-4001-a45b-b92890f35042&KRTB&23114-uid:695b63ba-a7b1-4001-a45b-b92890f35042
.gammaplatform.com/	1970-01-20 08:47:43	Name: _aGeoIp Value: BR\|Araci
.gammaplatform.com/	1970-01-20 18:22:17	Name: _aUID Value: t0wmqaag8ow2
beacon.lynx.cognitivlabs.com/	1970-01-20 17:31:53	Name: UID Value: 2e73bc08-9a8e-4740-b37b-77cd893bf3f7
beacon.lynx.cognitivlabs.com/	1970-01-20 17:31:53	Name: ss Value: %2BIvf7r3kBNigxNLvkvnAsPmn2ZjZLX7iYXvYYxHu5CIVT9AUisNQJDQptT%2Bq1YQLuGsxfU%2Fcxbfyf3oyOc5GKg%3D%3D
.pubmatic.com/	1970-01-20 09:29:29	Name: KRTBCOOKIE_52 Value: 22772-R1B342_FC2AD26A_2E60DF7&KRTB&23092-R1B342_FC2AD26A_2E60DF7
.pubmatic.com/	1970-01-20 09:29:29	Name: KRTBCOOKIE_279 Value: 22890-f25844d6-9ad0-4f4a-a2eb-79ce86055426&KRTB&23011-f25844d6-9ad0-4f4a-a2eb-79ce86055426&KRTB&23355-f25844d6-9ad0-4f4a-a2eb-79ce86055426
.w55c.net/	1970-01-20 18:16:31	Name: wfivefivec Value: sqat4b7Z1PetM15
.pubmatic.com/	1970-01-20 09:29:29	Name: KRTBCOOKIE_1310 Value: 23431-t0wmqaag8ow2&KRTB&23446-t0wmqaag8ow2
.bidr.io/	1970-01-20 18:14:47	Name: bito Value: AA5cBU7HdU8AACC6j2vCZg
.bidr.io/	1970-01-20 18:14:47	Name: bitoIsSecure Value: ok
.w55c.net/	1970-01-20 09:29:29	Name: matchpubmatic Value: 5
.bidswitch.net/	1970-01-20 17:31:53	Name: tuuid Value: a4093597-115c-40fd-bf55-4722f694dec2
.bidswitch.net/	1970-01-20 17:31:53	Name: c Value: 1673177013
.bidswitch.net/	1970-01-20 17:31:53	Name: tuuid_lu Value: 1673177013
.pubmatic.com/	1970-01-20 09:29:29	Name: SPugT Value: 1673177013
.pubmatic.com/	1970-01-20 09:29:29	Name: KRTBCOOKIE_107 Value: 1471-uid:sqat4b7Z1PetM15&KRTB&23421-uid:sqat4b7Z1PetM15
bh.contextweb.com/	1969-12-31 23:59:59	Name: INGRESSCOOKIE Value: 803074465b4e152f
.smartadserver.com/	1970-01-20 18:16:31	Name: pid Value: 3142036600569924402
.smartadserver.com/	1970-01-20 18:16:31	Name: TestIfCookieP Value: ok
.smartadserver.com/	1970-01-20 17:31:53	Name: csync Value: 127:AA5cBU7HdU8AACC6j2vCZg
.fg8dgt.com/	1970-01-20 18:22:17	Name: tuuid Value: f9d31042-9151-4600-afcd-fc01e6f72929
.fg8dgt.com/	1970-01-20 18:22:17	Name: c Value: 1673177014
.fg8dgt.com/	1970-01-20 18:22:17	Name: tuuid_lu Value: 1673177014
.technoratimedia.com/	1970-01-20 18:22:17	Name: tads_uid Value: GDPR
.fiftyt.com/	1970-01-20 17:31:53	Name: cs Value: MTY3MzE3NzAxNXxEdi1CQkFFQ180SUFBUkFCRUFBQUJQLUNBQUE9fFww3THos68M97jLu0eVLxNu-YZtq4q72ALbxeB5-OhW
.pubmatic.com/	1970-01-20 10:55:53	Name: SyncRTB3 Value: 1674000000%3A63%7C1678320000%3A69%7C1675728000%3A224%7C1674345600%3A7_204_239_96_240_13_8_250_254_56_234_220_5_3_233_104_249_166_231_55_71_165_54_22_178_48_99_176_21%7C1674432000%3A35%7C1673740800%3A223_2_15_38
.pubmatic.com/	1970-01-20 09:29:29	Name: KRTBCOOKIE_466 Value: 16530-a4093597-115c-40fd-bf55-4722f694dec2
.fiftyt.com/	1970-01-20 08:56:21	Name: fppm Value: 20230108112335
.fiftyt.com/	1970-01-20 17:31:53	Name: fifid Value: f664ac36-94cc-4087-60ac-1e0614d2fae0
.csync.loopme.me/	1970-01-20 10:55:53	Name: viewer_token Value: 3c5b76e5-02ef-4871-808c-5067a7b3f660
.agkn.com/	1970-01-20 17:31:53	Name: ab Value: 0001%3AgNPCLWRHUEzbU93vA5%2FJFwM%2BYU%2BPvrvu
.ads.pubmatic.com/	1970-01-20 08:47:43	Name: KCCH Value: YES
.pubmatic.com/	1970-01-20 10:55:53	Name: chkChromeAb67Sec Value: 6
.pubmatic.com/	1970-01-20 08:47:43	Name: pi Value: 156383:4
.semasio.net/	1970-01-20 17:31:53	Name: SEUNCY Value: 99F3D5BC47D76999
.pubmatic.com/	1970-01-20 10:55:53	Name: DPSync3 Value: 1674345600%3A201_245_221_228_226_236_197_219%7C1673740800%3A252_253_164_248
.ads.pubmatic.com/	1970-01-20 08:47:43	Name: pubsyncexp Value: 1673198615615
.inmobi.com/	1970-01-20 10:55:53	Name: idsp_c Value: 46898e21-a644-4df4-aca9-9ce428421390
sync.srv.stackadapt.com/	1970-01-20 17:31:53	Name: sa-user-id Value: s%3A0-5a3c8260-155a-4d0c-7023-70a46a100fab.%2BHBeOZ5IA%2BLE2cJHS7PC%2BC%2FdKcknFOxrlVHr7vYEqOM
.srv.stackadapt.com/	1970-01-20 17:31:53	Name: sa-user-id-v2 Value: s%3AWjyCYBVaTQxwI3CkahAPq9ly2hs.7fkVEN6Hc0P8JxgDaldG9mZQe%2BwmYFJzJEQFMffDT10
.1rx.io/	1970-01-20 17:31:53	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-8eeedcc8-b06d-49ab-a3af-394dc5d848bf-005%22%2C%22zdxidn%22%3A%221508%22%2C%22nxtrdr%22%3Afalse%7D
.tapad.com/	1970-01-20 10:12:41	Name: TapAd_3WAY_SYNCS Value:
.pubmatic.com/	1970-01-20 10:55:53	Name: KRTBCOOKIE_860 Value: 16335-WjyCYBVaTQxwI3CkahAPq9ly2hs&KRTB&23334-WjyCYBVaTQxwI3CkahAPq9ly2hs&KRTB&23417-WjyCYBVaTQxwI3CkahAPq9ly2hs&KRTB&23426-WjyCYBVaTQxwI3CkahAPq9ly2hs
.tapad.com/	1970-01-20 10:12:41	Name: TapAd_TS Value: 1673177015699
.tapad.com/	1970-01-20 10:12:41	Name: TapAd_DID Value: 1d91ef35-9e81-4eb8-afc2-cffc63709d7a
.pubmatic.com/	1970-01-20 09:29:29	Name: PugT Value: 1673177014
.pubmatic.com/	1970-01-20 09:29:29	Name: KRTBCOOKIE_904 Value: 16787-lj1R9_HpDMOeh6fVt6e6Yw
.c.appier.net/	1970-01-20 17:31:53	Name: _auid Value: g41ldnf1C1-669XguKe6Yw
io.narrative.io/	1970-01-20 18:22:17	Name: io.narrative.guid.v2 Value: e461f0e0-8f46-11ed-92de-0acf81a41c3f
.liadm.com/	1970-01-20 18:22:17	Name: lidid Value: ac289b8d-0753-4239-a258-95b437b06bd6

32 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://jscdn.yieldbird.com/75146552-f684-4063-95fc-310bc6ab0d10/yb.v2.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	Message: A bad HTTP response code (403) was received when fetching the script.
other	warning	URL: https://www.googletagservices.com/dcm/impl_v92.js(Line 99) Message: Unrecognized feature: 'attribution-reporting'.
network	error	URL: https://assets.scoota.co/creative/assets/oet0lk2/bundle/18/c-dell-logo-402x.png?placement_id=31881 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://assets.scoota.co/creative/assets/oet0lk2/bundle/18/c-dell-logo-402x.png?placement_id=31881 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://assets.scoota.co/creative/assets/oet0lk2/bundle/18/c-intel-402x.png?placement_id=31881 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://assets.scoota.co/creative/assets/oet0lk2/bundle/18/c-intel-402x.png?placement_id=31881 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://assets.scoota.co/creative/assets/oet0lk2/bundle/18/c-cta-402x.png?placement_id=31881 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://assets.scoota.co/creative/assets/oet0lk2/bundle/18/c-cta-402x.png?placement_id=31881 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://assets.scoota.co/creative/assets/oet0lk2/bundle/18/c-video-402x.png?placement_id=31881 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://assets.scoota.co/creative/assets/oet0lk2/bundle/18/c-video-402x.png?placement_id=31881 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://assets.scoota.co/creative/assets/oet0lk2/bundle/18/c-video-402x.png?placement_id=31881 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://assets.scoota.co/creative/assets/oet0lk2/bundle/18/c-click-402x.png?placement_id=31881 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://assets.scoota.co/creative/assets/oet0lk2/bundle/18/c-click-402x.png?placement_id=31881 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://assets.scoota.co/creative/assets/oet0lk2/bundle/18/c-background-402x.png?placement_id=31881 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://assets.scoota.co/creative/assets/oet0lk2/bundle/18/c-background-402x.png?placement_id=31881 Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: https://guandads.com/r/p.html?f=hwvfnqo&e=1586314810833 Message: Refused to execute script from 'https://go.affec.tv/px' because its MIME type ('image/gif') is not executable.
security	error	URL: https://guandads.com/r/p.html?f=ygqcyx&e=1586314810833 Message: Refused to execute script from 'https://go.affec.tv/px' because its MIME type ('image/gif') is not executable.
security	error	URL: https://guandads.com/r/p.html?f=xebwvxkv&e=1250011214715 Message: Refused to execute script from 'https://go.affec.tv/px' because its MIME type ('image/gif') is not executable.
security	error	URL: https://guandads.com/r/p.html?f=yuptqxg&e=1586314810833 Message: Refused to execute script from 'https://go.affec.tv/px' because its MIME type ('image/gif') is not executable.
security	error	URL: https://guandads.com/r/p.html?f=elbbkpf&e=1586314810833 Message: Refused to execute script from 'https://go.affec.tv/px' because its MIME type ('image/gif') is not executable.
security	error	URL: https://guandads.com/r/p.html?f=dtbuvkzau&e=1250011214715 Message: Refused to execute script from 'https://go.affec.tv/px' because its MIME type ('image/gif') is not executable.
network	error	URL: https://idsync.rlcdn.com/420486.gif?partner_uid=FC664E40-1D0C-4169-A69F-C6161527EB7F Message: Failed to load resource: the server responded with a status of 451 ()
network	error	URL: https://sync.crwdcntrl.net/map/c=8587/tp=CLOD/tpid=d4bc4804f5384c53/gdpr=0/gdpr_consent=?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%24%7Bgdpr%7D Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=0&gdpr_consent= Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=0&gdpr_consent= Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=0&gdpr_consent= Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=0&gdpr_consent= Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=0&gdpr_consent= Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=0&gdpr_consent= Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=0&gdpr_consent= Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=FC664E40-1D0C-4169-A69F-C6161527EB7F&gdpr=0&gdpr_consent= Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.tribalfusion.com
aa.agkn.com
aax-eu.amazon-adsystem.com
acdn.adnxs-simple.com
acdn.adnxs.com
ad.doubleclick.net
ad.mrtnsvr.com
ad.sxp.smartclip.net
ad.turn.com
ad.vidverto.io
ad.yieldlab.net
ade.googlesyndication.com
ads.operiada.pl
ads.playground.xyz
ads.pubmatic.com
ads.smartstream.tv
adx.adform.net
ajax.googleapis.com
analytics.webpushr.com
assets.scoota.co
aud.pubmatic.com
audit-tcfv2.cmp.quantcast.com
beacon-fra2.rubiconproject.com
beacon.lynx.cognitivlabs.com
beacon.sojern.com
bh.contextweb.com
bidder.criteo.com
bot.webpushr.com
bpi.rtactivate.com
c.evidon.com
c1.adform.net
cdn.adnxs.com
cdn.jsdelivr.net
cdn.webpushr.com
cdnjs.cloudflare.com
choices.trustarc.com
choices.truste.com
cm-supply-web.gammaplatform.com
cm.adform.net
cm.adgrx.com
cm.adsafety.net
cm.g.doubleclick.net
cmp.quantcast.com
cms.quantserve.com
connect.facebook.net
csync.loopme.me
data00.adlooxtracking.com
dis.criteo.com
dsum-sec.casalemedia.com
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
fra1-ib.adnxs.com
go.affec.tv
gocm.c.appier.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
guandads.com
hal9000.redintelligence.net
hal900023.redintelligence.net
hb.adpone.com
hbopenbid.pubmatic.com
i.clean.gg
i.liadm.com
i6.liadm.com
ib.adnxs.com
idsync.rlcdn.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
image8.pubmatic.com
io.narrative.io
j.adlooxtracking.com
jscdn.yieldbird.com
kresy.pl
l.betrad.com
m.fg8dgt.com
map.go.affec.tv
match.adsrvr.org
match.deepintent.com
match.prod.bidr.io
mweb.ck.inmobi.com
pagead2.googlesyndication.com
pixel-sync.sitescout.com
pixel.mathtag.com
pixel.onaudience.com
pixel.rubiconproject.com
pixel.tapad.com
platform.twitter.com
pm.w55c.net
pmp.mxptint.net
pr-bh.ybp.yahoo.com
prg.smartadserver.com
pubmatic-match.dotomi.com
px.ads.linkedin.com
px.owneriq.net
quantcast.mgr.consensu.org
rddywd.com
region1.analytics.google.com
rtb-csync.smartadserver.com
rtb.adentifi.com
rules.quantcount.com
s.amazon-adsystem.com
s.tribalfusion.com
s.w.org
s0.2mdn.net
s1.adform.net
secure.adnxs.com
secure.quantserve.com
securepubads.g.doubleclick.net
shb.richaudience.com
simage2.pubmatic.com
simage4.pubmatic.com
static.cloudflareinsights.com
static.criteo.net
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.1rx.io
sync.crwdcntrl.net
sync.ipredictive.com
sync.mathtag.com
sync.richaudience.com
sync.srv.stackadapt.com
sync.technoratimedia.com
syndication.twitter.com
tags.mathtag.com
test.cmp.quantcast.com
token.rubiconproject.com
tpc.googlesyndication.com
tps.doubleverify.com
track.adform.net
track.scoota.co
uipglob.semasio.net
um.simpli.fi
ums.acuityplatform.com
ups.analytics.yahoo.com
visitor.fiftyt.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleapis.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.paypalobjects.com
x.bidswitch.net
track.scoota.co
ums.acuityplatform.com
104.244.42.8
104.36.113.107
104.36.113.110
104.36.113.111
104.36.113.112
104.36.113.68
104.45.178.220
107.178.244.119
138.68.13.4
141.94.171.214
142.250.181.230
142.250.185.162
142.251.208.98
143.204.215.88
151.101.130.49
151.101.193.108
151.101.194.133
151.101.65.108
168.119.79.223
169.197.150.7
172.104.64.149
172.217.18.98
178.250.0.163
18.144.106.164
185.29.132.242
185.29.134.244
185.80.39.216
185.86.137.131
192.0.77.48
193.122.130.38
193.135.9.130
199.127.204.171
2.18.233.180
2.18.233.201
2001:4860:4802:32::36
2001:4860:4802:36::15
2001:678:cb4:bbbb::11
204.2.255.233
204.237.133.116
204.237.133.120
208.115.232.150
209.25.233.254
212.8.250.83
212.91.26.93
23.0.214.93
23.2.211.147
23.2.214.109
23.2.234.181
2600:1f18:ed:550e:8a5c:b0cf:9d7c:272c
2600:1f1c:a99:832c:ec8b:437a:257b:cb2d
2600:9000:211e:1200:9:46dc:4700:93a1
2600:9000:211e:4600:9:46dc:4700:93a1
2600:9000:211e:8200:6:44e3:f8c0:93a1
2600:9000:211e:e200:3:a4cd:8380:93a1
2600:9000:214f:cc00:4:f9aa:3d40:93a1
2602:803:c004:200::140
2602:803:c004:200::154
2606:2800:220:de:468:2285:c1:4a3
2606:4700:10::ac43:2415
2606:4700:20::681a:c9f
2606:4700:20::ac43:49e4
2606:4700::6810:3965
2606:4700::6810:5914
2606:4700::6811:180e
2606:4700::6812:19ad
2620:1ec:21::14
2a00:1450:4001:806::2002
2a00:1450:4001:809::200a
2a00:1450:4001:80f::200a
2a00:1450:4001:810::2001
2a00:1450:4001:810::2004
2a00:1450:4001:812::2002
2a00:1450:4001:813::2003
2a00:1450:4001:813::2006
2a00:1450:4001:829::2003
2a00:1450:4001:830::2002
2a00:1450:400c:c01::9c
2a00:1450:400d:802::200e
2a00:1450:400d:805::2002
2a00:1450:400d:806::200a
2a00:1450:400d:80a::2003
2a00:1450:400d:80e::2008
2a02:2638:1::1a
2a02:2638:1::3
2a02:fa8:8806:13::1370
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f11c:8083:face:b00c:0:25de
2a05:d018:d29:3602:f84d:3d72:727e:650c
2a06:98c1:3121::3
3.212.145.252
3.218.77.41
34.102.163.6
34.102.253.54
34.149.12.213
34.236.140.33
34.91.62.186
34.95.69.49
35.162.174.47
35.186.194.101
35.190.60.146
35.201.96.126
35.212.132.154
35.212.133.238
35.214.223.115
35.227.197.177
35.241.31.249
35.71.131.137
37.157.3.30
37.157.5.72
37.252.171.52
37.252.172.123
52.220.229.2
52.46.130.91
52.53.116.191
52.95.118.179
54.147.255.25
54.176.29.121
54.183.96.130
54.186.226.179
54.187.126.246
54.243.212.30
54.78.245.184
54.80.89.182
54.81.205.56
64.225.42.52
64.227.50.180
65.9.66.43
65.9.66.6
69.173.144.165
72.251.245.179
74.214.196.131
77.243.60.138
78.46.23.46
81.17.55.98
85.90.246.246
88.99.219.174
99.86.4.60
99.86.4.64
00501810e93307a8882a74d864e7547fd1458deea539361dc1124ac133799a4b
008a1d103902f15fdb1c191fcb1ce8954330e7b8de43d09abb08555ba609f420
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
035df4674c9e3a99c79e9f1aad6db5292f3c3992c1a73b885b03408c54ab917f
0407ab8c80d6b6d290c06dbc87a0fc3f8a48733e3f68384ff461274beae72b77
044efea78208376302aad3808aaabdf3c2f7bdd80ba9d55c9e0e4d3baa7a3908
04639038679e27e8350b0d828b3bbe2cfd1e23e5807b4c2f7d6a7d0914da0456
04f5d63c75f9fabede423b3d013e6efd9a448190898a34499a4010a59014a8d2
0532d8ebdb3ed965758e9f33611d6388f377d6d426ecdc7806379a44b0e66c02
059c45fadebd86e27405b0d5a65e992aaaae8f7a3d2b84427ccd490ccb4ee651
06943fcd448a5f3fadcfd2e4b258559bda97ce5e24a569f3d5f89b044e0ad511
06d0965f0851d3936c68da6d6de73163a6bb32e3f134822ccfec6d28f185ff29
0818610c65fd1ca125b6f560e6cb6e6c8c299e461c2ce91ed197972623cdaf3f
084d4202edec4aba3b7cff7abb8c69eaf86641568eb12dcaf80fa0011e742b37
0867ee1df230c80dc1601a8c56c499fabe444ab3ec173ce8b901444560c8816d
08cc23bbd13daa4ef20314563381c36173a4ed28d23291e3fdd807528374f6a2
092401398bba0f370e5dfb08b47055c64798ad806941462536026e3ee9e4e5d8
093d94d4b660253c55e87d4503dffcb6cedc8f222f9d85d1faa68ff619ac9d3e
09739f9e5310422a6adabfd3ff2f02ff8521ab4b9d7f8b350b05124de8a784a1
099393def145d10bec4a133f92e7450c2cfa817a683b484f331aed7048a24f0c
09a0c453f0a8437e518414059fea2127dc8e5d233f9a112c34dd68ad2e1881e4
0a53bc33c39273359690f66fe69169c7f21746854db5a1541fb76bd1313e2122
0a5677613ffa56ce35f8e7586d2efee3327a9cb31b6bdd1627c879b2c40a24d8
0a767d8e7343df8923f30d1ecc40f0acd0a98fdc4a9e1f62761c9ffdb7e9e0e1
0a80e3f3a319a23ca174a4de60411756ada89e04a4e7af53fa582f8f8962d875
0a953240b16b972326afc613fd2bac857cd68178b9ee60bd3d7870a035ebd7c4
0aac96f25dce7953a47fb6b4c096634eef3ff12a1daf057e331933dc418aa4b4
0af162e212996ea3c5d2112a9cc447e8943396c24699e9fc0dc0533b0fea6527
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bebe06ad7fa9ebf15e2fd751714c2c44fee9bf88bada838ee5d3a331fa4f9e5
0c1ce4dd3afaa97d8627ecebc2e255fe5c1b3c2038f6961a86d10f0381056cc7
0d39db71c68241c4c0b5ea43addd9ba1f9a6a49c6cb722de52c3cb3998de2a43
0e118d3d784c5eb8cdb6ae1ed35bb4ce8e34972dda1d3cf03fbc9de0b832bd26
0ecb42a1ffee36d191dc0a19d24967fb62640deae90ea290efb24bd78608bf63
0f0d236fad633c4946c8af4d78bbaa290c7994cd9d1118dd8d4a6b1212f05805
0f48c5678ce459a596423b0e55344e7ad8eb3d3b1b27c54cd76a9d4cee7dd6c3
0f92a66423a67e5dadddea0a6fad3e0dec77c5ff4e6b673a5443438237c82ea3
12506325d993e2ba431c8c1ab42655762b389bd210d87011a6796d7ed301d66a
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
13f52b20623e9b562884355be844f2bf00a9f23eb45c5322552a9ca2c6f2121b
13f9049558446d056d1730015f34676e26759cc098e904c8cc9e91d01f7f516c
1411268d26be0a8e9200cb1b62fc2252dd389902e94a88cc951a307053487628
1440052d976c5d3847cf68c4ba885b676cc10d28fe5fcedf07a40a88dc89e1f4
14e34e134e5207e51fdd86cfd75a9ab367900352c65561b7611a0c6ef6b79acc
14f1dfe69aaff83f11c7119731b90fbd81daf43bbce44bf6a1c10dfb6fd0d24e
1553d1efebbf4029ae2cebb097bda34e623aa75fbd872d8de0e615779dcdcb72
15f9c7dcb6d3f3fd50ac55a55f8a4168652122756d7763c13c333c9d4b8a36f0
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
18100726a615740d4b8a05a9286a99d2b427010a5e0c4ab3dfb10d9d49e28c8d
182ad8a8d5ad0e2b51650f263bb2c856050b885f8b011ae9236139127463d4ce
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
18b7996dd50dd01d9c2ce88b8fe3c932cf35e470d305f80066615a7277224cf9
18ed71e06dafb26fc5115e6a5a7144715bf8695acdd1ec587ec59fca8e0befb3
18fafee2883a755b6107e094c19800432b5f57d90c97f756b77db2d399b6b4d7
18fc5c46a9499aec4202ff46abc68a29e2d551ef6607eec3016a886649d7bb9f
1a5a56e5082360b341d768c0b2db7f2f12103af0c119110de520e1661a890e37
1b181931d4d1611b145f6d7f745f462b4c8f3cb4b606bdb5d1f3d4cbf782e9f3
1c6155147565f6eec86ba75becbde33f1c4583b87fd45a9eb5feb802059aaf96
1ccc80a7ab5b8160e07981e57c67bd53a193a1b0db3579a2959f0151a176d6c3
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944
1d00088c97c264d27b72f3dfdff229d3b5b82d1934715f24cb69caf0f9e0e186
1d3d9371f391f9903560f7c55967fe26f0cc514baf4e5bedc9e147a92076f623
1d84738c2afaf595ff5d4921d8dc6bb5ce19a7b9c33a6c02d8a35ff80611cc87
1e8a1d80cf88da3b776376a5e64c4b1f1beea27348a9ce226d60eaa4e661f52b
1f7b823bd59de50aee3cd5a02e584a0222de98b138a294c8c87ef8dac0c85089
204fd05601f839df43dc5e7d79d891465459a098fe7db76dd54f24fc0fd8c17c
20f29f5fd1ac3d3351bc392cac3035810704c575d533b1b572280ec3b1023c10
21002478c2b78b6afcade844728126fcaa4b525482e3c89fd094f4f5338efac5
2154b34bc0f6a1eb89ee530e36dfe7ed28abec06fa931e1838a00ea8bb2ee7db
2178de4e69e10d3105666c8a33d1f2f046594c48cd0140d5bba102e357d38d82
22138756955be64bbacc416258c5c88ec051f9946476eb53ae7adf3cfbc2d7c7
228f68a2042a0a497328a8dacc35a7599e5c252751ef2d78d61415c79b253475
22aabf6373bffc83a3b7ed986da18b310165b62cf9e82be4609b0ada5c7924dc
22eac0f9b2624c1cfa0c4861b32acdd4ae8f43153fdddf2a9dfc3c4d2b5e42bf
23dda07bcc257665b937985a24a105e5e759cda1bd2e277a0cb43acbf6f92f7e
24c0e724005344165ee0a0ff4c96a914e174bb4caa20c8a533fb194d92853e95
251feee5dacd7cd6acb23ff9f266b3a4a5407369b24a56b97dc041ccf918adc6
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
26e733acb42ce7ad4968295a82b5dbbffa0366c193673c7913057acd5f4c22e6
27481e155c01313f0af43c4274b2beb59d0efc3ada6c92cbe444f47ab60afd3f
280fc9555c09e72e62967cae69bcdf44b29f549b5a8501de64fcf2ce8f90f1a4
283cb92b36724bf98757e865d294d5c654f40790bf787bd54d075dbde382ed52
28c8390954a2d8b9c56bc487aaa483654f95de53774f768f5f71f9f696747763
290c1e8a0d29b025714f4a0917c05ede5e875023b267627e1ffc5bdc6b453912
290f6707a06ba91d68d6942f3103048a77070723ad53d467595b7c8c4d452753
297577d52fce5df45a53b1d2e06469f65ee1dcf2e9bfbc8e2f45dbd06a0de8b4
2bd23d1a6781e5c15a107f6d5e2fd7b55ae061d92180e3c9b099ccfe6e2b7f01
2c8b8edd0c6cf5fc640dbb8eaadb46ba305bedc6509d3572a0d954e5c2401258
2cb6d99c8ba2262a4d0c6d0333a35b67be6d4db6c5a7d2c4a9cff74e5970e4f6
2d0ee8b9f5976ae2dc3eefb7aace301d8540ad3d5f01c88f5049b3b7257a1d2f
2d331aa6b828c62a1f54eff3bbad45c06409ef97723ab2c2f2c8782c4945d1bb
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2ebd8f4b206d3cc70d859e3b0c7dfb47e21f79b0d925a50a94353334e8c72e5d
2f38666c1bcbdc06bceadb1a880aa37bd3a7d9b66a754ba0e12831a3ded3c87e
2f4209728b16afb9f3683a4b508f9ed23e3efe8cefbf90582e654e3c7527648a
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
2fdcbf37737e091dfdab0eefbf6a4799b271f3a19ee8dc63948a2437e3639201
30506caf1384d5351f6b9935ccc9a413ecb55085d4436942a0831da922cc5858
30c48eef4e305a1f7e77d50dcac4b5f7baf250b0d55dfbab468db645bfb13c65
31587e73d8fefbeffa99396d52e71d899dafc9eb0481c82a04c79f94abd4b27f
336e9badb32b4ce8c15616c6001d6a21640864ddbcfad231b9ed5dce1a323134
33963ee4b83b5c6dfe8a85b098f9d4494b85955de79ffa0e038bad24730b2d0c
35ad4e6609bf8fca3cdce5a7f72287c1f13bf0273b617bb889110aecfdd6e644
364dba85f50a51168ea3546c4d4afe233c14f89bf8601326ac0ddb74de58b744
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
3758ace5d5cac4c164c50181eda5cb13ad48bd8459f675bb15ed253099db6a73
376866d4c7ecc85ce6d2bf55e5ced6f6c04d42ffeabd6df481a6ea1f26d83ad1
37695b90f89d6b5ab51f8065eb7817a06f4d33a93c609527af25f28b158e41da
37bc930c63149650677d732eea9526432bd8494c55737f45c98e7f8ad7c1e7ff
38ac9778d920c87ed6392d0e0c6212d7c8599247f2bfdbf0d67be2439cebda26
38dbb12dc6ca6b496abbe0c1c53c9c59025b3f8d034034019d13d15e89fb7e96
38f2a2b2491586252bcc4f23bd8c59995f8071d4dd9f822346a70f242d38c50f
38f467f6fb3a06b5cc50143eb9c394d85b1e26b08d10e8a6f0bee260b186a288
394fda0fedfe1b6a5c689ab09546a0977d792554bf75a084e24e3b5b18fb5eca
3a03eec8b6b8f7367f1b66ff53ac880713e88c910b739e00c7c022534c179e57
3aa91885b9a270b8900d2d5ba7db18294c8b537538275c5f504f8dfbea8fb212
3aad7d21f3d77a1ae3264f8832c657b647297ae5842e1b39770ffab44b43f0fd
3c6a317de62b191e13c07554d6105dbf080156ff5714e07b0076267927ec7ef8
3c7574532308b9ea79c764050e9bcac51461e4702f4add462a4be4e87bdba0c3
3c93cb8a8f35fd7c904e52ab625b1b6c178ff9b26a31c6b687381d0d5efa56c3
3cef1864f3b4a587c446729a5ee0eb8ae906ec76154e956b797e467c653d0024
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3df2935c0e6eee02f36e332a4fe389b7fc2e0ca58ac9860454a3b43e34d2e7e1
3df532ff80f07cb7f516b1d7f6adb2d0191de269b908f4035c511c0ec6edf12a
3e494c4e50d57258c05828976a2e2227fd3642a49014f99c4424f24fc745cea6
3eb04489c13678776c984362931e30bca49656f0c94c650003add521bae4d214
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3fcfb80ce66406ed2331d9044eb58c93edb2c066414c58a556c8ed36059959fb
3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
40abb455c5f030c169100350607c18b9ee33c9e3a80b43280f82f02c53da7d09
40cd7df68cbe856d56b555175a9b3ba5382cbf14252d3d92dc93b4ac5e553a8a
412c87761949b5617d6e60ecce2c0123ac80b61659d9e78693716a4f352ac8a5
4139378476c62d20c3db92a32758ea163ffdacee84448d13d6b4253ed9c42e99
42d482c7c58ae16220c008377b524229aeccc29dda9ce36a8729000891b90529
4565493024f391e68a8d57d175ce092b4e38584cceb5d29c7e720e97ceaab9fe
46115bf32967000fdd7f073e21ca5559126a7c078635eaf29ae4b68e929e94b8
462fcc52ef8e307cfd803931192a5e698894d38c6090ce2b030364c1137f1655
470a2429c3042f378756072ec008c3e0988434499cfd8c211f59ffb9ccdbef6b
476d9e48b0d5a604dbce0921ef4c0a8f8e44e265ef52faad0031cca0449d066c
4842e7f28ce31b8044560bb63762638d957dae394c1b18b24808a2d459886d4c
4881c5df7768ae1b95e6644d690b41ee9625c1aad05a26f50121acaa3d622f22
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
495c24c12d1bb51bb64e71fcd4c8aaad086516f6fc9fc0a428f07581cd93d6bd
498f93c96722a6c58cf4ed38e8433ba746b9eb84b1dd8657f90d4f3368e1ba82
4a299099b75b286cf5db67bbc8078e139e0583ac2f3754aa64d42ef9699cf7f9
4b53e11670d6f95a4288897fcf924dc85dce175f12e47a5fbe47882d27f3b410
4b55bd455a5cf8e7a113f6368f8fbfbb27f5b28274539fe2b9743b4d768bf862
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4bd10fbce80218e264cfcafae75bf1da71a3ae96d9de503e54dc304783db6bf5
4cb6acf0bf8e1fd34a8d0c858218f0437ea5a200dc62f6e5032655063fac4396
4d33dcc40cabce0eff3da93154276844cbe867d042d96361eb9fbffe6350848e
4dab2e9fc859a576e69ee65d521505331516fc987017932336c6f0320eb3505a
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e1bd638fa820ac4bfab62f46359224ac2508d4078c1689e188953ad16535160
4ec827de5fdfbe0be725d2c49017ca62623f23e7e62ec7551773879734b2c2da
4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0
4f849964829fd3b4c871cc51da397cb65407cc04c5c52446706fea3770f7a616
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
50b36fa309b42e6249086a31123186ee05a6ce3083caa7e92225d7998492e78e
5136f69023fda514b989f357cee8a4470cae950d10d220349c879e2e32021ce1
51a3ba4a2f427f07eccb24abfb8171df563653af9edfe2c7528476df13a35c9b
51a712d2957076df698a5f02ea182033646a763e13d8295aa894bf939a5e1b87
520dfb8da3b0c4e6de46e4a0fb2cc5f0cf1e4d57d7543a901ae7af3aea561742
527806da729fe373b7f2f19c243d607a75627d3d83d05993246963344f5472da
528b6b3e8edb272a61e1d3b10f11af0d241680684143fb5339fa2758a3e65187
529ef3ccb612c290f158a145e690b46ec44ac05cb500a03af084e2783e5a7b9b
529f379c0603cf67345295a28ed81a391f9ee4d6539a12dda9006218a6c7ea4e
540cd871b3147af15c55f9dbf4664077fd0f235d26065b5e483bc5b8cba0781c
542832cfe6fde46c5035eee85d3812500e328658c4a44d82e0b1205f19f54c65
546b8869b88859756ff82786ef4b0685b86fd43d472714b52e85a8f1eedfce09
54ce1863b3fbac5a6b022b21a78342b2e5d6b164e0c9dfff89f4db94a81e72c6
55802712f85cf2781a137429ddc30a61771726237064aa8e6a0f535f29400048
55b0063e00094dbd7bea39b4532f57e20d0aab4e056c1ca590b2ad23d8431e33
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
56ad679ed3e0df1fcda0d2e47c5c71c31d2f7789927e7e720d46c8fb7a0fa3bc
57e00473f36ac34e67b9cd90ddfe2ff360eb4b1d311d3409b7302e515a86fbd9
587e022b442a0d7013a27f5fd2db035e28a74318d44dac1ac431f124c615bb37
58fa324ebe557a2bd50b6d74a0ddca77220c3040ec7408f3542e666726592e3b
598e0134768c1cccdc20533b48338ab1d1c2036ed29a21a288773ac6cf490fa6
5a262933654f6acffd409a81ebf5505989db1082c0f956bd9e2bef955e7b92df
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
5ae2b18203325ac2876b69455e08e3eefa59a4dca46ee55b033f1fbd80b28b5b
5c82b8b6b572f425169ae715afb4e44980e654f0b7edcec732b5c626855d9ea8
5c8687a69edf6155266d7c5f9299a0c5ffe6208400cad4af5b341ab548434cbc
5c99dc27d465b2f8425daee704098e7335a880b4c757bfdded09721b9054d64d
5cd498c56d9bf99465d04e9d055c963497a7f1b357017d2a193a5cf7127a365e
5d73c629a08a3faad22380ac41516802da20b56d68ea713fc42260d7fae46b8a
5dfadd96e2181537edc66c954bd4c123563a66316d92cde7a48a218b98df6980
5e4bec29408e5174c818a5e9e73e6ae60fddaf8421133d5f6c20f33b46f06e6c
5f5705501eeee95f1d95bb8fdfd1852692b45e6291a7af03f277d70974d55315
5fb529c19901bbd359388b88f002b43f09dd24e3d98474a47eeb54c3c3d5d98e
605822d05bc1c4865f2d187977c950f8d95c4f78ea246c13cd0ac767a43f184b
60ab0ff2b1620b48bf9070ab8c2485f09c4516c6246f7170053a048807ddfa5f
60f50c44fa576f1fde6d9c7b2f23683f357805c4362374fe050f45cbe24057d6
613466f187839be97bc9d5b0afa4cdb17da0a11dfb91a212196127885be01db4
61c1317e433c125a2ebbbdaf22fc3a0b3606bcb0c9cfea151425adf7b5195f48
62457d638be3e06c580ad7b9d6bf7c311cc9b860c690c8fb4e865184300af074
633cf87dbd91a8d5fe843d891ef03e3353441011c7991ee0dfc200edcf05cdad
65c2699d839960f04dedb0f3811eab8fbf2635be1ccd2a83f18d7d0dfd443861
661e00570c65c29528d9ce6ee19e5e9939986716c293def67b07f8b6a191b018
673aaadf5ccca4681c2023a6e76f62c478be94fe3b1ed05f3126da067e66f50a
6866506e3962f102e74f334d9836c576267a96b8f4ea71a30f54dadd603215b0
6a0d0c84d6bdfcc214c1486c2a703b71b4aeae6630b50d59fca181f3c4ffed39
6a4b351e12f2d5ed3f7848094a2040600ae1fa3683e2cc7b8df1574e32d7bbe4
6ac9a1a3b1725b786618bd348f9d053bb2f2169abed23e14127027a87abd9e1f
6bbb5b1f902ed13417f917a70c47094824e51cc217508d994864b8b5acd3a387
6c26f61cc0554cacd6c543b5191a76a875123f6b4c7f5035afa5ed66afea30ae
6ceebbb0cc3c9f4268c91fdc8bdb86b3f2d0c6d8922b9b91bcd3853eda2dc667
6d1378dc240aa3be25758d5ea637cfbf5e2ba2c4f550a6b54380389cccfb7622
6d9dec603c435256d247bb380d52ef6ba15886ef05f83b9c9db71c16ae2bd13f
6da64a45aa3469716a012b7799faf461d75eddd9bd5b5ee2d3772e9f5470108c
6dc0e3aead945b6160bc87da5f4d8fbb043dde5d0bece2aa426fa01895c9e358
6eae5672fac3b82abcd1d3a2c7e578467295025ba1f2beefb88e1ea6a03df6fa
701f3f36af58702b039602dde440fc697cef1d1ec676a0fcaf77fb740d877a42
713f16a7a520948bbc170fee27551a21eb2262f86185d3628a4260babe5b26bb
715b046cb6ee42f460d43f888ceca495c6360a0c81661efffa8356acf63c8eab
7173df27cc5672e5656e16ecd021970ca3fcb66355a04666b080338e08bab1b8
72271eafb4ed653a685aa7a6ba78712514a53ce7a333c434e4177f42e5aba700
723e78e1433b034fa7270ca4694c923dfd72d416bba956795910c1966d224685
72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48
73abe1afa880fa2e78e3142ce83a2adb17e4321808b0304cbdccc70505cf3dba
7487f996f5b1e689829a90f8cc0b610ee87ba076abd44b152ba0f46d41a87cca
755f523709079da4414451ab80f3e5a4a19464b665cfba8bc95c25eef38973b0
75b6c2769344e3789e865ecdbaf2518a2cf68eba19180e049c28807811032ff0
75e801b453bd677c68d4af036055b3036b8fc0390a76bf4661ab50e22b1137ee
761035902658487ed48be0ff2ff82ec2f7359e4247510acdf909a346835420e2
770caf20a6970edf3c4af368145962743cc58ed16d29ff235c758e9788d37b50
77bc4ef4192bab3ec5ce1da2d2766dee8535c661601c525d2f6dde836761db4d
7aed8b4c692023a769c401ed30334a3e13df2666af94456cc791f80709d24f71
7b20d395c268efe3267739b189c0490cd22f82f2c58f79dfb58ea48e9fd9fcb2
7b9c58f9229f610161637b2fd1d0c4f7ff724ae4f1e01c72f5f3803e816aef63
7c171fa5cc4f523932400246396a39ba81cd47e4471f53c422bf1efdbf6b42b9
7c407ab078a5e62b3a0002b22ebe856e96774039899296b2c7216a96f1b93c68
7dfc2bd2e4f7df599d5706ba4f44dd6511a78e111fa2e7e9651683fbd0a75ef8
7e5b4dd28e58e76dbe83eb2b357fdad7e54b85a9def9bf953063d5970a91ee6a
7e7e72eecf6a4fb2981627eb8d15b947d394398db4e67c7ca7705749cdb2f832
7f31b14f37f032c7279542755b98c9b06ec9bef250814dfc6594749a7b847cfe
7f555674a54503e3367276168359cef065eecc75f1fe436ac13bdf3dfd65a970
80cf8f4cf211404c565236ae54121f8e349a62a14b2062792148d22b3e92a2aa
811b745c41f96db66203adc66dbba365d1ccc6efcf1aaa1f6bd4a5a85d0ea7da
81cd29d1413ecf75834fb3ce1da572fe5c39e53b22c61f5dafec5b14ed4ee12e
821262a8c32b52639f97ddf4f34c494e82156651752608fa6a23ffa3df2f84b1
821f1da7e083fecfa53125a9c92950a3bbf8a8f822538babe4ef46a9db28d86b
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83bdb180e301e7623fb9cbf2f5459a37476c098ba3c86baa0eaec40bc11083a2
8400e8a1b689a9eb488a65e5a044ed2a81007609e673b1c15a4d9c6f762232ef
848e277d731c7facca38dadb49fc8cc914cb24ac07d32c8cf1ee7e07bada8fe1
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
84f64dbbc75b4cedd97e18b4d1407e58e27fb9cc17260d77ef751eb932afc9f2
850fbbae613b70efeac33976278ea4bd2cd25b0d6a467e3dc7b0c7c16d1f6b51
851df1e77053b267c4fea90a25cb9bc3c7b76ea46fe73b09b9ec4369adfb3207
854e6ba65ab8f285ced9f00c27605a864c5b4ae0e1fafef8510dcb3e58b1b5dc
8630f00e681c4892ce16a03698e5206f5fe5f9edb1e27e57da76fe7f35ed202b
86b1c8feb9ea31f91943cff27e9e9015c7a0589ccb9dfaaabe0d6589d8b8b16b
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
881fe15e3ca0d042c4f4cd33a54368fd5967f823caa3dcc54bdc2e40e882d5a4
88d3fc154c3ed0e8b688bf7d6fb47cbfab615d846c05baee8c6297bb9678862f
8a6984edb82b77de1067128bc9dd73bb0a5561435fba73dca23643c0f99c35ca
8acf96115cb55ad61bfdc24b7918a946d1b983ac14062a584dbbe8744021430a
8b88ca4a987d6c5299031cb992fda2ef3b2ea67f56b3daa754b3ff65459f7f91
8c0531412c543b9bd978e29acb8f5cf330db9891115d1e9924519d9a675b7b74
8ce2fca0f90a789d62dd6e570014610bb2f92fc293a9273b9fb7149a507b57b3
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e16ad2005bc4c19f8560189ef6e7b7475f2b3def2c60a57f9041fac5b4f94cf
8e7c0b0b1c36228ba736e564a00405f72bf3b6bcfe6ac826cde2b6b9c14e55ea
8f4fafbbe6dd314e4c6d3586e736ae6bec8c0f274fb9b8e909dcbc24345f66c3
8f6e722a0211238724d4af2d9a864ae302e3edccc9293215100e6640d0da21c8
8f93b921d7be261a7896a0697e5cbeb9e70c855b589a670913e5c6fc0fd9f8c7
90503cb0e7fb4c2f66e0bdce3b391e765608eeddc16074ca319dbac30beb8dc6
90804254f9fc817e1f345555862b6283240d9b029ebcf6995a7e24d87a0b4a2f
911a9cf2ee5779d966509e54292e77feaa5c5b3159208ae7e366bf035abf0c72
918e83a51c2983f0bd13783d3d6f8ebd3151e6cf3208e3707747969f6005661d
939fea723dad24504f40faadc34eeffadfbbee558754f70c3c736e13786b0ab6
94e8b99f224b394ce1a5031b2f1742c551f635eed13a813716a475d8275f46c5
955696319cd574b432a5a7c91fcd831f4019438e0190360df97d80a4ba72d423
956fd70c10d8530b2739b87baa54e77212904d582fd9e9e615eab66692401908
95f717ce72335228a06266f102f1913a322d2a4a1b48ff33d90dba734014cf6a
9607004f71880b31a3217599ecadae6214e7e1b00af94cf0fa6849f4a23b0f04
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
98ba026cb7615f66ecfe6a9df98de77b9ddc57f89bbd70de34d9ac68b57d5bcb
9911b5bbb1576ae78b88bc49968db2cf50ceb05657cd6c5cbc36b5ccc31c693a
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a532c230d6c65c8f317e027508ba6f387c858532186c8c45c3128dce3b96fae
9ad0d8bf9e4659eb773ec937a69b25c1e8869b17c43acd258f01e268f0194088
9b76d3239fa83b5518e0dce52b9a66ccd369a5917c2b3c69a6b7cb7650fd8f59
9c454254e41f5ff111583251f149649ebfe67a36438522efafa11630d60cb9dc
9c4fa7dd69c1911559d75fa69d2a0a9a6d6dfaafa36cd210fdab82c65f58ffbf
9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc
9e15d161fe141c29bd327d419e9a995f2607a795fb0550ac2d8c26c0b077769b
9e17860dce93ca8dafb93b33e14f7980ec8cc7e380f83690aebfdd2e95d20d21
9e242a4418d71693d7d5f18f73911012cb9f4baf849675c301b8dd8621dbf242
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0506dbe24d2cc1ef6da5dc0b498fe2294eab9b42565f466f6be0e01bdc2ee8f
a075f70fded517fd0e6d19d0d3211391cf19706633eb386eee5dfce5e80258b8
a0d10de723e93daa9946aa1faed25837a03283fa7a8135a55e7436c66797fd6e
a123d67ce76c56271efcb9528ed788057c979422d6194fcbac78d5337d92236c
a21b3f6c49ca19ac60a1b22ba9b7856b10bb85db1ca36a26084ded7b16e83a1e
a26695adab8d7538059dd2a25948c481f5a8fffefee171985a305f9fea9dd628
a26fe0ecbbd8cf732c6d12f7cf2e81ec684e91348d5f14c025e25f4694488c52
a28240853844175fdb7d073b2608d0a8e7b6b7bae27606b0e64f40092f84a17b
a28b9871dc80175bbb6cbaadf100abc925d5e106f0254c8f8a13d34141d90bfa
a2f08044e447af98626b1672ab467ca07ccefdfbdb6760b2a2e5d9210eb7e1a1
a3c92e8d35e4e636238e577da8cd44aaf8dd699b719e4125ba0029330edf6907
a41015d8c03b237c61164f25186a13e6db4184d0520763884a0bae3ee051f54c
a4304b6c8ffb1f400068f7f368726fac43fe2c830b936d0d4aec9fca690e8827
a4478e3b1eb1524f8f11bbdfc4c2fe1f77239f674f1c100aa08197db6f8e13da
a563591015d387f22841dd47f911622559f930cc250b92806e74d7954640db2c
a5fe9123a293c6f4d6de2a70a6a3150b77bf26cec25ffd667555d4d99bf93734
a6014f6b98eaeb6078b9e1c953c61f33af95d5f4866d89a416d01b74a0dd6c27
a817136f337f55a6d5f791b8e0fa20fd212997c84c2c959bbcaacf43aabd30dd
a82d78a7fdaece20ceebee19121e6442cbd352153c0cca236efa6c63492a636f
a93443e298a72a6380c6a1f8bbffe58cbc40531cbf9ac366cf685d8526047fb5
aa121f9bdb891acdfbd269059f7c43ffe2897eadf84edcde869e8988d6986743
aaaa1d3d000618b91ccc4a906c85d9024a484484d75ff5e7381abffb12cbdd28
ab15dcfce68f4cc0d56e44f9015387cd7f70e7ec29d5e822d1cd67291c193282
abe790aa0e0894acce4dafec6f2c7fd611f85058ed1a8966a02618fed1e1bdb3
acef6297194531ba63e430d42bac9c8eeecb04f77635e26bd7d56a422b00f224
ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910
ad7f89bdbaa98f70229f2ba5bee3342c521031c5124913cc5bda010afa23889c
ae60e3eb6ce04cb0da1776381836fe2b2f490170108a48804d5ee1c96a17bcc5
af05e017dd88ad6e1595f8e2bf223fbed26e8679f0fdd257653dba09b6325af8
af879c7b3bf87c37b7d021d03b6a9fd22162d5e5f1e1104a2725c20d9354c56c
af96fb1022b60847be7efb9f7b474be73fe1078e0d1983c03f12dc559ccd7900
b08554493186fe6b548ef5034ba2cd5e05be504dd8ce31af8071efc4fa10a32e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b14e828cf0e3d31af68db645e32ec8c04a113529f475d9d04bc9d1bafc67c626
b195577a9102781d4aaed936306a92b20d5cb9097a04f275d0127fa21c77fe16
b1f4247657f994f6c9520c982ab95f953ee1c052706594d74f521cae670cf8be
b22a3bcdf8a356747426feb54a20b0d5c1fc5c6ea6f26ea68d58e8da19710c82
b312c55e3afef18f18cf6e7d3e97e7ab879ddf6c72228270a558bc25fd764c49
b3a54a424fdbf1c9d52c4fbac6d4af3c6121c7e43fe7ffe3f181d926935fecc3
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b6651b105fb018b7826b6a23182e4d5f008abb46bab7a05df74cd222868aa5e4
b7be4acff514395180a685654bf3dfa66fdc6e2b64f069234f23520fe94e4240
b7f209642837d07048ac14287762f745ff51f45ad8dea00eadd5ef1a8296faa4
b9c429d865518a5a7c85643a7b1210c7bdeacd0443139dd6529bdaaba51971c2
b9edbded417e761fc9fdafd4e3a16ff46d95b98de1283dccb28341636ab3b541
bd21683a4257c1dc091a37946efc4d97148a9354ef35f8a0ffcf511f680bfd62
bd25c5ae4b8c35d8f63f204795e5006ab377a2d2046e099d4cb730ca2845a375
be67eea9de3ced69bba3b09297045d6078a92d9daaf740a7f326fb77fe655a33
be9f2d9cb8482e1c499eced37fddb8d10f8436640c0d6d2637cce900448000e0
bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a
bea94071903f85e6924d728112f2820c1af0792482ba5c4b1969831abcd4d7e3
c02444f391e8655e79ff8d7d4cb69c3426c3bffbf8731a994fa23aed0f641d12
c0c38130ff41e5e893df422a1793fddef49372a187487e81650056f3c4900bdc
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c2a9b113240cab2e986cbf450d9e6ac905e25f87367a5f1ea1006e4093321858
c2dcb2c191e085f5df265f13731da2d94f93e01b1b45b1c76a27830b1540eaa5
c324ef26b20264369e4568dc9ef1c5cb1f325f6bc4e8b7c01f7fe93fa353276a
c413abebd13289f215d61d2da266a20ff91001195265f50f6641613cc8033f98
c57f2303bfb4791033fc78e48288eae3bebc82bfbf85d131ebd150b95c645708
c5edb3fb036e9efbe185084ca375d6610d49e9eb5956ef199a8cdcb6e53dac2c
c5fec6f257a42c2cff3dc6c89a21e38e43f9612c3314956a7a381acd85ffb021
c6703af5b39c525d6f311c56d0d5883499821d42f4f4d9981fcf705c7f399bc4
c6c03997b64ca05535011e8abd41b7b8ac33489180822461ae86416ef50c1374
c6cda3436804b8099a3082f03fba9dcdd129cf207a23a987544859a6d37f0b60
c7de156d4be91e2d9bee459c8c591203e2dc095c8fe4ea755f90ca81b7adbc68
c9406a92f81fad251295cd64386a8bb62ee7503f589ae1b96893faae2f4fcb18
c9f3f1de749ebdc661397061a1d8c0680bc294c67d3da4ac3b96f731b7f3a6ba
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cad8a51e9f1a27c09ae39601527334154f9a2fac6d98f54b7fc879a7cd00fe29
cba8862bc0eeff77ab390c0669021b95055e809f226aa0e7dc438d79e3ad399f
cbf2228ab439f89b83feb79ea549213521a81212fde9ff67f9c73d002d586198
cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981
cc7cb4870d124b6917f9dd5d7b96d35152e969f625167c6514ca46c882c9f867
cc864abb41c86e49e704fec2863474e486d512d4bce9eafd9bbe38e0a1e4f8ad
cd0038772a98bda5ec58eba7ca6dc699314b866e14a3a5f45921847d033873f1
cd185bb0d2973a323eebf06dfac5a506a76dcdbcf23e3a423e0dbe23e6260413
ce02a171fe79c0155c0e09b826d4e6542ab09be711d05cf4d75d569622a9d24c
ce913d1dbc1af35278c76a34e8e9570b60b5f96bbc0678fe2b5daef8af684dc0
cea811df3afc0aacf5e9c953fdb662ec3ec8b7cbd230a734b75c3bec97cdf936
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf5eae9b6e5bd6950ac80f57a371e22018a2365b4a45da74fd81da31caafd3aa
d01e3858d850c67329efcc30054e9e19c45261d7aa161d273002795f05a6db2a
d04c68b0acb56088775cd5b97bfe20f3ef52c4a2f6a15768ce8a57ca8cd30553
d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f
d25986066398e3e454ef1a5289e09fa67aca78bf7aaf5b3c175e52c691706911
d2802f441c418a4c34b83d6b1ed5e23909a388942d333247fa825300fef9f67d
d36820c3fbf93397166b73c524cbd7fecfc48bbe8cb28154a867c6e9a1c04ec1
d3a6d0c18f6887f771aa3cd51db375e7a9588e1af63801cc100cd9bcc5bccaac
d3f2ca6c3d5bc6862a06c7cf8936ca743aa8fd58e3a280a6234b22d639d406c9
d6991279eae2871ed40b1bd28e6d8abf361884b417ebaca3b8f6d4fa2859f657
d6d53d1a606f667ac1da7ba9862d24214d9462b7e4dad2c6c3a830fae348adb7
d6dffe998d4d52601dd56a1666bbd09f6926bc110429c434402ca7a814080808
d781e072f4b3d0a9bf988ccf26fea3f39dd524baa8366a0b1bb1cb8b99ebfa2f
d902095fedb70c98ef504ef4124ea8e19e5bab24581c549c955f82a8d071a2b6
d9bcd6bf5b87dea03b0c9c45deea41cfc5c82ea7c29599a9ab860d000025b3d0
dcc5f41d1dc04a19dccb2061dc9572cb46c1c19dd89cb5d910752020fa87e791
dcc84ca2069873bf863e0b36e587fd75731d689301e628c13156550f61689722
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de3a7ca2f8ae592aae2652335b755b0d0b65df663dda8776387cae7339b76d64
dea8e5ff2098d521ee54c164efcf019aaf45405a36ce852e5dc147ce26d62d05
defeeb5e7e24d45d30656b2749ce472b32d8dc6db7b7c1c606559a728565e3bf
df897769764af3805b237a24b3d08a66cef363207c1c8feab17fb019105938fe
df9230f9369d193f3f243be620398d0f25173a7ab3029500aa9abc2a9d61d2f6
e013449f27e8594668a9c9f5421f68212b340bcbd6a1fbf2b3d1a4b038fc87c9
e026a04742259a11a959495ef37bd9c278a0c8ffe757e8ded89eda1ed2fed77f
e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd
e12b873778cd8156e884f100f562fa3335760a1aab35c4924a9200018342eb62
e15a095adc9899b592ceccdd4885a3be3674a6bf6ec4be762566360424deb1f3
e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789
e1b4320ebe529057a2d44d4da1ab9cfd5f41c53d0287c0710b852737f3730d82
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3cd22cdbb542bb052df36533b5bf3b6854c7efaf87364005705f91a4ba15b4e
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
e4a0af9ab2a729402cb4e43e79058c174881a7ed3e0a5af9a4c282b9f7356379
e5ab43225ac152a3ccedc47805832907964a16d829ad97a4c5b5423edc1ad3bc
e60b46a0572a4ec2d8af50c44ad404d5b6b0209709192bcaefde910c61030856
e6706ad7dab8c9155c0f17f80b6fc3684c2b453c8e2c72f7e19eeb7e74700346
e71f47cb1a16158087ef695d4d43c7e8df57daf87a8efe283acb833674176f74
e77fe4d9c5ee6008ab476748220e440339dcb26b81235cb0193f19c60cbb9a5c
e7e65f5432de604cdf476d9ad55a2af5a933c715c639e4c36847023a3446f1ec
e812d9352f690aca3a55036c76d1f2004c579dca1f3d2c2613870e309d67806a
e8d1e46ea1468f8e26db5ed0036db0bc60742367cd810a23aec189f24b95ef4b
e8f202084637582b82e40a8ee2976c15a4b7c13d92275a98e015359a35fabd46
e9b342a582a08efbc75edd137b3a987b75df1d9880483453c4643ac40c0319ff
e9c9244f08810a7573b16fd89288d4587f617de4c005b3e4d74ee034b6dbf280
eaa8d3dec2f2073ba4c8a4831a518e613ebc9cd8addb4324c1356f245d0ffd5c
ebc787aad93152bbbd5f7453ed2f0adb36e460d52dcf5e56a2f80225458a0696
ee369c8f7dd10490f8e953abe81efd6a22e6304175f40699087c4b09a9edd0b1
ee95c15b1ce2ea679b316e9d07d5731796f2580d57595892ca614d2468ee7897
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f24007e2fd5e6c3c6ccecf1155e6955c9629ce2a0c4983e39a522b8f877597e1
f29f806b79cdda258633f6e1418d9405262bc32d9ab653b985dba538ae949a95
f32c3fb3f4c03c063ea4b5692b9554ef9bbaaaff2814b89134b7eed0a1ee58b2
f44940d0ac1b1f39f3f8a46e8f9c8609753ed85bc5bd0476634e0c452d8e4fe5
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f5b842d8bfed36cd7911dbd129c49eb8fea5ce4ac4a6f34de804c9cb30983c4d
f6428ae5ab56bde526b758d753302b7e1b4b4b6afc3f0d2c48157775d9e7411a
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
f9069e765fbe398f997add12a68cb2a29757379a4419198ef6fc3f627a06011f
f9699b9f521b1c637bb698eab0017f2670dddbc21660ca74bb204a52b34e68b2
f99aac0c68a9d0b85193e595e030107f2f8eb8bcd688f27196673e4180f665da
fa13f2a7d42e023c8b7e6158197191b9e412805ecd107e0e2dd13b73f5114c22
fa1d20086d91a06e527624bab69d2b207eaad4d4d58a8ea4d69d7ff2e8cc4e2d
fbc0764ff4cfdc05a298981d9fa4495c9ab18a6067df5b568a737d7bc113d229
fbfb7faab263547f7b57f9c770852ebf4d5f752e921bd1da15f7642f3aceb4b7
fc5768cf98f1a441e0bd74aecd45b657d4d20195635aacbec87e3c7c8ff609ca
fc9b3363304583874d745495a9b0482c4f7703d036b8938c200ebdc4b6da8b1b
fcd15dfc594a9ae2e2b3a568ee573f71fcaa511b0ba69373d5b806ee6b304420
fe941daf7fea60fdf40db6ff4bed148bd6c42183352ab403f709941e55babb6d
ffced4e87474664ffd30ca0b6d928d9741d02ac09ab1fd6257fda0ecadfb46b9

kresy.pl Open in urlscan Pro 2606:4700:20::681a:c9f Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

1447 Requests

93 %HTTPS

32 %IPv6

98 Domains

148 Subdomains

112 IPs

12 Countries

29618 kBTransfer

53891 kBSize

124 Cookies

19 Outgoing links

Redirected requests

1447 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 10 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

kresy.pl Open in urlscan Pro
2606:4700:20::681a:c9f Public Scan

Screenshot
Live screenshot

Full Image

1447
Requests

93 %
HTTPS

32 %
IPv6

98
Domains

148
Subdomains

112
IPs

12
Countries

29618 kB
Transfer

53891 kB
Size

124
Cookies

1447 HTTP transactions
10 data transactions