Submitted URL: http://www.powerball.com/
Effective URL: https://www.powerball.com/
Submission: On October 06 via manual from US — Scanned from DE

Summary

This website contacted 85 IPs in 11 countries across 67 domains to perform 190 HTTP transactions. The main IP is 2620:1ec:46::45, located in United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is www.powerball.com. The Cisco Umbrella rank of the primary domain is 69199.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on December 11th 2022. Valid for: a year.
This is the only time www.powerball.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 8 2620:1ec:46::45 8075 (MICROSOFT...)
1 2a00:1450:400... 15169 (GOOGLE)
6 2a02:26f0:350... 20940 (AKAMAI-ASN1)
7 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
3 2600:1901:0:3... 396982 (GOOGLE-CL...)
7 34.160.152.31 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
1 2001:4860:480... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 18.66.196.68 16509 (AMAZON-02)
1 2600:9000:204... 16509 (AMAZON-02)
2 34.111.152.239 396982 (GOOGLE-CL...)
2 2606:4700:440... 13335 (CLOUDFLAR...)
3 2a00:1450:400... 15169 (GOOGLE)
1 1 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
3 130.211.23.194 15169 (GOOGLE)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
1 142.250.185.70 15169 (GOOGLE)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
3 52.222.208.154 16509 (AMAZON-02)
1 52.222.214.42 16509 (AMAZON-02)
2 2606:4700:10:... 13335 (CLOUDFLAR...)
1 99.86.4.128 16509 (AMAZON-02)
1 3 2620:116:800d... 16509 (AMAZON-02)
1 18.64.79.112 16509 (AMAZON-02)
1 184.30.211.26 16625 (AKAMAI-AS)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 2 2606:4700:10:... 13335 (CLOUDFLAR...)
1 2600:9000:223... 16509 (AMAZON-02)
1 52.222.253.136 16509 (AMAZON-02)
2 52.48.245.75 16509 (AMAZON-02)
7 144.76.28.41 24940 (HETZNER-AS)
1 2600:9000:206... 16509 (AMAZON-02)
2 104.18.25.18 13335 (CLOUDFLAR...)
1 23.212.192.219 16625 (AKAMAI-AS)
1 185.64.189.112 62713 (AS-PUBMATIC)
3 2a00:1450:400... 15169 (GOOGLE)
3 63.35.241.233 16509 (AMAZON-02)
3 12 104.18.26.193 13335 (CLOUDFLAR...)
2 6 37.252.173.215 29990 (ASN-APPNEX)
1 69.173.144.137 26667 (RUBICONPR...)
1 2 35.244.159.8 15169 (GOOGLE)
1 54.229.141.199 16509 (AMAZON-02)
1 184.30.16.195 16625 (AKAMAI-AS)
7 52.50.110.139 16509 (AMAZON-02)
1 34.238.207.167 14618 (AMAZON-AES)
1 3 3.71.149.231 16509 (AMAZON-02)
1 35.186.253.211 15169 (GOOGLE)
1 185.64.190.79 62713 (AS-PUBMATIC)
1 1 208.93.169.131 46244 (WEBMD-IDC...)
1 1 46.228.174.117 56396 (AMOBEE)
1 69.166.1.66 27630 (AS-XFERNET)
2 2 2600:1f18:612... 14618 (AMAZON-AES)
1 76.223.111.18 16509 (AMAZON-02)
1 185.86.139.103 201081 (SMARTADSE...)
1 2 35.186.194.101 15169 (GOOGLE)
1 3.77.247.132 16509 (AMAZON-02)
1 3.120.96.101 16509 (AMAZON-02)
2 2 3.127.179.56 16509 (AMAZON-02)
1 2.16.97.41 16625 (AKAMAI-AS)
1 69.173.144.165 26667 (RUBICONPR...)
1 2.18.160.23 16625 (AKAMAI-AS)
1 162.55.233.29 24940 (HETZNER-AS)
2 141.95.98.65 16276 (OVH)
4 2a00:1450:400... 15169 (GOOGLE)
1 185.64.190.78 62713 (AS-PUBMATIC)
1 2 52.46.143.56 16509 (AMAZON-02)
4 4 142.250.186.34 15169 (GOOGLE)
1 15.197.193.217 16509 (AMAZON-02)
1 52.207.39.196 14618 (AMAZON-AES)
1 1 34.91.62.186 396982 (GOOGLE-CL...)
1 98.98.134.241 21859 (ZEN-ECN)
1 2a05:d018:d29... 16509 (AMAZON-02)
1 2.16.202.74 20940 (AKAMAI-ASN1)
1 34.251.64.143 16509 (AMAZON-02)
1 37.157.6.232 198622 (ADFORM)
1 1 35.214.241.79 15169 (GOOGLE)
1 141.226.228.48 200478 (TABOOLA-AS)
6 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
4 2001:4860:480... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:402... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
11 3.226.127.168 14618 (AMAZON-AES)
1 3.1.235.38 16509 (AMAZON-02)
190 85
Apex Domain
Subdomains
Transfer
23 springserve.com
cdn.springserve.com — Cisco Umbrella Rank: 28174
vid.springserve.com — Cisco Umbrella Rank: 8463
vpaid.springserve.com — Cisco Umbrella Rank: 15954
sync.springserve.com — Cisco Umbrella Rank: 3893
vid-io-iad.springserve.com — Cisco Umbrella Rank: 10252
vid-io-sin.springserve.com — Cisco Umbrella Rank: 12876
vid-io-dub.springserve.com — Cisco Umbrella Rank: 12951
219 KB
17 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 98
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 214
ad.doubleclick.net — Cisco Umbrella Rank: 173
cm.g.doubleclick.net — Cisco Umbrella Rank: 255
pubads.g.doubleclick.net — Cisco Umbrella Rank: 412
googleads.g.doubleclick.net — Cisco Umbrella Rank: 45
184 KB
14 pub.network
a.pub.network — Cisco Umbrella Rank: 4768
d.pub.network — Cisco Umbrella Rank: 5010
c.pub.network — Cisco Umbrella Rank: 4734
415 KB
12 casalemedia.com
as-sec.casalemedia.com — Cisco Umbrella Rank: 3010
ssum.casalemedia.com — Cisco Umbrella Rank: 1490
ssum-sec.casalemedia.com — Cisco Umbrella Rank: 513
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 716
8 KB
9 googlesyndication.com
tpc.googlesyndication.com — Cisco Umbrella Rank: 157
pagead2.googlesyndication.com — Cisco Umbrella Rank: 108
54 KB
9 gstatic.com
www.gstatic.com
csi.gstatic.com
606 KB
8 powerball.com
www.powerball.com — Cisco Umbrella Rank: 69199
cdn.powerball.com — Cisco Umbrella Rank: 94765
246 KB
7 adnxs.com
acdn.adnxs.com — Cisco Umbrella Rank: 663
ib.adnxs.com — Cisco Umbrella Rank: 261
secure.adnxs.com — Cisco Umbrella Rank: 542
21 KB
7 stat-rock.com
serving.stat-rock.com — Cisco Umbrella Rank: 18741
1 KB
7 amazon-adsystem.com
c.amazon-adsystem.com — Cisco Umbrella Rank: 334
config.aps.amazon-adsystem.com — Cisco Umbrella Rank: 657
aax.amazon-adsystem.com — Cisco Umbrella Rank: 426
s.amazon-adsystem.com — Cisco Umbrella Rank: 328
70 KB
6 typekit.net
use.typekit.net — Cisco Umbrella Rank: 560
p.typekit.net — Cisco Umbrella Rank: 722
67 KB
5 google.com
www.google.com — Cisco Umbrella Rank: 2
region1.analytics.google.com — Cisco Umbrella Rank: 2714
36 KB
5 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 49
imasdk.googleapis.com — Cisco Umbrella Rank: 498
374 KB
4 pubmatic.com
hbopenbid.pubmatic.com — Cisco Umbrella Rank: 581
ads.pubmatic.com — Cisco Umbrella Rank: 588
image8.pubmatic.com — Cisco Umbrella Rank: 748
image6.pubmatic.com — Cisco Umbrella Rank: 967
6 KB
4 ad.gt
id.hadron.ad.gt — Cisco Umbrella Rank: 2033
a.ad.gt — Cisco Umbrella Rank: 2191
ids.ad.gt — Cisco Umbrella Rank: 1641
5 KB
4 btloader.com
btloader.com — Cisco Umbrella Rank: 1081
api.btloader.com — Cisco Umbrella Rank: 1150
84 KB
3 yahoo.com
ups.analytics.yahoo.com — Cisco Umbrella Rank: 363
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 491
705 B
3 openx.net
freestar-d.openx.net — Cisco Umbrella Rank: 15993
rtb.openx.net — Cisco Umbrella Rank: 912
1 KB
3 yieldmo.com
ads.yieldmo.com — Cisco Umbrella Rank: 752
427 B
3 quantserve.com
secure.quantserve.com — Cisco Umbrella Rank: 1348
pixel.quantserve.com — Cisco Umbrella Rank: 1147
cms.quantserve.com — Cisco Umbrella Rank: 929
10 KB
3 cumbersomecarpenter.com
cumbersomecarpenter.com — Cisco Umbrella Rank: 26734
24 KB
2 adscale.de
ih.adscale.de — Cisco Umbrella Rank: 3185
594 B
2 smartclip.net
sync.sxp.smartclip.net — Cisco Umbrella Rank: 13869
702 B
2 tremorhub.com
pbs.publishers.tremorhub.com — Cisco Umbrella Rank: 6843
751 B
2 rubiconproject.com
prebid-server.rubiconproject.com — Cisco Umbrella Rank: 984
pixel.rubiconproject.com — Cisco Umbrella Rank: 409
690 B
2 indexww.com
js-sec.indexww.com — Cisco Umbrella Rank: 753
cdn.indexww.com — Cisco Umbrella Rank: 1795
2 KB
2 id5-sync.com
cdn.id5-sync.com — Cisco Umbrella Rank: 1156
id5-sync.com — Cisco Umbrella Rank: 470
30 KB
2 ad-delivery.net
ad-delivery.net — Cisco Umbrella Rank: 1176
1 KB
2 confiant-integrations.net
cdn.confiant-integrations.net — Cisco Umbrella Rank: 1591
112 KB
2 optimise.net
optimise.net — Cisco Umbrella Rank: 5968
4 KB
2 scorecardresearch.com
sb.scorecardresearch.com — Cisco Umbrella Rank: 179
3 KB
1 youtube.com
www.youtube.com — Cisco Umbrella Rank: 85
1 googlevideo.com
rr2---sn-h0jeenek.googlevideo.com — Cisco Umbrella Rank: 87760
2 MB
1 ggpht.com
yt3.ggpht.com — Cisco Umbrella Rank: 224
2 KB
1 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 344
17 KB
1 taboola.com
sync.taboola.com — Cisco Umbrella Rank: 1031
1 loopme.me
csync.loopme.me — Cisco Umbrella Rank: 1165
286 B
1 adform.net
c1.adform.net — Cisco Umbrella Rank: 643
454 B
1 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 242
1 stickyadstv.com
ads.stickyadstv.com — Cisco Umbrella Rank: 620
697 B
1 sitescout.com
pixel-sync.sitescout.com — Cisco Umbrella Rank: 847
187 B
1 simpli.fi
um.simpli.fi — Cisco Umbrella Rank: 952
624 B
1 adentifi.com
rtb.adentifi.com — Cisco Umbrella Rank: 1274
35 B
1 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 402
149 B
1 eu-1-id5-sync.com
lb.eu-1-id5-sync.com — Cisco Umbrella Rank: 1145
277 B
1 richaudience.com
sync.richaudience.com — Cisco Umbrella Rank: 2114
1 media.net
cs.media.net — Cisco Umbrella Rank: 1684
394 B
1 teads.tv
sync.teads.tv — Cisco Umbrella Rank: 1584
163 B
1 bidswitch.net
x.bidswitch.net — Cisco Umbrella Rank: 387
146 B
1 sharethrough.com
match.sharethrough.com — Cisco Umbrella Rank: 621
35 B
1 smartadserver.com
ssbsync.smartadserver.com — Cisco Umbrella Rank: 951
45 B
1 3lift.com
eb2.3lift.com — Cisco Umbrella Rank: 434
140 B
1 sonobi.com
sync.go.sonobi.com — Cisco Umbrella Rank: 1111
443 B
1 1rx.io
sync.1rx.io — Cisco Umbrella Rank: 649
218 B
1 contextweb.com
bh.contextweb.com — Cisco Umbrella Rank: 602
617 B
1 advertising.com
pixel.advertising.com — Cisco Umbrella Rank: 1821
320 B
1 bfmio.com
sync.bfmio.com — Cisco Umbrella Rank: 1969
78 B
1 gumgum.com
rtb.gumgum.com — Cisco Umbrella Rank: 1656
211 B
1 quantcount.com
rules.quantcount.com — Cisco Umbrella Rank: 1263
1 KB
1 fastclick.net
secure.cdn.fastclick.net — Cisco Umbrella Rank: 1235
17 KB
1 intentiq.com
api.intentiq.com Failed
sync.intentiq.com — Cisco Umbrella Rank: 1105
1 hadronid.net
cdn.hadronid.net — Cisco Umbrella Rank: 2088
10 KB
1 videoplayerhub.com
freestar-io.videoplayerhub.com — Cisco Umbrella Rank: 5944
460 B
1 adsafeprotected.com
static.adsafeprotected.com — Cisco Umbrella Rank: 720
482 B
1 google.de
www.google.de — Cisco Umbrella Rank: 6147
408 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 56
92 KB
0 admanmedia.com Failed
sync.admanmedia.com Failed
190 67
Domain Requested by
11 vid-io-iad.springserve.com
7 serving.stat-rock.com www.powerball.com
7 a.pub.network www.powerball.com
a.pub.network
6 pagead2.googlesyndication.com imasdk.googleapis.com
tpc.googlesyndication.com
6 sync.springserve.com ssum.casalemedia.com
6 c.pub.network a.pub.network
6 cdn.powerball.com www.powerball.com
cdn.powerball.com
5 googleads.g.doubleclick.net
5 dsum-sec.casalemedia.com 1 redirects ssum-sec.casalemedia.com
ssum.casalemedia.com
5 ib.adnxs.com 2 redirects vpaid.springserve.com
acdn.adnxs.com
5 www.gstatic.com www.google.com
5 use.typekit.net www.powerball.com
use.typekit.net
4 csi.gstatic.com imasdk.googleapis.com
4 cm.g.doubleclick.net 4 redirects
4 imasdk.googleapis.com www.powerball.com
imasdk.googleapis.com
4 ssum-sec.casalemedia.com 1 redirects js-sec.indexww.com
ssum-sec.casalemedia.com
4 www.google.com www.powerball.com
www.gstatic.com
www.google.com
3 pubads.g.doubleclick.net imasdk.googleapis.com
3 ads.yieldmo.com vpaid.springserve.com
3 tpc.googlesyndication.com vpaid.springserve.com
imasdk.googleapis.com
tpc.googlesyndication.com
3 c.amazon-adsystem.com a.pub.network
c.amazon-adsystem.com
3 api.btloader.com freestar-io.videoplayerhub.com
3 securepubads.g.doubleclick.net a.pub.network
securepubads.g.doubleclick.net
3 cumbersomecarpenter.com a.pub.network
cumbersomecarpenter.com
2 s.amazon-adsystem.com 1 redirects ssum-sec.casalemedia.com
2 ih.adscale.de 2 redirects
2 sync.sxp.smartclip.net 1 redirects
2 pbs.publishers.tremorhub.com 2 redirects
2 ups.analytics.yahoo.com
2 ssum.casalemedia.com 1 redirects vid.springserve.com
2 freestar-d.openx.net 1 redirects
2 vid.springserve.com cdn.springserve.com
vpaid.springserve.com
2 id.hadron.ad.gt cdn.hadronid.net
2 ad-delivery.net www.powerball.com
2 cdn.confiant-integrations.net a.pub.network
cdn.confiant-integrations.net
2 optimise.net a.pub.network
2 sb.scorecardresearch.com a.pub.network
www.powerball.com
2 www.powerball.com 1 redirects
1 vid-io-dub.springserve.com
1 vid-io-sin.springserve.com
1 www.youtube.com
1 rr2---sn-h0jeenek.googlevideo.com
1 yt3.ggpht.com
1 s0.2mdn.net imasdk.googleapis.com
1 sync.taboola.com ssum.casalemedia.com
1 csync.loopme.me 1 redirects
1 c1.adform.net ssum.casalemedia.com
1 dpm.demdex.net ssum.casalemedia.com
1 ads.stickyadstv.com ssum.casalemedia.com
1 cms.quantserve.com 1 redirects
1 pr-bh.ybp.yahoo.com ssum.casalemedia.com
1 secure.adnxs.com ssum.casalemedia.com
1 cdn.indexww.com ssum-sec.casalemedia.com
1 ids.ad.gt 1 redirects
1 pixel-sync.sitescout.com ssum-sec.casalemedia.com
1 um.simpli.fi 1 redirects
1 rtb.adentifi.com ssum-sec.casalemedia.com
1 match.adsrvr.org ssum-sec.casalemedia.com
1 id5-sync.com cdn.id5-sync.com
1 image6.pubmatic.com ads.pubmatic.com
1 lb.eu-1-id5-sync.com cdn.id5-sync.com
1 sync.richaudience.com
1 cs.media.net
1 pixel.rubiconproject.com
1 sync.teads.tv
1 x.bidswitch.net
1 match.sharethrough.com
1 ssbsync.smartadserver.com
1 eb2.3lift.com
1 sync.go.sonobi.com
1 sync.1rx.io 1 redirects
1 bh.contextweb.com 1 redirects
1 image8.pubmatic.com
1 rtb.openx.net
1 pixel.advertising.com 1 redirects
1 sync.bfmio.com
1 ads.pubmatic.com vid.springserve.com
1 rtb.gumgum.com vid.springserve.com
1 prebid-server.rubiconproject.com vpaid.springserve.com
1 as-sec.casalemedia.com vpaid.springserve.com
1 hbopenbid.pubmatic.com vpaid.springserve.com
1 acdn.adnxs.com vpaid.springserve.com
1 js-sec.indexww.com vpaid.springserve.com
1 vpaid.springserve.com cdn.springserve.com
1 pixel.quantserve.com www.powerball.com
1 aax.amazon-adsystem.com c.amazon-adsystem.com
1 rules.quantcount.com secure.quantserve.com
1 a.ad.gt cdn.hadronid.net
1 cdn.id5-sync.com www.powerball.com
1 secure.cdn.fastclick.net www.powerball.com
1 cdn.springserve.com a.pub.network
1 secure.quantserve.com a.pub.network
1 config.aps.amazon-adsystem.com c.amazon-adsystem.com
1 sync.intentiq.com www.powerball.com
1 cdn.hadronid.net a.pub.network
1 ad.doubleclick.net www.powerball.com
1 btloader.com www.powerball.com
1 freestar-io.videoplayerhub.com 1 redirects
1 static.adsafeprotected.com www.powerball.com
1 www.google.de www.powerball.com
1 stats.g.doubleclick.net www.googletagmanager.com
1 region1.analytics.google.com www.googletagmanager.com
1 d.pub.network a.pub.network
1 p.typekit.net use.typekit.net
1 www.googletagmanager.com www.powerball.com
1 fonts.googleapis.com www.powerball.com
0 sync.admanmedia.com Failed
0 api.intentiq.com Failed a.pub.network
190 108

This site contains links to these domains. Also see Links.

Domain
shop.powerball.com
ads.freestar.com
Subject Issuer Validity Valid
*.powerball.com
Go Daddy Secure Certificate Authority - G2
2022-12-11 -
2024-01-12
a year crt.sh
upload.video.google.com
GTS CA 1C3
2023-09-18 -
2023-12-11
3 months crt.sh
use.typekit.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-09-21 -
2024-10-21
a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2023-02-26 -
2024-02-25
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2023-09-18 -
2023-12-11
3 months crt.sh
www.google.com
GTS CA 1C3
2023-09-18 -
2023-12-11
3 months crt.sh
cumbersomecarpenter.com
R3
2023-07-31 -
2023-10-29
3 months crt.sh
d.pub.network
GTS CA 1D4
2023-08-11 -
2023-11-09
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2023-09-18 -
2023-12-11
3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3
2023-09-18 -
2023-12-11
3 months crt.sh
www.google.de
GTS CA 1C3
2023-09-18 -
2023-12-11
3 months crt.sh
*.scorecardresearch.com
Sectigo RSA Domain Validation Secure Server CA
2022-12-15 -
2023-12-28
a year crt.sh
static.adsafeprotected.com
Amazon RSA 2048 M02
2023-07-07 -
2024-08-04
a year crt.sh
optimise.net
GTS CA 1D4
2023-09-21 -
2023-12-20
3 months crt.sh
confiant-integrations.net
GTS CA 1P5
2023-09-20 -
2023-12-19
3 months crt.sh
*.google.com
GTS CA 1C3
2023-09-18 -
2023-12-11
3 months crt.sh
api.btloader.com
GTS CA 1D4
2023-08-11 -
2023-11-09
3 months crt.sh
*.doubleclick.net
GTS CA 1C3
2023-09-18 -
2023-12-11
3 months crt.sh
hadronid.net
GTS CA 1P5
2023-10-05 -
2024-01-03
3 months crt.sh
c.amazon-adsystem.com
Amazon RSA 2048 M01
2023-02-28 -
2024-02-17
a year crt.sh
*.intentiq.com
Amazon RSA 2048 M02
2023-04-11 -
2024-05-08
a year crt.sh
config.aps.amazon-adsystem.com
Amazon RSA 2048 M02
2023-02-20 -
2024-03-20
a year crt.sh
quantserve.com
R3
2023-08-29 -
2023-11-27
3 months crt.sh
*.springserve.com
Amazon RSA 2048 M02
2023-03-01 -
2024-03-29
a year crt.sh
secure.cdn.fastclick.net
DigiCert TLS RSA SHA256 2020 CA1
2023-10-03 -
2024-10-03
a year crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com
Amazon RSA 2048 M01
2023-03-16 -
2024-03-08
a year crt.sh
serving.stat-rock.com
R3
2023-09-17 -
2023-12-16
3 months crt.sh
c.pub.network
GTS CA 1D4
2023-10-06 -
2024-01-04
3 months crt.sh
indexww.com
Cloudflare Inc ECC CA-3
2023-09-05 -
2024-09-03
a year crt.sh
cdn.adnxs.com
GeoTrust RSA CA 2018
2023-08-24 -
2024-08-24
a year crt.sh
*.pubmatic.com
DigiCert Baltimore TLS RSA SHA256 2020 CA1
2023-04-20 -
2024-05-20
a year crt.sh
tpc.googlesyndication.com
GTS CA 1C3
2023-09-18 -
2023-12-11
3 months crt.sh
*.yieldmo.com
Amazon RSA 2048 M01
2023-04-04 -
2024-05-02
a year crt.sh
casalemedia.com
Cloudflare Inc ECC CA-3
2023-05-21 -
2024-05-20
a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018
2023-02-13 -
2024-03-15
a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1
2023-03-05 -
2024-04-03
a year crt.sh
ie-ad-exch-prd-one-eks.prd.eks.ie.adexchange.gumgum.com
Amazon RSA 2048 M01
2023-07-17 -
2024-08-14
a year crt.sh
*.bfmio.com
Amazon RSA 2048 M02
2023-03-17 -
2024-04-14
a year crt.sh
*.openx.net
RapidSSL TLS RSA CA G1
2023-08-18 -
2024-08-18
a year crt.sh
*.go.sonobi.com
Go Daddy Secure Certificate Authority - G2
2022-12-06 -
2024-01-07
a year crt.sh
*.3lift.com
Amazon RSA 2048 M02
2023-04-13 -
2024-05-11
a year crt.sh
*.smartadserver.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2023-01-21 -
2024-01-23
a year crt.sh
ups.analytics.yahoo.com
DigiCert SHA2 High Assurance Server CA
2023-08-03 -
2024-01-24
6 months crt.sh
*.sharethrough.com
Amazon RSA 2048 M01
2023-06-14 -
2024-07-12
a year crt.sh
*.bidswitch.net
Sectigo RSA Domain Validation Secure Server CA
2023-03-23 -
2024-03-23
a year crt.sh
teads.tv
R3
2023-10-04 -
2024-01-02
3 months crt.sh
*.media.net
DigiCert TLS RSA SHA256 2020 CA1
2023-02-10 -
2024-02-18
a year crt.sh
*.richaudience.com
RapidSSL Global TLS RSA4096 SHA256 2022 CA1
2023-02-27 -
2024-02-26
a year crt.sh
*.eu-1-id5-sync.com
R3
2023-09-01 -
2023-11-30
3 months crt.sh
*.id5-sync.com
R3
2023-09-01 -
2023-11-30
3 months crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020
2023-04-12 -
2024-05-13
a year crt.sh
adentifi.com
Amazon RSA 2048 M01
2023-07-06 -
2024-08-03
a year crt.sh
*.sitescout.com
GeoTrust Global TLS RSA4096 SHA256 2022 CA1
2023-01-09 -
2024-02-02
a year crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA
2023-08-29 -
2024-02-21
6 months crt.sh
*.ads.stickyadstv.com
DigiCert TLS RSA SHA256 2020 CA1
2023-04-16 -
2024-04-16
a year crt.sh
*.demdex.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-09-26 -
2024-10-26
a year crt.sh
track.adform.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-09-06 -
2024-09-19
a year crt.sh
*.taboola.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-12-08 -
2023-12-31
a year crt.sh
*.googleusercontent.com
GTS CA 1C3
2023-09-18 -
2023-12-11
3 months crt.sh
*.c.docs.google.com
GTS CA 1C3
2023-10-03 -
2023-12-12
2 months crt.sh

This page contains 14 frames:

Primary Page: https://www.powerball.com/
Frame ID: FF157CE7C37A619D3D9EFEF6F39BB6E8
Requests: 85 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LflikElAAAAAB129nn08Yi-s_o-ydkEaWTRAM8z&co=aHR0cHM6Ly93d3cucG93ZXJiYWxsLmNvbTo0NDM.&hl=en&v=lLirU0na9roYU3wDDisGJEVT&size=normal&cb=5voj1ugkzehn
Frame ID: 21AC0E3E4996B50DA086C0E8CEECF3F1
Requests: 4 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=lLirU0na9roYU3wDDisGJEVT&k=6LflikElAAAAAB129nn08Yi-s_o-ydkEaWTRAM8z
Frame ID: D347CC302997C5E6CB7F21CA2C783222
Requests: 3 HTTP requests in this frame

Frame: https://vpaid.springserve.com/production/vpaid_9630646b.js
Frame ID: F01F3609A15BDF4465DF9AFEEB527079
Requests: 44 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 887A4238450CF54A6C33545127B5E160
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: B2023682A0E8FA941D92AEEAC77B1D2C
Requests: 3 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usync/14048?gdpr=1&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000004%26gdpr%3D1%26gdpr_consent%3D%26us_privacy%3D%26uuid%3D
Frame ID: 5DC67A5C03CE3D56A54D9EB88F74E933
Requests: 1 HTTP requests in this frame

Frame: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000005%26gdpr%3D1%26gdpr_consent%3D%26us_privacy%3D%26uuid%3D&gdpr=1&gdpr_consent=&s=191709&us_privacy=&C=1
Frame ID: A7649A4892A5DA048A201875F283116B
Requests: 10 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=1&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000010%26gdpr%3D1%26gdpr_consent%3D%26us_privacy%3D%26uuid%3D
Frame ID: DA8082C1F42DFFB6F5C59C4DDCA999B9
Requests: 2 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Frame ID: A281730D4D7BAA70ABC89E5CAC3D0ABC
Requests: 10 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/sdkloader/vpaid_adapter.js?adtagurl=https://pubads.g.doubleclick.net/gampad/ads%3Fiu%3D/15184186,141986346/freestar_springserve_adx_video_outstream_powerball_2169_15sec%26description_url%3Dhttps%253A%252F%252Fwww.powerball.com%252F%26tfcd%3D0%26npa%3D0%26sz%3D1x1%26gdfp_req%3D1%26output%3Dxml_vast4%26unviewed_position_start%3D1%26env%3Dvp%26impl%3Ds%26correlator%3D1696625115118%26schain%3D1.0%252C1%2521freestar.com%252C962%252C1%252C%252C%252C%252C%26url%3Dhttps%253A%252F%252Fwww.powerball.com%252F%26max_ad_duration%3D15000%26ord%3D1696625115118%26nofb%3D1%26channel%3Dvastadp
Frame ID: 5B83A0DDC6A66889D3BA3E38D60D0C58
Requests: 5 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.594.0_en.html
Frame ID: 2D4206A481A723B93DD47E64443CCC64
Requests: 18 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: C8672E3BE696E218A21859277A3AF349
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/hhrtBw21.html
Frame ID: C80221C01753636618868BD0F1F205D0
Requests: 3 HTTP requests in this frame

Screenshot

Page Title

Home | Powerball

Page URL History Show full URLs

  1. http://www.powerball.com/ HTTP 307
    https://www.powerball.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)

Overall confidence: 100%
Detected patterns
  • 2mdn\.net

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net

Overall confidence: 100%
Detected patterns

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net

Overall confidence: 100%
Detected patterns
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com

Overall confidence: 100%
Detected patterns
  • \.quantserve\.com/quant\.js

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com

Overall confidence: 100%
Detected patterns
  • <link [^>]*href="[^"]+use\.typekit\.(?:net|com)

Overall confidence: 100%
Detected patterns
  • <iframe[^>]* (?:id="comscore"|scr=[^>]+comscore)|\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon
  • \.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon

Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

190
Requests

89 %
HTTPS

39 %
IPv6

67
Domains

108
Subdomains

85
IPs

11
Countries

4635 kB
Transfer

10123 kB
Size

35
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.powerball.com/ HTTP 307
    https://www.powerball.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 32
  • https://freestar-io.videoplayerhub.com/gallery.js HTTP 301
  • https://btloader.com/tag?h=freestar-io&upapi=true
Request Chain 92
  • https://freestar-d.openx.net/v/1.0/avjp?auid=559283036&url=https://www.powerball.com/&vht=176&vwd=312&openrtb=%7B%22imp%22%3A%5B%7B%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22application%2Fjavascript%22%2C%22video%2Fwebm%22%2C%22video%2Fogg%22%5D%2C%22w%22%3A312%2C%22h%22%3A176%7D%7D%5D%7D&be=true&schain=1.0,1!freestar.com,962,1,,,&gdpr_consent=&gdpr=0&us_privacy=1--- HTTP 302
  • https://freestar-d.openx.net/v/1.0/avjp?cc=1&auid=559283036&url=https://www.powerball.com/&vht=176&vwd=312&openrtb=%7B%22imp%22%3A%5B%7B%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22application%2Fjavascript%22%2C%22video%2Fwebm%22%2C%22video%2Fogg%22%5D%2C%22w%22%3A312%2C%22h%22%3A176%7D%7D%5D%7D&be=true&schain=1.0,1!freestar.com,962,1,,,&gdpr_consent=&gdpr=0&us_privacy=1---
Request Chain 95
  • https://ssum.casalemedia.com/usermatch?s=191709&gdpr=1&gdpr_consent=&us_privacy=&cb=https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000005%26gdpr%3D1%26gdpr_consent%3D%26us_privacy%3D%26uuid%3D HTTP 302
  • https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000005%26gdpr%3D1%26gdpr_consent%3D%26us_privacy%3D%26uuid%3D&gdpr=1&gdpr_consent=&s=191709&us_privacy=&C=1
Request Chain 97
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000001%26gdpr%3D1%26gdpr_consent%3D%26us_privacy%3D%26uuid%3D%24UID HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fsync.springserve.com%252Fusersync%253Faid%253D1000001%2526gdpr%253D1%2526gdpr_consent%253D%2526us_privacy%253D%2526uuid%253D%2524UID HTTP 302
  • https://sync.springserve.com/usersync?aid=1000001&gdpr=1&gdpr_consent=&us_privacy=&uuid=1633981610852886362
Request Chain 99
  • https://pixel.advertising.com/ups/58185/sync?&gdpr=1&gdpr_consent=&us_privacy=&redir=true HTTP 301
  • https://ups.analytics.yahoo.com/ups/58185/sync?&gdpr=1&gdpr_consent=&us_privacy=&redir=true
Request Chain 102
  • https://bh.contextweb.com/rtset?gdpr=1&gdpr_consent=&us_privacy=&pid=561910&ev=1&rurl=https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000011%26gdpr%3D1%26gdpr_consent%3D%26us_privacy%3D%26uuid%3D%25%25VGUID%25%25 HTTP 302
  • https://sync.springserve.com/usersync?aid=1000011&gdpr=1&gdpr_consent=&us_privacy=&uuid=2fpdLgiqYSY6&ev=1&us_privacy=&gdpr_consent=&pid=561910&gdpr=1
Request Chain 103
  • https://sync.1rx.io/usersync2/rmphb?gdpr=1&gdpr_consent=&us_privacy=&redir=https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000012%26gdpr%3D1%26gdpr_consent%3D%26us_privacy%3D%26uuid%3D%5BRX_UUID%5D HTTP 302
  • https://sync.springserve.com/usersync?aid=1000012&gdpr=1&gdpr_consent=&us_privacy=&uuid=OPTOUT
Request Chain 105
  • https://pbs.publishers.tremorhub.com/pubsync?gdpr=1&gdpr_consent=&us_privacy=&redir=https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000015%26gdpr%3D1%26gdpr_consent%3D%26us_privacy%3D%26uuid%3D%5Btvid%5D HTTP 302
  • https://pbs.publishers.tremorhub.com/pubsync/verify?gdpr=1&gdpr_consent=&us_privacy=&redir=https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000015%26gdpr%3D1%26gdpr_consent%3D%26us_privacy%3D%26uuid%3D%5Btvid%5D HTTP 302
  • https://sync.springserve.com/usersync?aid=1000015&gdpr=1&gdpr_consent=&us_privacy=&uuid=5291fe8eab7846f9b39e8afa453fefbe
Request Chain 110
  • https://sync.sxp.smartclip.net/sync?type=red&dsp=116&gdpr_consent= HTTP 302
  • https://sync.sxp.smartclip.net/sync?type=red&dsp=116&gdpr_consent=&ang_testid=1
Request Chain 113
  • https://ih.adscale.de/su?gdpr=1&gdpr_consent=&tpid=22144&cburl=https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000023%26gdpr%3D1%26gdpr_consent%3D%26us_privacy%3D%26uuid%3D__STROEER_USER_ID__ HTTP 302
  • https://ih.adscale.de/su?gdpr=1&gdpr_consent=&tpid=22144&cburl=https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000023%26gdpr%3D1%26gdpr_consent%3D%26us_privacy%3D%26uuid%3D__STROEER_USER_ID__&nut&uu=6320ee98daa14fd89cdfd8f0ad2d8a36 HTTP 302
  • https://sync.springserve.com/usersync?aid=1000023&gdpr=1&gdpr_consent=&us_privacy=&uuid=6320ee98daa14fd89cdfd8f0ad2d8a36
Request Chain 120
  • https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F HTTP 302
  • https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Request Chain 125
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZSBx21RUob5-oSE_9Mdi8AAAFBQAAAIB&gpp=&gpp_sid= HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZSBx21RUob5-oSE_9Mdi8AAAFBQAAAIB&gpp=&gpp_sid=&dcc=t
Request Chain 126
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZSBx21RUob5-oSE_9Mdi8AAAFBQAAAIB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm=&google_hm=ZSBx21RUob5-oSE_9Mdi8AAAFBQAAAIB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=&google_tc= HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEMzNOvIJfRSbytoznLMV3io&google_cver=1
Request Chain 127
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=ZSBx21RUob5.oSE-9Mdi8AAA HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm=&google_sc=&google_hm=ZSBx21RUob5.oSE-9Mdi8AAA&google_tc= HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEPMpKy-Ota1tIDqqkVOhQyg&google_cver=1&google_hm=2
Request Chain 130
  • https://um.simpli.fi/pm_match?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=$UID HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=26643565736A41878B1972CBEDB05FBB
Request Chain 132
  • https://ids.ad.gt/api/v1/index?cb=https%3A%2F%2Fssum-sec.casalemedia.com%2Fium%3Fsourceid%3D15%26uid%3D HTTP 302
  • https://ssum-sec.casalemedia.com/ium?sourceid=15&uid=0001yum0eadg8bdlg8ckef7d6db6eiidgl9cjdad7babackkc2jl
Request Chain 136
  • https://cms.quantserve.com/pixel/p-Z8PuJEk6U7Hyq.gif?idmatch=0&gdpr=1 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&&external_user_id=qcoFUKjOUwGymgUEps0aVqyZBlayngRXrpmTTZM2
Request Chain 140
  • https://csync.loopme.me/?pubid=11466&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D24%26external_user_id%3D%7Bviewer_token%7D&us_privacy=&gdpr=1&gdpr_consent=&gpp=&gpp_sid= HTTP 307
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=24&external_user_id=89180c3c-4b8e-424a-b177-922661a02ec1&gpp_sid=null&gpp=null&us_privacy=null&gdpr_consent=null&gdpr=1

190 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.powerball.com/
Redirect Chain
  • http://www.powerball.com/
  • https://www.powerball.com/
23 KB
24 KB
Document
General
Full URL
https://www.powerball.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:46::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3a02a96cdf0951e25d837e1956c5ee7d0673577cb161d56939d86ffaddedf98
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content;frame-ancestors none;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
public, max-age=300
content-security-policy
block-all-mixed-content;frame-ancestors none;upgrade-insecure-requests;
content-type
text/html; charset=utf-8
date
Fri, 06 Oct 2023 20:45:12 GMT
etag
"by-CjVWtGbb6AyhhhDI_zSKH-Mg"
feature-policy
accelerometer 'none';autoplay 'none';camera 'none';display-capture 'none';encrypted-media 'none';gyroscope 'none';magnetometer 'none';microphone 'none';midi 'none';payment 'none';picture-in-picture 'none';publickey-credentials-get 'none';sync-xhr 'none';usb 'none';xr-spatial-tracking 'none';
referrer-policy
no-referrer
request-context
appId=cid-v1:b618f7b5-f03a-4b45-a6fa-23e05262ea9c
strict-transport-security
max-age=31536000; includeSubDomains
x-azure-ref
20231006T204511Z-aufwt14zz93ud3xuk3q2cs4q9s00000002kg000000005qv8
x-cache
CONFIG_NOCACHE
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block

Redirect headers

Connection
keep-alive
Content-Length
0
Content-Type
text/html
Date
Fri, 06 Oct 2023 20:45:11 GMT
Location
https://www.powerball.com/
X-Cache
CONFIG_NOCACHE
x-azure-ref
20231006T204511Z-6bcrcvebr516t30v6w63hawc6800000001u000000001k5er
css
fonts.googleapis.com/
34 KB
2 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Open+Sans+Condensed:300,300i,700|Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i
Requested by
Host: www.powerball.com
URL: https://www.powerball.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
03ab02f1d7040fd5597efcd3c713be60d8c4d9425f863d1f38f00672687e605e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 06 Oct 2023 20:45:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 06 Oct 2023 20:45:12 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 06 Oct 2023 20:45:12 GMT
emn5zdc.css
use.typekit.net/
10 KB
1 KB
Stylesheet
General
Full URL
https://use.typekit.net/emn5zdc.css
Requested by
Host: www.powerball.com
URL: https://www.powerball.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
3cf7fc81e14dc1919cec36d558a2d57187130584fb1fa300a7693ef702c938d5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains;
content-encoding
gzip
date
Fri, 06 Oct 2023 20:45:12 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css;charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
1159
styles-8iwdwsrt.css
cdn.powerball.com/v01/css/
222 KB
47 KB
Stylesheet
General
Full URL
https://cdn.powerball.com/v01/css/styles-8iwdwsrt.css
Requested by
Host: www.powerball.com
URL: https://www.powerball.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:46::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
cd36676894c403569d064d36de9f39e1681d4c2c869313ed868266733b1d9b8a

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Fri, 06 Oct 2023 20:45:12 GMT
content-encoding
br
last-modified
Thu, 17 Aug 2023 15:31:07 GMT
vary
Accept-Encoding, Origin
x-azure-ref
20231006T204512Z-aufwt14zz93ud3xuk3q2cs4q9s00000002kg000000005qzq
content-type
text/css
x-ms-request-id
2db6c524-f01e-0010-39e6-f6a997000000
cache-control
max-age=31536000, public
x-cache
TCP_HIT
x-ms-version
2009-09-19
main-ejwbkc2p.js
cdn.powerball.com/v01/js/
169 KB
64 KB
Script
General
Full URL
https://cdn.powerball.com/v01/js/main-ejwbkc2p.js
Requested by
Host: www.powerball.com
URL: https://www.powerball.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:46::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
5cc0e82d1224771d48d37a24c17c0333ebe8a4427785c8455a52e25254e40a1e

Request headers

Referer
Origin
https://www.powerball.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Fri, 06 Oct 2023 20:45:12 GMT
content-encoding
br
last-modified
Wed, 27 Sep 2023 20:21:52 GMT
vary
Accept-Encoding, Origin
x-azure-ref
20231006T204512Z-637r9ydsp13pt7mdqgpars45fn000000031g000000002mv8
content-type
text/javascript
access-control-allow-origin
https://www.powerball.com
x-ms-request-id
72c51a3a-101e-0018-2b97-f6b398000000
cache-control
max-age=31536000, public
x-cache
TCP_HIT
x-ms-version
2009-09-19
cls.css
a.pub.network/core/pubfig/
2 KB
1 KB
Stylesheet
General
Full URL
https://a.pub.network/core/pubfig/cls.css
Requested by
Host: www.powerball.com
URL: https://www.powerball.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:14ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
36367e0c3f5a8b490bebc5bfc526b10c7d4e4c371eb2b73d438f80f167fb9ca4

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:12 GMT
content-encoding
gzip
cf-cache-status
HIT
age
184
x-guploader-uploadid
ADPycdt14KRqtgtYNkhD6pRbBlNTIGbfXDEM3ew53zyAcWR8_Q5_UOhik8odoGA1cJLbihwzokfcf3CSdv13sEN9WESUoPHpVXAi
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
last-modified
Fri, 28 Oct 2022 14:36:10 GMT
server
cloudflare
etag
W/"816783146b3907e634d0e822ca759864"
vary
Accept-Encoding
x-goog-hash
crc32c=4G+Zdg==, md5=gWeDFGs5B+Y00OgiynWYZA==
x-goog-generation
1666967770269941
content-type
text/css
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=3600
x-goog-stored-content-length
2096
cf-ray
8120bf29b8009b80-FRA
expires
Fri, 06 Oct 2023 21:45:12 GMT
pubfig.min.js
a.pub.network/powerball-com/
123 KB
43 KB
Script
General
Full URL
https://a.pub.network/powerball-com/pubfig.min.js
Requested by
Host: www.powerball.com
URL: https://www.powerball.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:14ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc035f4ac86b8f84c5ee5d563bd2d4b1e5961383fd54749814a11791ba4fdafa

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:12 GMT
content-encoding
gzip
cf-cache-status
HIT
age
17641
x-guploader-uploadid
ADPycduDEr28IVgtT4CKPiG0LR3wJJQ2HzII65sJYeylhPOJfAf2fnfo9Ev4AFh9aRWxZd1Y9kMcaZwGCsKDybMhjZmaA8UoDvNk
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
last-modified
Fri, 06 Oct 2023 15:40:31 GMT
server
cloudflare
etag
W/"a6a9948df97d4bc6a97ba52dc4c5fe9a"
vary
Accept-Encoding
x-goog-generation
1696606831123904
content-type
application/javascript
access-control-allow-origin
*
x-goog-hash
crc32c=UDQrsA==, md5=pqmUjfl9S8ape6UtxMX+mg==
access-control-expose-headers
*
cache-control
public, max-age=1800
x-goog-stored-content-length
125610
cf-ray
8120bf2b097e9b80-FRA
expires
Fri, 06 Oct 2023 21:15:12 GMT
js
www.googletagmanager.com/gtag/
275 KB
92 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-4P9G1BDP3V
Requested by
Host: www.powerball.com
URL: https://www.powerball.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
bc4a1fd1e8fa0a18736a77b2da41dddfbccaf134a2f20ac7e7b35ec048639c6c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:12 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
93583
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Fri, 06 Oct 2023 20:45:12 GMT
api.js
www.google.com/recaptcha/
1 KB
1 KB
Script
General
Full URL
https://www.google.com/recaptcha/api.js?onload=renderRecaptcha&render=explicit
Requested by
Host: www.powerball.com
URL: https://www.powerball.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
7db5ae4942bd0ef3655e3c3e6910d662adf80533ea5e5fa94d042de764f39f4f
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Fri, 06 Oct 2023 20:45:12 GMT
map-7b4m3ae8.js
cdn.powerball.com/v01/js/mapdata//js/
245 KB
103 KB
Script
General
Full URL
https://cdn.powerball.com/v01/js/mapdata//js/map-7b4m3ae8.js
Requested by
Host: www.powerball.com
URL: https://www.powerball.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:46::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e950e18cbc9605daa4a97ccb52afa08844cbf87d273c110adcea81daba91ef27

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Fri, 06 Oct 2023 20:45:12 GMT
content-encoding
br
last-modified
Tue, 07 Mar 2023 22:11:59 GMT
vary
Accept-Encoding, Origin
x-azure-ref
20231006T204512Z-aufwt14zz93ud3xuk3q2cs4q9s00000002kg000000005r16
content-type
text/javascript
x-ms-request-id
674e7324-e01e-001c-11bc-f63e9f000000
cache-control
max-age=31536000, public
x-cache
TCP_HIT
x-ms-version
2009-09-19
powerball-map-aibzwrqe.js
cdn.powerball.com/v01/js/mapdata//js/
5 KB
2 KB
Script
General
Full URL
https://cdn.powerball.com/v01/js/mapdata//js/powerball-map-aibzwrqe.js
Requested by
Host: www.powerball.com
URL: https://www.powerball.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:46::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e025571597e574e7fb96a79ed461d4338e09ad63d3401cdd8e5676300ee37eaf

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Fri, 06 Oct 2023 20:45:12 GMT
content-encoding
br
last-modified
Tue, 07 Mar 2023 22:11:59 GMT
vary
Accept-Encoding, Origin
x-azure-ref
20231006T204512Z-aufwt14zz93ud3xuk3q2cs4q9s00000002kg000000005qzr
content-type
text/javascript
x-ms-request-id
993ef625-801e-000a-5492-f6c848000000
cache-control
max-age=31536000, public
x-cache
TCP_HIT
x-ms-version
2009-09-19
bf978884ffbadf6c0bfb.webp
cdn.powerball.com/v01/images/bidudt2a/
5 KB
6 KB
Image
General
Full URL
https://cdn.powerball.com/v01/images/bidudt2a/bf978884ffbadf6c0bfb.webp
Requested by
Host: www.powerball.com
URL: https://www.powerball.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:46::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
f2123e6c9898f6fded69a6b0988ddd1807b3c318f86ea038374009c194ab7fca

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Fri, 06 Oct 2023 20:45:12 GMT
last-modified
Tue, 07 Mar 2023 22:11:57 GMT
etag
0x8DB1F58F7CCBFF5
vary
Origin
x-azure-ref
20231006T204512Z-aufwt14zz93ud3xuk3q2cs4q9s00000002kg000000005qzs
content-type
image/webp
x-ms-request-id
04f32dcb-601e-0012-73db-f6172f000000
cache-control
max-age=31536000, public
x-cache
TCP_HIT
x-ms-version
2009-09-19
accept-ranges
bytes
content-length
5630
p.css
p.typekit.net/
5 B
172 B
Stylesheet
General
Full URL
https://p.typekit.net/p.css?s=1&k=emn5zdc&ht=tk&f=137.138.139.140.169.170.171.172.173.174.175.176.5474.5475&a=85936471&app=typekit&e=css
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/emn5zdc.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:12 GMT
last-modified
Fri, 23 Jun 2023 17:09:47 GMT
server
nginx
etag
"6495d1db-5"
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
5
l
use.typekit.net/af/efe4a5/00000000000000007735e609/30/
16 KB
16 KB
Font
General
Full URL
https://use.typekit.net/af/efe4a5/00000000000000007735e609/30/l?primer=7fa3915bdafdf03041871920a205bef951d72bf64dd4c4460fb992e3ecc3a862&fvd=n4&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/emn5zdc.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
b4096925f34c85d0c0e934ad77c44165dcd66fecc354c153784d246f00911da5

Request headers

Referer
https://use.typekit.net/emn5zdc.css
Origin
https://www.powerball.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:12 GMT
server
nginx
etag
"ef52ad3657e4d4a42c21db6c00d5c7ccc649bc94"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
16560
8624f04faf16b2d07c00.svg
cdn.powerball.com/v01/images/x-otmru3/
290 B
635 B
Image
General
Full URL
https://cdn.powerball.com/v01/images/x-otmru3/8624f04faf16b2d07c00.svg
Requested by
Host: cdn.powerball.com
URL: https://cdn.powerball.com/v01/css/styles-8iwdwsrt.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:46::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
13f7d60ab56cc83e0235a2d3a69573104bff1bbc3cbe386bb57063ed59247535

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.powerball.com/v01/css/styles-8iwdwsrt.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Fri, 06 Oct 2023 20:45:12 GMT
last-modified
Tue, 07 Mar 2023 22:11:57 GMT
etag
0x8DB1F58F7C91707
vary
Origin
x-azure-ref
20231006T204512Z-aufwt14zz93ud3xuk3q2cs4q9s00000002kg000000005r1a
content-type
image/svg+xml
x-ms-request-id
e8758856-401e-0048-2459-f771c8000000
cache-control
max-age=31536000, public
x-cache
TCP_HIT
x-ms-version
2009-09-19
accept-ranges
bytes
content-length
290
truncated
/
228 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bee00c0de85699caa0fd8392e3bd93f8397da30672cb6753bd988bf99867b830

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
l
use.typekit.net/af/2555e1/00000000000000007735e603/30/
16 KB
17 KB
Font
General
Full URL
https://use.typekit.net/af/2555e1/00000000000000007735e603/30/l?primer=7fa3915bdafdf03041871920a205bef951d72bf64dd4c4460fb992e3ecc3a862&fvd=n7&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/emn5zdc.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
81a6361b1f6ff5f9f6ca05b773fb993d7b7b3f668635ccba4379fa3ecb9a7e3e

Request headers

Referer
https://use.typekit.net/emn5zdc.css
Origin
https://www.powerball.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:12 GMT
server
nginx
etag
"96c7595dad6bb306bf9cc4c7a3b3d28654c7d636"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
16832
l
use.typekit.net/af/8738d8/00000000000000007735e611/30/
16 KB
17 KB
Font
General
Full URL
https://use.typekit.net/af/8738d8/00000000000000007735e611/30/l?primer=7fa3915bdafdf03041871920a205bef951d72bf64dd4c4460fb992e3ecc3a862&fvd=n8&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/emn5zdc.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
5d8f24de649d274c051960845b51a0407362d6b4c80de23985e648d3378708f5

Request headers

Referer
https://use.typekit.net/emn5zdc.css
Origin
https://www.powerball.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:12 GMT
server
nginx
etag
"a5565f97e4389f39e94f7880b2c8088023e4d88a"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
16880
l
use.typekit.net/af/1be3c2/00000000000000007735e606/30/
16 KB
16 KB
Font
General
Full URL
https://use.typekit.net/af/1be3c2/00000000000000007735e606/30/l?primer=7fa3915bdafdf03041871920a205bef951d72bf64dd4c4460fb992e3ecc3a862&fvd=n3&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/emn5zdc.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
f1096de525ecd4549a0dea1507686fd365db607cddc697686b0f7ce81a9bdbab

Request headers

Referer
https://use.typekit.net/emn5zdc.css
Origin
https://www.powerball.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:12 GMT
server
nginx
etag
"f72012c08a11a2b44b8e4fe91c5042bc39decdd0"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
16488
39e8d6ac2fa2d9de4cf3d7045f724cba85a1.index.js
cumbersomecarpenter.com/scripts/
68 KB
24 KB
Script
General
Full URL
https://cumbersomecarpenter.com/scripts/39e8d6ac2fa2d9de4cf3d7045f724cba85a1.index.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/powerball-com/pubfig.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:328a::1 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
Software
/
Resource Hash
054ceb17b4dddff7a4ddf49320792864240ddfdbd90faf567b0902ff4f610cb7
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; preload
content-encoding
br
via
1.1 google
date
Fri, 06 Oct 2023 20:45:13 GMT
x-datacenter
gce-europe-west1
etag
"d26bcaa61aeb36b973fb18d7772dc9b61f9e35baf18fe74186914d8c0794da39"
x-buildname
hoothoot
vary
Accept-Encoding, Accept-Language
x-hostname
fen-hoothoot-europe-west1-f5xl
content-type
text/javascript; charset=utf-8
cache-control
private, must-revalidate, max-age=21600
x-buildnumber
998028631
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
configs
d.pub.network/v2/sites/powerball-com/
50 KB
6 KB
Fetch
General
Full URL
https://d.pub.network/v2/sites/powerball-com/configs?env=PROD
Requested by
Host: a.pub.network
URL: https://a.pub.network/powerball-com/pubfig.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.160.152.31 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
31.152.160.34.bc.googleusercontent.com
Software
/
Resource Hash
2621499398162b16a8b43211d4f34dda03061cfc6ba59392e8ec0d64157f08e3

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:13 GMT
content-encoding
gzip
via
1.1 google
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
content-type
application/json
access-control-allow-origin
https://www.powerball.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
recaptcha__de.js
www.gstatic.com/recaptcha/releases/lLirU0na9roYU3wDDisGJEVT/
466 KB
187 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/lLirU0na9roYU3wDDisGJEVT/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=renderRecaptcha&render=explicit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e57ecbca07885a20fc56dbae51642fe0e95b58c96dba6ea1c5cbb15417b9a0df
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
Origin
https://www.powerball.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 17:40:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
11105
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
190978
x-xss-protection
0
last-modified
Mon, 02 Oct 2023 04:05:03 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 05 Oct 2024 17:40:08 GMT
collect
region1.analytics.google.com/g/
0
247 B
Ping
General
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-4P9G1BDP3V&gtm=45je3a40&_p=15180568&_gaz=1&cid=1258256014.1696625113&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1696625113&sct=1&seg=0&dl=https%3A%2F%2Fwww.powerball.com%2F&dt=Home%20%7C%20Powerball&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4P9G1BDP3V
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 Oct 2023 20:45:13 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.powerball.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/
0
247 B
Ping
General
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-4P9G1BDP3V&cid=1258256014.1696625113&gtm=45je3a40&aip=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4P9G1BDP3V
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0b::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 Oct 2023 20:45:13 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.powerball.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
408 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-4P9G1BDP3V&cid=1258256014.1696625113&gtm=45je3a40&aip=1&z=159338118
Requested by
Host: www.powerball.com
URL: https://www.powerball.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 Oct 2023 20:45:13 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
beacon.js
sb.scorecardresearch.com/
4 KB
2 KB
Script
General
Full URL
https://sb.scorecardresearch.com/beacon.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/powerball-com/pubfig.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.196.68 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-196-68.mxp63.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1aee66e2e24e851039801c0dace90f3efb7a1a17b033f7d5bbc12ca7c1d19432

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 19:02:16 GMT
content-encoding
gzip
via
1.1 ec2e016357b2a4b61d6fc1a2e7c0826a.cloudfront.net (CloudFront)
last-modified
Fri, 21 Jul 2023 22:21:17 GMT
server
AmazonS3
x-amz-cf-pop
MXP63-P1
age
56390
x-amz-server-side-encryption
AES256
etag
W/"a06e7a176f40dc26aa5e9567ac9d2d5e"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=86400
x-amz-cf-id
EnPp2-5yvU6NrcDBI8uaZguWIzI6IIN9un_6HEfkiIdOKeOpbvI2vg==
pubfig.engine.js
a.pub.network/core/pubfig/72787f6b5555e79e940508cbae5de81a643f6d44/
549 KB
153 KB
Script
General
Full URL
https://a.pub.network/core/pubfig/72787f6b5555e79e940508cbae5de81a643f6d44/pubfig.engine.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/powerball-com/pubfig.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:14ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d257b7e8f36ae67a426cdfd85775f9d2901d7df30c52c79b20a6434a5d174f7c

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:13 GMT
content-encoding
gzip
cf-cache-status
HIT
age
18186
x-guploader-uploadid
ADPycduEhB_v_07EqAg-iRgqbLsCpdIir0FgO0v77b490k2hwu0BZ6H3tgfYlYrxtSWWJN0KwBvcuThrxPZlQfDu1uQP
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
last-modified
Fri, 06 Oct 2023 15:34:07 GMT
server
cloudflare
etag
W/"d9ac3f41605813048ace027b1ce402c0"
vary
Accept-Encoding
x-goog-hash
crc32c=wmIkLQ==, md5=2aw/QWBYEwSKzgJ7HOQCwA==
x-goog-generation
1696606447228651
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=3600
x-goog-stored-content-length
562375
cf-ray
8120bf2d6c4f9b80-FRA
expires
Fri, 06 Oct 2023 21:45:13 GMT
skeleton.gif
static.adsafeprotected.com/
43 B
482 B
Image
General
Full URL
https://static.adsafeprotected.com/skeleton.gif?adunitid=lmixf&adnum=8646402
Requested by
Host: www.powerball.com
URL: https://www.powerball.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2046:b200:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Sun, 25 Dec 2022 19:27:52 GMT
x-amz-version-id
iiN8XkcmZQdDIQeKkzAiegPwcD.5WPja
via
1.1 f9cbcaddb963320cc8ddff3e446eec06.cloudfront.net (CloudFront)
x-amz-cf-pop
LHR62-C4
age
24628641
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-length
43
last-modified
Mon, 17 Aug 2020 23:55:15 GMT
server
AmazonS3
etag
"45cf913e5d9d3c9b2058033056d3dd23"
content-type
image/gif
cache-control
max-age=315360000
accept-ranges
bytes
x-amz-cf-id
EtQN4ft_22lsva0K0rdUyX_MoQgnIXaj5L_ScC4-i2zZD66a8wH2ng==
anchor
www.google.com/recaptcha/api2/ Frame 21AC
58 KB
33 KB
Document
General
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LflikElAAAAAB129nn08Yi-s_o-ydkEaWTRAM8z&co=aHR0cHM6Ly93d3cucG93ZXJiYWxsLmNvbTo0NDM.&hl=en&v=lLirU0na9roYU3wDDisGJEVT&size=normal&cb=5voj1ugkzehn
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/lLirU0na9roYU3wDDisGJEVT/recaptcha__de.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
151c2951bb1fe452b8b8c4843bd861b9f316264cdfe7da074862e2f4653db1ae
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-tEJCXePzSyHsvdQea-1fEw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-tEJCXePzSyHsvdQea-1fEw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Fri, 06 Oct 2023 20:45:13 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
/
optimise.net/ Frame
0
0
Preflight
General
Full URL
https://optimise.net/?k=0&d=www.powerball.com&t=desktop
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.152.239 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
239.152.111.34.bc.googleusercontent.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubDomains;preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
x-api-key
Access-Control-Request-Method
GET
Origin
https://www.powerball.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Key, Authorization, x-api-key
access-control-allow-methods
ACL, CANCELUPLOAD, CHECKIN, CHECKOUT, COPY, DELETE, GET, HEAD, LOCK, MKCALENDAR, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PROPPATCH, PUT, REPORT, SEARCH, UNCHECKOUT, UNLOCK, UPDATE, VERSION-CONTROL
access-control-allow-origin
https://www.powerball.com
access-control-expose-headers
fs-client-rtt
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
0
date
Fri, 06 Oct 2023 20:45:13 GMT
expires
0
fs-client-rtt
46
pragma
no-cache
strict-transport-security
max-age=31536000;includeSubDomains;preload;
via
1.1 google
/
optimise.net/
4 KB
4 KB
Fetch
General
Full URL
https://optimise.net/?k=0&d=www.powerball.com&t=desktop
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/pubfig/72787f6b5555e79e940508cbae5de81a643f6d44/pubfig.engine.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.152.239 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
239.152.111.34.bc.googleusercontent.com
Software
/
Resource Hash
dea5eaec75e8e39563b6479a7af04fec813b94c091bd798a223c7948bedc1918
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubDomains;preload;

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
x-api-key
4e799501-b8b6-4ef1-bad5-225b3dd1aa8d

Response headers

strict-transport-security
max-age=31536000;includeSubDomains;preload;
via
1.1 google
date
Fri, 06 Oct 2023 20:12:31 GMT
fs-client-rtt
39
age
1962
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3683
pragma
no-cache
access-control-max-age
3600
access-control-allow-methods
ACL, CANCELUPLOAD, CHECKIN, CHECKOUT, COPY, DELETE, GET, HEAD, LOCK, MKCALENDAR, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PROPPATCH, PUT, REPORT, SEARCH, UNCHECKOUT, UNLOCK, UPDATE, VERSION-CONTROL
content-type
application/json
access-control-allow-origin
https://www.powerball.com
access-control-expose-headers
fs-client-rtt
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Key, Authorization, x-api-key
expires
0
config.js
cdn.confiant-integrations.net/8TlPs9_ElE3wQ2Gw5lJXkicRVtw/gpt_and_prebid/
127 KB
26 KB
Script
General
Full URL
https://cdn.confiant-integrations.net/8TlPs9_ElE3wQ2Gw5lJXkicRVtw/gpt_and_prebid/config.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/pubfig/72787f6b5555e79e940508cbae5de81a643f6d44/pubfig.engine.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:90a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5eaddf3e93295e7f38d6ba7c34521473d972e3a9e0b16500836e8724d69a6eb7

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:13 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 06 Oct 2023 19:27:42 GMT
server
cloudflare
x-amz-request-id
9NKDMXQCW9PRRT77
age
616
etag
W/"b90ad7062eda341cb7ec0c1d84ce2dd3"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=900, stale-while-revalidate=3600
cf-ray
8120bf2f7983910c-FRA
alt-svc
h3=":443"; ma=86400
x-amz-id-2
ukQWX75Vl4jgKJlZ6BTHp8hMctyLqT6UHMvOFTumPuHqS1mO/hwbwV5dRPKgqW8WOyx2C0Y0Xj0=
gpt.js
securepubads.g.doubleclick.net/tag/js/
99 KB
29 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/pubfig/72787f6b5555e79e940508cbae5de81a643f6d44/pubfig.engine.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
64a89c76a12a58e89992efdbbde061644eb1566f52b611a977e3b7e9a6ae12d7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:13 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29507
x-xss-protection
0
server
cafe
etag
4 / 19636 / m202310030101 / config-hash: 13058940143957652482
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
expires
Fri, 06 Oct 2023 20:45:13 GMT
tag
btloader.com/
Redirect Chain
  • https://freestar-io.videoplayerhub.com/gallery.js
  • https://btloader.com/tag?h=freestar-io&upapi=true
308 KB
84 KB
Script
General
Full URL
https://btloader.com/tag?h=freestar-io&upapi=true
Requested by
Host: www.powerball.com
URL: https://www.powerball.com/
Protocol
H2
Server
2606:4700:20::681a:78b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7a09ae516930e6374ad09e2521f0bafd0c12a32f53bbc0e064e44b6088ec2e7b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:13 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 06 Oct 2023 20:36:42 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
310
etag
W/"6304fbdffd4d84a7be0997dd775c01ca"
vary
Origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g8R26szs2TnDLx95EMkMj0cXmxmSaizPShCD7A3ymBWfWNQNIqApACevu7yJPTD0PZjWg9ZpdUlAa7u9NfvjDslPnFQzpuQeFKlDoJVIWvftjWVEcjmgBqu05NJo6cLtNXNY84gK6vTUKw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=300, must-revalidate, stale-if-error=3600, stale-while-revalidate=300
cf-ray
8120bf307f8937d2-FRA

Redirect headers

date
Fri, 06 Oct 2023 20:45:13 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a73WrjG9gs4oXmgBuF0zdLQd4JKAnUHjW3YB8pPp0zG5xt973r7CCk%2FxtXdTD8aNMdytltuvw%2BxQZxAXpgEj54lcHdWzIFkh9hxNdfdT4nGFbeChfyvVj6dpbo43%2BhWoTJ3B3SYg3W8a8Gb3y6Yz1ghgmrGxkeAyl04a0g%3D%3D"}],"group":"cf-nel","max_age":604800}
location
https://btloader.com/tag?h=freestar-io&upapi=true
cache-control
max-age=3600
cf-ray
8120bf2f897065d1-FRA
expires
Fri, 06 Oct 2023 21:45:13 GMT
prebid-analytics-7.48.4.js
a.pub.network/core/
596 KB
193 KB
Script
General
Full URL
https://a.pub.network/core/prebid-analytics-7.48.4.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/pubfig/72787f6b5555e79e940508cbae5de81a643f6d44/pubfig.engine.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:14ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
788c13994d09fd809cb431d4a0a2aaba6dd88c9b2ba4c0c9e03345362d9633ec

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:13 GMT
content-encoding
gzip
cf-cache-status
HIT
age
18192
x-guploader-uploadid
ADPycdsoaXFtOVRY05pY3Xz7V2V-FKCTyF1HBviDSXCg6Rz8K_s6lR09meR23sk3qcE9k3pOBq3xvXMx16xde-m-l-kbIA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
3
x-goog-stored-content-encoding
identity
last-modified
Tue, 18 Jul 2023 18:59:55 GMT
server
cloudflare
etag
W/"5243e8ea27fda1bab8578db0b34dba61"
vary
Accept-Encoding
x-goog-generation
1689706795179212
content-type
text/html
access-control-allow-origin
*
x-goog-hash
crc32c=hSRCNw==, md5=UkPo6if9obq4V42ws026YQ==
content-language
en
access-control-expose-headers
*
cache-control
public, max-age=31517808
x-goog-stored-content-length
610321
cf-ray
8120bf2eee229b80-FRA
expires
Sat, 05 Oct 2024 15:42:01 GMT
styles__ltr.css
www.gstatic.com/recaptcha/releases/lLirU0na9roYU3wDDisGJEVT/ Frame 21AC
55 KB
24 KB
Stylesheet
General
Full URL
https://www.gstatic.com/recaptcha/releases/lLirU0na9roYU3wDDisGJEVT/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LflikElAAAAAB129nn08Yi-s_o-ydkEaWTRAM8z&co=aHR0cHM6Ly93d3cucG93ZXJiYWxsLmNvbTo0NDM.&hl=en&v=lLirU0na9roYU3wDDisGJEVT&size=normal&cb=5voj1ugkzehn
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 17:57:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
10070
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24606
x-xss-protection
0
last-modified
Mon, 02 Oct 2023 04:05:03 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 05 Oct 2024 17:57:23 GMT
recaptcha__en.js
www.gstatic.com/recaptcha/releases/lLirU0na9roYU3wDDisGJEVT/ Frame 21AC
464 KB
185 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/lLirU0na9roYU3wDDisGJEVT/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LflikElAAAAAB129nn08Yi-s_o-ydkEaWTRAM8z&co=aHR0cHM6Ly93d3cucG93ZXJiYWxsLmNvbTo0NDM.&hl=en&v=lLirU0na9roYU3wDDisGJEVT&size=normal&cb=5voj1ugkzehn
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b1a65063717196413801187164cad067a3c8b3f1c8d7cf768de32d1230ecdf3c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 17:57:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
10070
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
189597
x-xss-protection
0
last-modified
Mon, 02 Oct 2023 04:05:03 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 05 Oct 2024 17:57:23 GMT
b
sb.scorecardresearch.com/
0
224 B
Image
General
Full URL
https://sb.scorecardresearch.com/b?c1=2&c2=23384447&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1696625113420&ns_c=UTF-8&cs_ucfr=&c7=https%3A%2F%2Fwww.powerball.com%2F&c8=Home%20%7C%20Powerball&c9=
Requested by
Host: www.powerball.com
URL: https://www.powerball.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.196.68 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-196-68.mxp63.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:13 GMT
via
1.1 ec2e016357b2a4b61d6fc1a2e7c0826a.cloudfront.net (CloudFront)
accept-ch
UA, Platform, Arch, Model, Mobile
x-amz-cf-pop
MXP63-P1
x-amz-cf-id
Mwi4fRFiP7nsegNL8-f35QrjGfvUHrDCk9VTeofMVYQHEqrJFdQlsw==
x-cache
Miss from cloudfront
wrap.js
cdn.confiant-integrations.net/gptprebidnative/202310031103/
269 KB
86 KB
Script
General
Full URL
https://cdn.confiant-integrations.net/gptprebidnative/202310031103/wrap.js
Requested by
Host: cdn.confiant-integrations.net
URL: https://cdn.confiant-integrations.net/8TlPs9_ElE3wQ2Gw5lJXkicRVtw/gpt_and_prebid/config.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:90a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6f32f4b1aebee55450f9eaea7572be5631167000c60b202e32fd7efe10534e2f

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:13 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 03 Oct 2023 15:32:29 GMT
server
cloudflare
x-amz-request-id
PCWQNXY3DP7WHW6T
age
271426
etag
W/"1817aabf6d3ce56cce955976a0e0702e"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
8120bf2fe9dc910c-FRA
alt-svc
h3=":443"; ma=86400
x-amz-id-2
dnTAR5VAkqM5WtZ+9Y83Hb92C1QYpPrjQfSHBHI2l/tSJk2UFkV7aYUu7P0Fra2bV8huVxB00Ig=
4c1b66a18e5ec5996b60b4b80ae7677ac873b7f3
cumbersomecarpenter.com/0dc37820617e/
288 B
315 B
Fetch
General
Full URL
https://cumbersomecarpenter.com/0dc37820617e/4c1b66a18e5ec5996b60b4b80ae7677ac873b7f3
Requested by
Host: cumbersomecarpenter.com
URL: https://cumbersomecarpenter.com/scripts/39e8d6ac2fa2d9de4cf3d7045f724cba85a1.index.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:1901:0:328a::1 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
Software
/
Resource Hash
3ff2cb196c58aa259978595c9811c7d4ee35053926315c3ec1bfcb46800459b9
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; preload

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

strict-transport-security
max-age=15724800; preload
date
Fri, 06 Oct 2023 20:45:13 GMT
via
1.1 google
x-buildnumber
998028631
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
288
x-datacenter
gce-europe-west1
x-buildname
hoothoot
vary
Accept-Encoding, Origin
access-control-allow-methods
POST, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.powerball.com
x-hostname
fen-hoothoot-europe-west1-f5xl
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
access-control-allow-headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
expires
Fri, 06 Oct 2023 20:45:12 GMT
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310030101/
419 KB
132 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310030101/pubads_impl.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ab1e5ef8baed1d906b9e8ea4126ad958556881a46150cd6712ad5ebc40f4e46
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 10:53:08 GMT
content-encoding
br
x-content-type-options
nosniff
age
35525
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
134829
x-xss-protection
0
server
cafe
etag
3697166202567710199
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
expires
Sat, 05 Oct 2024 10:53:08 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/
549 B
296 B
XHR
General
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.powerball.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d630e5146cbce0c31e2aeaf27927d337286eab2b20bf90b39b1233a3cf7f9eea
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:13 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
271
x-xss-protection
0
expires
Fri, 06 Oct 2023 20:45:13 GMT
webworker.js
www.google.com/recaptcha/api2/ Frame 21AC
102 B
135 B
Other
General
Full URL
https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=lLirU0na9roYU3wDDisGJEVT
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LflikElAAAAAB129nn08Yi-s_o-ydkEaWTRAM8z&co=aHR0cHM6Ly93d3cucG93ZXJiYWxsLmNvbTo0NDM.&hl=en&v=lLirU0na9roYU3wDDisGJEVT&size=normal&cb=5voj1ugkzehn
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
5063a68a88966cff9baa3bf09bf0352e9c05164c66e9b4ef2c4d5453dc9e1ca7
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LflikElAAAAAB129nn08Yi-s_o-ydkEaWTRAM8z&co=aHR0cHM6Ly93d3cucG93ZXJiYWxsLmNvbTo0NDM.&hl=en&v=lLirU0na9roYU3wDDisGJEVT&size=normal&cb=5voj1ugkzehn
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
cross-origin-embedder-policy
require-corp
x-frame-options
SAMEORIGIN
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Fri, 06 Oct 2023 20:45:13 GMT
state
api.btloader.com/mw/
0
101 B
Fetch
General
Full URL
https://api.btloader.com/mw/state?bt_env=prod
Requested by
Host: freestar-io.videoplayerhub.com
URL: https://freestar-io.videoplayerhub.com/gallery.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.23.194 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
194.23.211.130.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 06 Oct 2023 20:45:14 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
vary
Origin
px.gif
ad-delivery.net/
43 B
935 B
Image
General
Full URL
https://ad-delivery.net/px.gif?ch=2
Requested by
Host: www.powerball.com
URL: https://www.powerball.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:246 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:13 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2393571
x-guploader-uploadid
ADPycdvss9BetkmNQALNaBNCf5vLrk1BJTKiYCnKRP7yR206OrOm6wCUuumZB2_HXL8eMer15Axwd5EmLiQynqBlnV8RghqDGZqY
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
5
x-goog-stored-content-encoding
identity
content-length
43
last-modified
Wed, 05 May 2021 19:25:32 GMT
server
cloudflare
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3"
vary
Accept-Encoding
x-goog-generation
1620242732037093
content-type
image/gif
access-control-allow-origin
*
x-goog-hash
crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers
*, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=86400
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EHZcbPnzMRQ7CD9vbpHFvLmoVwm1y3hdmZouKU5ediYbyFkJ75vAzcxzqzzVqrrjgMz%2BsWP8pLGa919CT5YBLTbDDX3lkYomUBfk2TVmfSwUr6Eag7%2F%2BGjHO0ip4Jhzie86HM3vVmZlZ6wu0Dg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length
43
accept-ranges
bytes
cf-ray
8120bf323abe3830-FRA
expires
Sat, 09 Sep 2023 04:47:44 GMT
favicon.ico
ad.doubleclick.net/
1 KB
571 B
Image
General
Full URL
https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250
Requested by
Host: www.powerball.com
URL: https://www.powerball.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.70 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f6.1e100.net
Software
sffe /
Resource Hash
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 00:01:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
74623
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
104
x-xss-protection
0
last-modified
Tue, 08 May 2012 13:08:06 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/x-icon
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 07 Oct 2023 00:01:30 GMT
px.gif
ad-delivery.net/
43 B
339 B
Image
General
Full URL
https://ad-delivery.net/px.gif?ch=1&e=0.843713574459563
Requested by
Host: www.powerball.com
URL: https://www.powerball.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:246 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:13 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2393571
x-guploader-uploadid
ADPycdvss9BetkmNQALNaBNCf5vLrk1BJTKiYCnKRP7yR206OrOm6wCUuumZB2_HXL8eMer15Axwd5EmLiQynqBlnV8RghqDGZqY
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
5
x-goog-stored-content-encoding
identity
content-length
43
last-modified
Wed, 05 May 2021 19:25:32 GMT
server
cloudflare
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3"
vary
Accept-Encoding
x-goog-generation
1620242732037093
content-type
image/gif
access-control-allow-origin
*
x-goog-hash
crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers
*, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=86400
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=whimsXHgIFZYvZx9rAqArgWwceQl0T5y4mSx9mX3a6UeD%2BnvVcUGZSdyVxmGcHdWaCH11igXIIgx7RtsEr1iXQkvZVXyoFuiVphACVaGBkquQYEujHxIXU%2BGSMytQUEEjT1T4igiJCzTvAtK%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length
43
accept-ranges
bytes
cf-ray
8120bf323ac03830-FRA
expires
Sat, 09 Sep 2023 04:47:44 GMT
a20a39707149e687444af725ffbad5d3b06eb610a588e69620c5
cumbersomecarpenter.com/
3 B
27 B
Fetch
General
Full URL
https://cumbersomecarpenter.com/a20a39707149e687444af725ffbad5d3b06eb610a588e69620c5
Requested by
Host: cumbersomecarpenter.com
URL: https://cumbersomecarpenter.com/scripts/39e8d6ac2fa2d9de4cf3d7045f724cba85a1.index.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:1901:0:328a::1 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
Software
/
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; preload

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

strict-transport-security
max-age=15724800; preload
date
Fri, 06 Oct 2023 20:45:13 GMT
via
1.1 google
x-buildnumber
998028631
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3
x-datacenter
gce-europe-west1
x-buildname
hoothoot
vary
Accept-Encoding, Origin
access-control-allow-methods
POST, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.powerball.com
x-hostname
fen-hoothoot-europe-west1-f5xl
access-control-allow-credentials
true
timing-allow-origin
*
access-control-allow-headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
hadron.js
cdn.hadronid.net/
55 KB
10 KB
Script
General
Full URL
https://cdn.hadronid.net/hadron.js?url=https%3A%2F%2Fwww.powerball.com%2F&ref=&_it=freestar&partner_id=474&ha=_hadron
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/pubfig/72787f6b5555e79e940508cbae5de81a643f6d44/pubfig.engine.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:34ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6ee69abe38a87fd8aa0867401e1e14d2831eab6dfb1bb2d97abf65ac57cb5705

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:14 GMT
content-encoding
gzip
cf-cache-status
HIT
cf-bgj
minify
last-modified
Thu, 07 Sep 2023 17:31:32 GMT
server
cloudflare
x-amz-request-id
907JHMEEKQ08DSV2
age
3549
etag
W/"8bbf05f440008747d4df642e30fc4ddc"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=3600
cf-ray
8120bf331af91bc3-FRA
x-amz-id-2
oJpPJCbEID7z1zM9kIxlsqSbq8xeH5HC5gS4xpeHur3SW4yHO8BbtAlQwktjkw9El2h2R0B/Pt0=
IIQUniversalID.js
a.pub.network/core/intentIQ/20230622/
55 KB
13 KB
Script
General
Full URL
https://a.pub.network/core/intentIQ/20230622/IIQUniversalID.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/pubfig/72787f6b5555e79e940508cbae5de81a643f6d44/pubfig.engine.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:14ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
48c76c91f2d42a1668fee310da41b7c1f0d97d7ab0fa55fcf794e2cd3e412242

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:13 GMT
content-encoding
gzip
cf-cache-status
HIT
age
18125
x-guploader-uploadid
ADPycduThDvVZop4aeV4Au5WU4LXU3KI7HZOXIGI50O0zc7JT9fd_cefDPzdHbBRLE5yn63B2HVxC2OkJ4dc1pXV576P8rBM6VhT
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
last-modified
Thu, 22 Jun 2023 23:15:14 GMT
server
cloudflare
etag
W/"c45a15a8a50c2a275e14695cf631d08d"
vary
Accept-Encoding
x-goog-hash
crc32c=6m2COg==, md5=xFoVqKUMKideFGlc9jHQjQ==
x-goog-generation
1687475714790007
content-type
text/javascript
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=3600
x-goog-stored-content-length
56442
cf-ray
8120bf326adc9b80-FRA
expires
Fri, 06 Oct 2023 21:45:13 GMT
apstag.js
c.amazon-adsystem.com/aax2/
255 KB
63 KB
Script
General
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/pubfig/72787f6b5555e79e940508cbae5de81a643f6d44/pubfig.engine.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.208.154 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-208-154.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
241df04a32e1a0a4da58eb35f672c5f0b4e1fa131475803ce3222bf493632d5e

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:03:48 GMT
content-encoding
gzip
via
1.1 814952d19d560b49ff15ad2f71e400d2.cloudfront.net (CloudFront), 1.1 d79861a030d3421826a919f9c2b00146.cloudfront.net (CloudFront)
last-modified
Thu, 05 Oct 2023 19:43:16 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P1, FRA56-P3
age
2487
x-amz-server-side-encryption
AES256
etag
W/"e1caada96468a3b669d0d0cc6ec9a23c"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=3600
x-amz-cf-id
TkEqMhpUv7ufE9rsueQ4mhcIXTyIfJPxga3uTsgf5DhVDD7gZj4VRg==
ProfilesEngineServlet
api.intentiq.com/profiles_engine/
0
0

ProfilesEngineServlet
sync.intentiq.com/profiles_engine/
0
0
Image
General
Full URL
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&secure=1&dpi=1434517136&rnd=946663&iiqidtype=2&iiqpcid=15d373df-3da6-4333-82f1-f337d51275bb&iiqpciddate=1696625114038&tsrnd=521_1696625114041&vrref=www.powerball.com&jsver=5.4&abtp=95&abtg=A
Requested by
Host: www.powerball.com
URL: https://www.powerball.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.214.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-214-42.fra56.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

country
api.btloader.com/
16 B
132 B
Fetch
General
Full URL
https://api.btloader.com/country
Requested by
Host: freestar-io.videoplayerhub.com
URL: https://freestar-io.videoplayerhub.com/gallery.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.23.194 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
194.23.211.130.bc.googleusercontent.com
Software
/
Resource Hash
a04a64eb55c4a16ed352d149385a8ac8d8c2d3291f0e5b59b0f48375443b5f24

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:14 GMT
via
1.1 google
vary
Origin
content-type
application/json
access-control-allow-origin
*
cache-control
private, max-age=300, stale-while-revalidate=600, stale-if-error=600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16
pv
api.btloader.com/
0
66 B
XHR
General
Full URL
https://api.btloader.com/pv?tid=IBYVwjLjcJ&w=5746431636799488&o=5714937848528896&cv=2.1.19-1-g9747148&r=false&vr=1600x1200&pageURL=https%3A%2F%2Fwww.powerball.com%2F&sid=2JnEA2OngZ&upapi=true
Requested by
Host: freestar-io.videoplayerhub.com
URL: https://freestar-io.videoplayerhub.com/gallery.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.23.194 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
194.23.211.130.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 06 Oct 2023 20:45:14 GMT
cache-control
no-cache, no-store, must-revalidate
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
vary
Origin
bframe
www.google.com/recaptcha/api2/ Frame D347
7 KB
1 KB
Document
General
Full URL
https://www.google.com/recaptcha/api2/bframe?hl=en&v=lLirU0na9roYU3wDDisGJEVT&k=6LflikElAAAAAB129nn08Yi-s_o-ydkEaWTRAM8z
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/lLirU0na9roYU3wDDisGJEVT/recaptcha__de.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
c16fe3e79457494c4b4cac4b153f936ba9415c321547a416ca7ffbc2751a984d
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-TmJjGWRN20aw4z9jv03ZVw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-TmJjGWRN20aw4z9jv03ZVw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Fri, 06 Oct 2023 20:45:14 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
hadron.json
id.hadron.ad.gt/v1/ Frame
0
0
Preflight
General
Full URL
https://id.hadron.ad.gt/v1/hadron.json?_it=freestar&partner_id=474&sync=0&domain=www.powerball.com&url=https://www.powerball.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:445 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://www.powerball.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
access-control-allow-origin
*
allow
POST, OPTIONS, GET
cache-control
max-age=31536000 public, no-transform
cf-cache-status
DYNAMIC
cf-ray
8120bf343f6b2c52-FRA
content-length
0
content-type
application/json
date
Fri, 06 Oct 2023 20:45:14 GMT
debug
OPTIONS block
expires
Sat, 05 Oct 2024 20:45:14 GMT
server
cloudflare
hadron.json
id.hadron.ad.gt/v1/
98 B
290 B
XHR
General
Full URL
https://id.hadron.ad.gt/v1/hadron.json?_it=freestar&partner_id=474&sync=0&domain=www.powerball.com&url=https://www.powerball.com/
Requested by
Host: cdn.hadronid.net
URL: https://cdn.hadronid.net/hadron.js?url=https%3A%2F%2Fwww.powerball.com%2F&ref=&_it=freestar&partner_id=474&ha=_hadron
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:445 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
373b4038cfb9482c593b99008e0c8de1d09012cd1f4c41d5efe3532f9aad3f7f

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 06 Oct 2023 20:45:14 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
access-control-allow-methods
HEAD,GET,POST,PUT,DELETE,OPTIONS
content-type
application/json
access-control-allow-origin
*
cache-control
private,max-age=30
access-control-allow-credentials
true
debug
NON-OPTIONS
access-control-allow-headers
authorization
cf-ray
8120bf3518772c52-FRA
0ab198dd-b265-462a-ae36-74e163ad6159
config.aps.amazon-adsystem.com/configs/
537 B
802 B
Script
General
Full URL
https://config.aps.amazon-adsystem.com/configs/0ab198dd-b265-462a-ae36-74e163ad6159
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.128 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-128.fra6.r.cloudfront.net
Software
CloudFront /
Resource Hash
7d37b60b260342e7a23b9f688b93bcf9c1e3f5bbfb3fca66af03ab8e87fcaa77

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:10:49 GMT
via
1.1 c6b364b1181abfafd7a69f210841edca.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
FRA6-C1
age
2065
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=3600
content-length
537
x-amz-cf-id
1v14T1Sun_xLL1yQnQ96J6-rrRrt_ou5Q0jeTVHKAiPNYuCkoG9Crw==
config
c.amazon-adsystem.com/cdn/prod/
1 KB
1 KB
XHR
General
Full URL
https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fwww.powerball.com&pubid=0ab198dd-b265-462a-ae36-74e163ad6159
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.208.154 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-208-154.fra56.r.cloudfront.net
Software
Server /
Resource Hash
0eda13bf855220cdec6aaace454f32733f52fcac0bacb575e459b5b081ee9c52

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 17:09:46 GMT
via
1.1 d79861a030d3421826a919f9c2b00146.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA56-P3
age
12928
x-cache
Hit from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.powerball.com
cache-control
max-age=21550, s-maxage=21600
access-control-allow-credentials
true
content-length
1054
x-amz-cf-id
fC8f1LnBAgunCAD1yA1_k7iu8kcBQrplPr10WPV5TnaUeKmEDpN44A==
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/
6 KB
3 KB
XHR
General
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.208.154 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-208-154.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-amz-version-id
9yABOonr2HqHtwbarUcdbIqN0f4A8Qog
content-encoding
gzip
via
1.1 d79861a030d3421826a919f9c2b00146.cloudfront.net (CloudFront)
date
Fri, 06 Oct 2023 03:26:38 GMT
x-amz-cf-pop
FRA56-P3
age
62317
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Tue, 29 Aug 2023 08:30:37 GMT
server
AmazonS3
etag
W/"a4d296427fc806b21335359e398c025c"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
vary
Accept-Encoding,Origin
x-amz-cf-id
aKAPTsdUyy22j_Y0eoOH1ABqkCV-wj8lzuoJQwSKYTrXZ2qPMJFKIQ==
styles__ltr.css
www.gstatic.com/recaptcha/releases/lLirU0na9roYU3wDDisGJEVT/ Frame D347
55 KB
24 KB
Stylesheet
General
Full URL
https://www.gstatic.com/recaptcha/releases/lLirU0na9roYU3wDDisGJEVT/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=lLirU0na9roYU3wDDisGJEVT&k=6LflikElAAAAAB129nn08Yi-s_o-ydkEaWTRAM8z
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 17:57:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
10071
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24606
x-xss-protection
0
last-modified
Mon, 02 Oct 2023 04:05:03 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 05 Oct 2024 17:57:23 GMT
recaptcha__en.js
www.gstatic.com/recaptcha/releases/lLirU0na9roYU3wDDisGJEVT/ Frame D347
464 KB
185 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/lLirU0na9roYU3wDDisGJEVT/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=lLirU0na9roYU3wDDisGJEVT&k=6LflikElAAAAAB129nn08Yi-s_o-ydkEaWTRAM8z
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b1a65063717196413801187164cad067a3c8b3f1c8d7cf768de32d1230ecdf3c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 17:57:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
10071
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
189597
x-xss-protection
0
last-modified
Mon, 02 Oct 2023 04:05:03 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 05 Oct 2024 17:57:23 GMT
ProfilesEngineServlet
api.intentiq.com/profiles_engine/
0
0

ProfilesEngineServlet
api.intentiq.com/profiles_engine/
0
0

quant.js
secure.quantserve.com/
22 KB
9 KB
Script
General
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/pubfig/72787f6b5555e79e940508cbae5de81a643f6d44/pubfig.engine.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:de2e:c7b3:55c0:d5a0 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
7c1b0b0523c8cd715c6a906f13a121cd27392d8e61d58c38c7ceb32ec22e59f4

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:14 GMT
content-encoding
gzip
etag
"6ioqmyHWSWLYz5hkRjy8Uw=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
accept-ranges
bytes
expires
Fri, 13 Oct 2023 20:45:14 GMT
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b60f65161ce3517c2794eecab25981c51ffbcbc951a781270403e2f3572d0290

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type
image/svg+xml
frstrOSd_8.js
cdn.springserve.com/assets/0/playerJS/
315 KB
100 KB
Script
General
Full URL
https://cdn.springserve.com/assets/0/playerJS/frstrOSd_8.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/pubfig/72787f6b5555e79e940508cbae5de81a643f6d44/pubfig.engine.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.64.79.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-64-79-112.txl50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
cebb34b91ef05c9f91a017e4e5aecba2e2f9dab6518af0f2e0c565f25e01a8bc

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Wed, 04 Oct 2023 18:58:48 GMT
content-encoding
gzip
via
1.1 1414bd7a19d3e0731eb4c47589439132.cloudfront.net (CloudFront)
last-modified
Tue, 01 Aug 2023 19:02:14 GMT
server
AmazonS3
x-amz-cf-pop
TXL50-P2
age
211088
x-amz-server-side-encryption
AES256
etag
W/"36c24396bd82f5e2e65d1d6548a8f1ac"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
tmEl4y3tjpeA44OasEhJ8Jzo7AR0cSEs7JZKyDBV4mJrq2jhqybRsg==
fslogo-green.svg
a.pub.network/core/imgs/
1 KB
1 KB
Image
General
Full URL
https://a.pub.network/core/imgs/fslogo-green.svg
Requested by
Host: www.powerball.com
URL: https://www.powerball.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:14ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ecc20ed3c5dedbe5bbe73d1e7b14270c65a85f7d0ec4c94c4f0c9f0071e471a2

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:14 GMT
content-encoding
gzip
cf-cache-status
HIT
age
188
x-guploader-uploadid
ADPycduw1E9X6MVC3yLb82cWTw7E087mf55Khe5ro-sCl-iSBzn5JwdwKbo8xyDOP9kXxRMmnqwUawK6NBNi7DDeES5QZg
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
last-modified
Tue, 08 Sep 2020 17:04:37 GMT
server
cloudflare
etag
W/"326d6cbd977657e1205bd616d1f2faca"
vary
Accept-Encoding
x-goog-hash
crc32c=Jh+rSg==, md5=Mm1svZd2V+EgW9YW0fL6yg==
x-goog-generation
1599584677716817
content-type
image/svg+xml
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=3600
x-goog-stored-content-length
1193
cf-ray
8120bf341cfa9b80-FRA
expires
Fri, 06 Oct 2023 21:45:14 GMT
pubcid.min.js
secure.cdn.fastclick.net/js/pubcid/latest/
54 KB
17 KB
Script
General
Full URL
https://secure.cdn.fastclick.net/js/pubcid/latest/pubcid.min.js
Requested by
Host: www.powerball.com
URL: https://www.powerball.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.30.211.26 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-211-26.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
43f804d38a294c6df1ce8ee64fb95ad0ff5a8d6d5685d9537df02212668a1dff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:14 GMT
content-encoding
gzip
last-modified
Mon, 23 Jan 2023 19:40:17 GMT
server
Apache
etag
"d734-5f2f3919e751f-gzip"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=900
accept-ranges
bytes
content-length
17407
expires
Fri, 06 Oct 2023 21:00:14 GMT
id5-api.js
cdn.id5-sync.com/api/1.0/
136 KB
29 KB
Script
General
Full URL
https://cdn.id5-sync.com/api/1.0/id5-api.js
Requested by
Host: www.powerball.com
URL: https://www.powerball.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3456 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c96b67edd277b9d12add863bf157c68853eb1429929972195f629cddc8b6b48f
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:14 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 05 Oct 2023 10:57:30 GMT
server
cloudflare
x-amz-request-id
33K7G39GZCS74Z4B
age
2953
etag
W/"7810b7b6142b3bdb32696e7b2987bc71"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
text/javascript;charset=utf-8
cache-control
public, max-age=3600
cf-ray
8120bf35ce26910d-FRA
x-amz-id-2
3Bk+HWm+5ISZWDGnSwnkjKf44cPIDzro7Q58OXMZTbpVpRl66XgPjCj7Ct0g39m3CkzhQvgJ17c=
analytics.min.js
a.pub.network/core/analytics/1.2.5/
13 KB
5 KB
Script
General
Full URL
https://a.pub.network/core/analytics/1.2.5/analytics.min.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/pubfig/72787f6b5555e79e940508cbae5de81a643f6d44/pubfig.engine.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:14ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
150abf5d65851c215b785dc90f363002897279f75a0f466caa6c92534a20a2d7

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:14 GMT
content-encoding
gzip
cf-cache-status
HIT
age
18193
x-guploader-uploadid
ADPycds65Lx6FUl7ESMHjBd4t0QPA01K7FTJm6rUQktwTs1tIxeUJUxsQdtRM6LwFLpex4rGiDR_ZvYvIlk4ieMahcaMiA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
last-modified
Wed, 04 Oct 2023 16:03:51 GMT
server
cloudflare
etag
W/"defe674f4bb712938099078798b0a1bc"
vary
Accept-Encoding
x-goog-hash
crc32c=JGNbPw==, md5=3v5nT0u3EpOAmQeHmLChvA==
x-goog-generation
1696435431727744
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=3600
x-goog-stored-content-length
13192
cf-ray
8120bf352e4d9b80-FRA
expires
Fri, 06 Oct 2023 21:45:14 GMT
474
a.ad.gt/api/v1/u/matches/
12 KB
4 KB
Script
General
Full URL
https://a.ad.gt/api/v1/u/matches/474?_it=freestar
Requested by
Host: cdn.hadronid.net
URL: https://cdn.hadronid.net/hadron.js?url=https%3A%2F%2Fwww.powerball.com%2F&ref=&_it=freestar&partner_id=474&ha=_hadron
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:545 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7ca87464de7a98b33581057aeff1d5e849b1973ea8c989a79b950471341d3a7c

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:14 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Fri, 06 Oct 2023 20:41:19 GMT
server
cloudflare
age
235
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=14400
cross-origin-resource-policy
cross-origin
cf-ray
8120bf37defc2be5-FRA
rules-p-UeXruRVtZz7w6.js
rules.quantcount.com/
2 KB
1 KB
Script
General
Full URL
https://rules.quantcount.com/rules-p-UeXruRVtZz7w6.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223c:1e00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a7b5f5f96f81dea4efc53e1d4dae8b37c28bec27a45b42ccf604ee759e20caec

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:42:50 GMT
content-encoding
gzip
via
1.1 993c0866e705e48daa4fed5e30627712.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P2
age
145
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
last-modified
Thu, 07 Dec 2017 17:06:25 GMT
server
AmazonS3
etag
W/"cbc97d16c77ea1fcbbf42d246001e982"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600
x-amz-cf-id
8kDYT_UIJ9shAOYl6Jep0V8W2xwTglchgKRBR_Z8iFycJp-zA3I7DQ==
bid
aax.amazon-adsystem.com/e/dtb/
23 B
465 B
XHR
General
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.powerball.com%2F&pid=CmfftwTNVFWGZ&cb=0&ws=1600x1200&v=23.919.1525&t=2000&slots=%5B%7B%22id%22%3A%22aps_springserve_outstream_ron%22%2C%22mt%22%3A%22v%22%7D%5D&schain=1.0%2C1!freestar.com%2C962%2C1%2C%2C%2C&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.253.136 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-253-136.fra60.r.cloudfront.net
Software
Server /
Resource Hash
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:14 GMT
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 968007545c497b68cc41825f11e930ba.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA60-P3
x-amz-rid
FQD6ATQNHFPJ60S35MME
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://www.powerball.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
23
x-amz-cf-id
Y7Rc_uoGBsUvpiUDmIJJAipGCkmf4dnYBQS4PfcvCtYC70JFc0lP6Q==
pixel;r=1053740428;labels=title.Home;rf=0;a=p-UeXruRVtZz7w6;url=https%3A%2F%2Fwww.powerball.com%2F;uht=2;fpan=1;fpa=P0-2054755973-1696625114573;pbc=;ns=0;ce=1;qjs=1;qv=44310d19-20230908150619;cm=;g...
pixel.quantserve.com/
35 B
371 B
Image
General
Full URL
https://pixel.quantserve.com/pixel;r=1053740428;labels=title.Home;rf=0;a=p-UeXruRVtZz7w6;url=https%3A%2F%2Fwww.powerball.com%2F;uht=2;fpan=1;fpa=P0-2054755973-1696625114573;pbc=;ns=0;ce=1;qjs=1;qv=44310d19-20230908150619;cm=;gdpr=0;ref=;d=powerball.com;dst=1;et=1696625114880;tzo=-120;ogl=description.The%20official%20Powerball%C2%AE%20website%252E%20Get%20the%20winning%20numbers%252C%20watch%20the%20draw%20show%252C%20a%2Ctitle.Home%2Curl.https%3A%2F%2Fwww%252Epowerball%252Ecom%2F%2Ctype.website%2Cdescription.The%20official%20Powerball%C2%AE%20website%252E%20Get%20the%20winning%20numbers%252C%20watch%20the%20draw%20show%252C%20a%2Csite_name.Powerball%2Cimage.https%3A%2F%2Fcdn%252Epowerball%252Ecom%2Fv01%2Fimages%2Fopengraph%2Fpowerball-logo-1200%252Ewebp%2Clocale.en_US%2Clocale%3Aalternate.es_MX;ses=7cc08de5-9ceb-439f-80f2-76ba76da0525;mdl=
Requested by
Host: www.powerball.com
URL: https://www.powerball.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:de2e:c7b3:55c0:d5a0 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 Oct 2023 20:45:14 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type
image/gif
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
truncated
/
630 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b66b3852ff6dbd325b0ba68ff6e6a86419269ac0a8d0f3f339feba3d9123fac2

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type
image/svg+xml
702408
vid.springserve.com/vast/
4 KB
2 KB
XHR
General
Full URL
https://vid.springserve.com/vast/702408?w=312&h=176&url=https%3A%2F%2Fwww.powerball.com%2F&cb=0.47920418668833875&consent=&gdpr=0&us_privacy=1---&schain=1.0,1!freestar.com,962,1,,,,&undefined
Requested by
Host: cdn.springserve.com
URL: https://cdn.springserve.com/assets/0/playerJS/frstrOSd_8.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.48.245.75 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-48-245-75.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
5b5547f74cb04dfc55862739740a416cd238bb5755ddd78458a544e49c42ff9f

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-origin
https://www.powerball.com
date
Fri, 06 Oct 2023 20:45:15 GMT
content-encoding
gzip
access-control-allow-credentials
true
server
nginx
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/xml
1
serving.stat-rock.com/v1/log/js/
35 B
169 B
Image
General
Full URL
https://serving.stat-rock.com/v1/log/js/1?id=1696625114919.1577&type=INIT&placementId=OpE_G2eQEIVcnqleHDYoCw7EE8VuwpK8BwG1KH8rz7xSWoy4ivaH&tagId=&message=&u=https%3A%2F%2Fwww.powerball.com%2F&t=337&v=112.sp&p=fashKfMyO1atCB74r89nrYxfXH2rIGIWJHvOs0KaPtwhV3AIQxnp&width=312&z=p%3Ast%3Bv%3AinView%3B&r=0.2500513893460792
Requested by
Host: www.powerball.com
URL: https://www.powerball.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.76.28.41 Freiburg im Breisgau, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.41.28.76.144.clients.your-server.de
Software
nginx /
Resource Hash
0521f51eafc20f3c9fe88c29186358b8e53ade4dda9e0611bb22f6ac36acb540

Request headers

Referer
Origin
https://www.powerball.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-origin
https://www.powerball.com
date
Fri, 06 Oct 2023 20:45:15 GMT
srvf
144.76.28.41
server
nginx
srvb
127.0.0.1:8082
content-length
35
content-type
image/gif
1
serving.stat-rock.com/v1/log/js/
35 B
170 B
Image
General
Full URL
https://serving.stat-rock.com/v1/log/js/1?id=1696625114919.1577&type=REQUEST&placementId=OpE_G2eQEIVcnqleHDYoCw7EE8VuwpK8BwG1KH8rz7xSWoy4ivaH&tagId=&message=&u=https%3A%2F%2Fwww.powerball.com%2F&t=346&v=112.sp&p=fashKfMyO1atCB74r89nrYxfXH2rIGIWJHvOs0KaPtwhV3AIQxnp&width=312&z=p%3Ast%3Bpt%3APRE%3Bv%3AinView%3Bc%3Avast%3B&r=0.6504921078676553
Requested by
Host: www.powerball.com
URL: https://www.powerball.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.76.28.41 Freiburg im Breisgau, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.41.28.76.144.clients.your-server.de
Software
nginx /
Resource Hash
0521f51eafc20f3c9fe88c29186358b8e53ade4dda9e0611bb22f6ac36acb540

Request headers

Referer
Origin
https://www.powerball.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-origin
https://www.powerball.com
date
Fri, 06 Oct 2023 20:45:15 GMT
srvf
144.76.28.41
server
nginx
srvb
127.0.0.1:8082
content-length
35
content-type
image/gif
c
c.pub.network/v2/
36 B
53 B
Fetch
General
Full URL
https://c.pub.network/v2/c
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/analytics/1.2.5/analytics.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.160.152.31 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
31.152.160.34.bc.googleusercontent.com
Software
/
Resource Hash
0fec69e64255f119b5a36ecea1614e1de045e015c7d363f79ab5b0460f0cfefa

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 06 Oct 2023 20:45:15 GMT
via
1.1 google
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
text/plain;charset=utf-8
access-control-allow-origin
https://www.powerball.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
36
c
c.pub.network/v2/ Frame
0
0
Preflight
General
Full URL
https://c.pub.network/v2/c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.160.152.31 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
31.152.160.34.bc.googleusercontent.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.powerball.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
POST
access-control-allow-origin
https://www.powerball.com
access-control-max-age
1800
allow
GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Fri, 06 Oct 2023 20:45:15 GMT
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
via
1.1 google
vpaid_9630646b.js
vpaid.springserve.com/production/ Frame F01F
527 KB
107 KB
Script
General
Full URL
https://vpaid.springserve.com/production/vpaid_9630646b.js
Requested by
Host: cdn.springserve.com
URL: https://cdn.springserve.com/assets/0/playerJS/frstrOSd_8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:a200:15:6f6c:b180:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4609ac544849b9f57b805d6af1a9ed12e25427ce936d6d3ef58d0ce64a6b071a

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Wed, 13 Sep 2023 16:13:33 GMT
content-encoding
gzip
via
1.1 1c5b98f7bd5001d6fe1040daa237afc6.cloudfront.net (CloudFront)
last-modified
Tue, 12 Sep 2023 19:44:37 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C1
age
2003503
etag
W/"9231605411e14ea86c7c45016a7f5ea1"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=2678400
x-amz-cf-id
2CaPIZUIcJdcCdjzI7a4Mhwla6kO5SVIBnYhG0X7TYw_Wa_ouU_BoA==
1
serving.stat-rock.com/v1/log/js/
35 B
169 B
Image
General
Full URL
https://serving.stat-rock.com/v1/log/js/1?id=1696625114919.1577&type=OPPORTUNITY&placementId=OpE_G2eQEIVcnqleHDYoCw7EE8VuwpK8BwG1KH8rz7xSWoy4ivaH&tagId=&message=&u=https%3A%2F%2Fwww.powerball.com%2F&t=547&v=112.sp&p=fashKfMyO1atCB74r89nrYxfXH2rIGIWJHvOs0KaPtwhV3AIQxnp&width=312&z=p%3Ast%3Bpt%3APRE%3Bv%3AinView%3Bc%3Avast%3B&r=0.23299929828827115
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.76.28.41 Freiburg im Breisgau, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.41.28.76.144.clients.your-server.de
Software
nginx /
Resource Hash
0521f51eafc20f3c9fe88c29186358b8e53ade4dda9e0611bb22f6ac36acb540

Request headers

Referer
Origin
https://www.powerball.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-origin
https://www.powerball.com
date
Fri, 06 Oct 2023 20:45:15 GMT
srvf
144.76.28.41
server
nginx
srvb
127.0.0.1:8082
content-length
35
content-type
image/gif
ixmatch.html
js-sec.indexww.com/um/ Frame 887A
3 KB
2 KB
Document
General
Full URL
https://js-sec.indexww.com/um/ixmatch.html
Requested by
Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_9630646b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.25.18 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
613
cache-control
public, max-age=14400
cf-cache-status
HIT
cf-ray
8120bf3c6d9b381a-FRA
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Fri, 06 Oct 2023 20:45:15 GMT
expires
Sat, 07 Oct 2023 00:45:15 GMT
last-modified
Mon, 25 Jul 2022 19:18:26 GMT
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
server
cloudflare
vary
Accept-Encoding
async_usersync.html
acdn.adnxs.com/dmp/ Frame B202
52 KB
17 KB
Document
General
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_9630646b.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.212.192.219 Glattbrugg, Switzerland, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-212-192-219.deploy.static.akamaitechnologies.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin
*
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Fri, 06 Oct 2023 20:45:15 GMT
ETag
"623de86a-cf34"
Expires
Sat, 07 Oct 2023 20:45:17 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
X-Akamai-EW-Subworker
8096267
translator
hbopenbid.pubmatic.com/ Frame F01F
0
115 B
XHR
General
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_9630646b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.powerball.com
date
Fri, 06 Oct 2023 20:45:15 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
ima3vpaid
tpc.googlesyndication.com/ Frame F01F
1 KB
923 B
XHR
General
Full URL
https://tpc.googlesyndication.com/ima3vpaid?vad_format=linear&adtagurl=https%3A%2F%2Fpubads.g.doubleclick.net%2Fgampad%2Fads%3Fiu%3D%2F15184186%2C141986346%2Ffreestar_springserve_adx_video_outstream_powerball_2169_15sec%26description_url%3Dhttps%253A%252F%252Fwww.powerball.com%252F%26tfcd%3D0%26npa%3D0%26sz%3D1x1%26gdfp_req%3D1%26output%3Dxml_vast4%26unviewed_position_start%3D1%26env%3Dvp%26impl%3Ds%26correlator%3D1696625115118%26schain%3D1.0%252C1%2521freestar.com%252C962%252C1%252C%252C%252C%252C%26url%3Dhttps%253A%252F%252Fwww.powerball.com%252F%26max_ad_duration%3D15000%26ord%3D1696625115118%26nofb%3D1&type=all
Requested by
Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_9630646b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
00abfad887a97127fb0b018cba602fa69c346c2eaaf0cb722b1abb1f8236dd4e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:15 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://www.powerball.com
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
557
x-xss-protection
0
prebidvideo
ads.yieldmo.com/exchange/ Frame F01F
0
196 B
XHR
General
Full URL
https://ads.yieldmo.com/exchange/prebidvideo
Requested by
Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_9630646b.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.35.241.233 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-35-241-233.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.powerball.com
pragma
no-cache
date
Fri, 06 Oct 2023 20:45:15 GMT
access-control-allow-credentials
true
access-control-allow-methods
POST, GET, OPTIONS
access-control-request-headers
Cache-Control, Pragma
cygnus
as-sec.casalemedia.com/ Frame F01F
58 B
361 B
Script
General
Full URL
https://as-sec.casalemedia.com/cygnus?fn=indexResponsea1ba7eee21&v=8.8&s=980104&r=%7B%22id%22%3A%22a1ba7eee21%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.powerball.com%2F%22%2C%22ref%22%3A%22https%3A%2F%2Fwww.powerball.com%2F%22%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%220%22%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22application%2Fjavascript%22%2C%22video%2Fwebm%22%2C%22video%2Fogg%22%5D%2C%22minduration%22%3A0%2C%22maxduration%22%3A200%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%5D%2C%22w%22%3A312%2C%22h%22%3A176%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22playbackmethod%22%3A%5B3%5D%2C%22startdelay%22%3A0%7D%2C%22ext%22%3A%7B%22sid%22%3A%22pr_1_1_s%22%2C%22custom%22%3A%22videoPlayback%22%7D%2C%22bidfloor%22%3A2%7D%5D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.com%22%2C%22hp%22%3A1%2C%22sid%22%3A%22962%22%7D%5D%2C%22complete%22%3A1%7D%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%2C%22us_privacy%22%3A%221---%22%7D%7D%7D
Requested by
Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_9630646b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.26.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
226644a7351157929407d2498a0786a1309ebc331b805b725676f73ed926c641

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 Oct 2023 20:45:15 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U4UIqfCqJnEvATf3zvZuWK0vmKMgZsAUPZUW%2F4mFugHsvfQcgYsZojw5G2xQYN1y5epB3Vi%2BB62TX%2BBfHAmljLs8h9H4flD3gLVRVZnW%2BsyrQRfvDL1HtAjggJCmvzbKCArF2ohP7cg%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
cache-control
no-cache
cf-ray
8120bf3c6a251963-FRA
alt-svc
h3=":443"; ma=86400
expires
0
prebidvideo
ads.yieldmo.com/exchange/ Frame F01F
0
197 B
XHR
General
Full URL
https://ads.yieldmo.com/exchange/prebidvideo
Requested by
Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_9630646b.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.35.241.233 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-35-241-233.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.powerball.com
pragma
no-cache
date
Fri, 06 Oct 2023 20:45:15 GMT
access-control-allow-credentials
true
access-control-allow-methods
POST, GET, OPTIONS
access-control-request-headers
Cache-Control, Pragma
prebid
ib.adnxs.com/ut/v3/ Frame F01F
166 B
984 B
XHR
General
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_9630646b.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.173.215 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
af48a2093ada78fcb4263ff2f08d9a519eca1ec0518d8144598716a31fd34b6a
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 06 Oct 2023 20:45:15 GMT
an-x-request-uuid
c6a841f7-fafd-4420-a048-82414a8bfbf6
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.powerball.com
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
x-proxy-origin
80.255.7.107; 80.255.7.107; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length
166
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
auction
prebid-server.rubiconproject.com/openrtb2/ Frame F01F
156 B
451 B
XHR
General
Full URL
https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by
Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_9630646b.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
69.173.144.137 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
a5d59070ad842a11f9c15f741d8402719a1568cffcc4aea0e490208ec9cbfae9

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
content-encoding
gzip
x-prebid
pbs-java/2.0.0
Content-Type
application/json
access-control-allow-origin
https://www.powerball.com
Cache-Control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
151
Expires
0
avjp
freestar-d.openx.net/v/1.0/ Frame F01F
Redirect Chain
  • https://freestar-d.openx.net/v/1.0/avjp?auid=559283036&url=https://www.powerball.com/&vht=176&vwd=312&openrtb=%7B%22imp%22%3A%5B%7B%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22applicati...
  • https://freestar-d.openx.net/v/1.0/avjp?cc=1&auid=559283036&url=https://www.powerball.com/&vht=176&vwd=312&openrtb=%7B%22imp%22%3A%5B%7B%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22appl...
106 B
360 B
XHR
General
Full URL
https://freestar-d.openx.net/v/1.0/avjp?cc=1&auid=559283036&url=https://www.powerball.com/&vht=176&vwd=312&openrtb=%7B%22imp%22%3A%5B%7B%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22application%2Fjavascript%22%2C%22video%2Fwebm%22%2C%22video%2Fogg%22%5D%2C%22w%22%3A312%2C%22h%22%3A176%7D%7D%5D%7D&be=true&schain=1.0,1!freestar.com,962,1,,,&gdpr_consent=&gdpr=0&us_privacy=1---
Protocol
H2
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 Oct 2023 20:45:15 GMT
via
1.1 google
server
OXGW/0.0.0
content-type
application/json
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.powerball.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
106
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date
Fri, 06 Oct 2023 20:45:15 GMT
via
1.1 google
server
OXGW/0.0.0
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://freestar-d.openx.net/v/1.0/avjp?cc=1&auid=559283036&url=https://www.powerball.com/&vht=176&vwd=312&openrtb=%7B%22imp%22%3A%5B%7B%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22application%2Fjavascript%22%2C%22video%2Fwebm%22%2C%22video%2Fogg%22%5D%2C%22w%22%3A312%2C%22h%22%3A176%7D%7D%5D%7D&be=true&schain=1.0,1!freestar.com,962,1,,,&gdpr_consent=&gdpr=0&us_privacy=1---
access-control-allow-origin
https://www.powerball.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
ssusersync
vid.springserve.com/ Frame F01F
6 KB
6 KB
Script
General
Full URL
https://vid.springserve.com/ssusersync
Requested by
Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_9630646b.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.48.245.75 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-48-245-75.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
b450fd6e9e60673f21e7bb98eb3534f29c0a0b9e1674b4cc5f9412411b0830b4

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 06 Oct 2023 20:45:15 GMT
access-control-allow-credentials
true
server
nginx
content-length
6341
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
14048
rtb.gumgum.com/usync/ Frame 5DC6
55 B
211 B
Document
General
Full URL
https://rtb.gumgum.com/usync/14048?gdpr=1&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000004%26gdpr%3D1%26gdpr_consent%3D%26us_privacy%3D%26uuid%3D
Requested by
Host: vid.springserve.com
URL: https://vid.springserve.com/ssusersync
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.229.141.199 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-229-141-199.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
74b03851b17506833b0506eb8292bd9842e5b32aaaccb1b5553fa967b65db792

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html;charset=UTF-8
date
Fri, 06 Oct 2023 20:45:15 GMT
etag
W/"0656d408e84feebb88e950b10efb49503"
server
nginx
timing-allow-origin
*
usermatch
ssum.casalemedia.com/ Frame A764
Redirect Chain
  • https://ssum.casalemedia.com/usermatch?s=191709&gdpr=1&gdpr_consent=&us_privacy=&cb=https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000005%26gdpr%3D1%26gdpr_consent%3D%26us_privacy%3D%26uuid%3D
  • https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000005%26gdpr%3D1%26gdpr_consent%3D%26us_privacy%3D%26uuid%3D&gdpr=1&gdpr_consent=&s=191709&us_priva...
2 KB
852 B
Document
General
Full URL
https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000005%26gdpr%3D1%26gdpr_consent%3D%26us_privacy%3D%26uuid%3D&gdpr=1&gdpr_consent=&s=191709&us_privacy=&C=1
Requested by
Host: vid.springserve.com
URL: https://vid.springserve.com/ssusersync
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.26.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8d739c567034bae55021aecfbf0e670543bce75726563fa119a025b7eb2335e4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
8120bf3d3fcd90e6-FRA
content-encoding
br
content-type
text/html
date
Fri, 06 Oct 2023 20:45:15 GMT
expires
0
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LdeeZq%2FmsfZKDx%2FBxcQjOI3%2F30gIfZIkCdoYLRCxx7ibPcjidN1Qc1nUBvNKgohM9T04jisek6yRPOhyFwKq52v025bntzGZuhWCsz2wOLsLC7KbYykMp0gnmC6uETCySeoqDP5u"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
8120bf3cdf7990e6-FRA
content-length
0
date
Fri, 06 Oct 2023 20:45:15 GMT
expires
0
location
/usermatch?cb=https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000005%26gdpr%3D1%26gdpr_consent%3D%26us_privacy%3D%26uuid%3D&gdpr=1&gdpr_consent=&s=191709&us_privacy=&C=1
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ht5Zl2w4tKWMY05BbBM7JDsh%2BsempRef4HSih8zOyCwI72YO%2FxB7RSVujxADS1iI3jRp2P7z%2Bu0r92iYDNkhx3NXvAoWFixy1qrrXwQaE1O7WXL7pZJYTJkfdMdN7IwAd04CJOY8"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame DA80
15 KB
6 KB
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=1&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000010%26gdpr%3D1%26gdpr_consent%3D%26us_privacy%3D%26uuid%3D
Requested by
Host: vid.springserve.com
URL: https://vid.springserve.com/ssusersync
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.30.16.195 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-16-195.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
94061a925c5d84bf776554ac894020c407a9a4c89b979d538de3cf45591fe423

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=168259
content-encoding
gzip
content-length
5606
content-type
text/html
date
Fri, 06 Oct 2023 20:45:15 GMT
expires
Sun, 08 Oct 2023 19:29:34 GMT
last-modified
Fri, 01 Sep 2023 11:18:33 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
usersync
sync.springserve.com/ Frame F01F
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000001%26gdpr%3D1%26gdpr_consent%3D%26us_privacy%3D%26uuid%3D%24UID
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fsync.springserve.com%252Fusersync%253Faid%253D1000001%2526gdpr%253D1%2526gdpr_consent%253D%2526us_privacy%253D%2526uuid%253D%2524UID
  • https://sync.springserve.com/usersync?aid=1000001&gdpr=1&gdpr_consent=&us_privacy=&uuid=1633981610852886362
43 B
206 B
Image
General
Full URL
https://sync.springserve.com/usersync?aid=1000001&gdpr=1&gdpr_consent=&us_privacy=&uuid=1633981610852886362
Protocol
H2
Server
52.50.110.139 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-50-110-139.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 06 Oct 2023 20:45:15 GMT
access-control-allow-credentials
true
server
nginx
content-length
43
access-control-allow-methods
GET, OPTIONS
content-type
image/gif

Redirect headers

pragma
no-cache
date
Fri, 06 Oct 2023 20:45:15 GMT
an-x-request-uuid
5b0d4cda-ac0c-462f-acec-c905bc2c10ff
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://sync.springserve.com/usersync?aid=1000001&gdpr=1&gdpr_consent=&us_privacy=&uuid=1633981610852886362
x-proxy-origin
80.255.7.107; 80.255.7.107; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
syncb
sync.bfmio.com/ Frame F01F
0
78 B
Image
General
Full URL
https://sync.bfmio.com/syncb?pid=111&gdpr=1&gdpr_consent=&us_privacy=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.238.207.167 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-238-207-167.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Connection
keep-alive
Date
Fri, 06 Oct 2023 20:45:15 GMT
sync
ups.analytics.yahoo.com/ups/58185/ Frame F01F
Redirect Chain
  • https://pixel.advertising.com/ups/58185/sync?&gdpr=1&gdpr_consent=&us_privacy=&redir=true
  • https://ups.analytics.yahoo.com/ups/58185/sync?&gdpr=1&gdpr_consent=&us_privacy=&redir=true
0
87 B
Image
General
Full URL
https://ups.analytics.yahoo.com/ups/58185/sync?&gdpr=1&gdpr_consent=&us_privacy=&redir=true
Protocol
H2
Server
3.71.149.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-71-149-231.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.10.75 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:15 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.75
age
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location
https://ups.analytics.yahoo.com/ups/58185/sync?&gdpr=1&gdpr_consent=&us_privacy=&redir=true
date
Fri, 06 Oct 2023 20:45:15 GMT
cache-control
no-store
content-type
text/html
server
ATS/9.1.10.75
content-length
373
content-language
en
prebid
rtb.openx.net/sync/ Frame F01F
43 B
236 B
Image
General
Full URL
https://rtb.openx.net/sync/prebid?gdpr=1&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000008%26gdpr%3D1%26gdpr_consent%3D%26us_privacy%3D%26uuid%3D%24%7BUID%7D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
211.253.186.35.bc.googleusercontent.com
Software
/
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 Oct 2023 20:45:15 GMT
via
1.1 google
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
ImgSync
image8.pubmatic.com/AdServer/ Frame F01F
0
42 B
Image
General
Full URL
https://image8.pubmatic.com/AdServer/ImgSync?p=157310&gdpr=1&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D157310%26gdpr%3DPM_GDPR%26gdpr_consent%3DPM_CONSENT%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fsync.springserve.com%252Fusersync%253Faid%253D1000010%2526uuid%253D%2523PMUID%2526gdpr%253DPM_GDPR%2526gdpr_consent%253DPM_CONSENT
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.64.190.79 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:15 GMT
content-length
0
usersync
sync.springserve.com/ Frame F01F
Redirect Chain
  • https://bh.contextweb.com/rtset?gdpr=1&gdpr_consent=&us_privacy=&pid=561910&ev=1&rurl=https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000011%26gdpr%3D1%26gdpr_consent%3D%26us_privacy%3D%26uu...
  • https://sync.springserve.com/usersync?aid=1000011&gdpr=1&gdpr_consent=&us_privacy=&uuid=2fpdLgiqYSY6&ev=1&us_privacy=&gdpr_consent=&pid=561910&gdpr=1
43 B
205 B
Image
General
Full URL
https://sync.springserve.com/usersync?aid=1000011&gdpr=1&gdpr_consent=&us_privacy=&uuid=2fpdLgiqYSY6&ev=1&us_privacy=&gdpr_consent=&pid=561910&gdpr=1
Protocol
H2
Server
52.50.110.139 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-50-110-139.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 06 Oct 2023 20:45:15 GMT
access-control-allow-credentials
true
server
nginx
content-length
43
access-control-allow-methods
GET, OPTIONS
content-type
image/gif

Redirect headers

strict-transport-security
max-age=15768000
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
server
Jetty(10.0.14)
content-language
de-DE
location
https://sync.springserve.com/usersync?aid=1000011&gdpr=1&gdpr_consent=&us_privacy=&uuid=2fpdLgiqYSY6&ev=1&us_privacy=&gdpr_consent=&pid=561910&gdpr=1
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-b6f574bf6-d6wbg
expires
-1
usersync
sync.springserve.com/ Frame F01F
Redirect Chain
  • https://sync.1rx.io/usersync2/rmphb?gdpr=1&gdpr_consent=&us_privacy=&redir=https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000012%26gdpr%3D1%26gdpr_consent%3D%26us_privacy%3D%26uuid%3D%5BRX_...
  • https://sync.springserve.com/usersync?aid=1000012&gdpr=1&gdpr_consent=&us_privacy=&uuid=OPTOUT
43 B
205 B
Image
General
Full URL
https://sync.springserve.com/usersync?aid=1000012&gdpr=1&gdpr_consent=&us_privacy=&uuid=OPTOUT
Protocol
H2
Server
52.50.110.139 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-50-110-139.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 06 Oct 2023 20:45:15 GMT
access-control-allow-credentials
true
server
nginx
content-length
43
access-control-allow-methods
GET, OPTIONS
content-type
image/gif

Redirect headers

location
https://sync.springserve.com/usersync?aid=1000012&gdpr=1&gdpr_consent=&us_privacy=&uuid=OPTOUT
pragma
no-cache
date
Fri, 06 Oct 2023 20:45:15 GMT
cache-control
no-store, no-cache, must-revalidate
expires
0
etag
OPTOUT
content-type
text/html
us.gif
sync.go.sonobi.com/ Frame F01F
49 B
443 B
Image
General
Full URL
https://sync.go.sonobi.com/us.gif?gdpr=1&gdpr_consent=&us_privacy=&loc=https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000013%26gdpr%3D1%26gdpr_consent%3D%26us_privacy%3D%26uuid%3D%5BUID%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.166.1.66 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 Oct 2023 20:45:15 GMT
server
sonobi-go
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-6-68
content-type
image/gif
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store, private
tcn
Choice
content-length
49
x-xss-protection
0
expires
Sat, 26 Jul 1997 05:00:00 GMT
usersync
sync.springserve.com/ Frame F01F
Redirect Chain
  • https://pbs.publishers.tremorhub.com/pubsync?gdpr=1&gdpr_consent=&us_privacy=&redir=https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000015%26gdpr%3D1%26gdpr_consent%3D%26us_privacy%3D%26uuid...
  • https://pbs.publishers.tremorhub.com/pubsync/verify?gdpr=1&gdpr_consent=&us_privacy=&redir=https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000015%26gdpr%3D1%26gdpr_consent%3D%26us_privacy%3D...
  • https://sync.springserve.com/usersync?aid=1000015&gdpr=1&gdpr_consent=&us_privacy=&uuid=5291fe8eab7846f9b39e8afa453fefbe
43 B
205 B
Image
General
Full URL
https://sync.springserve.com/usersync?aid=1000015&gdpr=1&gdpr_consent=&us_privacy=&uuid=5291fe8eab7846f9b39e8afa453fefbe
Protocol
H2
Server
52.50.110.139 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-50-110-139.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 06 Oct 2023 20:45:16 GMT
access-control-allow-credentials
true
server
nginx
content-length
43
access-control-allow-methods
GET, OPTIONS
content-type
image/gif

Redirect headers

location
https://sync.springserve.com/usersync?aid=1000015&gdpr=1&gdpr_consent=&us_privacy=&uuid=5291fe8eab7846f9b39e8afa453fefbe
date
Fri, 06 Oct 2023 20:45:16 GMT
server
nginx
content-length
0
p3p
CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
getuid
eb2.3lift.com/ Frame F01F
37 B
140 B
Image
General
Full URL
https://eb2.3lift.com/getuid?gdpr=1&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000016%26gdpr%3D1%26gdpr_consent%3D%26us_privacy%3D%26uuid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:15 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif
pbsync
ads.yieldmo.com/ Frame F01F
0
34 B
Image
General
Full URL
https://ads.yieldmo.com/pbsync?gdpr=1&gdpr_consent=&us_privacy=&redirectUri=https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000017%26gdpr%3D1%26gdpr_consent%3D%26us_privacy%3D%26uuid%3D%24UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.35.241.233 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-35-241-233.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:15 GMT
sync
ssbsync.smartadserver.com/api/ Frame F01F
0
45 B
Image
General
Full URL
https://ssbsync.smartadserver.com/api/sync?callerId=52&gdpr=1&gdpr_consent=&us_privacy=&redirectUri=https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000018%26gdpr%3D1%26gdpr_consent%3D%26us_privacy%3D%26uuid%3D%5Bssb_sync_pid%5D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.103 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:15 GMT
content-length
0
sync
ups.analytics.yahoo.com/ups/58800/ Frame F01F
0
15 B
Image
General
Full URL
https://ups.analytics.yahoo.com/ups/58800/sync?redir=true&gpp=&gpp_sid=&gdpr=1&gdpr_consent=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.71.149.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-71-149-231.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.10.75 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:15 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.75
age
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
sync
sync.sxp.smartclip.net/ Frame F01F
Redirect Chain
  • https://sync.sxp.smartclip.net/sync?type=red&dsp=116&gdpr_consent=
  • https://sync.sxp.smartclip.net/sync?type=red&dsp=116&gdpr_consent=&ang_testid=1
42 B
309 B
Image
General
Full URL
https://sync.sxp.smartclip.net/sync?type=red&dsp=116&gdpr_consent=&ang_testid=1
Protocol
H2
Server
35.186.194.101 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
101.194.186.35.bc.googleusercontent.com
Software
openresty/1.19.9.1 /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:15 GMT
via
1.1 google
server
openresty/1.19.9.1
p3p
CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
image/gif
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42

Redirect headers

date
Fri, 06 Oct 2023 20:45:15 GMT
via
1.1 google
server
openresty/1.19.9.1
p3p
CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://sync.sxp.smartclip.net/sync?type=red&dsp=116&gdpr_consent=&ang_testid=1
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
v1
match.sharethrough.com/universal/ Frame F01F
0
35 B
Image
General
Full URL
https://match.sharethrough.com/universal/v1?supply_id=BGApXMcE
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.77.247.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-77-247-132.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:15 GMT
sync
x.bidswitch.net/ Frame F01F
43 B
146 B
Image
General
Full URL
https://x.bidswitch.net/sync?ssp=themediagrid&gdpr=1&gdpr_consent=&us_privacy=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.120.96.101 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-120-96-101.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:15 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
43
content-type
image/gif
usersync
sync.springserve.com/ Frame F01F
Redirect Chain
  • https://ih.adscale.de/su?gdpr=1&gdpr_consent=&tpid=22144&cburl=https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000023%26gdpr%3D1%26gdpr_consent%3D%26us_privacy%3D%26uuid%3D__STROEER_USER_ID__
  • https://ih.adscale.de/su?gdpr=1&gdpr_consent=&tpid=22144&cburl=https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000023%26gdpr%3D1%26gdpr_consent%3D%26us_privacy%3D%26uuid%3D__STROEER_USER_ID_...
  • https://sync.springserve.com/usersync?aid=1000023&gdpr=1&gdpr_consent=&us_privacy=&uuid=6320ee98daa14fd89cdfd8f0ad2d8a36
43 B
205 B
Image
General
Full URL
https://sync.springserve.com/usersync?aid=1000023&gdpr=1&gdpr_consent=&us_privacy=&uuid=6320ee98daa14fd89cdfd8f0ad2d8a36
Protocol
H2
Server
52.50.110.139 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-50-110-139.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 06 Oct 2023 20:45:16 GMT
access-control-allow-credentials
true
server
nginx
content-length
43
access-control-allow-methods
GET, OPTIONS
content-type
image/gif

Redirect headers

location
https://sync.springserve.com/usersync?aid=1000023&gdpr=1&gdpr_consent=&us_privacy=&uuid=6320ee98daa14fd89cdfd8f0ad2d8a36
date
Fri, 06 Oct 2023 20:45:16 GMT
content-length
0
um
sync.teads.tv/ Frame F01F
23 B
163 B
Image
General
Full URL
https://sync.teads.tv/um?gdpr=1&gdpr_consent=&ssb_provider_id=1&uid&fb=https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000024%26us_privacy%3D%26uuid%3D%5BVID%5D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.16.97.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-16-97-41.deploy.static.akamaitechnologies.com
Software
akka-http/10.2.10 /
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

expires
Fri, 06 Oct 2023 20:45:16 GMT
pragma
no-cache
date
Fri, 06 Oct 2023 20:45:16 GMT
cache-control
max-age=0, no-cache, no-store
server
akka-http/10.2.10
content-length
23
content-type
image/gif
sync.php
pixel.rubiconproject.com/exchange/ Frame F01F
0
239 B
Image
General
Full URL
https://pixel.rubiconproject.com/exchange/sync.php?p=springserve_magnite_internal&gdpr=1&gdpr_consent=&us_privacy=
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
X-RPHost
611afce88997db6fdd35eb213e662871
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cksync
cs.media.net/ Frame F01F
52 B
394 B
Image
General
Full URL
https://cs.media.net/cksync?cs=60&type=ss&gdpr=1&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000026%26gdpr%3D1%26gdpr_consent%3D%26us_privacy%3D%26uuid%3D%3Cvsid%3E
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2.18.160.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-160-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
5f20338b9aab2f5f33562eb3b0b23d999896ce426cacd2231b4123510571df4e

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 Oct 2023 20:45:16 GMT
Server
Apache
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
52
x-mnet-hl2
E
Expires
Fri, 06 Oct 2023 20:45:16 GMT
/
sync.richaudience.com/74889303289e27f327ad0c6de7be7264/ Frame F01F
0
0
Image
General
Full URL
https://sync.richaudience.com/74889303289e27f327ad0c6de7be7264/?consentString=&r=https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000027%26gdpr%3D1%26gdpr_consent%3D%26us_privacy%3D%26uuid%3D%5BPDID%5D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.55.233.29 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.29.233.55.162.clients.your-server.de
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pbs.gif
sync.admanmedia.com/ Frame F01F
0
0

v1
lb.eu-1-id5-sync.com/lb/
33 B
277 B
XHR
General
Full URL
https://lb.eu-1-id5-sync.com/lb/v1
Requested by
Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.95.98.65 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3216659.ip-141-95-98.eu
Software
/
Resource Hash
e77b0e9ecd2ff86b98bfc937dadcfcfb800a66b937dfd0205f32ee8e08d6382a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.powerball.com
date
Fri, 06 Oct 2023 20:45:15 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
content-type
application/json;charset=UTF-8
usermatch
ssum-sec.casalemedia.com/ Frame A281
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
  • https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
2 KB
1 KB
Document
General
Full URL
https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.26.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
beb38e3bac529470aa680caa7e119dcbab37691cd3319e04ec2f1db2fa8e775b

Request headers

Referer
https://js-sec.indexww.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
8120bf3d3b211963-FRA
content-encoding
br
content-type
text/html
date
Fri, 06 Oct 2023 20:45:15 GMT
expires
0
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yFBHTPArQraeRXDTur4hXlyPQXM0tcr5Tlm%2Fhgpyvits4cq9iX4XRmBh8JMhbuk%2Bt83dS1fMp7P0PgxzzeLas1kOdt3Q4F%2BlkG0iCmDQYutaH76hG0qQgGpjRzvsGhig3z7e1Y8BN%2BYLeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
8120bf3cdaa11963-FRA
content-length
0
date
Fri, 06 Oct 2023 20:45:15 GMT
expires
0
location
/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sp9%2Bp52SMoNa9rztp0B9H2BwQPpnjWnWDb6ZR6I9ryb9jLGYOZKJONCdCMMf5qJYJdJUGOzpT0moT3YYC7hnoAMPPvbluIlcISc6i%2Bkz8ht5PvdLmtv91%2BKHA4cXtr5O2pODfqcVv5w2Mw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
vpaid_adapter.js
imasdk.googleapis.com/js/sdkloader/ Frame 5B83
44 KB
16 KB
Script
General
Full URL
https://imasdk.googleapis.com/js/sdkloader/vpaid_adapter.js?adtagurl=https://pubads.g.doubleclick.net/gampad/ads%3Fiu%3D/15184186,141986346/freestar_springserve_adx_video_outstream_powerball_2169_15sec%26description_url%3Dhttps%253A%252F%252Fwww.powerball.com%252F%26tfcd%3D0%26npa%3D0%26sz%3D1x1%26gdfp_req%3D1%26output%3Dxml_vast4%26unviewed_position_start%3D1%26env%3Dvp%26impl%3Ds%26correlator%3D1696625115118%26schain%3D1.0%252C1%2521freestar.com%252C962%252C1%252C%252C%252C%252C%26url%3Dhttps%253A%252F%252Fwww.powerball.com%252F%26max_ad_duration%3D15000%26ord%3D1696625115118%26nofb%3D1%26channel%3Dvastadp
Requested by
Host: www.powerball.com
URL: https://www.powerball.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1d195e2e463c775025c4a78906f6fc2d801b2e7c07a99f7564b8574a729c649c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16133
x-xss-protection
0
last-modified
Wed, 04 Oct 2023 14:52:05 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
public, max-age=900
accept-ranges
bytes
expires
Fri, 06 Oct 2023 21:00:16 GMT
async_usersync
ib.adnxs.com/ Frame B202
0
595 B
Script
General
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.173.215 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 Oct 2023 20:45:15 GMT
an-x-request-uuid
4e982e8b-ce7b-45da-974d-3f5d35c8854d
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
cache-control
no-store, no-cache, private
x-proxy-origin
80.255.7.107; 80.255.7.107; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
PugMaster
image6.pubmatic.com/AdServer/ Frame DA80
0
42 B
Script
General
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=32217026&p=0&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=1&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=1&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000010%26gdpr%3D1%26gdpr_consent%3D%26us_privacy%3D%26uuid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:14 GMT
content-length
0
v2
id5-sync.com/gm/
276 B
559 B
XHR
General
Full URL
https://id5-sync.com/gm/v2
Requested by
Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.95.98.65 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3216659.ip-141-95-98.eu
Software
/
Resource Hash
2e7717b10cf5f455b916fcf799bb8d9e7430601e413c154339589844e0aeada8
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.powerball.com
date
Fri, 06 Oct 2023 20:45:14 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-credentials
true
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
content-type
application/json;charset=UTF-8
dcm
s.amazon-adsystem.com/ Frame A281
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZSBx21RUob5-oSE_9Mdi8AAAFBQAAAIB&gpp=&gpp_sid=
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZSBx21RUob5-oSE_9Mdi8AAAFBQAAAIB&gpp=&gpp_sid=&dcc=t
43 B
855 B
Image
General
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZSBx21RUob5-oSE_9Mdi8AAAFBQAAAIB&gpp=&gpp_sid=&dcc=t
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol
HTTP/1.1
Server
52.46.143.56 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 Oct 2023 20:45:16 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
B8TR833E4FRP3RKJ1Q34
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Fri, 06 Oct 2023 20:45:16 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
BQF8RZG83PTKT1898FQA
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZSBx21RUob5-oSE_9Mdi8AAAFBQAAAIB&gpp=&gpp_sid=&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
usermatchredir
ssum-sec.casalemedia.com/ Frame A281
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZSBx21RUob5-oSE_9Mdi8AAAFBQAAAIB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm=&google_hm=ZSBx21RUob5-oSE_9Mdi8AAAFBQAAAIB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=&google_tc=
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEMzNOvIJfRSbytoznLMV3io&google_cver=1
43 B
732 B
Image
General
Full URL
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEMzNOvIJfRSbytoznLMV3io&google_cver=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol
H3
Server
104.18.26.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 Oct 2023 20:45:16 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2MyY0NEzgnCxseM4iOK0SDDbLpR70fi9Vbk6ZJCr1WfrXdwsZl5RC4ARhUVlWhRF1EZCVUgrpaW82qT56uhiBDQT%2FGXrJQYA3w2WZ32pUT%2F7wKTsOq%2BWDax95oWItyO1hgxqokZXiXsJLQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
8120bf3f0a781c85-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Fri, 06 Oct 2023 20:45:15 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEMzNOvIJfRSbytoznLMV3io&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
364
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame A281
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=ZSBx21RUob5.oSE-9Mdi8AAA
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm=&google_sc=&google_hm=ZSBx21RUob5.oSE-9Mdi8AAA&google_tc=
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEPMpKy-Ota1tIDqqkVOhQyg&google_cver=1&google_hm=2
43 B
736 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEPMpKy-Ota1tIDqqkVOhQyg&google_cver=1&google_hm=2
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol
H3
Server
104.18.26.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 Oct 2023 20:45:16 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9pk09%2BhiTLMT0QtCDzP%2BSVwWNnLusINGrRcu%2BZXWM6bUpx6ah%2Bkpiry0yae5Wa8clGOOhjPM1LSLoe24Smjbpdl1o4K2%2BHS7wFGvQo14%2FY4Vq8bErJjgG%2BnVPubHd8r6Tz4MnHgSLMiW0g%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
8120bf3f0a891c85-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Fri, 06 Oct 2023 20:45:15 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEPMpKy-Ota1tIDqqkVOhQyg&google_cver=1&google_hm=2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
330
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
casale
match.adsrvr.org/track/cmf/ Frame A281
70 B
149 B
Image
General
Full URL
https://match.adsrvr.org/track/cmf/casale
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:15 GMT
server
Kestrel
content-length
70
content-type
image/gif
CookieIndex
rtb.adentifi.com/ Frame A281
0
35 B
Image
General
Full URL
https://rtb.adentifi.com/CookieIndex
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.207.39.196 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-207-39-196.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:16 GMT
crum
dsum-sec.casalemedia.com/ Frame A281
Redirect Chain
  • https://um.simpli.fi/pm_match?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=$UID
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=26643565736A41878B1972CBEDB05FBB
43 B
734 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=26643565736A41878B1972CBEDB05FBB
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol
H3
Server
104.18.26.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 Oct 2023 20:45:15 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DMJUrYY3ZdB1gd2bYjZSGZ0e%2Bu5%2FJ4OQKw%2Fh7xfWihxeNJvFf2McNUrT9ZrjWJSAh1nS9H6DcOdSpoisf1kyno4aZYPudP5UPiva%2BcM4iHuKq6JBn85louACypeotIh%2Fk2XugZsZdSLlDw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
8120bf3ea9f81c85-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

date
Fri, 06 Oct 2023 20:45:15 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
server
openresty
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=26643565736A41878B1972CBEDB05FBB
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
142
expires
Thu, 05 Oct 2023 20:45:15 GMT
pixelSync
pixel-sync.sitescout.com/dmp/ Frame A281
0
187 B
Image
General
Full URL
https://pixel-sync.sitescout.com/dmp/pixelSync?nid=48
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
98.98.134.241 , United States, ASN21859 (ZEN-ECN, US),
Reverse DNS
ddos.com
Software
A /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma
no-cache
date
Fri, 06 Oct 2023 20:45:14 GMT
cache-control
max-age=0,no-cache,no-store
server
A
expires
Tue, 11 Oct 1977 12:34:56 GMT
ium
ssum-sec.casalemedia.com/ Frame A281
Redirect Chain
  • https://ids.ad.gt/api/v1/index?cb=https%3A%2F%2Fssum-sec.casalemedia.com%2Fium%3Fsourceid%3D15%26uid%3D
  • https://ssum-sec.casalemedia.com/ium?sourceid=15&uid=0001yum0eadg8bdlg8ckef7d6db6eiidgl9cjdad7babackkc2jl
0
467 B
Image
General
Full URL
https://ssum-sec.casalemedia.com/ium?sourceid=15&uid=0001yum0eadg8bdlg8ckef7d6db6eiidgl9cjdad7babackkc2jl
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol
H3
Server
104.18.26.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 Oct 2023 20:45:16 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WwVelEDUTBkcVmTukT1FS%2B9OcCLrroqVBxN1gKANTJKpNBiBoCCjA%2FdA8RtKOQ%2Bi58LryG2mRi4sfeyI5jdfG8uKoUkoI4K4WpkEq%2FfmgLzj3ojsxHX5orxpqjnFgOhJE9HKcOq8rMOO1A%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=0, no-cache, no-store
cf-ray
8120bf400c2e1c85-FRA
alt-svc
h3=":443"; ma=86400
content-length
0
expires
Fri, 06 Oct 2023 20:45:16 GMT

Redirect headers

location
https://ssum-sec.casalemedia.com/ium?sourceid=15&uid=0001yum0eadg8bdlg8ckef7d6db6eiidgl9cjdad7babackkc2jl
date
Fri, 06 Oct 2023 20:45:16 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
8120bf3e5f6b3608-FRA
content-type
text/html; charset=utf-8
htw-pixel.gif
cdn.indexww.com/ht/ Frame A281
43 B
228 B
Image
General
Full URL
https://cdn.indexww.com/ht/htw-pixel.gif?ZSBx21RUob5.oSE-9Mdi8AAA%265140
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.25.18 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:15 GMT
cf-cache-status
HIT
last-modified
Tue, 24 Jan 2017 19:36:04 GMT
server
cloudflare
age
7535
etag
"761e21-2b-546dc3a097100"
vary
Accept-Encoding
content-type
image/gif
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
edge-control
cache-maxage=1h
cache-control
public, max-age=86400
accept-ranges
bytes
cf-ray
8120bf3daf43381a-FRA
content-length
43
expires
Sat, 07 Oct 2023 20:45:15 GMT
getuid
secure.adnxs.com/ Frame A764
0
0
Image
General
Full URL
https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID&gdpr=1
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000005%26gdpr%3D1%26gdpr_consent%3D%26us_privacy%3D%26uuid%3D&gdpr=1&gdpr_consent=&s=191709&us_privacy=&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.173.215 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

ZSBx21RUob5-oSE_9Mdi8AAAFBQAAAIB
pr-bh.ybp.yahoo.com/sync/casale/ Frame A764
43 B
603 B
Image
General
Full URL
https://pr-bh.ybp.yahoo.com/sync/casale/ZSBx21RUob5-oSE_9Mdi8AAAFBQAAAIB?gdpr_consent=&us_privacy=&gdpr=1&gpp=&gpp_sid=
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000005%26gdpr%3D1%26gdpr_consent%3D%26us_privacy%3D%26uuid%3D&gdpr=1&gdpr_consent=&s=191709&us_privacy=&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:d29:3601:5a14:618c:2256:ed23 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:16 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
content-length
43
rum
dsum-sec.casalemedia.com/ Frame A764
Redirect Chain
  • https://cms.quantserve.com/pixel/p-Z8PuJEk6U7Hyq.gif?idmatch=0&gdpr=1
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&&external_user_id=qcoFUKjOUwGymgUEps0aVqyZBlayngRXrpmTTZM2
43 B
339 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&&external_user_id=qcoFUKjOUwGymgUEps0aVqyZBlayngRXrpmTTZM2
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000005%26gdpr%3D1%26gdpr_consent%3D%26us_privacy%3D%26uuid%3D&gdpr=1&gdpr_consent=&s=191709&us_privacy=&C=1
Protocol
H2
Server
104.18.26.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 Oct 2023 20:45:15 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u%2BeoUWoFk3lm2PNrfeThVwtGRQcTS7Jve8rbkqiRnAY%2FRLL62LWZh6mEiaddk4GVSwoQMjZf%2FvewGaGx%2Fk6o5UYL1yfy0UkBZQ4bCsqlYRqao45Q6S6YWSx9TQZ1crpNm%2BUD88Uonktwsg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
8120bf3dfbe61963-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Fri, 06 Oct 2023 20:45:15 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&&external_user_id=qcoFUKjOUwGymgUEps0aVqyZBlayngRXrpmTTZM2
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
user-registering
ads.stickyadstv.com/ Frame A764
43 B
697 B
Image
General
Full URL
https://ads.stickyadstv.com/user-registering?dataProviderId=1025&userId=ZSBx21RUob5-oSE_9Mdi8AAAFBQAAAIB&gdpr_consent=&us_privacy=&gdpr=1&gpp=&gpp_sid=
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000005%26gdpr%3D1%26gdpr_consent%3D%26us_privacy%3D%26uuid%3D&gdpr=1&gdpr_consent=&s=191709&us_privacy=&C=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2.16.202.74 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-16-202-74.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 06 Oct 2023 20:45:16 GMT
Server
nginx
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
43
x-sticky-vk
1696625115952063-598
Expires
Fri, 06 Oct 2023 20:45:16 GMT
ibs:dpid=23728&dpuuid=ZSBx21RUob5.oSE-9Mdi8AAA%265140
dpm.demdex.net/ Frame A764
0
0
Image
General
Full URL
https://dpm.demdex.net/ibs:dpid=23728&dpuuid=ZSBx21RUob5.oSE-9Mdi8AAA%265140?gdpr_consent=&us_privacy=&gdpr=1&gpp=&gpp_sid=
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000005%26gdpr%3D1%26gdpr_consent%3D%26us_privacy%3D%26uuid%3D&gdpr=1&gdpr_consent=&s=191709&us_privacy=&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.251.64.143 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-251-64-143.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

match
c1.adform.net/serving/cookie/ Frame A764
0
454 B
Image
General
Full URL
https://c1.adform.net/serving/cookie/match?party=29&gdpr=1
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000005%26gdpr%3D1%26gdpr_consent%3D%26us_privacy%3D%26uuid%3D&gdpr=1&gdpr_consent=&s=191709&us_privacy=&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.232 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 Oct 2023 20:45:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
rum
dsum-sec.casalemedia.com/ Frame A764
Redirect Chain
  • https://csync.loopme.me/?pubid=11466&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D24%26external_user_id%3D%7Bviewer_token%7D&us_privacy=&gdpr=1&gdpr_consent=&gpp=&gpp_sid=
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=24&external_user_id=89180c3c-4b8e-424a-b177-922661a02ec1&gpp_sid=null&gpp=null&us_privacy=null&gdpr_consent=null&gdpr=1
43 B
509 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=24&external_user_id=89180c3c-4b8e-424a-b177-922661a02ec1&gpp_sid=null&gpp=null&us_privacy=null&gdpr_consent=null&gdpr=1
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000005%26gdpr%3D1%26gdpr_consent%3D%26us_privacy%3D%26uuid%3D&gdpr=1&gdpr_consent=&s=191709&us_privacy=&C=1
Protocol
H3
Server
104.18.26.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 Oct 2023 20:45:15 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1Cp19i4WeZhpPi58N%2Bgop5LjfEKHhmWSea2qCDJvo7ntwEFVgqWVUungz98LqYuZ4C5pgB2gwaXrehOyXCFGukM5RNhZXndGWMpBHlltGqAQPsID8nZ47ULkLdlxJ2S6osKRSk%2FJHAmBkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
no-cache
cf-ray
8120bf3e89b81c85-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=24&external_user_id=89180c3c-4b8e-424a-b177-922661a02ec1&gpp_sid=null&gpp=null&us_privacy=null&gdpr_consent=null&gdpr=1
date
Fri, 06 Oct 2023 20:45:15 GMT
server
_
content-length
0
/
sync.taboola.com/sg/indexscod/1/cm/ Frame A764
0
0
Image
General
Full URL
https://sync.taboola.com/sg/indexscod/1/cm/?us_privacy=&gdpr=1&gdpr_consent=&id=ZSBx21RUob5.oSE-9Mdi8AAA%265140&gpp=&gpp_sid=
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000005%26gdpr%3D1%26gdpr_consent%3D%26us_privacy%3D%26uuid%3D&gdpr=1&gdpr_consent=&s=191709&us_privacy=&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

usersync
sync.springserve.com/ Frame A764
43 B
205 B
Image
General
Full URL
https://sync.springserve.com/usersync?aid=1000005&gdpr=1&gdpr_consent=&us_privacy=&uuid=ZSBx21RUob5-oSE_9Mdi8AAAFBQAAAIB
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000005%26gdpr%3D1%26gdpr_consent%3D%26us_privacy%3D%26uuid%3D&gdpr=1&gdpr_consent=&s=191709&us_privacy=&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.50.110.139 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-50-110-139.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 06 Oct 2023 20:45:15 GMT
access-control-allow-credentials
true
server
nginx
content-length
43
access-control-allow-methods
GET, OPTIONS
content-type
image/gif
c
c.pub.network/v2/ Frame
0
0
Preflight
General
Full URL
https://c.pub.network/v2/c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.160.152.31 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
31.152.160.34.bc.googleusercontent.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.powerball.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
POST
access-control-allow-origin
https://www.powerball.com
access-control-max-age
1800
allow
GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Fri, 06 Oct 2023 20:45:16 GMT
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
via
1.1 google
c
c.pub.network/v2/
36 B
53 B
Fetch
General
Full URL
https://c.pub.network/v2/c
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/analytics/1.2.5/analytics.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.160.152.31 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
31.152.160.34.bc.googleusercontent.com
Software
/
Resource Hash
0fec69e64255f119b5a36ecea1614e1de045e015c7d363f79ab5b0460f0cfefa

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 06 Oct 2023 20:45:16 GMT
via
1.1 google
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
text/plain;charset=utf-8
access-control-allow-origin
https://www.powerball.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
36
ima3.js
imasdk.googleapis.com/js/sdkloader/ Frame 5B83
359 KB
123 KB
Script
General
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/vpaid_adapter.js?adtagurl=https://pubads.g.doubleclick.net/gampad/ads%3Fiu%3D/15184186,141986346/freestar_springserve_adx_video_outstream_powerball_2169_15sec%26description_url%3Dhttps%253A%252F%252Fwww.powerball.com%252F%26tfcd%3D0%26npa%3D0%26sz%3D1x1%26gdfp_req%3D1%26output%3Dxml_vast4%26unviewed_position_start%3D1%26env%3Dvp%26impl%3Ds%26correlator%3D1696625115118%26schain%3D1.0%252C1%2521freestar.com%252C962%252C1%252C%252C%252C%252C%26url%3Dhttps%253A%252F%252Fwww.powerball.com%252F%26max_ad_duration%3D15000%26ord%3D1696625115118%26nofb%3D1%26channel%3Dvastadp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5d0577359952b714e119cc1aa6e318656f7d7c642adb87cc84ff00e87c949dde
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
125855
x-xss-protection
0
expires
Fri, 06 Oct 2023 20:45:16 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 5B83
0
234 B
Ping
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=vpaid_adapter_js&event=init-dv3&vps=0.9098160258513084&wt=1696625116175&sdkv=h.3.594.0&xai=undefined&url=2,https%3A%2F%2Fwww.powerball.com%2F$0
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/vpaid_adapter.js?adtagurl=https://pubads.g.doubleclick.net/gampad/ads%3Fiu%3D/15184186,141986346/freestar_springserve_adx_video_outstream_powerball_2169_15sec%26description_url%3Dhttps%253A%252F%252Fwww.powerball.com%252F%26tfcd%3D0%26npa%3D0%26sz%3D1x1%26gdfp_req%3D1%26output%3Dxml_vast4%26unviewed_position_start%3D1%26env%3Dvp%26impl%3Ds%26correlator%3D1696625115118%26schain%3D1.0%252C1%2521freestar.com%252C962%252C1%252C%252C%252C%252C%26url%3Dhttps%253A%252F%252Fwww.powerball.com%252F%26max_ad_duration%3D15000%26ord%3D1696625115118%26nofb%3D1%26channel%3Dvastadp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 Oct 2023 20:45:16 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
bridge3.594.0_en.html
imasdk.googleapis.com/js/core/ Frame 2D42
724 KB
232 KB
Document
General
Full URL
https://imasdk.googleapis.com/js/core/bridge3.594.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
98fa96669f1c1e20102e4101636ed3b684bad2766a69eab9195a191815bc65d3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
171782
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
237562
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy
cross-origin
date
Wed, 04 Oct 2023 21:02:14 GMT
expires
Thu, 03 Oct 2024 21:02:14 GMT
last-modified
Wed, 04 Oct 2023 14:44:22 GMT
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
client.js
s0.2mdn.net/instream/video/ Frame 5B83
44 KB
17 KB
Script
General
Full URL
https://s0.2mdn.net/instream/video/client.js
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16746
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 06 Oct 2023 20:45:16 GMT
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame C867
40 KB
14 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6300f448d738e70ac11f0140df0b3ce91a2de9e0da7fdf09d32d28031600ba51
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:12:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1956
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13893
x-xss-protection
0
last-modified
Wed, 09 Aug 2023 15:57:08 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Fri, 06 Oct 2023 21:12:40 GMT
ads
pubads.g.doubleclick.net/gampad/ Frame 2D42
104 KB
19 KB
XHR
General
Full URL
https://pubads.g.doubleclick.net/gampad/ads?iu=%2F15184186%2C141986346%2Ffreestar_springserve_adx_video_outstream_powerball_2169_15sec&description_url=https%3A%2F%2Fwww.powerball.com%2F&tfcd=0&npa=0&sz=1x1&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=4111350465444591&schain=1.0%2C1!freestar.com%2C962%2C1%2C%2C%2C%2C&url=https%3A%2F%2Fwww.powerball.com%2F&max_ad_duration=15000&ord=1696625115118&nofb=1&channel=vastadp%2Bvpaidadp_html5&sdkv=h.3.594.0%2Fvpaid_adapter&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&u_so=l&ctv=0&sdki=445&ptt=20&adk=646809480&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.594.0&sid=5320C75F-4DEA-4C04-8AB9-FB87C36828FB&nel=0&eid=44715336%2C44772139%2C44777649%2C44781409%2C44781753%2C44782991%2C44788275%2C44797965%2C44801604&top=https%3A%2F%2Fwww.powerball.com%2F&loc=https%3A%2F%2Fwww.powerball.com%2F&dt=1696625116641&cookie_enabled=1&scor=28321284548622&ged=ve4_td1_tt0_pd1_la1000_er1024.2888.1200.3200_vi0.0.1200.1600_vp0_eb16491
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.594.0_en.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
eceb4fd99e338b96d421f9ac475861d6b31f1f48edae59043f1a003ae011a480
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:45:17 GMT
content-encoding
br
x-content-type-options
nosniff
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
18917
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://imasdk.googleapis.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
async_usersync
ib.adnxs.com/ Frame B202
0
594 B
Script
General
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.173.215 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 Oct 2023 20:45:16 GMT
an-x-request-uuid
ac24f5f2-c9ec-448a-a1b9-75664d70b783
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
cache-control
no-store, no-cache, private
x-proxy-origin
80.255.7.107; 80.255.7.107; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
csi
csi.gstatic.com/ Frame 2D42
0
225 B
Ping
General
Full URL
https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~lnf2secu&c=2592055695945&slotId=1296027847972.5&eee=missing-element&bi=missing-id&vast_v=4.0&icc=1&icrh=0&icri=0&icrs=1&icru=0&icp=GoogleWhyThisAd&icdi=18x18&vmfc=3&vhc=0&wta=1&ytext_viu=0&ytext_hd=1&hghme=1&lima_p_ich=0&lima_p_icu=0
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.594.0_en.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 Oct 2023 20:45:17 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
1
serving.stat-rock.com/v1/log/js/
35 B
169 B
Image
General
Full URL
https://serving.stat-rock.com/v1/log/js/1?id=1696625114919.1577&type=LOADED&placementId=OpE_G2eQEIVcnqleHDYoCw7EE8VuwpK8BwG1KH8rz7xSWoy4ivaH&tagId=&message=&u=https%3A%2F%2Fwww.powerball.com%2F&t=2860&v=112.sp&p=fashKfMyO1atCB74r89nrYxfXH2rIGIWJHvOs0KaPtwhV3AIQxnp&width=312&z=p%3Ast%3Bpt%3APRE%3Bv%3AinView%3Bc%3Avast%3Bvp%3A1%3B&r=0.7319699781460833
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.76.28.41 Freiburg im Breisgau, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.41.28.76.144.clients.your-server.de
Software
nginx /
Resource Hash
0521f51eafc20f3c9fe88c29186358b8e53ade4dda9e0611bb22f6ac36acb540

Request headers

Referer
Origin
https://www.powerball.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-origin
https://www.powerball.com
date
Fri, 06 Oct 2023 20:45:17 GMT
srvf
144.76.28.41
server
nginx
srvb
127.0.0.1:8082
content-length
35
content-type
image/gif
csi
csi.gstatic.com/ Frame 2D42
0
54 B
Ping
General
Full URL
https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=2~lnf2sf13&c=2592055695945&slotId=1296027847972.5&qqid=CNDpnIul4oEDFQaS3goduqIKow&gqid=3HEgZaeYLoWD1PIPlp6G2AM&fb=ima_html5-lima&sdkv=h.3.594.0%2Fvpaid_adapter&mrd=4&aab=1&itv=1&ghmsh_eids=44715336%2C44772139%2C44777649%2C44781409%2C44781753%2C44782991%2C44788275%2C44797965%2C44801604&met.4=ghmsh_s.lnf2sf17~ghmsh_s.lnf2sf18&ghmsh_hd=1&ghmsh_mi=22%2C18%2C&ghmsh_vi=134%2C136%2C243%2C247%2C396%2C398%2C&ghmsh_ai=139%2C140%2C250%2C&ghmsh_gvt=0&ams=1&vs=1280x720&vc=avc1.64001F&mt=video%2Fmp4&vsrc=youtube&bit=22&cpn=zBec0tNpfvi3y1sm
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.594.0_en.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 Oct 2023 20:45:17 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 2D42
0
0
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?evt=start&format=TRUEVIEW&lid=143&sdkv=h.3.594.0%2Fvpaid_adapter&e=44715336%2C44772139%2C44777649%2C44781409%2C44781753%2C44782991%2C44788275%2C44797965%2C44801604&id=ima_html5&c=1010866082010536&domain
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.594.0_en.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 Oct 2023 20:45:17 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
help_outline_white_24dp_with_3px_trbl_padding.png
imasdk.googleapis.com/formats/wta/ Frame 2D42
453 B
478 B
Image
General
Full URL
https://imasdk.googleapis.com/formats/wta/help_outline_white_24dp_with_3px_trbl_padding.png?wp=ca-video-pub-3605257360853185
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e519cc4b7b8fdc64a7aaafc1b808cde266a234205aac0d6c55589c12446d565e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/js/core/bridge3.594.0_en.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:25:05 GMT
x-content-type-options
nosniff
age
1212
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
453
x-xss-protection
0
last-modified
Wed, 13 Oct 2021 14:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
image/png
cache-control
public, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 06 Oct 2023 21:15:05 GMT
APkrFKYJ01kvXfhrpyfbNPpVRBogd3pi60G--CmE6uUIfQ=s48-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ytc/ Frame 2D42
1 KB
2 KB
Image
General
Full URL
https://yt3.ggpht.com/ytc/APkrFKYJ01kvXfhrpyfbNPpVRBogd3pi60G--CmE6uUIfQ=s48-c-k-c0x00ffffff-no-rj
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
b53f101a59d506ac90fc3a18412f795056ba4388466618d81d28be49b35bab7d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 20:41:10 GMT
x-content-type-options
nosniff
age
247
content-disposition
inline;filename="unnamed.jpg"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1286
x-xss-protection
0
server
fife
etag
"v674"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Sat, 07 Oct 2023 20:41:10 GMT
/
googleads.g.doubleclick.net/pagead/interaction/ Frame 2D42
42 B
443 B
Image
General
Full URL
https://googleads.g.doubleclick.net/pagead/interaction/?ai=Cpld63HEgZdCLMIak-ga6xaqYCpKhhqtz87KI_ccRsJAfEAEgwMKsemCVivyBlAegAa3__IEDyAEFqQIVRJ00g8WxPuACAKgDAZgEAKoErwJP0N6Fu1FbnQhuMLXJUKvqU2nXR5fm3hygm6Xi-iXgalxS9cOnRPMxRkEoVARAWZMO-ERJa9e76xY-8JD5zc8CoQ_RlslQioKstUMa7siEBYhCbebVFG7hDacxzKvHn1bv-KhDfNe2qf4aGxIwXhP5miqQ79ByOwlc-zzluh-7k01RGXLxxq0Zlwg-EOQWWdrr_ZVCDNoFM0yYBiK1ZqANa8TQlFUhVZB9as4I2L7JjMsNDDX45HCC6zwEJn3945kEFraO9Yrb_qj19ap0t8M0C-SvB-mAUb7t91Bjspx5b1NU7bq-678HX4ydWRROwY2dA2S44IOJNVciUkIkcsO84DUPkjcDCB8QnfjqqG6NzXVPHci3XCQUMJJeWK-fmaBLzfC_WTPaus3E5314gczABLrEiOm6BOAEAYgF9ff8w0uSBQgIAxABGAFQAaAGVIAHu4CDfqgH2baxAqgHjs4bqAeT2BuoB5zcG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAtgHAagIAdIIFgiA4YAQEAEYHTICqgI6AoBASL39wTqxCRFuaJpLX2kggAoDmAsByAsB0AsO2gwRCgsQ8IH3reWUmsPlARICAQOaDQEOqg0CREXIDQHiDRMIz9Obi6XigQMVBpLeCh26ogqj2BMNiBQB0BUBmBYB4hYCCAH4FgGAFwE&sigh=JQPOQRbYTYU&label=show_ad&sdkv=h.3.594.0/vpaid_adapter&vci=CmsIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDYwMzQzNjc1MTIxOTIMNjYyMTMyODQxNzc5QK0GUiMQDyUAAKBBKAE6C1VRVlRnUzRib1Y4Qglnb29nbGVhZHNQABgB
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 Oct 2023 20:45:17 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
adview
pubads.g.doubleclick.net/pagead/ Frame 2D42
0
0
Image
General
Full URL
https://pubads.g.doubleclick.net/pagead/adview?ai=CeYeA3HEgZdCLMIak-ga6xaqYCpKhhqtz87KI_ccRsJAfEAEgwMKsemCVivyBlAegAa3__IEDyAEFqQIVRJ00g8WxPuACAKgDAZgEAKoErAJP0N6Fu1FbnQhuMLXJUKvqU2nXR5fm3hygm6Xi-iXgalxS9cOnRPMxRkEoVARAWZMO-ERJa9e76xY-8JD5zc8CoQ_RlslQioKstUMa7siEBYhCbebVFG7hDacxzKvHn1bv-KhDfNe2qf4aGxIwXhP5miqQ79ByOwlc-zzluh-7k01RGXLxxq0Zlwg-EOQWWdrr_ZVCDNoFM0yYBiK1ZqANa8TQlFUhVZB9as4I2L7JjMsNDDX45HCC6zwEJn3945kEFraO9Yrb_qj19ap0t8M0C-SvB-mAUb7t91Bjspx5b1NU7bq-678HX4ydWRROwY2dA2S44IOJNVciUkIkcsO84G0OMCsLMokyD31-OFAoXU3y8qQ9m2QzOj9UdrceMlcnRz1SdB_CPXxM2djABLrEiOm6BOAEAYgF9ff8w0uSBRIIEhAFGA8w38Lu8JLw1IJRUAGgBlSAB7uAg36oB9m2sQKoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEENDPV6gIAdIIFgiA4YAQEAEYHTICqgI6AoBASL39wTqaCRZodHRwczovL3d3dy5pZGVhbG8uZGUvgAoDyAsB4g0TCM_Tm4ul4oEDFQaS3goduqIKo8ITBhit__yBA9gTDYgUAdAVAZgWAeIWAggBgBcBshceChwIABIUcHViLTgwNjE5NDY0MTM1Mzc5ODQYusgX&sigh=0petMrWbND8&cmd=Ch1jYS12aWRlby1wdWItMzYwNTI1NzM2MDg1MzE4NRAAGAI&uach_m=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&ase=2&nis=4&cid=CAQSPADICaaNu5UZdguQOWKpfNP8bQWwMXzswqUw4dNIBl8g2dbfMB0ZfPeFTuQA879_CymDM2_IJaRe77QFhRgB&vt=10&sdkv=h.3.594.0/vpaid_adapter&vci=CmsIARIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgdBZFNlbnNlIAQqDDYwMzQzNjc1MTIxOTIMNjYyMTMyODQxNzc5QK0GUiMQDyUAAKBBKAE6C1VRVlRnUzRib1Y4Qglnb29nbGVhZHNQABgB
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

csi
csi.gstatic.com/ Frame 5B83
0
54 B
Ping
General
Full URL
https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~lnf2se5i&c=2592055695945&slotId=1296027847972.5&eee=missing-element&bi=missing-id
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 Oct 2023 20:45:17 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
videoplayback
rr2---sn-h0jeenek.googlevideo.com/
2 MB
2 MB
Media
General
Full URL
https://rr2---sn-h0jeenek.googlevideo.com/videoplayback?expire=1696653917&ei=3XEgZYudCsG56dsPxvSYyAo&ip=2a01:4a0:1338:92::3&id=510553812e1ba15f&itag=22&source=youtube&requiressl=yes&xpc=Eghovf3BOnoBAQ==&mh=lW&mm=31&mn=sn-h0jeenek&ms=au&mv=m&mvi=2&pl=36&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=20.062&lmt=1679707220895504&mt=1696624643&cpn=zBec0tNpfvi3y1sm&txp=4532434&sparams=expire,ei,ip,id,itag,source,requiressl,xpc,susc,acao,ctier,mime,vprv,dur,lmt&sig=AGM4YrMwRQIgS_LhGUgWvsdH3NIu4sZmFAwQHqo6Ns4C9SLXCm3A0zkCIQCfh8_t2aEYWDMfkk98fOxToiMrQAbjur7zwx8oxoIenw==&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AK1ks_kwRQIgIrw_W-hj-Q476eE0rg3LNOdxLqGKmC0ZL3RRcmWr8moCIQCZxJmeDbYII-TJ0Dm-p84h57nCtXpw3AcHpv5IdhdGCw==
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4021::7 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gvs 1.0 /
Resource Hash
f7d95b1a5a90079515eae6cf799993e063f686fc8610f9842197b5f16b8a2222
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
Accept-Encoding
identity;q=1, *;q=0
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Range
bytes=0-

Response headers

Date
Fri, 06 Oct 2023 20:45:17 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sat, 25 Mar 2023 01:20:20 GMT
Server
gvs 1.0
Vary
Origin
Content-Type
video/mp4
Content-Range
bytes 0-1961652/1961653
Cache-Control
private, max-age=28500
Cross-Origin-Resource-Policy
cross-origin
Connection
close
Accept-Ranges
bytes
Alt-Svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length
1961653
Expires
Fri, 06 Oct 2023 20:45:17 GMT
csi
csi.gstatic.com/ Frame 2D42
0
54 B
Ping
General
Full URL
https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=3~lnf2sf1g&c=2592055695945&slotId=1296027847972.5&qqid=CNDpnIul4oEDFQaS3goduqIKow&gqid=3HEgZaeYLoWD1PIPlp6G2AM&fb=ima_html5-lima&sdkv=h.3.594.0%2Fvpaid_adapter&mrd=4&aab=1&itv=1&ua_e=1&met.4=ghmsh_s.lnf2sf1i&faa=1&fas=1
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.594.0_en.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 Oct 2023 20:45:17 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/interaction/ Frame 2D42
42 B
108 B
Image
General
Full URL
https://googleads.g.doubleclick.net/pagead/interaction/?ai=Cpld63HEgZdCLMIak-ga6xaqYCpKhhqtz87KI_ccRsJAfEAEgwMKsemCVivyBlAegAa3__IEDyAEFqQIVRJ00g8WxPuACAKgDAZgEAKoErwJP0N6Fu1FbnQhuMLXJUKvqU2nXR5fm3hygm6Xi-iXgalxS9cOnRPMxRkEoVARAWZMO-ERJa9e76xY-8JD5zc8CoQ_RlslQioKstUMa7siEBYhCbebVFG7hDacxzKvHn1bv-KhDfNe2qf4aGxIwXhP5miqQ79ByOwlc-zzluh-7k01RGXLxxq0Zlwg-EOQWWdrr_ZVCDNoFM0yYBiK1ZqANa8TQlFUhVZB9as4I2L7JjMsNDDX45HCC6zwEJn3945kEFraO9Yrb_qj19ap0t8M0C-SvB-mAUb7t91Bjspx5b1NU7bq-678HX4ydWRROwY2dA2S44IOJNVciUkIkcsO84DUPkjcDCB8QnfjqqG6NzXVPHci3XCQUMJJeWK-fmaBLzfC_WTPaus3E5314gczABLrEiOm6BOAEAYgF9ff8w0uSBQgIAxABGAFQAaAGVIAHu4CDfqgH2baxAqgHjs4bqAeT2BuoB5zcG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAqgHyqmxAqgH66WxAtgHAagIAdIIFgiA4YAQEAEYHTICqgI6AoBASL39wTqxCRFuaJpLX2kggAoDmAsByAsB0AsO2gwRCgsQ8IH3reWUmsPlARICAQOaDQEOqg0CREXIDQHiDRMIz9Obi6XigQMVBpLeCh26ogqj2BMNiBQB0BUBmBYB4hYCCAH4FgGAFwE&sigh=JQPOQRbYTYU&label=video_ad_loaded&sdkv=h.3.594.0/vpaid_adapter&vci=Co8BCAESGHB1YmFkcy5nLmRvdWJsZWNsaWNrLm5ldBoHQWRTZW5zZSAEKgw2MDM0MzY3NTEyMTkyDDY2MjEzMjg0MTc3OUCtBlIjEA8lAADIQSgBOgtVUVZUZ1M0Ym9WOEIJZ29vZ2xlYWRzUABaImRvdWJsZWNsaWNrYnlnb29nbGUuY29tLW9taWQtdmlkZW8YAQ..
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 Oct 2023 20:45:17 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
adview
pubads.g.doubleclick.net/pagead/ Frame 2D42
0
0
Fetch
General
Full URL
https://pubads.g.doubleclick.net/pagead/adview?ai=CeYeA3HEgZdCLMIak-ga6xaqYCpKhhqtz87KI_ccRsJAfEAEgwMKsemCVivyBlAegAa3__IEDyAEFqQIVRJ00g8WxPuACAKgDAZgEAKoErAJP0N6Fu1FbnQhuMLXJUKvqU2nXR5fm3hygm6Xi-iXgalxS9cOnRPMxRkEoVARAWZMO-ERJa9e76xY-8JD5zc8CoQ_RlslQioKstUMa7siEBYhCbebVFG7hDacxzKvHn1bv-KhDfNe2qf4aGxIwXhP5miqQ79ByOwlc-zzluh-7k01RGXLxxq0Zlwg-EOQWWdrr_ZVCDNoFM0yYBiK1ZqANa8TQlFUhVZB9as4I2L7JjMsNDDX45HCC6zwEJn3945kEFraO9Yrb_qj19ap0t8M0C-SvB-mAUb7t91Bjspx5b1NU7bq-678HX4ydWRROwY2dA2S44IOJNVciUkIkcsO84G0OMCsLMokyD31-OFAoXU3y8qQ9m2QzOj9UdrceMlcnRz1SdB_CPXxM2djABLrEiOm6BOAEAYgF9ff8w0uSBRIIEhAFGA8w38Lu8JLw1IJRUAGgBlSAB7uAg36oB9m2sQKoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEENDPV6gIAdIIFgiA4YAQEAEYHTICqgI6AoBASL39wTqaCRZodHRwczovL3d3dy5pZGVhbG8uZGUvgAoDyAsB4g0TCM_Tm4ul4oEDFQaS3goduqIKo8ITBhit__yBA9gTDYgUAdAVAZgWAeIWAggBgBcBshceChwIABIUcHViLTgwNjE5NDY0MTM1Mzc5ODQYusgX&sigh=0petMrWbND8&cmd=Ch1jYS12aWRlby1wdWItMzYwNTI1NzM2MDg1MzE4NRAAGAI&uach_m=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&ase=2&nis=4&cid=CAQSPADICaaNu5UZdguQOWKpfNP8bQWwMXzswqUw4dNIBl8g2dbfMB0ZfPeFTuQA879_CymDM2_IJaRe77QFhRgB&sdkv=h.3.594.0/vpaid_adapter
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.594.0_en.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Oy6hyfNY.js
tpc.googlesyndication.com/sodar/ Frame 2D42
41 KB
15 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/Oy6hyfNY.js
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.594.0_en.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3b2ea1c9f3587781b58285cf64279e67f6329a3924fb93f81529f1826e2f4d16
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Thu, 05 Oct 2023 21:07:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
85070
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15406
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 04 Oct 2024 21:07:27 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 2D42
0
0
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?evt=showui&format=TRUEVIEW&lid=143&sdkv=h.3.594.0%2Fvpaid_adapter&e=44715336%2C44772139%2C44777649%2C44781409%2C44781753%2C44782991%2C44788275%2C44797965%2C44801604&id=ima_html5&c=1010866082010536&domain
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.594.0_en.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 Oct 2023 20:45:17 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/interaction/ Frame 2D42
42 B
108 B
Image
General
Full URL
https://googleads.g.doubleclick.net/pagead/interaction/?ai=C_Ke93HEgZdCLMIak-ga6xaqYCpKhhqtz87KI_ccRsJAfEAEgwMKsemCVivyBlAegAa3__IEDyAEFqQIVRJ00g8WxPuACAKgDAZgEAKoErAJP0N6Fu1FbnQhuMLXJUKvqU2nXR5fm3hygm6Xi-iXgalxS9cOnRPMxRkEoVARAWZMO-ERJa9e76xY-8JD5zc8CoQ_RlslQioKstUMa7siEBYhCbebVFG7hDacxzKvHn1bv-KhDfNe2qf4aGxIwXhP5miqQ79ByOwlc-zzluh-7k01RGXLxxq0Zlwg-EOQWWdrr_ZVCDNoFM0yYBiK1ZqANa8TQlFUhVZB9as4I2L7JjMsNDDX45HCC6zwEJn3945kEFraO9Yrb_qj19ap0t8M0C-SvB-mAUb7t91Bjspx5b1NU7bq-678HX4ydWRROwY2dA2S44IOJNVciUkIkcsO84G0OMCsLMokyD31-OFAoXU3y8qQ9m2QzOj9UdrceMlcnRz1SdB_CPXxM2djABLrEiOm6BOAEAYgF9ff8w0ugBlSAB7uAg36oB9m2sQKoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQKoB8qpsQKoB-ulsQLYBwGoCAHSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoDyAsB2gwRCgsQ8IH3reWUmsPlARICAQOqDQJEReINEwjP05uLpeKBAxUGkt4KHbqiCqPYEw2IFAHQFQGYFgHiFgIIAfgWAYAXAQ&sigh=jl3-ka3m8UQ&cmd=Ch1jYS12aWRlby1wdWItMzYwNTI1NzM2MDg1MzE4NRAAGAI&label=vast_creativeview&ad_mt=0&sdkv=h.3.594.0/vpaid_adapter&vci=CpIBCAESGHB1YmFkcy5nLmRvdWJsZWNsaWNrLm5ldBoHQWRTZW5zZSAEKgw2MDM0MzY3NTEyMTkyDDY2MjEzMjg0MTc3OUCtBlImEA8lAADIQSgBOgtVUVZUZ1M0Ym9WOEIJZ29vZ2xlYWRzSMECUABaImRvdWJsZWNsaWNrYnlnb29nbGUuY29tLW9taWQtdmlkZW8YAQ..
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 Oct 2023 20:45:17 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/interaction/ Frame 2D42
42 B
108 B
Image
General
Full URL
https://googleads.g.doubleclick.net/pagead/interaction/?ai=C_Ke93HEgZdCLMIak-ga6xaqYCpKhhqtz87KI_ccRsJAfEAEgwMKsemCVivyBlAegAa3__IEDyAEFqQIVRJ00g8WxPuACAKgDAZgEAKoErAJP0N6Fu1FbnQhuMLXJUKvqU2nXR5fm3hygm6Xi-iXgalxS9cOnRPMxRkEoVARAWZMO-ERJa9e76xY-8JD5zc8CoQ_RlslQioKstUMa7siEBYhCbebVFG7hDacxzKvHn1bv-KhDfNe2qf4aGxIwXhP5miqQ79ByOwlc-zzluh-7k01RGXLxxq0Zlwg-EOQWWdrr_ZVCDNoFM0yYBiK1ZqANa8TQlFUhVZB9as4I2L7JjMsNDDX45HCC6zwEJn3945kEFraO9Yrb_qj19ap0t8M0C-SvB-mAUb7t91Bjspx5b1NU7bq-678HX4ydWRROwY2dA2S44IOJNVciUkIkcsO84G0OMCsLMokyD31-OFAoXU3y8qQ9m2QzOj9UdrceMlcnRz1SdB_CPXxM2djABLrEiOm6BOAEAYgF9ff8w0ugBlSAB7uAg36oB9m2sQKoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQKoB8qpsQKoB-ulsQLYBwGoCAHSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoDyAsB2gwRCgsQ8IH3reWUmsPlARICAQOqDQJEReINEwjP05uLpeKBAxUGkt4KHbqiCqPYEw2IFAHQFQGYFgHiFgIIAfgWAYAXAQ&sigh=jl3-ka3m8UQ&cmd=Ch1jYS12aWRlby1wdWItMzYwNTI1NzM2MDg1MzE4NRAAGAI&label=part2viewed&ad_mt=0&sdkv=h.3.594.0/vpaid_adapter&vci=CpIBCAESGHB1YmFkcy5nLmRvdWJsZWNsaWNrLm5ldBoHQWRTZW5zZSAEKgw2MDM0MzY3NTEyMTkyDDY2MjEzMjg0MTc3OUCtBlImEA8lAADIQSgBOgtVUVZUZ1M0Ym9WOEIJZ29vZ2xlYWRzSMECUABaImRvdWJsZWNsaWNrYnlnb29nbGUuY29tLW9taWQtdmlkZW8YAQ..
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 Oct 2023 20:45:17 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
playback
www.youtube.com/api/stats/ Frame 2D42
0
0
Image
General
Full URL
https://www.youtube.com/api/stats/playback?cmt=0&rt=0&rtn=10&delay=20&adformat=2_2_1&c=vast_gvp_ads&el=adunit&len=20&ns=yt&ver=2&vtype=gvp&cplatform=desktop&cpn=zBec0tNpfvi3y1sm&docid=UQVTgS4boV8&visitordata=CgtqckVGWVVQR0VEOA%3D%3D&of=-_xhI4eL4MjOL53E0nwGhA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

/
googleads.g.doubleclick.net/pagead/interaction/ Frame 2D42
42 B
108 B
Image
General
Full URL
https://googleads.g.doubleclick.net/pagead/interaction/?ai=C_Ke93HEgZdCLMIak-ga6xaqYCpKhhqtz87KI_ccRsJAfEAEgwMKsemCVivyBlAegAa3__IEDyAEFqQIVRJ00g8WxPuACAKgDAZgEAKoErAJP0N6Fu1FbnQhuMLXJUKvqU2nXR5fm3hygm6Xi-iXgalxS9cOnRPMxRkEoVARAWZMO-ERJa9e76xY-8JD5zc8CoQ_RlslQioKstUMa7siEBYhCbebVFG7hDacxzKvHn1bv-KhDfNe2qf4aGxIwXhP5miqQ79ByOwlc-zzluh-7k01RGXLxxq0Zlwg-EOQWWdrr_ZVCDNoFM0yYBiK1ZqANa8TQlFUhVZB9as4I2L7JjMsNDDX45HCC6zwEJn3945kEFraO9Yrb_qj19ap0t8M0C-SvB-mAUb7t91Bjspx5b1NU7bq-678HX4ydWRROwY2dA2S44IOJNVciUkIkcsO84G0OMCsLMokyD31-OFAoXU3y8qQ9m2QzOj9UdrceMlcnRz1SdB_CPXxM2djABLrEiOm6BOAEAYgF9ff8w0ugBlSAB7uAg36oB9m2sQKoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQKoB8qpsQKoB-ulsQLYBwGoCAHSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoDyAsB2gwRCgsQ8IH3reWUmsPlARICAQOqDQJEReINEwjP05uLpeKBAxUGkt4KHbqiCqPYEw2IFAHQFQGYFgHiFgIIAfgWAYAXAQ&sigh=jl3-ka3m8UQ&cmd=Ch1jYS12aWRlby1wdWItMzYwNTI1NzM2MDg1MzE4NRAAGAI&label=admute&ad_mt=0&sdkv=h.3.594.0/vpaid_adapter&vci=CpIBCAESGHB1YmFkcy5nLmRvdWJsZWNsaWNrLm5ldBoHQWRTZW5zZSAEKgw2MDM0MzY3NTEyMTkyDDY2MjEzMjg0MTc3OUCtBlImEA8lAADIQSgBOgtVUVZUZ1M0Ym9WOEIJZ29vZ2xlYWRzSMECUABaImRvdWJsZWNsaWNrYnlnb29nbGUuY29tLW9taWQtdmlkZW8YAQ..
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 Oct 2023 20:45:17 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
i
vid-io-iad.springserve.com/vd/ Frame F01F
43 B
205 B
Image
General
Full URL
https://vid-io-iad.springserve.com/vd/i?suuid=a1ba7eee&ps_id=702408&event=js_opportunity&time_on_page=5&num_bq_pt=2&num_dt_pt=9&timestamp=1696625117825&ip=80.255.7.107&_disyn=1&ssid=c89bd703-1cf8-48fb-8190-125bd8f562f0.1696625115118&uuid=a1ba7eee-2dfe-4825-a55e-8d6deeadd935&url=https%3A%2F%2Fwww.powerball.com%2F&did=4908ae93-7a4c-a979-8ab2-e045aa67fe01&_rcc=bs.135425_vp.129963&gdpr=0&d=powerball.com&w=312&h=176&cc=DE&dtnum=2&ss_region=dub&a_cc=s.702408&d_m=www.powerball.com&d_ms=d_wla&ds_w=312&ds_h=176&ds_ms=client&in_v=0&cb=6834582
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.127.168 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-127-168.compute-1.amazonaws.com
Software
nginx /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 06 Oct 2023 20:45:18 GMT
access-control-allow-credentials
true
server
nginx
content-length
43
access-control-allow-methods
GET, OPTIONS
content-type
image/gif
i
vid-io-iad.springserve.com/vd/ Frame F01F
43 B
206 B
Image
General
Full URL
https://vid-io-iad.springserve.com/vd/i?suuid=a1ba7eee&ps_id=702408&event=cm_js_demand_req_resp&a_cc=s.702408-d.1107811&dtidx=1&cc_i=0&response_time=171&has_ad=false&reason=HB_BID_ERROR&wrapper_count=0&dtype=0&bp=null&bf=2&vec=1301&_t1=1&timestamp=1696625117825&ip=80.255.7.107&_disyn=1&ssid=c89bd703-1cf8-48fb-8190-125bd8f562f0.1696625115118&uuid=a1ba7eee-2dfe-4825-a55e-8d6deeadd935&url=https%3A%2F%2Fwww.powerball.com%2F&did=4908ae93-7a4c-a979-8ab2-e045aa67fe01&_rcc=bs.135425_vp.129963&gdpr=0&d=powerball.com&w=312&h=176&cc=DE&dtnum=2&ss_region=dub&d_m=www.powerball.com&d_ms=d_wla&ds_w=312&ds_h=176&ds_ms=client&in_v=0&cb=9145292
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.127.168 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-127-168.compute-1.amazonaws.com
Software
nginx /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 06 Oct 2023 20:45:18 GMT
access-control-allow-credentials
true
server
nginx
content-length
43
access-control-allow-methods
GET, OPTIONS
content-type
image/gif
i
vid-io-iad.springserve.com/vd/ Frame F01F
43 B
205 B
Image
General
Full URL
https://vid-io-iad.springserve.com/vd/i?suuid=a1ba7eee&ps_id=702408&event=cm_js_demand_req_resp&a_cc=s.702408-d.1169262&dtidx=1&cc_i=0&response_time=178&wrapper_count=0&has_ad=true&timeout=false&vv=2.0&dtype=2&_t1=1&timestamp=1696625117825&ip=80.255.7.107&_disyn=1&ssid=c89bd703-1cf8-48fb-8190-125bd8f562f0.1696625115118&uuid=a1ba7eee-2dfe-4825-a55e-8d6deeadd935&url=https%3A%2F%2Fwww.powerball.com%2F&did=4908ae93-7a4c-a979-8ab2-e045aa67fe01&_rcc=bs.135425_vp.129963&gdpr=0&d=powerball.com&w=312&h=176&cc=DE&dtnum=2&ss_region=dub&d_m=www.powerball.com&d_ms=d_wla&ds_w=312&ds_h=176&ds_ms=client&in_v=0&cb=6656463
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.127.168 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-127-168.compute-1.amazonaws.com
Software
nginx /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 06 Oct 2023 20:45:18 GMT
access-control-allow-credentials
true
server
nginx
content-length
43
access-control-allow-methods
GET, OPTIONS
content-type
image/gif
i
vid-io-iad.springserve.com/vd/ Frame F01F
43 B
205 B
Image
General
Full URL
https://vid-io-iad.springserve.com/vd/i?suuid=a1ba7eee&ps_id=702408&event=js_demand_opportunity&a_cc=s.702408-d.1169262&dtidx=1&cc_i=0&response_time=1&creative_type=JS_VPAID&_t1=1&timestamp=1696625117825&ip=80.255.7.107&_disyn=1&ssid=c89bd703-1cf8-48fb-8190-125bd8f562f0.1696625115118&uuid=a1ba7eee-2dfe-4825-a55e-8d6deeadd935&url=https%3A%2F%2Fwww.powerball.com%2F&did=4908ae93-7a4c-a979-8ab2-e045aa67fe01&_rcc=bs.135425_vp.129963&gdpr=0&d=powerball.com&w=312&h=176&cc=DE&dtnum=2&ss_region=dub&d_m=www.powerball.com&d_ms=d_wla&ds_w=312&ds_h=176&ds_ms=client&in_v=0&cb=6303521
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.127.168 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-127-168.compute-1.amazonaws.com
Software
nginx /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 06 Oct 2023 20:45:18 GMT
access-control-allow-credentials
true
server
nginx
content-length
43
access-control-allow-methods
GET, OPTIONS
content-type
image/gif
i
vid-io-iad.springserve.com/vd/ Frame F01F
43 B
205 B
Image
General
Full URL
https://vid-io-iad.springserve.com/vd/i?suuid=a1ba7eee&ps_id=702408&event=cm_js_demand_req_resp&a_cc=s.702408-d.1107810&dtidx=1&cc_i=0&response_time=232&has_ad=false&reason=HB_BID_ERROR&wrapper_count=0&dtype=0&bp=null&bf=2&vec=1301&_t1=1&timestamp=1696625117825&ip=80.255.7.107&_disyn=1&ssid=c89bd703-1cf8-48fb-8190-125bd8f562f0.1696625115118&uuid=a1ba7eee-2dfe-4825-a55e-8d6deeadd935&url=https%3A%2F%2Fwww.powerball.com%2F&did=4908ae93-7a4c-a979-8ab2-e045aa67fe01&_rcc=bs.135425_vp.129963&gdpr=0&d=powerball.com&w=312&h=176&cc=DE&dtnum=2&ss_region=dub&d_m=www.powerball.com&d_ms=d_wla&ds_w=312&ds_h=176&ds_ms=client&in_v=0&cb=7797887
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.127.168 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-127-168.compute-1.amazonaws.com
Software
nginx /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 06 Oct 2023 20:45:18 GMT
access-control-allow-credentials
true
server
nginx
content-length
43
access-control-allow-methods
GET, OPTIONS
content-type
image/gif
i
vid-io-iad.springserve.com/vd/ Frame F01F
43 B
205 B
Image
General
Full URL
https://vid-io-iad.springserve.com/vd/i?suuid=a1ba7eee&ps_id=702408&event=cm_js_demand_req_resp&a_cc=s.702408-d.1131534&dtidx=1&cc_i=0&response_time=232&has_ad=false&reason=HB_BID_ERROR&wrapper_count=0&dtype=0&bp=null&bf=2&vec=1301&_t1=1&timestamp=1696625117825&ip=80.255.7.107&_disyn=1&ssid=c89bd703-1cf8-48fb-8190-125bd8f562f0.1696625115118&uuid=a1ba7eee-2dfe-4825-a55e-8d6deeadd935&url=https%3A%2F%2Fwww.powerball.com%2F&did=4908ae93-7a4c-a979-8ab2-e045aa67fe01&_rcc=bs.135425_vp.129963&gdpr=0&d=powerball.com&w=312&h=176&cc=DE&dtnum=2&ss_region=dub&d_m=www.powerball.com&d_ms=d_wla&ds_w=312&ds_h=176&ds_ms=client&in_v=0&cb=8943832
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.127.168 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-127-168.compute-1.amazonaws.com
Software
nginx /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 06 Oct 2023 20:45:18 GMT
access-control-allow-credentials
true
server
nginx
content-length
43
access-control-allow-methods
GET, OPTIONS
content-type
image/gif
i
vid-io-iad.springserve.com/vd/ Frame F01F
43 B
205 B
Image
General
Full URL
https://vid-io-iad.springserve.com/vd/i?suuid=a1ba7eee&ps_id=702408&event=cm_js_demand_req_resp&a_cc=s.702408-d.1131533&dtidx=1&cc_i=0&response_time=233&has_ad=false&reason=HB_BID_ERROR&wrapper_count=0&dtype=0&bp=null&bf=2&vec=1301&_t1=1&timestamp=1696625117825&ip=80.255.7.107&_disyn=1&ssid=c89bd703-1cf8-48fb-8190-125bd8f562f0.1696625115118&uuid=a1ba7eee-2dfe-4825-a55e-8d6deeadd935&url=https%3A%2F%2Fwww.powerball.com%2F&did=4908ae93-7a4c-a979-8ab2-e045aa67fe01&_rcc=bs.135425_vp.129963&gdpr=0&d=powerball.com&w=312&h=176&cc=DE&dtnum=2&ss_region=dub&d_m=www.powerball.com&d_ms=d_wla&ds_w=312&ds_h=176&ds_ms=client&in_v=0&cb=5665996
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.127.168 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-127-168.compute-1.amazonaws.com
Software
nginx /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 06 Oct 2023 20:45:18 GMT
access-control-allow-credentials
true
server
nginx
content-length
43
access-control-allow-methods
GET, OPTIONS
content-type
image/gif
i
vid-io-iad.springserve.com/vd/ Frame F01F
43 B
205 B
Image
General
Full URL
https://vid-io-iad.springserve.com/vd/i?suuid=a1ba7eee&ps_id=702408&event=cm_js_demand_req_resp&a_cc=s.702408-d.1107812&dtidx=1&cc_i=0&response_time=236&has_ad=false&reason=HB_BID_ERROR&wrapper_count=0&dtype=0&bp=null&bf=2&vec=1301&_t1=1&timestamp=1696625117825&ip=80.255.7.107&_disyn=1&ssid=c89bd703-1cf8-48fb-8190-125bd8f562f0.1696625115118&uuid=a1ba7eee-2dfe-4825-a55e-8d6deeadd935&url=https%3A%2F%2Fwww.powerball.com%2F&did=4908ae93-7a4c-a979-8ab2-e045aa67fe01&_rcc=bs.135425_vp.129963&gdpr=0&d=powerball.com&w=312&h=176&cc=DE&dtnum=2&ss_region=dub&d_m=www.powerball.com&d_ms=d_wla&ds_w=312&ds_h=176&ds_ms=client&in_v=0&cb=7401966
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.127.168 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-127-168.compute-1.amazonaws.com
Software
nginx /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 06 Oct 2023 20:45:18 GMT
access-control-allow-credentials
true
server
nginx
content-length
43
access-control-allow-methods
GET, OPTIONS
content-type
image/gif
i
vid-io-sin.springserve.com/vd/ Frame F01F
43 B
206 B
Image
General
Full URL
https://vid-io-sin.springserve.com/vd/i?suuid=a1ba7eee&ps_id=702408&event=cm_js_demand_req_resp&a_cc=s.702408-d.1116500&dtidx=1&cc_i=0&response_time=239&has_ad=false&reason=HB_BID_ERROR&wrapper_count=0&dtype=0&bp=null&bf=2&vec=1301&_t1=1&timestamp=1696625117825&ip=80.255.7.107&_disyn=1&ssid=c89bd703-1cf8-48fb-8190-125bd8f562f0.1696625115118&uuid=a1ba7eee-2dfe-4825-a55e-8d6deeadd935&url=https%3A%2F%2Fwww.powerball.com%2F&did=4908ae93-7a4c-a979-8ab2-e045aa67fe01&_rcc=bs.135425_vp.129963&gdpr=0&d=powerball.com&w=312&h=176&cc=DE&dtnum=2&ss_region=dub&d_m=www.powerball.com&d_ms=d_wla&ds_w=312&ds_h=176&ds_ms=client&in_v=0&cb=8638129
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.1.235.38 , Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-1-235-38.ap-southeast-1.compute.amazonaws.com
Software
nginx /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 06 Oct 2023 20:45:18 GMT
access-control-allow-credentials
true
server
nginx
content-length
43
access-control-allow-methods
GET, OPTIONS
content-type
image/gif
i
vid-io-iad.springserve.com/vd/ Frame F01F
43 B
205 B
Image
General
Full URL
https://vid-io-iad.springserve.com/vd/i?suuid=a1ba7eee&ps_id=702408&event=cm_js_demand_req_resp&a_cc=s.702408-d.1113417&dtidx=1&cc_i=0&response_time=282&has_ad=false&reason=HB_BID_ERROR&wrapper_count=0&dtype=0&bp=null&bf=2&vec=1301&_t1=1&timestamp=1696625117825&ip=80.255.7.107&_disyn=1&ssid=c89bd703-1cf8-48fb-8190-125bd8f562f0.1696625115118&uuid=a1ba7eee-2dfe-4825-a55e-8d6deeadd935&url=https%3A%2F%2Fwww.powerball.com%2F&did=4908ae93-7a4c-a979-8ab2-e045aa67fe01&_rcc=bs.135425_vp.129963&gdpr=0&d=powerball.com&w=312&h=176&cc=DE&dtnum=2&ss_region=dub&d_m=www.powerball.com&d_ms=d_wla&ds_w=312&ds_h=176&ds_ms=client&in_v=0&cb=3245861
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.127.168 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-127-168.compute-1.amazonaws.com
Software
nginx /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 06 Oct 2023 20:45:18 GMT
access-control-allow-credentials
true
server
nginx
content-length
43
access-control-allow-methods
GET, OPTIONS
content-type
image/gif
i
vid-io-iad.springserve.com/vd/ Frame F01F
43 B
205 B
Image
General
Full URL
https://vid-io-iad.springserve.com/vd/i?suuid=a1ba7eee&ps_id=702408&event=js_impression&a_cc=s.702408-d.1169262&dtidx=1&time_on_page=2371&response_time=2183&creative_type=JS_VPAID&dtype=2&ctype=2&_t1=1&timestamp=1696625117825&ip=80.255.7.107&_disyn=1&ssid=c89bd703-1cf8-48fb-8190-125bd8f562f0.1696625115118&uuid=a1ba7eee-2dfe-4825-a55e-8d6deeadd935&url=https%3A%2F%2Fwww.powerball.com%2F&did=4908ae93-7a4c-a979-8ab2-e045aa67fe01&_rcc=bs.135425_vp.129963&gdpr=0&d=powerball.com&w=312&h=176&cc=DE&dtnum=2&ss_region=dub&d_m=www.powerball.com&d_ms=d_wla&ds_w=312&ds_h=176&ds_ms=client&in_v=0&cb=750380
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.127.168 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-127-168.compute-1.amazonaws.com
Software
nginx /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 06 Oct 2023 20:45:18 GMT
access-control-allow-credentials
true
server
nginx
content-length
43
access-control-allow-methods
GET, OPTIONS
content-type
image/gif
1
serving.stat-rock.com/v1/log/js/
35 B
169 B
Image
General
Full URL
https://serving.stat-rock.com/v1/log/js/1?id=1696625114919.1577&type=IMPRESSION&placementId=OpE_G2eQEIVcnqleHDYoCw7EE8VuwpK8BwG1KH8rz7xSWoy4ivaH&tagId=&message=&u=https%3A%2F%2Fwww.powerball.com%2F&t=3215&v=112.sp&p=fashKfMyO1atCB74r89nrYxfXH2rIGIWJHvOs0KaPtwhV3AIQxnp&width=312&z=p%3Ast%3Bpt%3APRE%3Bv%3AinView%3Bc%3Avast%3Bvp%3A1%3B&r=0.08871793331630973
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.76.28.41 Freiburg im Breisgau, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.41.28.76.144.clients.your-server.de
Software
nginx /
Resource Hash
0521f51eafc20f3c9fe88c29186358b8e53ade4dda9e0611bb22f6ac36acb540

Request headers

Referer
Origin
https://www.powerball.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-origin
https://www.powerball.com
date
Fri, 06 Oct 2023 20:45:17 GMT
srvf
144.76.28.41
server
nginx
srvb
127.0.0.1:8082
content-length
35
content-type
image/gif
i
vid-io-dub.springserve.com/vd/
43 B
205 B
Image
General
Full URL
https://vid-io-dub.springserve.com/vd/i?event=vast_flash_impression
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.50.110.139 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-50-110-139.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 06 Oct 2023 20:45:17 GMT
access-control-allow-credentials
true
server
nginx
content-length
43
access-control-allow-methods
GET, OPTIONS
content-type
image/gif
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
52f714c3f78011bc97493a37219e75e9edf220b7e9de5e7c3f40d6644c7a3232

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
674 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a59e8d8491b501831dd2cb45a4ef16eb2aa3c8c52a80d185d39e257917472bd7

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type
image/svg+xml
1
serving.stat-rock.com/v1/log/js/
35 B
169 B
Image
General
Full URL
https://serving.stat-rock.com/v1/log/js/1?id=1696625114919.1577&type=STARTED&placementId=OpE_G2eQEIVcnqleHDYoCw7EE8VuwpK8BwG1KH8rz7xSWoy4ivaH&tagId=&message=VAST&u=https%3A%2F%2Fwww.powerball.com%2F&t=3221&v=112.sp&p=fashKfMyO1atCB74r89nrYxfXH2rIGIWJHvOs0KaPtwhV3AIQxnp&width=312&z=p%3Ast%3Bpt%3APRE%3Bv%3AinView%3Bc%3Avast%3Bvp%3A1%3B&r=0.8645542665759416
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.76.28.41 Freiburg im Breisgau, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.41.28.76.144.clients.your-server.de
Software
nginx /
Resource Hash
0521f51eafc20f3c9fe88c29186358b8e53ade4dda9e0611bb22f6ac36acb540

Request headers

Referer
Origin
https://www.powerball.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-origin
https://www.powerball.com
date
Fri, 06 Oct 2023 20:45:17 GMT
srvf
144.76.28.41
server
nginx
srvb
127.0.0.1:8082
content-length
35
content-type
image/gif
i
vid-io-iad.springserve.com/vd/ Frame F01F
43 B
205 B
Image
General
Full URL
https://vid-io-iad.springserve.com/vd/i?suuid=a1ba7eee&ps_id=702408&event=js_start&a_cc=s.702408-d.1169262&dtidx=1&time_on_page=2382&response_time=2194&creative_type=JS_VPAID&dtype=2&ctype=2&_t1=1&timestamp=1696625117835&ip=80.255.7.107&_disyn=1&ssid=c89bd703-1cf8-48fb-8190-125bd8f562f0.1696625115118&uuid=a1ba7eee-2dfe-4825-a55e-8d6deeadd935&url=https%3A%2F%2Fwww.powerball.com%2F&did=4908ae93-7a4c-a979-8ab2-e045aa67fe01&_rcc=bs.135425_vp.129963&gdpr=0&d=powerball.com&w=312&h=176&cc=DE&dtnum=2&ss_region=dub&d_m=www.powerball.com&d_ms=d_wla&ds_w=312&ds_h=176&ds_ms=client&in_v=0&cb=8257123
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.226.127.168 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-226-127-168.compute-1.amazonaws.com
Software
nginx /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 06 Oct 2023 20:45:18 GMT
access-control-allow-credentials
true
server
nginx
content-length
43
access-control-allow-methods
GET, OPTIONS
content-type
image/gif
1
serving.stat-rock.com/v1/log/js/
35 B
169 B
Image
General
Full URL
https://serving.stat-rock.com/v1/log/js/1?id=1696625114919.1577&type=VIEWED_0&placementId=OpE_G2eQEIVcnqleHDYoCw7EE8VuwpK8BwG1KH8rz7xSWoy4ivaH&tagId=&message=&typeA=PRE&contentTypeA=VIDEO&u=https%3A%2F%2Fwww.powerball.com%2F&t=3224&v=112.sp&p=fashKfMyO1atCB74r89nrYxfXH2rIGIWJHvOs0KaPtwhV3AIQxnp&width=312&z=p%3Ast%3Bpt%3APRE%3Bv%3AinView%3Bc%3Avast%3Bvp%3A1%3B&r=0.06264910892124353
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.76.28.41 Freiburg im Breisgau, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.41.28.76.144.clients.your-server.de
Software
nginx /
Resource Hash
0521f51eafc20f3c9fe88c29186358b8e53ade4dda9e0611bb22f6ac36acb540

Request headers

Referer
Origin
https://www.powerball.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-origin
https://www.powerball.com
date
Fri, 06 Oct 2023 20:45:17 GMT
srvf
144.76.28.41
server
nginx
srvb
127.0.0.1:8082
content-length
35
content-type
image/gif
hhrtBw21.html
tpc.googlesyndication.com/sodar/ Frame C802
23 KB
9 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/hhrtBw21.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Oy6hyfNY.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
861aed070db50ce0da9928455deff784c115b44540b09450f225ff7cff0c7429
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://imasdk.googleapis.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
63496
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8727
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 06 Oct 2023 03:07:01 GMT
expires
Sat, 05 Oct 2024 03:07:01 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
YeTNF82ErcXtSc42GSWrie2SEIEL8DxR64dbf1nZkSc.js
pagead2.googlesyndication.com/bg/ Frame C802
37 KB
15 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/YeTNF82ErcXtSc42GSWrie2SEIEL8DxR64dbf1nZkSc.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/hhrtBw21.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61e4cd17cd84adc5ed49ce361925ab89ed9210810bf03c51eb875b7f59d99127
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Fri, 06 Oct 2023 13:29:55 GMT
content-encoding
br
x-content-type-options
nosniff
age
26123
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14663
x-xss-protection
0
last-modified
Mon, 02 Oct 2023 14:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 05 Oct 2024 13:29:55 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame C802
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=36&t=2&li=v_h.3.594.0&bgai=Bybgr3HEgZdCLMIak-ga6xaqYCgAAAAA4AboFEwin9pqLpeKBAxWFAVUIHRaPATs&bg=!wcKlwo3NAAbjlzx0w5c7ADQBe5WfOPEadY8CxZ3sAK-_h-FUdoQbc5vMpBhG1kei_11E_1wTTmtgJFgd7lmUHMFHFLYvAgAAAK5SAAAAA2gBBwoA20MaM_GCK3L-lXgfCCTxa0xdpSx-UEd-y-7iNbfZRgJ5mC1abY3PFCHzOpRoPnOI9FU9GXASqLOShlq0KCI4OpFaYK1CNm-hj9fwv6-MYwxctKwv_UEBF7wQLYjtpMYfrRGoY5tFpm5NquKWA8m3TmG8vzZ4MkzyeKdPuaRLO6c4rkqGfQtdsmVvg6Fz-bZ5FGM0iAID-Q1jHOCMJYMn7rBkGa4rvWvoIz-0ip2MbrdtHv76yNwZg2ARObgKpZT-a4turIhvcB3GMj4N0PI72RlVgFIS8_cK9fqOWZkCYNS5ohLywRoIgenpHd1knmtG7p4dKrWoYMv51CjAjnIm6gGyNNvqlLY1TFxmOJrYeJ5nNcSwGx63si2AlMtzQV0aYW8xEQyx5w8oaV1NGc6tSGXVo6UkLHC3Hb8EWp4V_8dBCb_1Jo2Jek3JmG3tlesA05cwYbAeA8_bKwgpbsXoeHmQXcyfsc0qERFxMVXDQZZRgCxH_k_k4MQBioLfNfHRW3TDRZzf_7GQ0G-9ejDdH0XeGM4C4JzeiDxsTaQ3OMzvBucXr6MiO_EkwwrWKmtRzwcFm69M6dEAmuFCeELKzcNJpTZ_MEeV85Oj-X5UdQV27PjgfMtpOWyKj6GJLvFeqxAiky7Ujzj2jwTdpawXwR6e_qZqG8ywsfhHDVv4FanflqzTxBKwQ4gDkEmyWa0Q1QepoUCe5etRKSVbIPv2Au2TJr85RQpxtZUS-NuSgp8F8h-_TpULSUaq6vAqnq4WMqVTL94R2eI4HsFgznZ-NYiGpJBYnZ1MXb5zdSbmhHI8mGo6JMj4DXvy8PaZuuhLD3wU3Lu2NQzhBOaVx7Xg3fScFfBpu7XANS7W2twbibmBEzLxWB5SWhTTtev6idtOSrDuTTdT7ExnRtzGHjM6idGRXf7J_E7CHT7YE3KF23ITSraY7bztu3Zdv_zwoIkObTR2EPH07PkozwLNwHeJ4Nmd_9jDhm4Hbx1s4lpdK3AUDcT3yd-GgBYoF4wngCydsHkGMj9tBXtkC8m5LqXOfi_zigDXMrQSOhtvHMqRyfF9FepwvPUFx1m2kk5qt1ACgb4dZGr16btMCb_mzThP
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 06 Oct 2023 20:45:18 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
c
c.pub.network/v2/
36 B
53 B
Fetch
General
Full URL
https://c.pub.network/v2/c
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/analytics/1.2.5/analytics.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.160.152.31 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
31.152.160.34.bc.googleusercontent.com
Software
/
Resource Hash
0fec69e64255f119b5a36ecea1614e1de045e015c7d363f79ab5b0460f0cfefa

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 06 Oct 2023 20:45:18 GMT
via
1.1 google
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
text/plain;charset=utf-8
access-control-allow-origin
https://www.powerball.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
36
c
c.pub.network/v2/ Frame
0
0
Preflight
General
Full URL
https://c.pub.network/v2/c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.160.152.31 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
31.152.160.34.bc.googleusercontent.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.powerball.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
POST
access-control-allow-origin
https://www.powerball.com
access-control-max-age
1800
allow
GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Fri, 06 Oct 2023 20:45:18 GMT
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
via
1.1 google

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
api.intentiq.com
URL
https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=39&mi=10&dpi=1434517136&pt=17&dpn=1&jsver=5.4&iiqidtype=2&iiqpcid=15d373df-3da6-4333-82f1-f337d51275bb&iiqpciddate=1696625114038&jaesc=0&jafc=0&jaensc=0&iiqlocalstorageenabled=true&tsrnd=97_1696625114040&cttl=43200000&rrtt=0&dud=0&abtg=A&vrref=www.powerball.com&japbjs=true&japs=false
Domain
api.intentiq.com
URL
https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=39&mi=10&dpi=1434517136&pt=17&dpn=1&jsver=5.4&iiqidtype=2&iiqpcid=15d373df-3da6-4333-82f1-f337d51275bb&iiqpciddate=1696625114038&jaesc=0&jafc=0&jaensc=0&iiqlocalstorageenabled=true&tsrnd=344_1696625114223&cttl=43200000&rrtt=180&dud=0&abtg=A&vrref=www.powerball.com&japbjs=true&japs=false
Domain
api.intentiq.com
URL
https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=39&mi=10&dpi=1434517136&pt=17&dpn=1&jsver=5.4&iiqidtype=2&iiqpcid=15d373df-3da6-4333-82f1-f337d51275bb&iiqpciddate=1696625114038&jaesc=0&jafc=0&jaensc=0&iiqlocalstorageenabled=true&tsrnd=807_1696625114224&cttl=43200000&rrtt=180&dud=0&abtg=A&vrref=www.powerball.com&japbjs=true&japs=false
Domain
sync.admanmedia.com
URL
https://sync.admanmedia.com/pbs.gif?gdpr=1&gdpr_consent=&us_privacy=&redir=https%3A%2F%2Fsync.springserve.com%2Fusersync%3Faid%3D1000028%26gdpr%3D1%26gdpr_consent%3D%26us_privacy%3D%26uuid%3D%5BUID%5D

Verdicts & Comments Add Verdict or Comment

80 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| freestar function| gtag object| dataLayer function| renderRecaptcha object| simplemaps_usmap_mapdata object| pageJson number| uidEvent function| flatpickr function| admiral object| googletag object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| simplemaps_usmap_mapinfo function| eve function| Raphael function| Tweenable object| simplemaps_usmap object| google_tag_manager object| google_tag_data function| onYouTubeIframeAPIReady object| gaGlobal object| fsdata object| _comscore object| fsprebid function| 4dm1r11545242527 object| recaptcha object| closure_lm_929552 function| load_script object| confiant object| COMSCORE object| ns_p object| fsprebidChunk object| _pbjsGlobals object| mnet object| ggeac object| google_js_reporting_queue object| __bt_tag_d object| __bt_intrnl object| __bt object| __bt_tag_am undefined| google_measure_js_timing function| _hadron object| apstag function| _typeof function| _createForOfIteratorHelper function| _unsupportedIterableToArray function| _arrayLikeToArray function| IntentIqObject function| PartnersWinEvent object| iiq_object_array boolean| __bt_already_invoked object| hadron boolean| __halo_loaded__ object| _aps boolean| apstagLOADED object| apscustom object| _qevents object| _ssPlayer boolean| creativeVendorLibraryLoaded object| au function| quantserve function| __qc object| ezt object| _qoptions object| ID5 object| __id5_instances function| tokvps function| loadPlayer function| AdPlayerPro function| playerPro object| PublisherCommonId number| google_global_correlator object| closure_lm_414928

35 Cookies

Domain/Path Name / Value
.pub.network/ Name: _fsuid
Value: c9c0947a-edcc-4935-b6e7-38a75706b867
.powerball.com/ Name: _ga_4P9G1BDP3V
Value: GS1.1.1696625113.1.0.1696625113.60.0.0
.powerball.com/ Name: _ga
Value: GA1.1.1258256014.1696625113
.powerball.com/ Name: _awl
Value: 2.1696625113.5-634673d40eb422e391b69db6b9f4ad55-6763652d6575726f70652d7765737431-0
www.powerball.com/ Name: _pbjs_userid_consent_data
Value: 3524755945110770
.quantserve.com/ Name: mc
Value: 652071da-e2d92-63f16-a371f
.powerball.com/ Name: __qca
Value: P0-2054755973-1696625114573
.springserve.com/ Name: ssid
Value: c89bd703-1cf8-48fb-8190-125bd8f562f0
.springserve.com/ Name: sst
Value: 1696625115118
.openx.net/ Name: i
Value: 7929103d-28df-04a5-385f-0c8c64272222|1696625115
.casalemedia.com/ Name: CMID
Value: ZSBx21RUob5.oSE-9Mdi8AAA
.casalemedia.com/ Name: CMPS
Value: 5140
.casalemedia.com/ Name: CMPRO
Value: 5140
bh.contextweb.com/ Name: INGRESSCOOKIE
Value: 1642b2f9566cba49
.adnxs.com/ Name: icu
Value: ChgInKNrEAoYASABKAEw2-OBqQY4AUABSAEQ2-OBqQYYAA..
.adnxs.com/ Name: uuid2
Value: 2677880100800868132
.advertising.com/ Name: A3
Value: d=AQABBNtxIGUCEM8QQbpF4rAZcl8bz25PqisFEgEBAQHDIWUqZeAYyiMA_eMAAA&S=AQAAAmR2uzkaTU8Jsa3q51GJaY4
.quantserve.com/ Name: d
Value: EF4BDQGPKrjvsQA
.csync.loopme.me/ Name: viewer_token
Value: 89180c3c-4b8e-424a-b177-922661a02ec1
.simpli.fi/ Name: suid
Value: 26643565736A41878B1972CBEDB05FBB
.go.sonobi.com/ Name: HAPLB8G
Value: s8668|ZSBx3
.sxp.smartclip.net/ Name: uuid
Value: 470233c2-db71-2065-1af4-fd9a29e69b96
.tremorhub.com/ Name: tvid
Value: 5291fe8eab7846f9b39e8afa453fefbe
.doubleclick.net/ Name: IDE
Value: AHWqTUm5q6fJUQ7Z0ZQhW1lENmOJMnP3jidxzcKPd3Pm0NmS0wcusUSi89CXuvs6uKo
.adscale.de/ Name: uu
Value: 6320ee98daa14fd89cdfd8f0ad2d8a36
.adscale.de/ Name: cct
Value: 1696625115961
.sxp.smartclip.net/ Name: psyn
Value:
.ads.stickyadstv.com/ Name: UID
Value: 82b199ab08c539a1f353fcd19111fa
.ads.stickyadstv.com/ Name: uid-bp-34673
Value: ZSBx21RUob5-oSE_9Mdi8AAAFBQAAAIB
.yahoo.com/ Name: A3
Value: d=AQABBNxxIGUCENg2rxHpQStPgdjK3hNJE6IFEgEBAQHDIWUqZQAAAAAA_eMAAA&S=AQAAAnNi0wZ-XMbD1QrSghCI3sc
.tremorhub.com/ Name: tvssa
Value: 1696625116030
.amazon-adsystem.com/ Name: ad-id
Value: A5uDDS4eY0pZjjCMOG-ivHA
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.powerball.com/ Name: __gads
Value: ID=9bb5e58271e53bc4:T=1696625116:RT=1696625116:S=ALNI_Mb-8wxFgLiIrO4ByxXaTQ58eZRWNQ
.powerball.com/ Name: __gpi
Value: UID=00000c8fbb6ca185:T=1696625116:RT=1696625116:S=ALNI_Mb5Te7_Xr2ST77Jp2sf6l-NSGd1ew

10 Console Messages

Source Level URL
Text
network error URL: https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&secure=1&dpi=1434517136&rnd=946663&iiqidtype=2&iiqpcid=15d373df-3da6-4333-82f1-f337d51275bb&iiqpciddate=1696625114038&tsrnd=521_1696625114041&vrref=www.powerball.com&jsver=5.4&abtp=95&abtg=A
Message:
Failed to load resource: the server responded with a status of 403 ()
javascript error URL: https://www.powerball.com/
Message:
Access to XMLHttpRequest at 'https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=39&mi=10&dpi=1434517136&pt=17&dpn=1&jsver=5.4&iiqidtype=2&iiqpcid=15d373df-3da6-4333-82f1-f337d51275bb&iiqpciddate=1696625114038&jaesc=0&jafc=0&jaensc=0&iiqlocalstorageenabled=true&tsrnd=97_1696625114040&cttl=43200000&rrtt=0&dud=0&abtg=A&vrref=www.powerball.com&japbjs=true&japs=false' from origin 'https://www.powerball.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=39&mi=10&dpi=1434517136&pt=17&dpn=1&jsver=5.4&iiqidtype=2&iiqpcid=15d373df-3da6-4333-82f1-f337d51275bb&iiqpciddate=1696625114038&jaesc=0&jafc=0&jaensc=0&iiqlocalstorageenabled=true&tsrnd=97_1696625114040&cttl=43200000&rrtt=0&dud=0&abtg=A&vrref=www.powerball.com&japbjs=true&japs=false
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://www.powerball.com/
Message:
Access to XMLHttpRequest at 'https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=39&mi=10&dpi=1434517136&pt=17&dpn=1&jsver=5.4&iiqidtype=2&iiqpcid=15d373df-3da6-4333-82f1-f337d51275bb&iiqpciddate=1696625114038&jaesc=0&jafc=0&jaensc=0&iiqlocalstorageenabled=true&tsrnd=344_1696625114223&cttl=43200000&rrtt=180&dud=0&abtg=A&vrref=www.powerball.com&japbjs=true&japs=false' from origin 'https://www.powerball.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=39&mi=10&dpi=1434517136&pt=17&dpn=1&jsver=5.4&iiqidtype=2&iiqpcid=15d373df-3da6-4333-82f1-f337d51275bb&iiqpciddate=1696625114038&jaesc=0&jafc=0&jaensc=0&iiqlocalstorageenabled=true&tsrnd=344_1696625114223&cttl=43200000&rrtt=180&dud=0&abtg=A&vrref=www.powerball.com&japbjs=true&japs=false
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://www.powerball.com/
Message:
Access to XMLHttpRequest at 'https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=39&mi=10&dpi=1434517136&pt=17&dpn=1&jsver=5.4&iiqidtype=2&iiqpcid=15d373df-3da6-4333-82f1-f337d51275bb&iiqpciddate=1696625114038&jaesc=0&jafc=0&jaensc=0&iiqlocalstorageenabled=true&tsrnd=807_1696625114224&cttl=43200000&rrtt=180&dud=0&abtg=A&vrref=www.powerball.com&japbjs=true&japs=false' from origin 'https://www.powerball.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=39&mi=10&dpi=1434517136&pt=17&dpn=1&jsver=5.4&iiqidtype=2&iiqpcid=15d373df-3da6-4333-82f1-f337d51275bb&iiqpciddate=1696625114038&jaesc=0&jafc=0&jaensc=0&iiqlocalstorageenabled=true&tsrnd=807_1696625114224&cttl=43200000&rrtt=180&dud=0&abtg=A&vrref=www.powerball.com&japbjs=true&japs=false
Message:
Failed to load resource: net::ERR_FAILED
network error URL: https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID&gdpr=1
Message:
Failed to load resource: the server responded with a status of 400 ()
network error URL: https://c1.adform.net/serving/cookie/match?party=29&gdpr=1
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://sync.taboola.com/sg/indexscod/1/cm/?us_privacy=&gdpr=1&gdpr_consent=&id=ZSBx21RUob5.oSE-9Mdi8AAA%265140&gpp=&gpp_sid=
Message:
Failed to load resource: the server responded with a status of 400 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy block-all-mixed-content;frame-ancestors none;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.ad.gt
a.pub.network
aax.amazon-adsystem.com
acdn.adnxs.com
ad-delivery.net
ad.doubleclick.net
ads.pubmatic.com
ads.stickyadstv.com
ads.yieldmo.com
api.btloader.com
api.intentiq.com
as-sec.casalemedia.com
bh.contextweb.com
btloader.com
c.amazon-adsystem.com
c.pub.network
c1.adform.net
cdn.confiant-integrations.net
cdn.hadronid.net
cdn.id5-sync.com
cdn.indexww.com
cdn.powerball.com
cdn.springserve.com
cm.g.doubleclick.net
cms.quantserve.com
config.aps.amazon-adsystem.com
cs.media.net
csi.gstatic.com
csync.loopme.me
cumbersomecarpenter.com
d.pub.network
dpm.demdex.net
dsum-sec.casalemedia.com
eb2.3lift.com
fonts.googleapis.com
freestar-d.openx.net
freestar-io.videoplayerhub.com
googleads.g.doubleclick.net
hbopenbid.pubmatic.com
ib.adnxs.com
id.hadron.ad.gt
id5-sync.com
ids.ad.gt
ih.adscale.de
image6.pubmatic.com
image8.pubmatic.com
imasdk.googleapis.com
js-sec.indexww.com
lb.eu-1-id5-sync.com
match.adsrvr.org
match.sharethrough.com
optimise.net
p.typekit.net
pagead2.googlesyndication.com
pbs.publishers.tremorhub.com
pixel-sync.sitescout.com
pixel.advertising.com
pixel.quantserve.com
pixel.rubiconproject.com
pr-bh.ybp.yahoo.com
prebid-server.rubiconproject.com
pubads.g.doubleclick.net
region1.analytics.google.com
rr2---sn-h0jeenek.googlevideo.com
rtb.adentifi.com
rtb.gumgum.com
rtb.openx.net
rules.quantcount.com
s.amazon-adsystem.com
s0.2mdn.net
sb.scorecardresearch.com
secure.adnxs.com
secure.cdn.fastclick.net
secure.quantserve.com
securepubads.g.doubleclick.net
serving.stat-rock.com
ssbsync.smartadserver.com
ssum-sec.casalemedia.com
ssum.casalemedia.com
static.adsafeprotected.com
stats.g.doubleclick.net
sync.1rx.io
sync.admanmedia.com
sync.bfmio.com
sync.go.sonobi.com
sync.intentiq.com
sync.richaudience.com
sync.springserve.com
sync.sxp.smartclip.net
sync.taboola.com
sync.teads.tv
tpc.googlesyndication.com
um.simpli.fi
ups.analytics.yahoo.com
use.typekit.net
vid-io-dub.springserve.com
vid-io-iad.springserve.com
vid-io-sin.springserve.com
vid.springserve.com
vpaid.springserve.com
www.google.com
www.google.de
www.googletagmanager.com
www.gstatic.com
www.powerball.com
www.youtube.com
x.bidswitch.net
yt3.ggpht.com
api.intentiq.com
sync.admanmedia.com
104.18.25.18
104.18.26.193
130.211.23.194
141.226.228.48
141.95.98.65
142.250.185.70
142.250.186.34
144.76.28.41
15.197.193.217
162.55.233.29
18.64.79.112
18.66.196.68
184.30.16.195
184.30.211.26
185.64.189.112
185.64.190.78
185.64.190.79
185.86.139.103
2.16.202.74
2.16.97.41
2.18.160.23
2001:4860:4802:32::3
2001:4860:4802:32::36
208.93.169.131
23.212.192.219
2600:1901:0:328a::1
2600:1f18:612b:4216:f80f:eda:bc61:b763
2600:9000:2046:b200:8:48e:53c0:93a1
2600:9000:206f:a200:15:6f6c:b180:93a1
2600:9000:223c:1e00:6:44e3:f8c0:93a1
2606:4700:10::6816:3456
2606:4700:10::6816:34ad
2606:4700:10::6816:445
2606:4700:10::6816:545
2606:4700:20::681a:246
2606:4700:20::681a:78b
2606:4700:20::ac43:4acf
2606:4700:4400::ac40:90a6
2606:4700::6812:14ce
2620:116:800d:21:de2e:c7b3:55c0:d5a0
2620:1ec:46::45
2a00:1450:4001:801::2001
2a00:1450:4001:806::2002
2a00:1450:4001:80b::200a
2a00:1450:4001:80e::2001
2a00:1450:4001:811::200e
2a00:1450:4001:813::200a
2a00:1450:4001:81c::2002
2a00:1450:4001:81c::2003
2a00:1450:4001:827::2002
2a00:1450:4001:82f::2006
2a00:1450:4001:830::2004
2a00:1450:4001:831::2002
2a00:1450:4001:831::2003
2a00:1450:4001:831::2008
2a00:1450:400c:c0b::9d
2a00:1450:4021::7
2a02:26f0:3500:16::215:1495
2a05:d018:d29:3601:5a14:618c:2256:ed23
3.1.235.38
3.120.96.101
3.127.179.56
3.226.127.168
3.71.149.231
3.77.247.132
34.111.152.239
34.160.152.31
34.238.207.167
34.251.64.143
34.91.62.186
35.186.194.101
35.186.253.211
35.214.241.79
35.244.159.8
37.157.6.232
37.252.173.215
46.228.174.117
52.207.39.196
52.222.208.154
52.222.214.42
52.222.253.136
52.46.143.56
52.48.245.75
52.50.110.139
54.229.141.199
63.35.241.233
69.166.1.66
69.173.144.137
69.173.144.165
76.223.111.18
98.98.134.241
99.86.4.128
00abfad887a97127fb0b018cba602fa69c346c2eaaf0cb722b1abb1f8236dd4e
03ab02f1d7040fd5597efcd3c713be60d8c4d9425f863d1f38f00672687e605e
0521f51eafc20f3c9fe88c29186358b8e53ade4dda9e0611bb22f6ac36acb540
054ceb17b4dddff7a4ddf49320792864240ddfdbd90faf567b0902ff4f610cb7
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
0eda13bf855220cdec6aaace454f32733f52fcac0bacb575e459b5b081ee9c52
0fec69e64255f119b5a36ecea1614e1de045e015c7d363f79ab5b0460f0cfefa
13f7d60ab56cc83e0235a2d3a69573104bff1bbc3cbe386bb57063ed59247535
150abf5d65851c215b785dc90f363002897279f75a0f466caa6c92534a20a2d7
151c2951bb1fe452b8b8c4843bd861b9f316264cdfe7da074862e2f4653db1ae
1aee66e2e24e851039801c0dace90f3efb7a1a17b033f7d5bbc12ca7c1d19432
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1d195e2e463c775025c4a78906f6fc2d801b2e7c07a99f7564b8574a729c649c
226644a7351157929407d2498a0786a1309ebc331b805b725676f73ed926c641
241df04a32e1a0a4da58eb35f672c5f0b4e1fa131475803ce3222bf493632d5e
2621499398162b16a8b43211d4f34dda03061cfc6ba59392e8ec0d64157f08e3
2e7717b10cf5f455b916fcf799bb8d9e7430601e413c154339589844e0aeada8
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
36367e0c3f5a8b490bebc5bfc526b10c7d4e4c371eb2b73d438f80f167fb9ca4
373b4038cfb9482c593b99008e0c8de1d09012cd1f4c41d5efe3532f9aad3f7f
3b2ea1c9f3587781b58285cf64279e67f6329a3924fb93f81529f1826e2f4d16
3cf7fc81e14dc1919cec36d558a2d57187130584fb1fa300a7693ef702c938d5
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3ff2cb196c58aa259978595c9811c7d4ee35053926315c3ec1bfcb46800459b9
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
43f804d38a294c6df1ce8ee64fb95ad0ff5a8d6d5685d9537df02212668a1dff
4609ac544849b9f57b805d6af1a9ed12e25427ce936d6d3ef58d0ce64a6b071a
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
48c76c91f2d42a1668fee310da41b7c1f0d97d7ab0fa55fcf794e2cd3e412242
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5063a68a88966cff9baa3bf09bf0352e9c05164c66e9b4ef2c4d5453dc9e1ca7
52f714c3f78011bc97493a37219e75e9edf220b7e9de5e7c3f40d6644c7a3232
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5b5547f74cb04dfc55862739740a416cd238bb5755ddd78458a544e49c42ff9f
5cc0e82d1224771d48d37a24c17c0333ebe8a4427785c8455a52e25254e40a1e
5d0577359952b714e119cc1aa6e318656f7d7c642adb87cc84ff00e87c949dde
5d8f24de649d274c051960845b51a0407362d6b4c80de23985e648d3378708f5
5eaddf3e93295e7f38d6ba7c34521473d972e3a9e0b16500836e8724d69a6eb7
5f20338b9aab2f5f33562eb3b0b23d999896ce426cacd2231b4123510571df4e
61e4cd17cd84adc5ed49ce361925ab89ed9210810bf03c51eb875b7f59d99127
6300f448d738e70ac11f0140df0b3ce91a2de9e0da7fdf09d32d28031600ba51
64a89c76a12a58e89992efdbbde061644eb1566f52b611a977e3b7e9a6ae12d7
6ee69abe38a87fd8aa0867401e1e14d2831eab6dfb1bb2d97abf65ac57cb5705
6f32f4b1aebee55450f9eaea7572be5631167000c60b202e32fd7efe10534e2f
730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
74b03851b17506833b0506eb8292bd9842e5b32aaaccb1b5553fa967b65db792
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
788c13994d09fd809cb431d4a0a2aaba6dd88c9b2ba4c0c9e03345362d9633ec
7a09ae516930e6374ad09e2521f0bafd0c12a32f53bbc0e064e44b6088ec2e7b
7c1b0b0523c8cd715c6a906f13a121cd27392d8e61d58c38c7ceb32ec22e59f4
7ca87464de7a98b33581057aeff1d5e849b1973ea8c989a79b950471341d3a7c
7d37b60b260342e7a23b9f688b93bcf9c1e3f5bbfb3fca66af03ab8e87fcaa77
7db5ae4942bd0ef3655e3c3e6910d662adf80533ea5e5fa94d042de764f39f4f
81a6361b1f6ff5f9f6ca05b773fb993d7b7b3f668635ccba4379fa3ecb9a7e3e
82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb
861aed070db50ce0da9928455deff784c115b44540b09450f225ff7cff0c7429
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8d739c567034bae55021aecfbf0e670543bce75726563fa119a025b7eb2335e4
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
94061a925c5d84bf776554ac894020c407a9a4c89b979d538de3cf45591fe423
98fa96669f1c1e20102e4101636ed3b684bad2766a69eab9195a191815bc65d3
9ab1e5ef8baed1d906b9e8ea4126ad958556881a46150cd6712ad5ebc40f4e46
a04a64eb55c4a16ed352d149385a8ac8d8c2d3291f0e5b59b0f48375443b5f24
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a59e8d8491b501831dd2cb45a4ef16eb2aa3c8c52a80d185d39e257917472bd7
a5d59070ad842a11f9c15f741d8402719a1568cffcc4aea0e490208ec9cbfae9
a7b5f5f96f81dea4efc53e1d4dae8b37c28bec27a45b42ccf604ee759e20caec
af48a2093ada78fcb4263ff2f08d9a519eca1ec0518d8144598716a31fd34b6a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1a65063717196413801187164cad067a3c8b3f1c8d7cf768de32d1230ecdf3c
b4096925f34c85d0c0e934ad77c44165dcd66fecc354c153784d246f00911da5
b450fd6e9e60673f21e7bb98eb3534f29c0a0b9e1674b4cc5f9412411b0830b4
b53f101a59d506ac90fc3a18412f795056ba4388466618d81d28be49b35bab7d
b60f65161ce3517c2794eecab25981c51ffbcbc951a781270403e2f3572d0290
b66b3852ff6dbd325b0ba68ff6e6a86419269ac0a8d0f3f339feba3d9123fac2
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bc4a1fd1e8fa0a18736a77b2da41dddfbccaf134a2f20ac7e7b35ec048639c6c
beb38e3bac529470aa680caa7e119dcbab37691cd3319e04ec2f1db2fa8e775b
bee00c0de85699caa0fd8392e3bd93f8397da30672cb6753bd988bf99867b830
c16fe3e79457494c4b4cac4b153f936ba9415c321547a416ca7ffbc2751a984d
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c96b67edd277b9d12add863bf157c68853eb1429929972195f629cddc8b6b48f
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cd36676894c403569d064d36de9f39e1681d4c2c869313ed868266733b1d9b8a
cebb34b91ef05c9f91a017e4e5aecba2e2f9dab6518af0f2e0c565f25e01a8bc
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d257b7e8f36ae67a426cdfd85775f9d2901d7df30c52c79b20a6434a5d174f7c
d630e5146cbce0c31e2aeaf27927d337286eab2b20bf90b39b1233a3cf7f9eea
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
dc035f4ac86b8f84c5ee5d563bd2d4b1e5961383fd54749814a11791ba4fdafa
dea5eaec75e8e39563b6479a7af04fec813b94c091bd798a223c7948bedc1918
e025571597e574e7fb96a79ed461d4338e09ad63d3401cdd8e5676300ee37eaf
e3a02a96cdf0951e25d837e1956c5ee7d0673577cb161d56939d86ffaddedf98
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e519cc4b7b8fdc64a7aaafc1b808cde266a234205aac0d6c55589c12446d565e
e57ecbca07885a20fc56dbae51642fe0e95b58c96dba6ea1c5cbb15417b9a0df
e77b0e9ecd2ff86b98bfc937dadcfcfb800a66b937dfd0205f32ee8e08d6382a
e950e18cbc9605daa4a97ccb52afa08844cbf87d273c110adcea81daba91ef27
ecc20ed3c5dedbe5bbe73d1e7b14270c65a85f7d0ec4c94c4f0c9f0071e471a2
eceb4fd99e338b96d421f9ac475861d6b31f1f48edae59043f1a003ae011a480
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1096de525ecd4549a0dea1507686fd365db607cddc697686b0f7ce81a9bdbab
f2123e6c9898f6fded69a6b0988ddd1807b3c318f86ea038374009c194ab7fca
f7d95b1a5a90079515eae6cf799993e063f686fc8610f9842197b5f16b8a2222