commandwindows.com Open in urlscan Pro
3.126.196.163 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://cdn-3.commandwindows.com/
Effective URL:
https://commandwindows.com/
Submission: On June 10 via api (June 10th 2021, 5:54:56 pm UTC) from GB

Summary HTTP 430 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 74 IPs in 9 countries across 75 domains to perform 430 HTTP transactions. The main IP is 3.126.196.163, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is commandwindows.com.
TLS certificate: Issued by R3 on May 2nd 2021. Valid for: 3 months.

This is the only time commandwindows.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3033::ac43:818c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
60	3.126.196.163 3.126.196.163	16509 (AMAZON-02) (AMAZON-02)
4	52.222.200.121 52.222.200.121	16509 (AMAZON-02) (AMAZON-02)
19	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
3	2606:4700:303... 2606:4700:3032::ac43:b890	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
1	2600:9000:215... 2600:9000:2156:1800:2:cb38:840:93a1	16509 (AMAZON-02) (AMAZON-02)
34	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
1 2	2a02:2638:1::13 2a02:2638:1::13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.2.146 178.250.2.146	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
8 16	185.33.220.240 185.33.220.240	29990 (ASN-APPNEX) (ASN-APPNEX)
2	51.89.9.253 51.89.9.253	16276 (OVH) (OVH)
1	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
4 14	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
1	2.21.111.28 2.21.111.28	16625 (AKAMAI-AS) (AKAMAI-AS)
1	213.19.147.42 213.19.147.42	3356 (LEVEL3) (LEVEL3)
1 3	2a00:1450:400... 2a00:1450:4001:812::2008	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c00::9c	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:802::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::200a	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::200d	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
39	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
21	2a00:1450:400... 2a00:1450:4001:810::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
1	51.89.21.30 51.89.21.30	16276 (OVH) (OVH)
2	151.101.13.108 151.101.13.108	54113 (FASTLY) (FASTLY)
6 17	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2.18.233.180 2.18.233.180	16625 (AKAMAI-AS) (AKAMAI-AS)
1 3	2a00:1288:110... 2a00:1288:110:c305::8000	34010 (YAHOO-IRD) (YAHOO-IRD)
5 5	18.159.182.76 18.159.182.76	16509 (AMAZON-02) (AMAZON-02)
8 9	18.195.177.11 18.195.177.11	16509 (AMAZON-02) (AMAZON-02)
1 1	51.68.39.188 51.68.39.188	16276 (OVH) (OVH)
3 4	52.209.246.140 52.209.246.140	16509 (AMAZON-02) (AMAZON-02)
26 55	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
3 3	185.29.135.226 185.29.135.226	30419 (MEDIAMATH...) (MEDIAMATH-INC)
3 4	2620:116:800d... 2620:116:800d:21:8c6e:cf2c:8d6:9fb5	16509 (AMAZON-02) (AMAZON-02)
6 7	37.157.4.41 37.157.4.41	198622 (ADFORM) (ADFORM)
5 8	76.223.111.131 76.223.111.131	16509 (AMAZON-02) (AMAZON-02)
1 2	52.46.130.13 52.46.130.13	16509 (AMAZON-02) (AMAZON-02)
1	192.132.33.46 192.132.33.46	18568 (BIDTELLECT) (BIDTELLECT)
2 3	104.111.242.53 104.111.242.53	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	193.0.160.129 193.0.160.129	54312 (ROCKETFUEL) (ROCKETFUEL)
1 1	54.74.23.153 54.74.23.153	16509 (AMAZON-02) (AMAZON-02)
1	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
3 3	213.155.156.166 213.155.156.166	1299 (TELIANET ...) (TELIANET Telia Carrier)
20	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	178.250.2.151 178.250.2.151	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3 3	85.114.159.93 85.114.159.93	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1	185.86.138.144 185.86.138.144	201081 (SMARTADSE...) (SMARTADSERVER)
5 5	213.19.147.45 213.19.147.45	3356 (LEVEL3) (LEVEL3)
1 1	162.55.6.210 162.55.6.210	24940 (HETZNER-AS) (HETZNER-AS)
1 1	94.23.171.206 94.23.171.206	16276 (OVH) (OVH)
1	2606:4700:20:... 2606:4700:20::ac43:4a81	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	72.251.241.196 72.251.241.196	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
1 2	2606:4700::68... 2606:4700::6812:c05	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	198.148.27.140 198.148.27.140	19189 (PULSEPOINT) (PULSEPOINT)
1 2	199.232.137.44 199.232.137.44	54113 (FASTLY) (FASTLY)
2	185.64.190.81 185.64.190.81	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 3	51.210.112.236 51.210.112.236	16276 (OVH) (OVH)
2 2	52.30.140.199 52.30.140.199	16509 (AMAZON-02) (AMAZON-02)
2 2	18.198.126.47 18.198.126.47	16509 (AMAZON-02) (AMAZON-02)
1 2	159.253.128.183 159.253.128.183	36351 (SOFTLAYER) (SOFTLAYER)
1 1	18.156.0.31 18.156.0.31	16509 (AMAZON-02) (AMAZON-02)
2 2	35.210.53.219 35.210.53.219	19527 (GOOGLE-2) (GOOGLE-2)
2 2	151.101.114.49 151.101.114.49	54113 (FASTLY) (FASTLY)
2 3	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (TURN) (TURN)
1	2a02:fa8:8806... 2a02:fa8:8806:12::1370	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1 1	178.62.202.251 178.62.202.251	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1 2	66.155.71.25 66.155.71.25	13768 (COGECO-PEER1) (COGECO-PEER1)
1 1	34.98.107.212 34.98.107.212	15169 (GOOGLE) (GOOGLE)
1 1	52.208.41.69 52.208.41.69	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
4	18.156.95.187 18.156.95.187	16509 (AMAZON-02) (AMAZON-02)
10	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
1 2	52.49.15.202 52.49.15.202	16509 (AMAZON-02) (AMAZON-02)
2 5	142.250.185.230 142.250.185.230	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:82a::2006	15169 (GOOGLE) (GOOGLE)
3	34.249.39.204 34.249.39.204	16509 (AMAZON-02) (AMAZON-02)
5	18.195.222.183 18.195.222.183	16509 (AMAZON-02) (AMAZON-02)
8	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
2 2	72.251.244.142 72.251.244.142	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
2 2	18.195.105.17 18.195.105.17	16509 (AMAZON-02) (AMAZON-02)
16	2a02:26f0:6c0... 2a02:26f0:6c00:286::4469	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	104.244.36.20 104.244.36.20	7415 (ADSAFE-1) (ADSAFE-1)
2 4	184.31.88.106 184.31.88.106	16625 (AKAMAI-AS) (AKAMAI-AS)
16	213.254.244.17 213.254.244.17	36062 (DOUBLE-VE...) (DOUBLE-VERIFY)
1 1	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
2 2	216.52.2.39 216.52.2.39	30282 (AS-INAPCD...) (AS-INAPCDN-OCY)
2 2	52.58.194.104 52.58.194.104	16509 (AMAZON-02) (AMAZON-02)
2 3	185.86.137.122 185.86.137.122	201081 (SMARTADSE...) (SMARTADSERVER)
1	2a00:1450:400... 2a00:1450:4001:827::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2004	15169 (GOOGLE) (GOOGLE)
1 1	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
1 2	3.124.222.92 3.124.222.92	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba2a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
1 1	52.222.174.45 52.222.174.45	16509 (AMAZON-02) (AMAZON-02)
1	213.254.244.21 213.254.244.21	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
430	74

1 2606:4700:3033::ac43:818c (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

cdn-3.commandwindows.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

60 3.126.196.163 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com

commandwindows.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.222.200.121 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-200-121.cdg50.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3032::ac43:b890 (United States)

ASN13335 (CLOUDFLARENET, US)

go.ezodn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ezodn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
g.ezodn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:1800:2:cb38:840:93a1 (United States)

ASN16509 (AMAZON-02, US)

go.ezoic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

34 142.250.185.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:1::13 (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 185.33.220.240 (Amsterdam, Netherlands) 8 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 717.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.89.9.253 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip253.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 34.98.64.218 (Kansas City, United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

ezoic-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.21.111.28 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-21-111-28.deploy.static.akamaitechnologies.com

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.19.147.42 (United Kingdom)

ASN3356 (LEVEL3, US)

tag.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:812::2008 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:802::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::200d (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

39 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a00:1450:4001:810::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.89.21.30 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: p25.id5-sync.com

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.13.108 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2.18.234.21 (Frankfurt am Main, Germany) 6 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.233.180 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-180.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1288:110:c305::8000 (United Kingdom) 1 redirects

ASN34010 (YAHOO-IRD, GB)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 18.159.182.76 (Frankfurt am Main, Germany) 5 redirects

ASN16509 (AMAZON-02, US)

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 18.195.177.11 (Frankfurt am Main, Germany) 8 redirects

ASN16509 (AMAZON-02, US)

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.68.39.188 (France) 1 redirects

ASN16276 (OVH, FR)

dsp.nrich.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.209.246.140 (Dublin, Ireland) 3 redirects

ASN16509 (AMAZON-02, US)

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

55 142.250.184.194 (United States) 26 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.29.135.226 (United Kingdom) 3 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:116:800d:21:8c6e:cf2c:8d6:9fb5 (United States) 3 redirects

ASN16509 (AMAZON-02, US)

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 37.157.4.41 (Denmark) 6 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 76.223.111.131 (United States) 5 redirects

ASN16509 (AMAZON-02, US)
PTR: a97adde81b00f2ca4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.46.130.13 (Ashburn, United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.132.33.46 (United States)

ASN18568 (BIDTELLECT, US)
PTR: 46.bidtellect.com

bttrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.111.242.53 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-242-53.deploy.static.akamaitechnologies.com

px.owneriq.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.129 (United States) 1 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.74.23.153 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-74-23-153.eu-west-1.compute.amazonaws.com

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.78 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 213.155.156.166 (Sweden) 3 redirects

ASN1299 (TELIANET Telia Carrier, SE)

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.151 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 85.114.159.93 (Germany) 3 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.138.144 (France)

ASN201081 (SMARTADSERVER, FR)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 213.19.147.45 (United Kingdom) 5 redirects

ASN3356 (LEVEL3, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.55.6.210 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.210.6.55.162.clients.your-server.de

csync.loopme.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.23.171.206 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ip206.ip-94-23-171.eu

green.erne.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::ac43:4a81 (United States)

ASN13335 (CLOUDFLARENET, US)

ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 72.251.241.196 (Amsterdam, Netherlands)

ASN29791 (VOXEL-DOT-NET, US)

cm.adgrx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:c05 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.148.27.140 (New York, United States) 2 redirects

ASN19189 (PULSEPOINT, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 199.232.137.44 (Frankfurt am Main, Germany) 1 redirects

ASN54113 (FASTLY, US)

trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
match.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.190.81 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.210.112.236 (France) 2 redirects

ASN16276 (OVH, FR)
PTR: ns3175227.ip-51-210-112.eu

pixel.onaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.30.140.199 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.198.126.47 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-198-126-47.eu-central-1.compute.amazonaws.com

loada.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 159.253.128.183 (Amsterdam, Netherlands) 1 redirects

ASN36351 (SOFTLAYER, US)
PTR: b7.80.fd9f.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.156.0.31 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.210.53.219 (Brussels, Belgium) 2 redirects

ASN19527 (GOOGLE-2, US)

pool.admedo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.114.49 (Frankfurt am Main, Germany) 2 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2001:678:cb4:bbbb::11 (United Kingdom) 2 redirects

ASN56396 (TURN, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:12::1370 (United States)

ASN41041 (VCLK-EU-SE, US)

pubmatic-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.62.202.251 (Amsterdam, Netherlands) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

match.adsby.bidtheatre.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 66.155.71.25 (Portsmouth, United Kingdom) 1 redirects

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.107.212 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)

ads.playground.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.208.41.69 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

rtb.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.156.95.187 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

g.ezoic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.49.15.202 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-15-202.eu-west-1.compute.amazonaws.com

pixel.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.185.230 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:82a::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.249.39.204 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-249-39-204.eu-west-1.compute.amazonaws.com

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 18.195.222.183 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

red.vtracy.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.185.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 72.251.244.142 (Amsterdam, Netherlands) 2 redirects

ASN29791 (VOXEL-DOT-NET, US)

tracking.m6r.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.195.105.17 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

ads.creative-serving.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a02:26f0:6c00:286::4469 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

cdn.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn3.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.36.20 (United States)

ASN7415 (ADSAFE-1, US)

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 184.31.88.106 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a184-31-88-106.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 213.254.244.17 (United States)

ASN36062 (DOUBLE-VERIFY, US)

rtb0.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tps20517.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tps.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tps20513.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tps20227.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tps20222.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tps20225.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.0.66 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.52.2.39 (United States) 2 redirects

ASN30282 (AS-INAPCDN-OCY, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.58.194.104 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.86.137.122 (France) 2 redirects

ASN201081 (SMARTADSERVER, FR)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.124.222.92 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)

d.adtriba.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00::210:ba2a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

code.createjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.174.45 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-52-222-174-45.cdg50.r.cloudfront.net

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.254.244.21 (United States)

ASN3257 (GTT-BACKBONE GTT, US)

tps20229.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
105	doubleclick.net 28 redirects securepubads.g.doubleclick.net stats.g.doubleclick.net cm.g.doubleclick.net googleads.g.doubleclick.net ad.doubleclick.net googleads4.g.doubleclick.net	306 KB
66	googlesyndication.com 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	272 KB
61	commandwindows.com 1 redirects cdn-3.commandwindows.com commandwindows.com	159 KB
33	doubleverify.com cdn.doubleverify.com cdn3.doubleverify.com rtb0.doubleverify.com tps20517.doubleverify.com tps.doubleverify.com tps20513.doubleverify.com tps20227.doubleverify.com tps20222.doubleverify.com tps20225.doubleverify.com tps20229.doubleverify.com	424 KB
29	google.com adservice.google.com apis.google.com accounts.google.com www.google.com	132 KB
26	pubmatic.com hbopenbid.pubmatic.com ads.pubmatic.com image6.pubmatic.com image2.pubmatic.com simage2.pubmatic.com image4.pubmatic.com	33 KB
18	adnxs.com 8 redirects ib.adnxs.com acdn.adnxs.com secure.adnxs.com	50 KB
17	google.de adservice.google.de	2 KB
16	casalemedia.com 6 redirects htlb.casalemedia.com ssum-sec.casalemedia.com dsum-sec.casalemedia.com	24 KB
14	openx.net 4 redirects ezoic-d.openx.net eu-u.openx.net us-u.openx.net	3 KB
13	2mdn.net s0.2mdn.net	465 KB
11	googletagservices.com www.googletagservices.com	233 KB
9	bidswitch.net 8 redirects x.bidswitch.net	3 KB
8	adsrvr.org 5 redirects match.adsrvr.org	3 KB
7	adsafeprotected.com 1 redirects pixel.adsafeprotected.com static.adsafeprotected.com dt.adsafeprotected.com	93 KB
7	adform.net 6 redirects c1.adform.net	4 KB
6	amazon-adsystem.com 1 redirects c.amazon-adsystem.com s.amazon-adsystem.com	37 KB
5	vtracy.de red.vtracy.de	19 KB
5	w55c.net 5 redirects pm.w55c.net	4 KB
5	criteo.com 1 redirects gum.criteo.com mug.criteo.com dis.criteo.com	2 KB
5	ezoic.net go.ezoic.net g.ezoic.net	2 KB
4	teads.tv 2 redirects sync.teads.tv	830 B
4	smartadserver.com 2 redirects rtb-csync.smartadserver.com ssbsync.smartadserver.com	1 KB
4	quantserve.com 3 redirects pixel.quantserve.com cms.quantserve.com	2 KB
4	bidr.io 3 redirects match.prod.bidr.io	2 KB
4	yahoo.com 2 redirects pr-bh.ybp.yahoo.com ups.analytics.yahoo.com	3 KB
4	1rx.io 3 redirects tag.1rx.io sync.1rx.io	2 KB
3	turn.com 2 redirects ad.turn.com r.turn.com	1 KB
3	onaudience.com 2 redirects pixel.onaudience.com	1 KB
3	adition.com 3 redirects dsp.adfarm1.adition.com	2 KB
3	de17a.com 3 redirects d5p.de17a.com	980 B
3	owneriq.net 2 redirects px.owneriq.net	1 KB
3	mathtag.com 3 redirects sync.mathtag.com	2 KB
3	google-analytics.com 1 redirects ssl.google-analytics.com	17 KB
3	ezodn.com go.ezodn.com ezodn.com g.ezodn.com	163 KB
2	adtriba.com 1 redirects d.adtriba.com	757 B
2	3lift.com 2 redirects eb2.3lift.com	942 B
2	lijit.com 2 redirects ap.lijit.com	1 KB
2	creative-serving.com 2 redirects ads.creative-serving.com	1 KB
2	m6r.eu 2 redirects tracking.m6r.eu	1 KB
2	sitescout.com 1 redirects pixel-sync.sitescout.com	528 B
2	everesttech.net 2 redirects sync-tm.everesttech.net	742 B
2	admedo.com 2 redirects pool.admedo.com	718 B
2	simpli.fi 1 redirects um.simpli.fi	1 KB
2	exelator.com 2 redirects loada.exelator.com	2 KB
2	crwdcntrl.net 2 redirects sync.crwdcntrl.net	989 B
2	taboola.com 1 redirects trc.taboola.com match.taboola.com	559 B
2	contextweb.com 2 redirects bh.contextweb.com	880 B
2	tribalfusion.com 1 redirects a.tribalfusion.com s.tribalfusion.com	1 KB
2	unrulymedia.com 2 redirects sync.targeting.unrulymedia.com	1 KB
2	indexww.com js-sec.indexww.com	2 KB
2	onetag-sys.com onetag-sys.com	1 KB
1	smaato.net 1 redirects s.ad.smaato.net	431 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com	463 B
1	createjs.com code.createjs.com	63 KB
1	ctnsnet.com 1 redirects gcm.ctnsnet.com	477 B
1	googletagmanager.com www.googletagmanager.com	31 KB
1	travelaudience.com 1 redirects ads.travelaudience.com	611 B
1	gumgum.com 1 redirects rtb.gumgum.com	337 B
1	playground.xyz 1 redirects ads.playground.xyz	485 B
1	bidtheatre.com 1 redirects match.adsby.bidtheatre.com	550 B
1	dotomi.com pubmatic-match.dotomi.com	104 B
1	adgrx.com cm.adgrx.com	408 B
1	ad4m.at ad4m.at	1009 B
1	erne.co 1 redirects green.erne.co	327 B
1	loopme.me 1 redirects csync.loopme.me	212 B
1	adroll.com 1 redirects d.adroll.com	112 B
1	rfihub.com 1 redirects p.rfihub.com	774 B
1	bttrack.com bttrack.com	380 B
1	nrich.ai 1 redirects dsp.nrich.ai	486 B
1	id5-sync.com id5-sync.com	536 B
1	gstatic.com ssl.gstatic.com	5 KB
1	googleapis.com ajax.googleapis.com	30 KB
0	wbtrk.net Failed um.wbtrk.net Failed
0	netmng.com Failed google2waycm.netmng.com Failed
430	75

	Domain	Requested by
60	commandwindows.com	commandwindows.com
55	cm.g.doubleclick.net	26 redirects eu-u.openx.net googleads.g.doubleclick.net 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
40	pagead2.googlesyndication.com	commandwindows.com tpc.googlesyndication.com securepubads.g.doubleclick.net 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com googleads.g.doubleclick.net ad.doubleclick.net www.googletagservices.com
28	securepubads.g.doubleclick.net	commandwindows.com securepubads.g.doubleclick.net
21	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com googleads.g.doubleclick.net
19	adservice.google.com	commandwindows.com securepubads.g.doubleclick.net 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
17	adservice.google.de	securepubads.g.doubleclick.net
15	ib.adnxs.com	7 redirects go.ezodn.com acdn.adnxs.com googleads.g.doubleclick.net
14	cdn.doubleverify.com	977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com cdn.doubleverify.com commandwindows.com ad.doubleclick.net
13	s0.2mdn.net	commandwindows.com s0.2mdn.net 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
13	simage2.pubmatic.com	ads.pubmatic.com
12	dsum-sec.casalemedia.com	5 redirects ssum-sec.casalemedia.com googleads.g.doubleclick.net
11	www.googletagservices.com	securepubads.g.doubleclick.net 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com www.googletagservices.com cdn.doubleverify.com
9	x.bidswitch.net	8 redirects 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
8	googleads4.g.doubleclick.net	commandwindows.com ad.doubleclick.net
8	googleads.g.doubleclick.net	977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com commandwindows.com
8	match.adsrvr.org	5 redirects eu-u.openx.net ssum-sec.casalemedia.com 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
8	us-u.openx.net	3 redirects eu-u.openx.net googleads.g.doubleclick.net
7	image2.pubmatic.com	ads.pubmatic.com
7	c1.adform.net	6 redirects ads.pubmatic.com
6	apis.google.com	commandwindows.com apis.google.com accounts.google.com
5	red.vtracy.de	s0.2mdn.net 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
5	ad.doubleclick.net	2 redirects www.googletagservices.com
5	pm.w55c.net	5 redirects
5	eu-u.openx.net	1 redirects go.ezodn.com eu-u.openx.net
5	977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
4	tps.doubleverify.com	cdn.doubleverify.com
4	sync.teads.tv	2 redirects googleads.g.doubleclick.net
4	g.ezoic.net	commandwindows.com
4	match.prod.bidr.io	3 redirects eu-u.openx.net
4	c.amazon-adsystem.com	commandwindows.com c.amazon-adsystem.com
3	ssbsync.smartadserver.com	2 redirects
3	tps20517.doubleverify.com	977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
3	static.adsafeprotected.com	pixel.adsafeprotected.com 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
3	pixel.onaudience.com	2 redirects ads.pubmatic.com
3	sync.1rx.io	3 redirects
3	dsp.adfarm1.adition.com	3 redirects
3	d5p.de17a.com	3 redirects
3	px.owneriq.net	2 redirects ssum-sec.casalemedia.com
3	sync.mathtag.com	3 redirects
3	pr-bh.ybp.yahoo.com	1 redirects eu-u.openx.net ads.pubmatic.com
3	ssum-sec.casalemedia.com	1 redirects js-sec.indexww.com ssum-sec.casalemedia.com
3	www.google.com	tpc.googlesyndication.com 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
3	ssl.google-analytics.com	1 redirects commandwindows.com
2	d.adtriba.com	1 redirects 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
2	tps20222.doubleverify.com	cdn.doubleverify.com
2	tps20227.doubleverify.com	cdn.doubleverify.com
2	tps20513.doubleverify.com	977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
2	eb2.3lift.com	2 redirects
2	ap.lijit.com	2 redirects
2	rtb0.doubleverify.com	cdn.doubleverify.com
2	cdn3.doubleverify.com	cdn.doubleverify.com
2	dt.adsafeprotected.com	977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
2	ads.creative-serving.com	2 redirects
2	tracking.m6r.eu	2 redirects
2	cms.quantserve.com	1 redirects 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
2	pixel.adsafeprotected.com	1 redirects 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
2	pixel-sync.sitescout.com	1 redirects 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
2	ad.turn.com	2 redirects
2	sync-tm.everesttech.net	2 redirects
2	pool.admedo.com	2 redirects
2	um.simpli.fi	1 redirects ads.pubmatic.com
2	loada.exelator.com	2 redirects
2	sync.crwdcntrl.net	2 redirects
2	image4.pubmatic.com	ads.pubmatic.com
2	bh.contextweb.com	2 redirects
2	sync.targeting.unrulymedia.com	2 redirects
2	s.amazon-adsystem.com	1 redirects ssum-sec.casalemedia.com
2	pixel.quantserve.com	2 redirects
2	ads.pubmatic.com	go.ezodn.com ads.pubmatic.com
2	js-sec.indexww.com	go.ezodn.com ssum-sec.casalemedia.com
2	acdn.adnxs.com	go.ezodn.com
2	onetag-sys.com	go.ezodn.com
2	mug.criteo.com	commandwindows.com
2	gum.criteo.com	1 redirects
1	tps20229.doubleverify.com	cdn.doubleverify.com
1	tps20225.doubleverify.com	cdn.doubleverify.com
1	s.ad.smaato.net	1 redirects
1	pixel.rubiconproject.com	1 redirects
1	code.createjs.com	s0.2mdn.net
1	gcm.ctnsnet.com	1 redirects
1	www.googletagmanager.com	commandwindows.com
1	ads.travelaudience.com	1 redirects
1	r.turn.com
1	rtb.gumgum.com	1 redirects
1	secure.adnxs.com	1 redirects
1	ads.playground.xyz	1 redirects
1	match.adsby.bidtheatre.com	1 redirects
1	pubmatic-match.dotomi.com	ads.pubmatic.com
1	ups.analytics.yahoo.com	1 redirects
1	match.taboola.com	ads.pubmatic.com
1	trc.taboola.com	1 redirects
1	s.tribalfusion.com	ads.pubmatic.com
1	a.tribalfusion.com	1 redirects
1	cm.adgrx.com	ads.pubmatic.com
1	ad4m.at	ads.pubmatic.com
1	green.erne.co	1 redirects
1	csync.loopme.me	1 redirects
1	rtb-csync.smartadserver.com	ads.pubmatic.com
1	dis.criteo.com	ads.pubmatic.com
1	image6.pubmatic.com	ads.pubmatic.com
1	d.adroll.com	1 redirects
1	p.rfihub.com	1 redirects
1	bttrack.com	ssum-sec.casalemedia.com
1	dsp.nrich.ai	1 redirects
1	id5-sync.com	commandwindows.com
1	ssl.gstatic.com	accounts.google.com
1	accounts.google.com	apis.google.com
1	g.ezodn.com	ezodn.com
1	ajax.googleapis.com	commandwindows.com
1	stats.g.doubleclick.net	commandwindows.com
1	tag.1rx.io	go.ezodn.com
1	htlb.casalemedia.com	go.ezodn.com
1	ezoic-d.openx.net	go.ezodn.com
1	hbopenbid.pubmatic.com	go.ezodn.com
1	ezodn.com	commandwindows.com
1	go.ezoic.net	commandwindows.com
1	go.ezodn.com	commandwindows.com
1	cdn-3.commandwindows.com	1 redirects
0	um.wbtrk.net Failed	977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
0	google2waycm.netmng.com Failed	977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
430	121

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.ezoic.com
g.ezoic.net

Subject Issuer	Validity	Valid
commandwindows.com R3	`2021-05-02` - `2021-07-31`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2020-08-04` - `2021-08-02`	a year	crt.sh
*.google.com GTS CA 1O1	`2021-05-17` - `2021-08-09`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-05` - `2021-08-05`	a year	crt.sh
*.apis.google.com GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
*.ezoic.net Amazon	`2021-02-15` - `2022-03-16`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-04-14` - `2021-07-12`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
onetag-sys.com R3	`2021-05-02` - `2021-07-31`	3 months	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2020-12-07` - `2021-12-14`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2020-06-18` - `2021-08-17`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
*.1rx.io Sectigo RSA Domain Validation Secure Server CA	`2021-06-01` - `2022-07-02`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-05-10` - `2021-08-02`	3 months	crt.sh
accounts.google.com GTS CA 1O1	`2021-05-17` - `2021-08-09`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
*.id5-sync.com R3	`2021-06-01` - `2021-08-30`	3 months	crt.sh
cdn.adnxs.com GlobalSign Organization Validated CA - SHA256 - G4	`2021-05-10` - `2022-06-11`	a year	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-03-29` - `2021-09-22`	6 months	crt.sh
*.match.prod.bidr.io Amazon	`2021-02-26` - `2022-03-27`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
s.amazon-adsystem.com Amazon	`2020-08-28` - `2021-08-20`	a year	crt.sh
*.bttrack.com Sectigo RSA Domain Validation Secure Server CA	`2021-03-29` - `2022-03-29`	a year	crt.sh
*.owneriq.net GeoTrust RSA CA 2018	`2021-01-29` - `2022-02-02`	a year	crt.sh
track.adform.net DigiCert SHA2 Secure Server CA	`2019-09-16` - `2021-09-20`	2 years	crt.sh
*.smartadserver.com DigiCert ECC Secure Server CA	`2020-01-30` - `2022-02-03`	2 years	crt.sh
public1.adgear.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-24` - `2022-03-26`	a year	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-25` - `2021-12-26`	a year	crt.sh
*.onaudience.com Certyfikat SSL	`2021-05-28` - `2022-05-28`	a year	crt.sh
*.simpli.fi DigiCert SHA2 Secure Server CA	`2019-09-18` - `2021-12-12`	2 years	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2019-06-19` - `2021-08-31`	2 years	crt.sh
ezoic.net R3	`2021-05-23` - `2021-08-21`	3 months	crt.sh
fw.adsafeprotected.com Amazon	`2020-09-09` - `2021-10-09`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
static.adsafeprotected.com Amazon	`2021-01-06` - `2022-02-04`	a year	crt.sh
vtracy.de Amazon	`2021-05-25` - `2022-06-23`	a year	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2020-04-23` - `2022-05-04`	2 years	crt.sh
*.doubleverify.com DigiCert SHA2 Secure Server CA	`2021-01-10` - `2022-01-17`	a year	crt.sh
*.adsafeprotected.com Sectigo RSA Domain Validation Secure Server CA	`2021-05-26` - `2022-06-17`	a year	crt.sh
teads.tv R3	`2021-06-04` - `2021-09-02`	3 months	crt.sh
*.turn.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-03-31` - `2022-03-31`	a year	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
*.sitescout.com RapidSSL RSA CA 2018	`2020-01-15` - `2022-02-02`	2 years	crt.sh
*.adtriba.com Amazon	`2021-05-31` - `2022-06-29`	a year	crt.sh
tls.adobe.com DigiCert SHA2 Secure Server CA	`2020-06-01` - `2022-06-06`	2 years	crt.sh

This page contains 55 frames:

Primary Page: https://commandwindows.com/
Frame ID: 506B598C6C5410979C2E155E916954AB
Requests: 161 HTTP requests in this frame

Frame: https://apis.google.com/se/0/_/+1/fastbutton
Frame ID: 9AD1C15D3DA428D6CD6CD4491F350CAE
Requests: 1 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fcommandwindows.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.p7L79FLXQCw.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCO6hl1EejjzC-wrWbDdgTxPi0Gs8g%2Fm%3D__features__
Frame ID: 606B12A0F20FABD29F18665278CA83F8
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/223/runner.html
Frame ID: 27B3FA6AAEFB138305D030107AF187F6
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: F30018B910400227613CE98F425662AB
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 220F3A5B2D91E9CA322DCF11329D3AD9
Requests: 3 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 23CAC7D5B27E2913840C78E5633BCE08
Requests: 3 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 611B0420B607D876E4A5C732E4DC0D98
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=4a396f87-5bac-47c7-9375-0b25be4ee393&gdpr=1
Frame ID: A6DBEEA89AC7243E9B17F3B16EF5C7F3
Requests: 11 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?cb=1623347677883
Frame ID: 01C5F3292C8BA4316443D10651C1FED5
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 2DD71129BCEA9A44648844B95FA6AB86
Requests: 23 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?d=https://commandwindows.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Frame ID: F59981E30C2463F67872771FC4235193
Requests: 10 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?party=14&cid=F1CD59C8-E53B-46F7-B654-6BC248B52C93
Frame ID: 03A4CC1BD7B1291578A737D4BA2B1FCD
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=7403594025401785366
Frame ID: DB925E7C29997BEDF4D78F58FC576308
Requests: 1 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: B938C788327C5A8AEA2A9AC6F973AB8D
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6972225204234614934
Frame ID: D7ADFD3FD58E8A40EADFF99EB671C04D
Requests: 1 HTTP requests in this frame

Frame: https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AACQOU7BhKQAADK-Iz0boA&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Cpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dpm%26bee_sync_hop_count%3D1%26userid%3DSMART_USER_ID
Frame ID: 9C83CCFF1BF525558BC2FDB5ABAEF7A2
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-9368bf31-3d13-4d3c-99cd-0556af1c188b-003
Frame ID: 89853133363DFA5F77D910BBA25524F9
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie=$UID&gdpr=0
Frame ID: 4AD9A5D61D2AD01F51AD6030E28C26C9
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=rNxJybajNtySVMbjbdNGW9Fy
Frame ID: E0F2BD5539304C9004A234870522A08A
Requests: 1 HTTP requests in this frame

Frame: https://ad4m.at/ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID
Frame ID: 58DC0DC6C1217AE463A62CAA6D87B4A6
Requests: 1 HTTP requests in this frame

Frame: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Frame ID: 5B068CBB3D0C6284290C7848CD4E269B
Requests: 1 HTTP requests in this frame

Frame: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Frame ID: 39A319253882911E196901E508F8BC02
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&ev=1&piggybackCookie=F22MtTMB0OFs&pid=557219
Frame ID: 6B765D1DDA73892EC60D4CDEEF609779
Requests: 1 HTTP requests in this frame

Frame: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=f0b7b4c5-27ec-4412-b252-ec1ab430bfcb-tuct7bbd762&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Frame ID: 5FEC296F4D06B3C48A5EF44EEADD1542
Requests: 1 HTTP requests in this frame

Frame: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: B0767657B0A4386A1FACD7DAADA6CBC5
Requests: 29 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CK0CELqMgMoCGNaulqUBMAE&v=APEucNVKLxgX7oJzYtVSgNaZcwtlO2c6-i1SS59pmczN0Db9kcBTeJxo0EESRs1I6r90wso1n4HLVle2P04TPwahCJErR6PT7TCDZPVqQ2ZRQgouPyvhqmSc1lc_pLtBogyzTEXeWlWo2rkWXRA0eHmpyaOJAc1LRaZ6uwwjT9YfvKWHqUgX6ho
Frame ID: C4EEF3799740F7A8C51214C031603413
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 58CE9FF6C254F9B74FC3E732579099AA
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 2D0B9E8265D7960E809592B67E930A1C
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 2BD847E79B93CE061363AD0F29B638AC
Requests: 3 HTTP requests in this frame

Frame: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: AB0DD0F745AD0FE60A87D27AF1384A35
Requests: 27 HTTP requests in this frame

Frame: https://s0.2mdn.net/10750551/1619025177041/Suewag_ServiceApp_MotivZ_728x90/index.html
Frame ID: 5CEA7256BB1FBEE4DB34D94DD9C32905
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQw7j0ARiO-M6ZATAB&v=APEucNXAnZN-4HNFaK0t4huePmAt3EXgoNDK1qlGaV0mzZkzYeKWqYZz_5HlcSd-Ls8YjiNLI6TIR8Ja1cne4YHwbQK6uSoPgknehs_LWc4FvKKVZIQnN8dA1ZJu2kB28VbAi2rFsCJyPCXK9JsfRs_MF-xzrPBE1NkR5gakCZ41vUjvnwWMAoc
Frame ID: D92569E9EB07B6B6A4AED06886523C5E
Requests: 5 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.5.js
Frame ID: 9ABDB7C1C2D46615BB533D1E1AE6CF4A
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 9DDFE0A1634DB2F2FD7EA472A92F7959
Requests: 3 HTTP requests in this frame

Frame: https://cdn3.doubleverify.com/bst2tv3.html
Frame ID: 2686040CE8B0807E1EAD1A346F4A9390
Requests: 1 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-match6.js
Frame ID: 24973C614B995FD18FAB9F973D72CB2B
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: AA7102A626EF64B07799D2CB2D05D5F1
Requests: 3 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements1425.js
Frame ID: 42040C8B9246C114E33A3952B670E9F3
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 262CFC3EB58BC7E6A946CC60F4932884
Requests: 9 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements1425.js
Frame ID: 0EAE2BD4B6B03F3D3F284A1569BB4D28
Requests: 4 HTTP requests in this frame

Frame: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: C46C3969D6CFBE6F7D328CB3DEA17BDA
Requests: 26 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQw7j0ARin186ZATAB&v=APEucNW_m4addizt27IBaWlcdsgI9UR0aZ86WBsdwpKnwLFt-Mh2C-m58RoN8i8RHzdS-AnWC-t_sPc-vlkI0zTKlPW7bWSYhdRlyGHxsuXniRS14EgpYxg67ubhijVTgwX9gl0IjiiOnJxKz9H2ewB0cwyO022Hids-4e9iGP7wz7nxLiODaZs
Frame ID: B1524ED6E060BC8C13E55F4757151E3B
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: C9AC8DAD1C71D6CC7095238C8B0A42B3
Requests: 3 HTTP requests in this frame

Frame: https://cdn3.doubleverify.com/bst2tv3.html
Frame ID: 9D8240CA387A2655D5709CBFE0E06C63
Requests: 1 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-match6.js
Frame ID: 20FB58D65433EE6B2BAA19C56724861D
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 2767CB222085B8E495CCF302C5A0FD7C
Requests: 3 HTTP requests in this frame

Frame: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: CF70F08AAC36017F901FBFE11AEC3676
Requests: 14 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements1425.js
Frame ID: 5F4A561515E2916527D9E1C982F29E31
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: DF47284A01371179C97BB21B74BA4D8F
Requests: 8 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements1425.js
Frame ID: 52EFAC2BDA66A56D88A0F92B8B4D2F90
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COD5IRCYs44CGIDB8KwBMAE&v=APEucNVQ3C0u2X9qhY1Xe8xSW1BWbHZYr_PfE707jOkCIwFf4ixgHROfmQojwVujTLDzM0mPNzQhOT0sMlWE5aFYrx_fBApkWfOLNCEO2pD7sqs71t5UW5Xu-2CrUIHNSgqBRmdb_GpJjNRy7iYeMEfvTjrx-6v1cdq79nbSGKbuS5hp8GyjLqA
Frame ID: 8AD494893E9D7C755BC97037A3566A8F
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: CE20D7F0A12902910F3A57EA768479BA
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/9342312/1623245861579/300x600.html
Frame ID: 0BDCAA3B873AFD5BAF528BCC18A86226
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 8F767830395B17C578D040A375C633E4
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://cdn-3.commandwindows.com/ HTTP 301
https://commandwindows.com/ Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

430
Requests

99 %
HTTPS

30 %
IPv6

75
Domains

121
Subdomains

74
IPs

9
Countries

2558 kB
Transfer

7603 kB
Size

24
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: http://www.facebook.com/347666755331627
Title:

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=https%3A%2F%2Fcommandwindows.com%2F
Title:

Search URL Search Domain Scan URL

URL: https://www.ezoic.com/what-is-ezoic/

Search URL Search Domain Scan URL

URL: https://g.ezoic.net/privacy/commandwindows.com
Title: Privacy Policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://cdn-3.commandwindows.com/ HTTP 301
https://commandwindows.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 29

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fcommandwindows.com%2F&domain=commandwindows.com&cw=1 HTTP 302
https://mug.criteo.com/sid?cpp=IkW5e3x2a25uUkxQcGVoMTNhWWp0aE5vU1NjRDBuYmFpMnJrU08wR1d0MDROazZoZHlnanI2alNjYWZqVVZjOTA0V0dMOFltU09mSkVBVkNqQ204SnMvcEc4UlI4WWJ1RlRLUUpCSVNLZ2Y4cGZpV0ViakJSSk5tUlk3LzJxV1VjZC9TTWxuNERlKzJWSGNOdkFWb2RTN211NHpUMnNPdDRTS1JiQS9RNEhMN25CVnhnV2J4cnpGcE0wenQ5ZUNsbGdWd0kvK3JWeHBrZHY3dVhYTnVQNm1yelRYa3gvcmpvS0cvV0VnTjVPL1h5SnJzPXw&cppv=2

Request Chain 50

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1014385246&utmhn=commandwindows.com&utme=8(template*t*rid*bra)9(%2Farticle%2Fgrayscale*30*0*mod1)11(3!2)&utmcs=windows-1252&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Windows%20Command%20Line%20Interpreter%7CShell%7CDOS%20Prompt%7CBatch%20Files%7CScripting&utmhid=607783575&utmr=-&utmp=%2F&utmht=1623347678639&utmac=UA-29096671-22&utmcc=__utma%3D92376719.1869561420.1623347679.1623347679.1623347679.1%3B%2B__utmz%3D92376719.1623347679.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=930388466&utmredir=1&utmmt=1&utmu=iTAgAAAIACAAAAAAAAAAAABE~ HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-29096671-22&cid=1869561420.1623347679&jid=930388466&_v=5.7.2&z=1014385246

Request Chain 92

https://eu-u.openx.net/w/1.0/pd?plm=10&ph=4a396f87-5bac-47c7-9375-0b25be4ee393&gdpr=1 HTTP 302
https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=4a396f87-5bac-47c7-9375-0b25be4ee393&gdpr=1

Request Chain 95

https://ib.adnxs.com/async_usersync?cbfn=queuePixels HTTP 307
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

Request Chain 96

https://ib.adnxs.com/async_usersync?cbfn=queuePixels HTTP 307
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

Request Chain 97

https://ssum-sec.casalemedia.com/usermatch?d=https://commandwindows.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F HTTP 302
https://ssum-sec.casalemedia.com/usermatch?d=https://commandwindows.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Request Chain 99

https://pm.w55c.net/ping_match.gif?ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_ HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_ HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537072979&val=CHJX4CsL1LRoT75

Request Chain 100

https://x.bidswitch.net/sync?ssp=openx HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=openx HTTP 302
https://dsp.nrich.ai/bidswitch/sync?bidswitch_ssp_id=openx&bsw_custom_parameter=4b1bcb40-aef1-40dd-867b-91331d60e9fd&gdpr=&gdpr_consent=&gdpr_pd=&us_privacy= HTTP 302
https://x.bidswitch.net/sync?dsp_id=283&user_id=6e4aa6d3-0b23-4cdb-aadb-8aa511ec4c1b&expires=1&user_group=5&ssp=openx&bsw_param=4b1bcb40-aef1-40dd-867b-91331d60e9fd HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072968&val=4b1bcb40-aef1-40dd-867b-91331d60e9fd

Request Chain 101

https://match.prod.bidr.io/cookie-sync/ox HTTP 303
https://match.prod.bidr.io/cookie-sync/ox?_bee_ppp=1 HTTP 303
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFDUU9VN0JoS1FBQURLLUl6MGJvQQ&bee_sync_partners=pm%2Cpp%2Csas%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1 HTTP 302
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pm%2Cpp%2Csas%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1

Request Chain 102

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=0f2960c2-51e1-4800-9eb3-236a687d31ac

Request Chain 103

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=1 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=KLEUMiuwEjEzshYwKbBaNCrnRmUztxM0fbWadL3p

Request Chain 104

https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=7251933855628269122

Request Chain 106

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ODM5M2I0YzctNGM2NS02YmIxLTQzZTUtY2U0ZTkxNjRlYTg5 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ODM5M2I0YzctNGM2NS02YmIxLTQzZTUtY2U0ZTkxNjRlYTg5&google_tc=

Request Chain 107

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm=&google_sc=&google_tc= HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEF1tb3EJpBxX1OMBLom-c8o&google_cver=1

Request Chain 109

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YMJR4fOgcTH8dSX7U1QqrgAABG8AAAIB&gdpr_consent=&us_privacy=&gdpr=1 HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEJ_tMWqNcvChqvrNM9Ms9O0&google_cver=1

Request Chain 110

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YMJR4fOgcTH8dSX7U1QqrgAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEDAHUpBZoC-pilraNeeuZ2c&google_cver=1&gdpr=1

Request Chain 111

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YMJR4fOgcTH8dSX7U1QqrgAABG8AAAIB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YMJR4fOgcTH8dSX7U1QqrgAABG8AAAIB&dcc=t

Request Chain 113

https://px.owneriq.net/eucm/p/cc?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D31%26external_user_id%3D(OIQ_UUID) HTTP 302
https://px.owneriq.net/ecc?redir=https%3a%2f%2fdsum-sec.casalemedia.com%2fcrum%3fcm_dsp_id%3d31%26external_user_id%3dQ6766340811130599509&uid=Q6766340811130599509&ref=%2Feucm%2Fp%2Fcc HTTP 302
https://px.owneriq.net/noop?ct=image%2Fgif

Request Chain 114

https://p.rfihub.com/cm?in=1&pub=2079&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=875739027473849282

Request Chain 115

https://d.adroll.com/cm/index/ssp?gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=105&external_user_id=0

Request Chain 128

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=7403594025401785366

Request Chain 130

https://dsp.adfarm1.adition.com/cookie/?ssp=9 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6972225204234614934

Request Chain 131

https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent= HTTP 303
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AACQOU7BhKQAADK-Iz0boA&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Cpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dpm%26bee_sync_hop_count%3D1%26userid%3DSMART_USER_ID

Request Chain 132

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=2976814807 HTTP 302
https://sync.1rx.io/usersync/tradedesk/95116be6-1ea2-498d-82f8-9bb100c9d393 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-9368bf31-3d13-4d3c-99cd-0556af1c188b-003?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%3D%26piggybackCookie%3DRX-9368bf31-3d13-4d3c-99cd-0556af1c188b-003 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-9368bf31-3d13-4d3c-99cd-0556af1c188b-003

Request Chain 133

https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 307
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie=$UID&gdpr=0

Request Chain 134

https://green.erne.co/pubmatic/cm HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=rNxJybajNtySVMbjbdNGW9Fy

Request Chain 137

https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID} HTTP 302
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}

Request Chain 138

https://bh.contextweb.com/bh/rtset?pid=557219&ev=1&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&piggybackCookie=%%VGUID%% HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&ev=1&piggybackCookie=F22MtTMB0OFs&pid=557219

Request Chain 139

https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID HTTP 302
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=f0b7b4c5-27ec-4412-b252-ec1ab430bfcb-tuct7bbd762&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0

Request Chain 140

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=8c1ZyOU7Rve2VGvCSLUskw%3D%3D HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

Request Chain 141

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=0f2960c2-51e1-4800-9eb3-236a687d31ac

Request Chain 142

https://pixel.onaudience.com/?partner=214&mapped=F1CD59C8-E53B-46F7-B654-6BC248B52C93 HTTP 302
https://sync.crwdcntrl.net/map/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D HTTP 302
https://sync.crwdcntrl.net/map/ct=y/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D HTTP 302
https://pixel.onaudience.com/?partner=104&icm&cver&mapped=22c1777f3d1bb5c99b70b76a576bb4be HTTP 302
https://loada.exelator.com/load/?p=1164&g=1&j=r&ru=https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25 HTTP 302
https://loada.exelator.com/load/?p=1164&g=1&j=r&ru=https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25&xl8blockcheck=1 HTTP 302
https://pixel.onaudience.com/?partner=161&icm&cver&mapped=bca8d7385e8d609899e25a61c7889092

Request Chain 143

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RjFDRDU5QzgtRTUzQi00NkY3LUI2NTQtNkJDMjQ4QjUyQzkz&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

Request Chain 144

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEBrrzVutvWm5hRZpuC6Glwk&google_cver=1

Request Chain 146

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:0f2960c2-51e1-4800-9eb3-236a687d31ac&gdpr=0&gdpr_consent=

Request Chain 147

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=7251933855628269122

Request Chain 148

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=95116be6-1ea2-498d-82f8-9bb100c9d393

Request Chain 149

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=2312329150650908629&gdpr=0&gdpr_consent=

Request Chain 151

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=F1CD59C8-E53B-46F7-B654-6BC248B52C93&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-u6Td2R5E2uVmpwKIGQiFVnwWaAwLLTM-~A&gdpr=0&gdpr_consent=

Request Chain 152

https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=7O1-0O_seNP37nzS7eww1u67LIf363nWuek3p_-E

Request Chain 153

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=4b1bcb40-aef1-40dd-867b-91331d60e9fd HTTP 302
https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=4b1bcb40-aef1-40dd-867b-91331d60e9fd HTTP 302
https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=488d59f2-9cc9-47cd-9a30-482599db8373&user_group=1&ssp=pubmatic&bsw_param=4b1bcb40-aef1-40dd-867b-91331d60e9fd HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=4b1bcb40-aef1-40dd-867b-91331d60e9fd&gdpr=&gdpr_consent=&gdpr_pd=

Request Chain 154

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&_test=YMJR4gABsEp_nQA4 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YMJR4gABsEp_nQA4&gdpr=0&gdpr_consent=&_test=YMJR4gABsEp_nQA4

Request Chain 155

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=4342350250568899477&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 157

https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:3f364521-8a0d-4ab2-837d-14686e4606ba&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw

Request Chain 158

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=no-consent&gdpr=1&gdpr_consent=

Request Chain 159

https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=2312329150650908629

Request Chain 160

https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw&piggybackCookie=e_136d9d8a-7ad9-4d86-a46d-055e57659896

Request Chain 189

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDAHUpBZoC-pilraNeeuZ2c&google_cver=1

Request Chain 190

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YMJR4fOgcTH8dSX7U1QqrgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDAHUpBZoC-pilraNeeuZ2c&google_cver=1

Request Chain 191

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESENLNVYSLqRBzWKg07OBNpSc&google_cver=1

Request Chain 192

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjMxMjMyOTE1MDY1MDkwODYyOQ%3D%3D

Request Chain 215

https://ad.doubleclick.net/ddm/activity/src=10750551;type=suewa0;cat=servi0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=701347282 HTTP 302
https://ad.doubleclick.net/ddm/activity/src=10750551;dc_pre=CJaYorDRjfECFULFsgodkm8D3A;type=suewa0;cat=servi0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=701347282 HTTP 302
https://adservice.google.com/ddm/fls/z/src=10750551;dc_pre=CJaYorDRjfECFULFsgodkm8D3A;type=suewa0;cat=servi0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=701347282

Request Chain 221

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEJX941xET_vzq2zzWGHNAp8&google_cver=1&google_push=AYg5qPJkk7i_z29sbsixafTwZiVLN93sCcYDCZS9TWdLLjKEyLw5CfStE7MKWiYJfLX_93jfRyaFeCPz1qTY3220msYhiwH3M5U HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPJkk7i_z29sbsixafTwZiVLN93sCcYDCZS9TWdLLjKEyLw5CfStE7MKWiYJfLX_93jfRyaFeCPz1qTY3220msYhiwH3M5U&google_hm=AJj1UlU0oQi3cgSICJma2Q HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPJkk7i_z29sbsixafTwZiVLN93sCcYDCZS9TWdLLjKEyLw5CfStE7MKWiYJfLX_93jfRyaFeCPz1qTY3220msYhiwH3M5U&google_hm=AJj1UlU0oQi3cgSICJma2Q&google_tc=

Request Chain 222

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEE922CMHVnv-NUddgcbraOQ&google_cver=1&google_push=AYg5qPLBFwsej1fDeTISPKsA80fuvF16tBeYcCGeav0b5sCij9dOvQSJ1Yjh2bbs6Td1Sf20qZtnVUTlVi4NzmTvxF90nG3kG9g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=Q0hKWDRDc0wxTFJvVDc1&google_gid=CAESEE922CMHVnv-NUddgcbraOQ&google_cver=1&google_push=AYg5qPLBFwsej1fDeTISPKsA80fuvF16tBeYcCGeav0b5sCij9dOvQSJ1Yjh2bbs6Td1Sf20qZtnVUTlVi4NzmTvxF90nG3kG9g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=Q0hKWDRDc0wxTFJvVDc1&google_gid=CAESEE922CMHVnv-NUddgcbraOQ&google_cver=1&google_push=AYg5qPLBFwsej1fDeTISPKsA80fuvF16tBeYcCGeav0b5sCij9dOvQSJ1Yjh2bbs6Td1Sf20qZtnVUTlVi4NzmTvxF90nG3kG9g&google_tc=

Request Chain 223

https://um.simpli.fi/gp_match?google_gid=CAESEKERIzHPCeJxUEQZmqDHPh4&google_cver=1&google_push=AYg5qPIrSAxsOT5tMVQ8xQgh8lqhYg9900QWwv1xpA9k9cGR_AQMiAsetneO6BudpYVee-zA9G58ytUedrc8ZjYPXRKGD61MHDw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=3457FF682A56412994AC794E319BD702&google_push=AYg5qPIrSAxsOT5tMVQ8xQgh8lqhYg9900QWwv1xpA9k9cGR_AQMiAsetneO6BudpYVee-zA9G58ytUedrc8ZjYPXRKGD61MHDw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=3457FF682A56412994AC794E319BD702&google_push=AYg5qPIrSAxsOT5tMVQ8xQgh8lqhYg9900QWwv1xpA9k9cGR_AQMiAsetneO6BudpYVee-zA9G58ytUedrc8ZjYPXRKGD61MHDw&google_tc=

Request Chain 224

https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEIN5PJVQwnPaVq4WHLwdD4o&google_cver=1&google_push=AYg5qPKlquJwrwT6EbfzGr2LyZ2YcP6aZt7a6RWjLLTFaDd0KzkPUI0CE3ZiRlBMLRH6ThZOlcbkzOc81utBo-wWvDpge6Zk1NY HTTP 302
https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEIN5PJVQwnPaVq4WHLwdD4o&google_cver=1&google_push=AYg5qPKlquJwrwT6EbfzGr2LyZ2YcP6aZt7a6RWjLLTFaDd0KzkPUI0CE3ZiRlBMLRH6ThZOlcbkzOc81utBo-wWvDpge6Zk1NY&checkcookies=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=trhXnNJplLIk3DMwaxgbrg&google_push=AYg5qPKlquJwrwT6EbfzGr2LyZ2YcP6aZt7a6RWjLLTFaDd0KzkPUI0CE3ZiRlBMLRH6ThZOlcbkzOc81utBo-wWvDpge6Zk1NY

Request Chain 225

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESELLAoblwSUThmsclgsGpiVU&google_cver=1&google_push=AYg5qPIFiyc_aCtMbB5KoyNvlZz5eZ-XmhpgdJwBNfhJUYZ61xYsifcFrPhyFVqLx6MvwBdqweNEitvAtoKPgaLyUpPq7VcGGA HTTP 302
https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=google&bsw_custom_parameter=4b1bcb40-aef1-40dd-867b-91331d60e9fd HTTP 302
https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=google&bsw_custom_parameter=4b1bcb40-aef1-40dd-867b-91331d60e9fd HTTP 302
https://x.bidswitch.net/sync?dsp_id=4&user_id=33de9c86-9ec3-4821-a14e-69055969db45&ssp=google&expires=30&user_group=5&bsw_param=4b1bcb40-aef1-40dd-867b-91331d60e9fd HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=4&user_id=33de9c86-9ec3-4821-a14e-69055969db45&ssp=google&expires=30&user_group=5&bsw_param=4b1bcb40-aef1-40dd-867b-91331d60e9fd HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_cm=1&google_hm=oGBQ4yXkRmKuB5Ra0TjtsA== HTTP 302
https://x.bidswitch.net/google_sync_status?ssp_name=google&google_gid=CAESENNqpQp20QRgIurNFtiBUXc&google_cver=1

Request Chain 226

https://d5p.de17a.com/cookies/google?google_gid=CAESEMw8AC0f3R5m41NTKNUNDQY&google_cver=1&google_push=AYg5qPI5SU8L63Pe0kAKfSwLpHFs5N9WnYlnjbqJfGQ2P8iYeOMLAZ6iPaMPVVv9piw8_CPaUhr7mzUks_x9PVWVM8Mi7yI4N9E HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPI5SU8L63Pe0kAKfSwLpHFs5N9WnYlnjbqJfGQ2P8iYeOMLAZ6iPaMPVVv9piw8_CPaUhr7mzUks_x9PVWVM8Mi7yI4N9E

Request Chain 227

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEDnNEs83JRL1Lbk7ld8HiRk&google_cver=1&google_push=AYg5qPJVBbopJSFkdrPZTt2PtO-FB5cx6i2UOSBknzMl1CosEGklUKrwRCDrIlOOhSvaivwqs2cuBRKOEREG09xYryO-OM9lw40 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NzI1MTkzMzg1NTYyODI2OTEyMg&google_push=AYg5qPJVBbopJSFkdrPZTt2PtO-FB5cx6i2UOSBknzMl1CosEGklUKrwRCDrIlOOhSvaivwqs2cuBRKOEREG09xYryO-OM9lw40

Request Chain 239

https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A//red.vtracy.de/tr_aa%3Fv3%3Dvi-b383acbe-6ff5-42e7-8e68-468ff73a82ff%26adid%3Dk25762587_s6701753_p301404709_c149654710%26userId%3D%25%25COOKIE%25%25%26tr_timestamp%3D1623347683766 HTTP 302
https://red.vtracy.de/tr_aa?v3=vi-b383acbe-6ff5-42e7-8e68-468ff73a82ff&adid=k25762587_s6701753_p301404709_c149654710&userId=6972225208544655510&tr_timestamp=1623347683766

Request Chain 240

https://cm.g.doubleclick.net/pixel?google_nid=vivakide_dmp2&google_cm&v3=vi-b383acbe-6ff5-42e7-8e68-468ff73a82ff&adid=k25762587_s6701753_p301404709_c149654710&tr_timestamp=1623347683766 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=vivakide_dmp2&google_cm=&v3=vi-b383acbe-6ff5-42e7-8e68-468ff73a82ff&adid=k25762587_s6701753_p301404709_c149654710&tr_timestamp=1623347683766&google_tc= HTTP 302
https://red.vtracy.de/tr_cm?v3=vi-b383acbe-6ff5-42e7-8e68-468ff73a82ff&adid=k25762587_s6701753_p301404709_c149654710&tr_timestamp=1623347683766&google_gid=CAESEK1WcJbMKmgm5t__wxHTroA&google_cver=1

Request Chain 241

https://match.adsrvr.org/track/cmf/generic?ttd_pid=m82k10l&ttd_tpi=1&ttd_puid=vi-b383acbe-6ff5-42e7-8e68-468ff73a82ff HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=m82k10l&ttd_tpi=1&ttd_puid=vi-b383acbe-6ff5-42e7-8e68-468ff73a82ff HTTP 302
https://red.vtracy.de/tr_ttd.tr?&tdid=72f417ac-33c9-41c6-91c7-cda40e3dd8c0&ttd_puid=vi-b383acbe-6ff5-42e7-8e68-468ff73a82ff&ttd_puid=vi-b383acbe-6ff5-42e7-8e68-468ff73a82ff

Request Chain 242

https://pixel.adsafeprotected.com/rfw/st/695971/54149685/skeleton.js?adsafe_url=https%3A%2F%2Fcommandwindows.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:c590e1ea-c5f0-a6b6-6e9d-d37da76f9149,c:fa9LC4,sl:na,em:true,fr:false,mn:app29ie,pt:1-5-15,br:u,abv:na,an:n,oam:0,scm:publ1,nbld:0,fm:szXjrzW+11%7C12%7C13%7C14%7C15%7C16%7C171%7C18%7C19%7C1a1%7C1a2%7C1a3%7C1a4%7C1a5%7C1a6%7C1a7%7C1a8%7C1a9%7C1aa%7C1ab%7C1ac%7C1ad%7C1b*.695971-54149685%7C1b1%7C1b21%7C1b3%7C1b4%7C1b5%7C1c%7C1d1,idMap:1b*,pl:,rmeas:1,rend:1,renddet:DIV.qs.sn,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:0,tt:rjss,thd:1,et:278,oid:efacfc3a-ca14-11eb-8b39-0ae27972a930,v:19.8.206,sp:1,st:0,fwm:1,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/skeleton.js

Request Chain 249

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGVkhgm3QvhhS7f8MphRtWQ&google_cver=1

Request Chain 250

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NjEwYjcyNTktZjczNC0yMzI4LWQyZjItNTQ4NWRiYzU1NWE3

Request Chain 251

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEDxBWEz7Pmd9FrdMa4lsjbI&google_cver=1

Request Chain 252

https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=ZWRlNWI1ZmI0NmI3MmNjYzkyNjQ4MGM3NzY5ODNmMTNjMmZmNDIxOQ==

Request Chain 282

https://ad.turn.com/r/cs?pid=3&google_gid=CAESELc3fvBQGkSuDBh8-LG_cpk&google_cver=1&google_push=AYg5qPJalFy15CngY0GQM1HBx2OKj3U8uOqkhRG_LMNnBzQu0qXxtyKkE3LcHCa80ypvvO_b35x9JgndURquuM0hQTbwfIh3xd4o HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NzIyMzgxMjg4NTY5MDc2ODI3Nw== HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEEsfzRsGNjPlVnh7yzrnE-A&google_cver=1

Request Chain 283

https://ads.travelaudience.com/google_pixel?google_gid=CAESEHeL-dcH9pen0QZ3MBnjch8&google_cver=1&google_push=AYg5qPIMnkYR_Iz3H0L8IZUGXQB04iJR9oawXV64f2i2MmKblCGhem1fvVIUCRnFILSNGNugnrybv30M5EB3s4Y8HVD5JdewNBkM HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=ALeVemofR2yj3AjQLaQ_IA2&google_push=AYg5qPIMnkYR_Iz3H0L8IZUGXQB04iJR9oawXV64f2i2MmKblCGhem1fvVIUCRnFILSNGNugnrybv30M5EB3s4Y8HVD5JdewNBkM

Request Chain 284

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEDnNEs83JRL1Lbk7ld8HiRk&google_cver=1&google_push=AYg5qPKGjZmI3F5MCOKp8xILK7IPx65wOqtpDCVvFEVKvsX7i8TnDoC48LXB-p3uRsIcoEUUZvTyoOwCrEoNOoGZ5OfyRekkA4Bn HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEDnNEs83JRL1Lbk7ld8HiRk&google_cver=1&google_push=AYg5qPKGjZmI3F5MCOKp8xILK7IPx65wOqtpDCVvFEVKvsX7i8TnDoC48LXB-p3uRsIcoEUUZvTyoOwCrEoNOoGZ5OfyRekkA4Bn HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjI1NTY3NjIyMTg5NjQwODYzNw&google_push=AYg5qPKGjZmI3F5MCOKp8xILK7IPx65wOqtpDCVvFEVKvsX7i8TnDoC48LXB-p3uRsIcoEUUZvTyoOwCrEoNOoGZ5OfyRekkA4Bn

Request Chain 285

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEO68ty2zK3ZJTYrjKba2twQ&google_cver=1&google_push=AYg5qPII2DHTmo9muH_dwlWOmXwZHrLIBwG4Z_hK7hh27gHAuMsh32OwRHkOAydjrIm5Ibf-zSHSU-9Kod3fKyxx6lr_BS25QYc HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEO68ty2zK3ZJTYrjKba2twQ&google_cver=1&google_push=AYg5qPII2DHTmo9muH_dwlWOmXwZHrLIBwG4Z_hK7hh27gHAuMsh32OwRHkOAydjrIm5Ibf-zSHSU-9Kod3fKyxx6lr_BS25QYc&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPII2DHTmo9muH_dwlWOmXwZHrLIBwG4Z_hK7hh27gHAuMsh32OwRHkOAydjrIm5Ibf-zSHSU-9Kod3fKyxx6lr_BS25QYc&google_hm=610317a61f5814bb2e605be0

Request Chain 286

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEIVTaqlAvVzQes4iN_WFDO4&google_cver=1&google_push=AYg5qPI-NjUm9V4SWCAUA0wftNU1BOg8Yvo1ilW3hPgOKbhWqqfdMTCE5MixwfCAn_4zU-53GiVcm5__-8F6V-Tn5An8EVtYFR8U HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-41a148b4-5386-4f3a-b011-316b247c60e3-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAYg5qPI-NjUm9V4SWCAUA0wftNU1BOg8Yvo1ilW3hPgOKbhWqqfdMTCE5MixwfCAn_4zU-53GiVcm5__-8F6V-Tn5An8EVtYFR8U%26google_hm%3DA0GhSLRThk86sBExayR8YOM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPI-NjUm9V4SWCAUA0wftNU1BOg8Yvo1ilW3hPgOKbhWqqfdMTCE5MixwfCAn_4zU-53GiVcm5__-8F6V-Tn5An8EVtYFR8U&google_hm=A0GhSLRThk86sBExayR8YOM

Request Chain 287

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEHBH9dOhayssuq2SS45I-DI&google_cver=1&google_push=AYg5qPJCwvzit-k-ndS_vCEx-NPV9Sqn_Rhj-Tj5rMt9pks7BPGT4tZGAoCpIkaxlwSqmpPYrl-R50c2Aifl2T-SkkbQHR0A-6bg HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&cmp_cs=&us_privacy=&sync=1&google_push=AYg5qPJCwvzit-k-ndS_vCEx-NPV9Sqn_Rhj-Tj5rMt9pks7BPGT4tZGAoCpIkaxlwSqmpPYrl-R50c2Aifl2T-SkkbQHR0A-6bg&google_gid=CAESEHBH9dOhayssuq2SS45I-DI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDM2ODEyNDY0NDEyODA4NTMxMA%3D%3D&google_push=AYg5qPJCwvzit-k-ndS_vCEx-NPV9Sqn_Rhj-Tj5rMt9pks7BPGT4tZGAoCpIkaxlwSqmpPYrl-R50c2Aifl2T-SkkbQHR0A-6bg

Request Chain 288

https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEM0dHft0WCRmQldIDP5J8Ys&google_cver=1&google_push=AYg5qPK3ChrTEd3dWMNctWH-LsVd09Z4AGESFkAJPtcLTYOUV85R1rxW4FCuuzWvaTOfqRGTgmA4w0LH58RGlxeHb94NA-KCDKxf HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AYg5qPK3ChrTEd3dWMNctWH-LsVd09Z4AGESFkAJPtcLTYOUV85R1rxW4FCuuzWvaTOfqRGTgmA4w0LH58RGlxeHb94NA-KCDKxf&google_hm=NTUyMTk3ODMxMzgwMTkyMTA2Ng%3D%3D

Request Chain 332

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGf6BkeUXtiaE5pVuHohtJo&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGf6BkeUXtiaE5pVuHohtJo&google_cver=1&C=1

Request Chain 333

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YMJR5vAKu3EekPhh0DwDugAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGf6BkeUXtiaE5pVuHohtJo&google_cver=1

Request Chain 334

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEC9da-R4Beprdx2SDs6K-Mc&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEC9da-R4Beprdx2SDs6K-Mc%26google_cver%3D1

Request Chain 335

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjA3ODYzOTI1ODc4Njg1NTk2

Request Chain 375

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEAcBQHM5t2wsxibM67E2KP0&google_cver=1&google_push=AYg5qPIO68V50lJ_F3m_E-ElQUZLl5DAkSl38uDapJoAx1LWma18FDOndmgYqxvjPs-NqZyz8qSLmKIJWLY4ORMM7_lUWEgw HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEAcBQHM5t2wsxibM67E2KP0&google_cver=1&google_push=AYg5qPIO68V50lJ_F3m_E-ElQUZLl5DAkSl38uDapJoAx1LWma18FDOndmgYqxvjPs-NqZyz8qSLmKIJWLY4ORMM7_lUWEgw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=SjZsaDNTU2ExTFJvVGM1&google_gid=CAESEAcBQHM5t2wsxibM67E2KP0&google_cver=1&google_push=AYg5qPIO68V50lJ_F3m_E-ElQUZLl5DAkSl38uDapJoAx1LWma18FDOndmgYqxvjPs-NqZyz8qSLmKIJWLY4ORMM7_lUWEgw

Request Chain 377

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEKbCJcXTsv5OA6JdMF59M7o&google_cver=1&google_push=AYg5qPLLDKe8vsnSZTpdsViimbOrEwR9ZeoQQRaU1IECVRN0M48BXKvrlJ6mthsxHBY4lMyg6X2F5TXCQ_MK6_lzCmu5B0LR HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPLLDKe8vsnSZTpdsViimbOrEwR9ZeoQQRaU1IECVRN0M48BXKvrlJ6mthsxHBY4lMyg6X2F5TXCQ_MK6_lzCmu5B0LR&google_hm=qHPD0-JTTl-YQkFiAz2cAbk

Request Chain 378

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEOwEJ7NM-pKVNMOqiebz3DE&google_cver=1&google_push=AYg5qPL4wCJc7gOjSpf4bbmKXtXCH03hWvg7yw0DYthrOawgNCGLXapxTqVpR1WGs-0EE2cRMHOcs1Nvx3wH-eofJZqUEK-EQw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=Njk3MjIyNTIwODU0NDY1NTUxMA%3D%3D&google_push=AYg5qPL4wCJc7gOjSpf4bbmKXtXCH03hWvg7yw0DYthrOawgNCGLXapxTqVpR1WGs-0EE2cRMHOcs1Nvx3wH-eofJZqUEK-EQw

Request Chain 379

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEMCcovmtNqtcGyrFMujFqFQ&google_cver=1&google_push=AYg5qPJIjnu0gVqsLc3YtkM5tHgV2YHdfq_nCmvIo9FnON3hNP1MxICVeZn923JUS3dgwwwYgoGmrr1mKEbZrCxnGllv1h2MjA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPJIjnu0gVqsLc3YtkM5tHgV2YHdfq_nCmvIo9FnON3hNP1MxICVeZn923JUS3dgwwwYgoGmrr1mKEbZrCxnGllv1h2MjA&google_hm=Mzg0MTk5ODYxODg5OTU0NDE2

Request Chain 382

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGVkhgm3QvhhS7f8MphRtWQ&google_cver=1

Request Chain 383

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NjEwYjcyNTktZjczNC0yMzI4LWQyZjItNTQ4NWRiYzU1NWE3

Request Chain 384

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEDxBWEz7Pmd9FrdMa4lsjbI&google_cver=1

Request Chain 385

https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=ZWRlNWI1ZmI0NmI3MmNjYzkyNjQ4MGM3NzY5ODNmMTNjMmZmNDIxOQ==

Request Chain 395

https://d.adtriba.com/collect?atb_ptid=e774d0b4&atb_dpuid=adlicious&atb_dcaid=display.awa_jahpak-mega HTTP 302
https://d.adtriba.com/px.gif

Request Chain 401

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEIN8HlUp1KvxbjQ6t7iNbho&google_cver=1&google_push=AYg5qPLNWg9aDTMthnInPQMvrafiNeYbuJAxlpDyi5KkZjkIR7YYTPx13dtEpv53ZMbsTstGPRcgPR2Kj31MLYCRD8ezDpf5JJBZNw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1BSN0FSTTctMUUtMU1BOA==&google_push=AYg5qPLNWg9aDTMthnInPQMvrafiNeYbuJAxlpDyi5KkZjkIR7YYTPx13dtEpv53ZMbsTstGPRcgPR2Kj31MLYCRD8ezDpf5JJBZNw

Request Chain 402

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEJaqdEotYlHCFtw_gwg4jjo&google_cver=1&google_push=AYg5qPJlc9GSu0SsWWokWTaAL9Om7fOf5ltUPhaRBpgiSJT9vWje_b2CfrJ68Lz9li7VSxNFezixrkI1PGgzrsVhYThk15U31VRnog HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPJlc9GSu0SsWWokWTaAL9Om7fOf5ltUPhaRBpgiSJT9vWje_b2CfrJ68Lz9li7VSxNFezixrkI1PGgzrsVhYThk15U31VRnog

Request Chain 403

https://ssbsync.smartadserver.com/api/cma?callerid=3&google_gid=smart_adserver_eb&google_cver=1&google_gid=CAESEJ2WJqpyO9hreDA526-6dUg&google_cver=1&google_push=AYg5qPLsfcYjYO8KKOB9dLfxLVeYjxiXpcx_qavJMjik5ijFSVhacqjV3avzKFh2Vy0-B3cFFnggKyYf7sMiS_SbHHxbsuWERCtfGQ HTTP 302
https://bh.contextweb.com/bh/rtset?pid=560288&ev=1&rurl=https%3A%2F%2Fssbsync.smartadserver.com%2Fapi%2Fcma%2Fredir%3Fpartnerid%3D92%26partneruserid%3D%25%25VGUID%25%25 HTTP 302
https://ssbsync.smartadserver.com/api/cma/redir?partnerid=92&partneruserid=nmZciapVeZSn&ev=1&pid=560288

430 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
commandwindows.com/
Redirect Chain

https://cdn-3.commandwindows.com/
https://commandwindows.com/

239 KB
46 KB

1345ms
315ms

Document
text/html

3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 4908e3bea0e8ead2913b57d52ec3ab989594499e1d50e956a7b7cb6fd3387e8e

Request headers

:method: GET
:authority: commandwindows.com
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cache-control: max-age=0, must-revalidate, no-cache, no-store
content-encoding: br
content-hash: 6f5c61a443dfc27b037a2d2f7cf4c93b53461f5f
content-type: text/html; charset=iso-8859-1
date: Thu, 10 Jun 2021 17:54:36 GMT
display: stored
expires: Wed, 09 Jun 2021 17:54:36 GMT
pagespeed: off
response: 200
server: nginx/1.16.0
set-cookie: ezoadgid_146=-1; Path=/; Domain=commandwindows.com; Expires=Thu, 10 Jun 2021 18:24:36 UTC ezoref_146=; Path=/; Domain=commandwindows.com; Expires=Thu, 10 Jun 2021 19:54:36 UTC ezoab_146=mod1; Path=/; Domain=commandwindows.com; Expires=Thu, 10 Jun 2021 19:54:36 UTC active_template::146=%2Farticle%2Fgrayscale.1623347676; Path=/; Domain=commandwindows.com; Expires=Sat, 12 Jun 2021 17:54:36 UTC ezopvc_146=1; Path=/; Domain=commandwindows.com; Expires=Thu, 10 Jun 2021 18:24:36 UTC ezepvv=0; Path=/; Domain=commandwindows.com; Expires=Fri, 11 Jun 2021 17:54:36 UTC ezovid_146=431109339; Path=/; Domain=commandwindows.com; Expires=Thu, 10 Jun 2021 18:24:36 UTC ezovuuidtime_146=1623347676; Path=/; Domain=commandwindows.com; Expires=Sat, 12 Jun 2021 17:54:36 UTC ezovuuid_146=5ff8d63c-403d-481b-7a20-72d8e53e121c; Path=/; Domain=commandwindows.com; Expires=Thu, 10 Jun 2021 18:24:36 UTC ezCMPCCS=false; Path=/; Domain=commandwindows.com; Expires=Fri, 10 Jun 2022 17:54:36 GMT
vary: Accept-Encoding Accept-Encoding
x-middleton-display: stored
x-middleton-response: 200
x-sol: middleton

Redirect headers

date: Thu, 10 Jun 2021 17:54:35 GMT
content-type: text/html
cache-control: max-age=0, must-revalidate, no-cache, no-store
expires: Wed, 09 Jun 2021 17:54:35 GMT
location: https://commandwindows.com/
pagespeed: off
vary: Accept-Encoding Accept-Encoding
x-sol: middleton
cf-cache-status: DYNAMIC
cf-request-id: 0a98a8d9a9000032400da65000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=3PXmnnm2jHXCG%2Bm7a%2BYK2lflAUKTAuZKmcNEhNGknh5HIPHFzjBb8t%2F0x7WUneGF6QhqgylUasLKSeBRC3zg76EhYNOvDhx3DWd%2FveN3sDBhMsPrea983Xex9Cbvjcb662DfNq2%2B0QDXTO%2B67JQIbBv%2B"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 65d4773c4ebc3240-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 123 KB
33 KB 55ms
19ms Script
application/javascript 52.222.200.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.200.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-200-121.cdg50.r.cloudfront.net
Software: Server /
Resource Hash: 0f4b08d07ecca9f8fcaf108ea78bb163fc98cfc19a844bd0f87412ab34a41873

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: sWCsRsvwWkSFZMQxDYXuCmbidBHsB_Lq
content-encoding: gzip
server: Server
age: 245
etag: c457e964d47ff007ca9e04843536c474
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 c77cf9ec92c5b3b895af521940f61fb8.cloudfront.net (CloudFront)
cache-control: public, max-age=900
date: Thu, 10 Jun 2021 17:50:32 GMT
x-amz-cf-pop: CDG50-P2
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: Syw9XZ7DV-Not6g3ftbj38IOn-EZcpgu32BOlESMhmqMIkLf6lbx1w==

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 14ms
14ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=commandwindows.com

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 17:54:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 dall.js Show response
go.ezodn.com/hb/ 237 KB
68 KB 33ms
32ms Script
application/javascript 2606:4700:3032::ac43:b890
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezodn.com/hb/dall.js?b=appnexus,ix,oftmedia,onetag,openx,pubmatic,rhythmone&cb=194-1-22
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:b890 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa38e9c5c9ca09d79ad868756fde8ee873151dfcac2703033c73279e92def693

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:37 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 788865
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=3GUwmRckWlLDGa3cmzErYYjmcjCMrt9K8JXfwfmjvBifgpumowEm5OUX5XM3epZt0v9DVZnpnV2hQAW6EvhgwoMceUIcTqZ5iOu8z8FV4q0w8G9ZqkSASYxJFFxvm3pcDX%2FHWsMM"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 65d47746cd45d721-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a98a8e03c0000d7213817c000000001

GET
H2 200 boise.js Show response
commandwindows.com/detroitchicago/ 983 B
499 B 9ms
9ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/detroitchicago/boise.js?gcb=194-1&cb=1
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 41eb9054d5d5527274926b32631be8eb22dd6254f15a4d9d14cfe2688ea4f538

Request headers

:path: /detroitchicago/boise.js?gcb=194-1&cb=1
pragma: no-cache
cookie: ezoadgid_146=-1; ezoref_146=; ezoab_146=mod1; active_template::146=%2Farticle%2Fgrayscale.1623347676; ezopvc_146=1; ezepvv=0; ezovid_146=431109339; ezovuuidtime_146=1623347676; ezovuuid_146=5ff8d63c-403d-481b-7a20-72d8e53e121c; ezCMPCCS=false
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:37 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex
content-length: 426

GET
H2 200 combine.php
commandwindows.com/utilcave_com/templates/ 3 KB
886 B 100ms
99ms Stylesheet
text/css 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/utilcave_com/templates/combine.php?solCombine=1&dirname=commandwindows_com&ezcb=194-1&d=commandwindows.com&css=%2Futilcave_com%2Fmiddleton%2Fcss.php%3FsolCSS%3D1%26css%3D%2Fcss%2Fcommon.ezoic.scss%26dirname%3Dcommandwindows_com%26ezcb%3D194-1
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 482e5a29dfc92cf0f3f2bdc1034b270edcfecc29e81311d2ed277c74ec091232

Request headers

:path: /utilcave_com/templates/combine.php?solCombine=1&dirname=commandwindows_com&ezcb=194-1&d=commandwindows.com&css=%2Futilcave_com%2Fmiddleton%2Fcss.php%3FsolCSS%3D1%26css%3D%2Fcss%2Fcommon.ezoic.scss%26dirname%3Dcommandwindows_com%26ezcb%3D194-1
pragma: no-cache
cookie: ezoadgid_146=-1; ezoref_146=; ezoab_146=mod1; active_template::146=%2Farticle%2Fgrayscale.1623347676; ezopvc_146=1; ezepvv=0; ezovid_146=431109339; ezovuuidtime_146=1623347676; ezovuuid_146=5ff8d63c-403d-481b-7a20-72d8e53e121c; ezCMPCCS=false
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:37 GMT
content-encoding: br
x-sol: sol-template-css
server: nginx/1.16.0
display: sol_css, staticcontent_sol
vary: Accept-Encoding Origin,Accept-Encoding
content-type: text/css
x-middleton-display: sol_css, staticcontent_sol
cache-control: max-age=31536000, public
content-length: 851
expires: Fri, 10 Jun 2022 17:54:37 UTC

GET
H2 200 combine.php
commandwindows.com/utilcave_com/templates/ 67 KB
9 KB 69ms
68ms Stylesheet
text/css 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/utilcave_com/templates/combine.php?solCombine=1&dirname=commandwindows_com&ezcb=194-1&d=commandwindows.com&css=%2Futilcave_com%2Fmiddleton%2Fcss.php%3FsolCSS%3D1%26css%3D%2Farticle%2Fcss%2Fez-bootstrap.css%26ezcb%3D194-1%26tdir%3D%2Farticle%2F%26scss%3D1%26dirname%3Dcommandwindows_com%26did%3D146%26eztmp%3D1
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: d52f2f6e332c39ebc19dec4c0dda31d2a33423c1d1adbf8aed0a143b264be973

Request headers

:path: /utilcave_com/templates/combine.php?solCombine=1&dirname=commandwindows_com&ezcb=194-1&d=commandwindows.com&css=%2Futilcave_com%2Fmiddleton%2Fcss.php%3FsolCSS%3D1%26css%3D%2Farticle%2Fcss%2Fez-bootstrap.css%26ezcb%3D194-1%26tdir%3D%2Farticle%2F%26scss%3D1%26dirname%3Dcommandwindows_com%26did%3D146%26eztmp%3D1
pragma: no-cache
cookie: ezoadgid_146=-1; ezoref_146=; ezoab_146=mod1; active_template::146=%2Farticle%2Fgrayscale.1623347676; ezopvc_146=1; ezepvv=0; ezovid_146=431109339; ezovuuidtime_146=1623347676; ezovuuid_146=5ff8d63c-403d-481b-7a20-72d8e53e121c; ezCMPCCS=false
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:37 GMT
content-encoding: br
x-sol: sol-template-css
server: nginx/1.16.0
display: sol_css, staticcontent_sol
vary: Accept-Encoding Origin,Accept-Encoding
content-type: text/css
x-middleton-display: sol_css, staticcontent_sol
cache-control: max-age=31536000, public
expires: Fri, 10 Jun 2022 17:54:37 UTC

GET
H2 200 combine.php
commandwindows.com/utilcave_com/templates/ 16 KB
2 KB 52ms
51ms Stylesheet
text/css 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/utilcave_com/templates/combine.php?solCombine=1&dirname=commandwindows_com&ezcb=194-1&d=commandwindows.com&css=%2Futilcave_com%2Fmiddleton%2Fcss.php%3FsolCSS%3D1%26css%3D%2Farticle%2Fcss%2Fgrayscale_emogrify.scss%26ezcb%3D194-1%26tdir%3D%2Farticle%2F%26scss%3D1%26dirname%3Dcommandwindows_com%26did%3D146%26eztmp%3D1%26ezcss%3D1
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 0ffb5757efc34c840d59db5ef73859bf7afd7a5f21563007729059c80c91b619

Request headers

:path: /utilcave_com/templates/combine.php?solCombine=1&dirname=commandwindows_com&ezcb=194-1&d=commandwindows.com&css=%2Futilcave_com%2Fmiddleton%2Fcss.php%3FsolCSS%3D1%26css%3D%2Farticle%2Fcss%2Fgrayscale_emogrify.scss%26ezcb%3D194-1%26tdir%3D%2Farticle%2F%26scss%3D1%26dirname%3Dcommandwindows_com%26did%3D146%26eztmp%3D1%26ezcss%3D1
pragma: no-cache
cookie: ezoadgid_146=-1; ezoref_146=; ezoab_146=mod1; active_template::146=%2Farticle%2Fgrayscale.1623347676; ezopvc_146=1; ezepvv=0; ezovid_146=431109339; ezovuuidtime_146=1623347676; ezovuuid_146=5ff8d63c-403d-481b-7a20-72d8e53e121c; ezCMPCCS=false
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:37 GMT
content-encoding: br
x-sol: sol-template-css
server: nginx/1.16.0
display: sol_css, staticcontent_sol
vary: Accept-Encoding Origin,Accept-Encoding
content-type: text/css
x-middleton-display: sol_css, staticcontent_sol
cache-control: max-age=31536000, public
content-length: 2302
expires: Fri, 10 Jun 2022 17:54:37 UTC

GET
H2 200 combine.php
commandwindows.com/utilcave_com/templates/ 4 KB
933 B 31ms
30ms Stylesheet
text/css 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/utilcave_com/templates/combine.php?solCombine=1&dirname=commandwindows_com&ezcb=194-1&d=commandwindows.com&css=%2Futilcave_com%2Fmiddleton%2Fcss.php%3FsolCSS%3D1%26css%3D%2Farticle%2Fcss%2Fgrayscale.scss%26ezcb%3D194-1%26tdir%3D%2Farticle%2F%26scss%3D1%26dirname%3Dcommandwindows_com%26did%3D146%26eztmp%3D1
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 917bd901ebb58505bebb8551fba4ff051c2d8f5b22cf960908141f4911bab005

Request headers

:path: /utilcave_com/templates/combine.php?solCombine=1&dirname=commandwindows_com&ezcb=194-1&d=commandwindows.com&css=%2Futilcave_com%2Fmiddleton%2Fcss.php%3FsolCSS%3D1%26css%3D%2Farticle%2Fcss%2Fgrayscale.scss%26ezcb%3D194-1%26tdir%3D%2Farticle%2F%26scss%3D1%26dirname%3Dcommandwindows_com%26did%3D146%26eztmp%3D1
pragma: no-cache
cookie: ezoadgid_146=-1; ezoref_146=; ezoab_146=mod1; active_template::146=%2Farticle%2Fgrayscale.1623347676; ezopvc_146=1; ezepvv=0; ezovid_146=431109339; ezovuuidtime_146=1623347676; ezovuuid_146=5ff8d63c-403d-481b-7a20-72d8e53e121c; ezCMPCCS=false
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:37 GMT
content-encoding: br
x-sol: sol-template-css
server: nginx/1.16.0
display: sol_css, staticcontent_sol
vary: Accept-Encoding Origin,Accept-Encoding
content-type: text/css
x-middleton-display: sol_css, staticcontent_sol
cache-control: max-age=31536000, public
content-length: 756
expires: Fri, 10 Jun 2022 17:54:37 UTC

GET
H2 200 2col.css
commandwindows.com/css/ 4 KB
1 KB 1492ms
1492ms Stylesheet
text/css 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/css/2col.css?ecb=194-1&ez_css_parse=1
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: c45b55f456b7dd076e63c2a4b5962a72593647b487d17b50c9f4494092febb55

Request headers

:path: /css/2col.css?ecb=194-1&ez_css_parse=1
pragma: no-cache
cookie: ezoadgid_146=-1; ezoref_146=; ezoab_146=mod1; active_template::146=%2Farticle%2Fgrayscale.1623347676; ezopvc_146=1; ezepvv=0; ezovid_146=431109339; ezovuuidtime_146=1623347676; ezovuuid_146=5ff8d63c-403d-481b-7a20-72d8e53e121c; ezCMPCCS=false
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:38 GMT
content-encoding: br
response: 200
last-modified: Wed, 02 Jun 2021 21:58:41 GMT
server: nginx/1.16.0
display: processcss, staticcontent_sol
vary: Accept-Encoding Accept-Encoding,Origin
content-type: text/css;charset=utf-8
x-middleton-display: processcss, staticcontent_sol
cache-control: max-age=172800
x-middleton-response: 200
x-sol: middleton
content-length: 897
expires: Sat, 12 Jun 2021 17:52:33 GMT

GET
H2 200 command-windows.png
commandwindows.com/graphics/ 7 KB
7 KB 200ms
199ms Image
image/png 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://commandwindows.com/graphics/command-windows.png?ecb=194-1
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 0280b3f24cb632b54830216ae0ea2e888adf56eed9dfd5ada84811d58fe772de

Request headers

:path: /graphics/command-windows.png?ecb=194-1
pragma: no-cache
cookie: ezoadgid_146=-1; ezoref_146=; ezoab_146=mod1; active_template::146=%2Farticle%2Fgrayscale.1623347676; ezopvc_146=1; ezepvv=0; ezovid_146=431109339; ezovuuidtime_146=1623347676; ezovuuid_146=5ff8d63c-403d-481b-7a20-72d8e53e121c; ezCMPCCS=false
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:37 GMT
content-encoding: br
response: 200
last-modified: Wed, 02 Jun 2021 21:58:41 GMT
server: nginx/1.16.0
display: staticcontent_sol, staticcontent_sol
etag: "5e8625-1afc-4e565c1c1be00-gzip"
vary: Accept-Encoding Origin,Accept-Encoding
content-type: image/png
x-middleton-display: staticcontent_sol, staticcontent_sol
cache-control: max-age=604800
x-middleton-response: 200
expires: Thu, 17 Jun 2021 17:54:09 GMT

GET
H2 200 plusone.js Show response
apis.google.com/js/ 54 KB
21 KB 44ms
25ms Script
application/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/plusone.js

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4d097a0116293da844fdeeaa11f41dd941e511e6df699ff2195e8499de8a42fd

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-UpNCF3JZcZolApHheEgeAg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
x-ua-compatible: IE=edge, chrome=1
server: ESF
x-frame-options: SAMEORIGIN
etag: "920a6e51949cf2eec053a3396b28fac1"
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
content-security-policy: script-src 'report-sample' 'nonce-UpNCF3JZcZolApHheEgeAg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin: *
expires: Thu, 10 Jun 2021 17:54:37 GMT

GET
H2 200 footer_logo_light.gif
commandwindows.com/graphics/ 4 KB
4 KB 197ms
196ms Image
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://commandwindows.com/graphics/footer_logo_light.gif
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 8b988d1d4d7625ce5d8cb96e2c06bdd5ce1049f17b82604926db091297b5270d

Request headers

:path: /graphics/footer_logo_light.gif
pragma: no-cache
cookie: ezoadgid_146=-1; ezoref_146=; ezoab_146=mod1; active_template::146=%2Farticle%2Fgrayscale.1623347676; ezopvc_146=1; ezepvv=0; ezovid_146=431109339; ezovuuidtime_146=1623347676; ezovuuid_146=5ff8d63c-403d-481b-7a20-72d8e53e121c; ezCMPCCS=false
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:37 GMT
content-encoding: br
response: 200
last-modified: Wed, 02 Jun 2021 21:58:41 GMT
server: nginx/1.16.0
display: staticcontent_sol, staticcontent_sol
etag: "5e8627-f7e-4e565c1c1be00-gzip"
vary: Accept-Encoding Origin,Accept-Encoding
content-type: image/gif
x-middleton-display: staticcontent_sol, staticcontent_sol
cache-control: max-age=604800
x-middleton-response: 200
content-length: 3858
expires: Thu, 17 Jun 2021 17:52:12 GMT

GET
H2 200 ezoic.png
go.ezoic.net/utilcave_com/img/ 1 KB
2 KB 25ms
8ms Image
image/png 2600:9000:2156:1800:2:cb38:840:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://go.ezoic.net/utilcave_com/img/ezoic.png
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:1800:2:cb38:840:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: e1a156c3daa4ae0c41f21ef266131ca5a34d56695e3d860b232da142ef031234

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 02:36:22 GMT
via: 1.1 6b8ac2d6d64dc42007741d312e2d73ab.cloudfront.net (CloudFront)
x-sol: middleton
age: 400695
x-cache: Hit from cloudfront
x-middleton-display: staticcontent_sol
content-length: 1181
x-amz-cf-id: EXqNolrZ1bsaa3Ig8Vq8a_vJ4HrLLLMsxJfmYSPAZdIFS1F29Serog==
last-modified: Fri, 28 May 2021 00:46:16 GMT
server: nginx/1.16.0
etag: "49d-5bd497273b080-gzip-gzip"
vary: Accept-Encoding,Accept-Encoding
content-type: image/png
cache-control: max-age=604800
x-amz-cf-pop: FRA50-C1
display: staticcontent_sol
expires: Sun, 13 Jun 2021 02:36:22 GMT

GET
H2 200 augusta.js Show response
commandwindows.com/detroitchicago/ 2 KB
721 B 10ms
10ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/detroitchicago/augusta.js?cb=12
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 3ab790f0057f16ba85f2ef67be0e5109dfffa102cda0356dadb2b0a4f4d14b41

Request headers

:path: /detroitchicago/augusta.js?cb=12
pragma: no-cache
cookie: ezoadgid_146=-1; ezoref_146=; ezoab_146=mod1; active_template::146=%2Farticle%2Fgrayscale.1623347676; ezopvc_146=1; ezepvv=0; ezovid_146=431109339; ezovuuidtime_146=1623347676; ezovuuid_146=5ff8d63c-403d-481b-7a20-72d8e53e121c; ezCMPCCS=false
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:37 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex
content-length: 688

GET
H2 200 altconsent.js Show response
ezodn.com/cmp/ 396 KB
93 KB 66ms
44ms Script
application/javascript 2606:4700:3032::ac43:b890
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ezodn.com/cmp/altconsent.js?v=8
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:b890 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 33b0e16e10bede6f307255874e70adb6ec77a8490801c94b570831388838ed61

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:37 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 08 Apr 2021 07:56:09 GMT
server: cloudflare
age: 603448
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Rs29LBtpBwNqkUIjhPPDTfwv4hsChoI83P4l6n6WLCcnBypXZEMkSdWX4WKAAY9nwx2cEOHtzkKh1xh%2FQ3ZWNiH048rSf1TUrzZdA3Gya4R%2FOI9Nrt7GB4l2rIc2lc33l8zg"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 65d477466c87d721-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a98a8e0030000d721ec26b000000001

GET
H2 200 ezcl.webp Show response
commandwindows.com/utilcave_com/inc/ 1 KB
976 B 23ms
22ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/utilcave_com/inc/ezcl.webp?cb=4
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 1c5ad2fd42dffdf04a0f1d757c1cccb4d840218d7ecada79d6cc9db33ca40319

Request headers

:path: /utilcave_com/inc/ezcl.webp?cb=4
pragma: no-cache
cookie: ezoadgid_146=-1; ezoref_146=; ezoab_146=mod1; active_template::146=%2Farticle%2Fgrayscale.1623347676; ezopvc_146=1; ezepvv=0; ezovid_146=431109339; ezovuuidtime_146=1623347676; ezovuuid_146=5ff8d63c-403d-481b-7a20-72d8e53e121c; ezCMPCCS=false
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:37 GMT
content-encoding: br
x-sol: middleton
server: nginx/1.16.0
display: staticcontent_sol
vary: Accept-Encoding Accept-Encoding
content-type: application/javascript
x-middleton-display: staticcontent_sol
cache-control: max-age=86400
set-cookie: ezoab_146=mod1; Path=/; Domain=commandwindows.com; Expires=Thu, 10 Jun 2021 19:54:37 UTC ezoadgid_146=-1; Path=/; Domain=commandwindows.com; Expires=Thu, 10 Jun 2021 18:24:37 UTC ezoref_146=; Path=/; Domain=commandwindows.com; Expires=Thu, 10 Jun 2021 19:54:37 UTC active_template::146=%2Farticle%2Fgrayscale.1623347677; Path=/; Domain=commandwindows.com; Expires=Sat, 12 Jun 2021 17:54:37 UTC
content-length: 605

GET
H2 200 houston.js Show response
commandwindows.com/detroitchicago/ 3 KB
1 KB 10ms
9ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/detroitchicago/houston.js?gcb=1&cb=36
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 1d6f7818a09adfc9c11ff7110eb866179ef9d36a3625cd1c02e23292d315daaa

Request headers

:path: /detroitchicago/houston.js?gcb=1&cb=36
pragma: no-cache
cookie: ezoadgid_146=-1; ezoref_146=; ezoab_146=mod1; ezopvc_146=1; ezepvv=0; ezovid_146=431109339; ezovuuidtime_146=1623347676; ezovuuid_146=5ff8d63c-403d-481b-7a20-72d8e53e121c; ezCMPCCS=false; active_template::146=%2Farticle%2Fgrayscale.1623347677
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:37 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex
content-length: 1163

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 62 KB
21 KB 34ms
14ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

sffe /

Resource Hash

4fa130b2ad67bd88b0865097551bb1d189565b1851051e412fb75396a9179ba5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "898 / 415 of 1000 / last-modified: 1623343493"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21437
x-xss-protection: 0
expires: Thu, 10 Jun 2021 17:54:37 GMT

GET
H2 200 banger.js Show response
commandwindows.com/porpoiseant/ 43 KB
10 KB 11ms
11ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/porpoiseant/banger.js?cb=194-1&bv=19&v=51&PageSpeed=off
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 49b4590226bef6c7dcb22c0b11a0b97870947589e4e74d0a8c6269fb157e9a90

Request headers

:path: /porpoiseant/banger.js?cb=194-1&bv=19&v=51&PageSpeed=off
pragma: no-cache
cookie: ezoadgid_146=-1; ezoref_146=; ezoab_146=mod1; ezopvc_146=1; ezepvv=0; ezovid_146=431109339; ezovuuidtime_146=1623347676; ezovuuid_146=5ff8d63c-403d-481b-7a20-72d8e53e121c; ezCMPCCS=false; active_template::146=%2Farticle%2Fgrayscale.1623347677
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:37 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex

GET
H2 200 memphis.js Show response
commandwindows.com/detroitchicago/ 5 KB
2 KB 10ms
9ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/detroitchicago/memphis.js?gcb=194-1&cb=7
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 9c8cf38d1dee0b9ea30d20299c7cd8fa25b9d646c6bd86d364313aa04f009cac

Request headers

:path: /detroitchicago/memphis.js?gcb=194-1&cb=7
pragma: no-cache
cookie: ezoadgid_146=-1; ezoref_146=; ezoab_146=mod1; ezopvc_146=1; ezepvv=0; ezovid_146=431109339; ezovuuidtime_146=1623347676; ezovuuid_146=5ff8d63c-403d-481b-7a20-72d8e53e121c; ezCMPCCS=false; active_template::146=%2Farticle%2Fgrayscale.1623347677
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:37 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex
content-length: 1523

GET
H2 200 minneapolis.js Show response
commandwindows.com/detroitchicago/ 864 B
452 B 11ms
8ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/detroitchicago/minneapolis.js?gcb=194-1&cb=3
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 5578a62b81f315375d072cfe506fc13813e844f94c910bdb15ce20e1fc3ef50a

Request headers

:path: /detroitchicago/minneapolis.js?gcb=194-1&cb=3
pragma: no-cache
cookie: ezoadgid_146=-1; ezoref_146=; ezoab_146=mod1; ezopvc_146=1; ezepvv=0; ezovid_146=431109339; ezovuuidtime_146=1623347676; ezovuuid_146=5ff8d63c-403d-481b-7a20-72d8e53e121c; ezCMPCCS=false; active_template::146=%2Farticle%2Fgrayscale.1623347677; ezouspvv=0; ezouspva=0; _pbjs_userid_consent_data=3524755945110770
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:37 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex
content-length: 419

GET
H2 200 raleigh.js Show response
commandwindows.com/detroitchicago/ 2 KB
804 B 10ms
9ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/detroitchicago/raleigh.js?gcb=194-1&cb=5
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: f69dfe383fe0ef66df2c8de098fda546a826801c150ec22e7e09b8020b221dae

Request headers

:path: /detroitchicago/raleigh.js?gcb=194-1&cb=5
pragma: no-cache
cookie: ezoadgid_146=-1; ezoref_146=; ezoab_146=mod1; ezopvc_146=1; ezepvv=0; ezovid_146=431109339; ezovuuidtime_146=1623347676; ezovuuid_146=5ff8d63c-403d-481b-7a20-72d8e53e121c; ezCMPCCS=false; active_template::146=%2Farticle%2Fgrayscale.1623347677; ezouspvv=0; ezouspva=0; _pbjs_userid_consent_data=3524755945110770
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:37 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex
content-length: 771

GET
H2 200 tampa.js Show response
commandwindows.com/detroitchicago/ 773 B
440 B 10ms
9ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/detroitchicago/tampa.js?gcb=194-1&cb=3
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: c80203c7eae413cecc09a4ed0974e31a8538060cddd5bc1f1a5bfa53db672c9e

Request headers

:path: /detroitchicago/tampa.js?gcb=194-1&cb=3
pragma: no-cache
cookie: ezoadgid_146=-1; ezoref_146=; ezoab_146=mod1; ezopvc_146=1; ezepvv=0; ezovid_146=431109339; ezovuuidtime_146=1623347676; ezovuuid_146=5ff8d63c-403d-481b-7a20-72d8e53e121c; ezCMPCCS=false; active_template::146=%2Farticle%2Fgrayscale.1623347677; ezouspvv=0; ezouspva=0; _pbjs_userid_consent_data=3524755945110770
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:37 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex
content-length: 407

GET
H2 200 jass.head.js Show response
commandwindows.com/jass/ 50 KB
15 KB 13ms
12ms Script
text/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/jass/jass.head.js?cb=85
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 160b8958c636851c64813685c13d067eb1e68f55c97e334a9d859227cd703d71

Request headers

:path: /jass/jass.head.js?cb=85
pragma: no-cache
cookie: ezoadgid_146=-1; ezoref_146=; ezoab_146=mod1; ezopvc_146=1; ezepvv=0; ezovid_146=431109339; ezovuuidtime_146=1623347676; ezovuuid_146=5ff8d63c-403d-481b-7a20-72d8e53e121c; ezCMPCCS=false; active_template::146=%2Farticle%2Fgrayscale.1623347677; ezouspvv=0; ezouspva=0; _pbjs_userid_consent_data=3524755945110770
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 10 Jun 2021 17:54:37 GMT
content-encoding: br
server: nginx/1.16.0
cache-control: max-age=31536000
vary: Accept-Encoding Accept-Encoding
content-type: text/javascript

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ 0
314 B 27ms
26ms XHR
text/plain 52.222.200.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=aa05931b-5308-4ea3-95a2-adf84f4ffde4&u=https%3A%2F%2Fcommandwindows.com%2F
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.200.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-200-121.cdg50.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 11:43:55 GMT
via: 1.1 c77cf9ec92c5b3b895af521940f61fb8.cloudfront.net (CloudFront)
server: Server
age: 22242
x-cache: Hit from cloudfront
access-control-allow-origin: https://commandwindows.com
cache-control: max-age=86087, s-maxage=86400
access-control-allow-credentials: true
x-amz-cf-pop: CDG50-P2
x-amz-cf-id: SOFlABMGjtHQVCRcQW06MUA7IOcmYk0fTmhYqjDE6IujqBRhdOcxIw==

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
373 B 49ms
48ms XHR
text/javascript 52.222.200.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fcommandwindows.com%2F&pid=bB1Qwt4c4YLCE&cb=0&ws=1600x1200&v=7.66.00&t=2000&slots=%5B%7B%22sd%22%3A%220%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F104418548%2Fcommandwindows_com-medrectangle-2%22%7D%2C%7B%22sd%22%3A%221%22%2C%22s%22%3A%5B%22300x600%22%2C%22160x600%22%5D%2C%22sn%22%3A%22%2F104418548%2Fcommandwindows_com-banner-2%22%7D%2C%7B%22sd%22%3A%222%22%2C%22s%22%3A%5B%22250x250%22%5D%2C%22sn%22%3A%22%2F104418548%2Fcommandwindows_com-box-4%22%7D%2C%7B%22sd%22%3A%223%22%2C%22s%22%3A%5B%22300x600%22%2C%22160x600%22%5D%2C%22sn%22%3A%22%2F104418548%2Fcommandwindows_com-box-1%22%7D%2C%7B%22sd%22%3A%224%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F104418548%2Fcommandwindows_com-box-2%22%7D%5D&cfgv=0&schain=1.0%2C1!ezoic.ai%2Cc58b3949b5c3a53357e53016653adaee%2C1%2C%2C%2C&pubid=aa05931b-5308-4ea3-95a2-adf84f4ffde4&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.200.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-200-121.cdg50.r.cloudfront.net
Software: Server /
Resource Hash: 745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:37 GMT
via: 1.1 c77cf9ec92c5b3b895af521940f61fb8.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: CDG50-P2
vary: User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://commandwindows.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: XzYiun3ghnUuoO4-LMbnLZxULc7nQGy5Ad1xcfpt4XD1lrxH6-dY8Q==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 50ms
17ms XHR
application/javascript 52.222.200.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.200.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-200-121.cdg50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: eEYYOb32LZFr6yGAi8hXG4401uAIPew2
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 82967
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Wed, 07 Apr 2021 05:49:36 GMT
server: AmazonS3
date: Wed, 09 Jun 2021 18:51:51 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 e36c32cacca3348932522b77d9a47dca.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: CDG50-P2
x-amz-cf-id: 2LXb4Shpf8CF3GUg1GEcdcKCul3-Cfk9gb8Rql9sZszjflym5vOGdQ==

GET
H3-29 200 pubads_impl_2021060901.js Show response
securepubads.g.doubleclick.net/gpt/ 326 KB
114 KB 23ms
22ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

sffe /

Resource Hash

3dc0b6e4edbfc8d6d8446e112130624fd05d7b8a8cfe62839046fc733c8b19a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Jun 2021 08:43:05 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 116890
x-xss-protection: 0
expires: Thu, 10 Jun 2021 17:54:37 GMT

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 46ms
14ms Preflight
application/json 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fcommandwindows.com%2F&domain=commandwindows.com&cw=1

Protocol

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://commandwindows.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
strict-transport-security: max-age=31536000
access-control-allow-origin: https://commandwindows.com
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1155
date: Thu, 10 Jun 2021 17:54:37 GMT
content-encoding: gzip
vary: Accept-Encoding

GET
H2

200

sid Show response
mug.criteo.com/
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fcommandwindows.com%2F&domain=commandwindows.com&cw=1
https://mug.criteo.com/sid?cpp=IkW5e3x2a25uUkxQcGVoMTNhWWp0aE5vU1NjRDBuYmFpMnJrU08wR1d0MDROazZoZHlnanI2alNjYWZqVVZjOTA0V0dMOFltU09mSkVBVkNqQ204SnMvcEc4UlI4WWJ1RlRLUUpCSVNLZ2Y4cGZpV0ViakJSSk5tUlk3Lz...

347 B
632 B

42ms
15ms

XHR
application/json

178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=IkW5e3x2a25uUkxQcGVoMTNhWWp0aE5vU1NjRDBuYmFpMnJrU08wR1d0MDROazZoZHlnanI2alNjYWZqVVZjOTA0V0dMOFltU09mSkVBVkNqQ204SnMvcEc4UlI4WWJ1RlRLUUpCSVNLZ2Y4cGZpV0ViakJSSk5tUlk3LzJxV1VjZC9TTWxuNERlKzJWSGNOdkFWb2RTN211NHpUMnNPdDRTS1JiQS9RNEhMN25CVnhnV2J4cnpGcE0wenQ5ZUNsbGdWd0kvK3JWeHBrZHY3dVhYTnVQNm1yelRYa3gvcmpvS0cvV0VnTjVPL1h5SnJzPXw&cppv=2

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

4e3cb1a2b68a23ad3a0882885045a67625e2404a40a09192465af27dc5c2ecef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
date: Thu, 10 Jun 2021 17:54:37 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2113
expires: 0

Redirect headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Thu, 10 Jun 2021 17:54:37 GMT
location: https://mug.criteo.com/sid?cpp=IkW5e3x2a25uUkxQcGVoMTNhWWp0aE5vU1NjRDBuYmFpMnJrU08wR1d0MDROazZoZHlnanI2alNjYWZqVVZjOTA0V0dMOFltU09mSkVBVkNqQ204SnMvcEc4UlI4WWJ1RlRLUUpCSVNLZ2Y4cGZpV0ViakJSSk5tUlk3LzJxV1VjZC9TTWxuNERlKzJWSGNOdkFWb2RTN211NHpUMnNPdDRTS1JiQS9RNEhMN25CVnhnV2J4cnpGcE0wenQ5ZUNsbGdWd0kvK3JWeHBrZHY3dVhYTnVQNm1yelRYa3gvcmpvS0cvV0VnTjVPL1h5SnJzPXw&cppv=2
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://commandwindows.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1525
content-length: 482
expires: 0

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 603 B
1 KB 125ms
94ms XHR
application/json 185.33.220.240
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=appnexus,ix,oftmedia,onetag,openx,pubmatic,rhythmone&cb=194-1-22

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.240 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

717.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

dffc5094a1944f9e0f4f1fffeecfe22502dfe74602220895120ecf8a26f34d37

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 10 Jun 2021 17:54:37 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 82.102.16.185; 82.102.16.185; 717.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.167:80
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: f7c08175-0f7e-4d9c-8946-4b21c17f2d61
Server: nginx/1.17.9
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://commandwindows.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 prebid-request Show response
onetag-sys.com/ 15 B
370 B 35ms
15ms XHR
application/json 51.89.9.253
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/prebid-request

Requested by

Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=appnexus,ix,oftmedia,onetag,openx,pubmatic,rhythmone&cb=194-1-22

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.253 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip253.ip-51-89-9.eu

Software

Resource Hash

663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
access-control-allow-origin: https://commandwindows.com
cache-control: no-transform, no-cache
access-control-allow-credentials: true
content-type: application/json
access-control-allow-headers: content-type, origin, referer, user-agent

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 493 B
1 KB 125ms
98ms XHR
application/json 185.33.220.240
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=appnexus,ix,oftmedia,onetag,openx,pubmatic,rhythmone&cb=194-1-22

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.240 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

717.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

61c594d28088d85f871844ffafd76abd358d7c358fc313f0fab548b6654802d4

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:37 GMT
X-Proxy-Origin: 82.102.16.185; 82.102.16.185; 717.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.223.145:80
AN-X-Request-Uuid: 01a95a2c-019e-4788-80e5-5efbdac5f7b2
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://commandwindows.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 493
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
118 B 78ms
49ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=appnexus,ix,oftmedia,onetag,openx,pubmatic,rhythmone&cb=194-1-22
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://commandwindows.com
date: Thu, 10 Jun 2021 17:54:37 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H2 200 arj Show response
ezoic-d.openx.net/w/1.0/ 172 B
561 B 35ms
20ms XHR
application/json 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ezoic-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fcommandwindows.com%2F&ch=windows-1252&res=1600x1200x24&ifr=false&tz=-120&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=eaf98df9-74f2-42a6-8c2f-a46f8d32a0da%2C346b9b27-60b9-4005-bf38-0f400ccad011%2C80a4763b-1c77-40b0-8034-e99a5fa06a97%2C7fc729d6-8643-41d5-9cd0-6d6e55f6ac43&nocache=1623347677848&schain=1.0%2C1!ezoic.ai%2Cc58b3949b5c3a53357e53016653adaee%2C1%2C%2C%2C&aus=728x90%7C300x600%2C160x600%7C300x600%2C160x600%7C728x90&divIds=div-gpt-ad-commandwindows_com-medrectangle-2-0%2Cdiv-gpt-ad-commandwindows_com-banner-2-0%2Cdiv-gpt-ad-commandwindows_com-box-1-0%2Cdiv-gpt-ad-commandwindows_com-box-2-0&auid=538151782%2C538151779%2C538151779%2C538151782
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=appnexus,ix,oftmedia,onetag,openx,pubmatic,rhythmone&cb=194-1-22
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.208.0 /
Resource Hash: a191197c3f5a5965a00a9cd71c3270ce3f2ca55bfc5eca06303f7b990e5c6da9

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:37 GMT
content-encoding: gzip
server: OXGW/16.208.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://commandwindows.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 163
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 19 KB
9 KB 282ms
262ms XHR
application/json 2.21.111.28
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=305141&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%2229ecaeb675e5391%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fcommandwindows.com%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22mfu%22%3A0%2C%22bu%22%3A4%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allU%22%3A4%2C%22ren%22%3Afalse%2C%22version%22%3A%224.27.0%22%2C%22msd%22%3A2%2C%22msi%22%3A2%7D%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22ezoic.ai%22%2C%22sid%22%3A%22c58b3949b5c3a53357e53016653adaee%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2230a7b68932d8a19%22%2C%22ext%22%3A%7B%22siteID%22%3A%22305141%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2231d32cbf30694ba%22%2C%22ext%22%3A%7B%22siteID%22%3A%22305145%22%2C%22sid%22%3A%22300x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22325b64305ffc784%22%2C%22ext%22%3A%7B%22siteID%22%3A%22305136%22%2C%22sid%22%3A%22300x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22337d0b83ea86916%22%2C%22ext%22%3A%7B%22siteID%22%3A%22305137%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2231d32cbf30694ba%22%2C%22ext%22%3A%7B%22siteID%22%3A%22305145%22%2C%22sid%22%3A%22160x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A160%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22325b64305ffc784%22%2C%22ext%22%3A%7B%22siteID%22%3A%22305136%22%2C%22sid%22%3A%22160x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A160%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%5D%7D
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=appnexus,ix,oftmedia,onetag,openx,pubmatic,rhythmone&cb=194-1-22
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.21.111.28 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-111-28.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 5745b0df5bcc2a347423d33f0568830c1827bef979108651948fb97eab5d547e

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:38 GMT
content-encoding: gzip
x-ak-initial-geo: CC:[DE], RC:[HE], CN:[EU], CIP:[82.102.16.185], XFF:[]
server: Apache
vary: Is-Traffic-Invalid,Accept-Encoding
content-type: application/json
access-control-allow-origin: https://commandwindows.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 8421
x-ak-client-geo: 12
expires: Thu, 10 Jun 2021 17:54:38 GMT

POST
H2 204 mvo Show response
tag.1rx.io/rmp/215626/0/ 0
174 B 57ms
26ms XHR
text/plain 213.19.147.42
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.1rx.io/rmp/215626/0/mvo?z=1r&hbv=4.27,2.1
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=appnexus,ix,oftmedia,onetag,openx,pubmatic,rhythmone&cb=194-1-22
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.42 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Tengine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://commandwindows.com
pragma: no-cache
date: Thu, 10 Jun 2021 17:54:37 GMT
cache-control: private, max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: Tengine

GET
H2 200 nmash.js
commandwindows.com/porpoiseant/ 33 KB
9 KB 12ms
10ms Other
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/porpoiseant/nmash.js?v=19
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 0b9a8a3f27fa969797b4fbec0716dcacd5aaa38202277691d7baf41a540963fd

Request headers

:path: /porpoiseant/nmash.js?v=19
pragma: no-cache
cookie: ezoadgid_146=-1; ezoref_146=; ezoab_146=mod1; ezopvc_146=1; ezepvv=0; ezovid_146=431109339; ezovuuidtime_146=1623347676; ezovuuid_146=5ff8d63c-403d-481b-7a20-72d8e53e121c; ezCMPCCS=false; active_template::146=%2Farticle%2Fgrayscale.1623347677; ezouspvv=0; ezouspva=0; _pbjs_userid_consent_data=3524755945110770
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: same-origin
accept: */*
cache-control: no-cache
sec-fetch-dest: worker
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:37 GMT
content-encoding: br
last-modified: Wed, 02 Jun 2021 21:58:41 GMT
server: nginx/1.16.0
etag: "854d-5c3cf8fc12640;5c3cf8fc12640-gzip"
vary: Accept-Encoding Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000, public
accept-ranges: bytes
x-robots-tag: noindex

GET
H2 204 fix Show response
commandwindows.com/jass/ 0
44 B 9ms
9ms XHR
application/json 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/jass/fix?headDomain=commandwindows.com&type=headDomain&url=commandwindows.com
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /jass/fix?headDomain=commandwindows.com&type=headDomain&url=commandwindows.com
pragma: no-cache
cookie: ezoadgid_146=-1; ezoref_146=; ezoab_146=mod1; ezopvc_146=1; ezepvv=0; ezovid_146=431109339; ezovuuidtime_146=1623347676; ezovuuid_146=5ff8d63c-403d-481b-7a20-72d8e53e121c; ezCMPCCS=false; active_template::146=%2Farticle%2Fgrayscale.1623347677; ezouspvv=0; ezouspva=0; _pbjs_userid_consent_data=3524755945110770; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 10 Jun 2021 17:54:37 GMT
cache-control: max-age=300, private
server: nginx/1.16.0
vary: Accept-Encoding
content-type: application/json

GET
H2 200 rochester.js Show response
commandwindows.com/detroitchicago/ 3 KB
942 B 10ms
9ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/detroitchicago/rochester.js?gcb=194-1&cb=10
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: b25d60344a243968e6588253f0e2ba19cd2847e72627c4fb70f8efb125366891

Request headers

:path: /detroitchicago/rochester.js?gcb=194-1&cb=10
pragma: no-cache
cookie: ezoadgid_146=-1; ezoref_146=; ezoab_146=mod1; ezopvc_146=1; ezepvv=0; ezovid_146=431109339; ezovuuidtime_146=1623347676; ezovuuid_146=5ff8d63c-403d-481b-7a20-72d8e53e121c; ezCMPCCS=false; active_template::146=%2Farticle%2Fgrayscale.1623347677; ezouspvv=0; ezouspva=0; _pbjs_userid_consent_data=3524755945110770; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:37 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex
content-length: 909

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 42ms
14ms Preflight
application/json 178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
strict-transport-security: max-age=31536000
access-control-allow-origin: null
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1096
date: Thu, 10 Jun 2021 17:54:37 GMT
content-encoding: gzip
vary: Accept-Encoding

GET
H2 200 imp.gif Show response
commandwindows.com/detroitchicago/ 43 B
143 B 11ms
11ms XHR
image/gif 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/detroitchicago/imp.gif?e=%7B%22ad_cache_level%22%3A0%2C%22ad_count_adjustment%22%3A1%2C%22ad_lazyload_version%22%3A5%2C%22ad_load_version%22%3A0%2C%22ad_location_ids%22%3A%225%2C31%2C3%2C0%2C1%22%2C%22ad_transform_level%22%3A0%2C%22adx_ad_count%22%3A5%2C%22bidder_method%22%3A3%2C%22bidder_version%22%3A5%2C%22city%22%3A%22Frankfurt%20am%20Main%22%2C%22country%22%3A%22DE%22%2C%22days_since_last_visit%22%3A-1%2C%22display_ad_count%22%3A4%2C%22domain_id%22%3A146%2C%22ds_adsize_opt_id%22%3A-1%2C%22engaged_time_visit%22%3A0%2C%22ezcache_level%22%3A0%2C%22ezcache_skip_code%22%3A0%2C%22form_factor_id%22%3A1%2C%22framework_id%22%3A1%2C%22has_bad_image%22%3A0%2C%22has_bad_words%22%3A0%2C%22iab_category%22%3A%22%22%2C%22iab_category_0%22%3A%22596%22%2C%22iab_category_1%22%3A%22615%22%2C%22is_from_recommended_pages%22%3Afalse%2C%22is_return_visitor%22%3Afalse%2C%22is_sitespeed%22%3A0%2C%22last_page_load%22%3A%22%22%2C%22last_pageview_id%22%3A%22%22%2C%22lt_cache_level%22%3A2%2C%22max_ads%22%3A3%2C%22metro_code%22%3A0%2C%22optimization_version%22%3A4%2C%22page_ad_positions%22%3A%221000%2C1001%2C1003%2C1005%2C1031%22%2C%22page_view_count%22%3A0%2C%22page_view_id%22%3A%22dd3d8375-41d1-4066-4a9f-ad5779d74857%22%2C%22position_selection_id%22%3A26%2C%22postal_code%22%3A%2260326%22%2C%22pv_event_count%22%3A0%2C%22response_size_orig%22%3A0%2C%22response_time_orig%22%3A59%2C%22serverid%22%3A%223.67.98.35%3A16881%22%2C%22state%22%3A%22HE%22%2C%22sub_page_ad_positions%22%3A%221031%2C1200%2C1224%2C1261%2C1300%22%2C%22t_epoch%22%3A1623347676%2C%22template_id%22%3A30%2C%22time_on_site_visit%22%3A0%2C%22url%22%3A%22https%3A%2F%2Fcommandwindows.com%2F%22%2C%22user_id%22%3A0%2C%22word_count%22%3A655%2C%22worst_bad_word_level%22%3A0%7D
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

:path: /detroitchicago/imp.gif?e=%7B%22ad_cache_level%22%3A0%2C%22ad_count_adjustment%22%3A1%2C%22ad_lazyload_version%22%3A5%2C%22ad_load_version%22%3A0%2C%22ad_location_ids%22%3A%225%2C31%2C3%2C0%2C1%22%2C%22ad_transform_level%22%3A0%2C%22adx_ad_count%22%3A5%2C%22bidder_method%22%3A3%2C%22bidder_version%22%3A5%2C%22city%22%3A%22Frankfurt%20am%20Main%22%2C%22country%22%3A%22DE%22%2C%22days_since_last_visit%22%3A-1%2C%22display_ad_count%22%3A4%2C%22domain_id%22%3A146%2C%22ds_adsize_opt_id%22%3A-1%2C%22engaged_time_visit%22%3A0%2C%22ezcache_level%22%3A0%2C%22ezcache_skip_code%22%3A0%2C%22form_factor_id%22%3A1%2C%22framework_id%22%3A1%2C%22has_bad_image%22%3A0%2C%22has_bad_words%22%3A0%2C%22iab_category%22%3A%22%22%2C%22iab_category_0%22%3A%22596%22%2C%22iab_category_1%22%3A%22615%22%2C%22is_from_recommended_pages%22%3Afalse%2C%22is_return_visitor%22%3Afalse%2C%22is_sitespeed%22%3A0%2C%22last_page_load%22%3A%22%22%2C%22last_pageview_id%22%3A%22%22%2C%22lt_cache_level%22%3A2%2C%22max_ads%22%3A3%2C%22metro_code%22%3A0%2C%22optimization_version%22%3A4%2C%22page_ad_positions%22%3A%221000%2C1001%2C1003%2C1005%2C1031%22%2C%22page_view_count%22%3A0%2C%22page_view_id%22%3A%22dd3d8375-41d1-4066-4a9f-ad5779d74857%22%2C%22position_selection_id%22%3A26%2C%22postal_code%22%3A%2260326%22%2C%22pv_event_count%22%3A0%2C%22response_size_orig%22%3A0%2C%22response_time_orig%22%3A59%2C%22serverid%22%3A%223.67.98.35%3A16881%22%2C%22state%22%3A%22HE%22%2C%22sub_page_ad_positions%22%3A%221031%2C1200%2C1224%2C1261%2C1300%22%2C%22t_epoch%22%3A1623347676%2C%22template_id%22%3A30%2C%22time_on_site_visit%22%3A0%2C%22url%22%3A%22https%3A%2F%2Fcommandwindows.com%2F%22%2C%22user_id%22%3A0%2C%22word_count%22%3A655%2C%22worst_bad_word_level%22%3A0%7D
pragma: no-cache
cookie: ezoadgid_146=-1; ezoref_146=; ezoab_146=mod1; ezopvc_146=1; ezepvv=0; ezovid_146=431109339; ezovuuidtime_146=1623347676; ezovuuid_146=5ff8d63c-403d-481b-7a20-72d8e53e121c; ezCMPCCS=false; active_template::146=%2Farticle%2Fgrayscale.1623347677; ezouspvv=0; ezouspva=0; _pbjs_userid_consent_data=3524755945110770; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:38 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding Accept-Encoding
content-type: image/gif
x-middleton-display: imp_sol
cache-control: no-cache, no-store, must-revalidate, max-age=0
content-length: 47

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 5771
date: Thu, 10 Jun 2021 16:18:27 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17168
expires: Thu, 10 Jun 2021 18:18:27 GMT

GET
H2 200 img.webp
commandwindows.com/utilcave_com/middleton/ 14 KB
14 KB 18ms
18ms Image
image/png 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://commandwindows.com/utilcave_com/middleton/img.webp?cb=1&dirname=commandwindows_com&img=%2Farticle%2Fcss%2F..%2Fimages%2FsnowBG.png
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/utilcave_com/templates/combine.php?solCombine=1&dirname=commandwindows_com&ezcb=194-1&d=commandwindows.com&css=%2Futilcave_com%2Fmiddleton%2Fcss.php%3FsolCSS%3D1%26css%3D%2Farticle%2Fcss%2Fgrayscale_emogrify.scss%26ezcb%3D194-1%26tdir%3D%2Farticle%2F%26scss%3D1%26dirname%3Dcommandwindows_com%26did%3D146%26eztmp%3D1%26ezcss%3D1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 2d62387ccb392e7adc19bc2c04a883f83b29a90697d639e07a2e477e09a9ef70

Request headers

:path: /utilcave_com/middleton/img.webp?cb=1&dirname=commandwindows_com&img=%2Farticle%2Fcss%2F..%2Fimages%2FsnowBG.png
pragma: no-cache
cookie: ezoadgid_146=-1; ezoref_146=; ezoab_146=mod1; ezopvc_146=1; ezepvv=0; ezovid_146=431109339; ezovuuidtime_146=1623347676; ezovuuid_146=5ff8d63c-403d-481b-7a20-72d8e53e121c; ezCMPCCS=false; active_template::146=%2Farticle%2Fgrayscale.1623347677; ezouspvv=0; ezouspva=0; _pbjs_userid_consent_data=3524755945110770; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; cto_bidid=_de7eF9rUnJsNmFHOVdaMWNXZU1CUjJtNmhrT1BMSFU2ZEpJSFgxdWRoRTB6UU15Q1JRNnpTdXNXUENKWVNnQW52aVc2JTJGclpjdHRPSUNjeW1obDBtbkdIM1lBJTNEJTNE; cto_bundle=28pBK192VFBSdjVpM0FNcHBSenJjVGd0ZHlRRk9KeGJxWmdLdVUxN04xSHd0MlhuYnp0NXo5YWlRcXRpV1FXdzcxT1hIaHczMGFJQkpaTWVpMTEyQXB5VmUySiUyQnVHZEdjbkhzMFZMSnolMkJjbEtOWjJwNm4zeDFEJTJGR3pSOWdPeCUyQjglMkZQTjg
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: commandwindows.com
referer: https://commandwindows.com/utilcave_com/templates/combine.php?solCombine=1&dirname=commandwindows_com&ezcb=194-1&d=commandwindows.com&css=%2Futilcave_com%2Fmiddleton%2Fcss.php%3FsolCSS%3D1%26css%3D%2Farticle%2Fcss%2Fgrayscale_emogrify.scss%26ezcb%3D194-1%26tdir%3D%2Farticle%2F%26scss%3D1%26dirname%3Dcommandwindows_com%26did%3D146%26eztmp%3D1%26ezcss%3D1
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/utilcave_com/templates/combine.php?solCombine=1&dirname=commandwindows_com&ezcb=194-1&d=commandwindows.com&css=%2Futilcave_com%2Fmiddleton%2Fcss.php%3FsolCSS%3D1%26css%3D%2Farticle%2Fcss%2Fgrayscale_emogrify.scss%26ezcb%3D194-1%26tdir%3D%2Farticle%2F%26scss%3D1%26dirname%3Dcommandwindows_com%26did%3D146%26eztmp%3D1%26ezcss%3D1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:38 GMT
content-encoding: br
x-sol: middleton
server: nginx/1.16.0
display: staticcontent_sol
vary: Accept-Encoding Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-middleton-display: staticcontent_sol
cache-control: max-age=31536000, max-age=604800
set-cookie: ezoab_146=mod1; Path=/; Domain=commandwindows.com; Expires=Thu, 10 Jun 2021 19:54:38 UTC ezoadgid_146=-1; Path=/; Domain=commandwindows.com; Expires=Thu, 10 Jun 2021 18:24:38 UTC ezoref_146=; Path=/; Domain=commandwindows.com; Expires=Thu, 10 Jun 2021 19:54:38 UTC active_template::146=%2Farticle%2Fgrayscale.1623347678; Path=/; Domain=commandwindows.com; Expires=Sat, 12 Jun 2021 17:54:38 UTC
expires: Thu, 17 Jun 2021 17:54:38 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 14ms
14ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=commandwindows.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 17:54:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 24ms
22ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=commandwindows.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 17:54:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.p7L79FLXQCw.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCO6hl1EejjzC-wrWbDdgTxPi0Gs8g/ 142 KB
50 KB 22ms
7ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.p7L79FLXQCw.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCO6hl1EejjzC-wrWbDdgTxPi0Gs8g/cb=gapi.loaded_0

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/plusone.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

187e5ab1d37aaa4779205fddec1d0bd632c73ba09db7590c8f79bc238557932f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 13:31:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 15782
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51027
x-xss-protection: 0
last-modified: Wed, 19 May 2021 15:07:34 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Fri, 10 Jun 2022 13:31:36 GMT

GET
H3-29 200 cb=gapi.loaded_1 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.p7L79FLXQCw.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCO6hl1EejjzC-wrWbDdgTxPi0Gs8g/ 97 KB
34 KB 22ms
10ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.p7L79FLXQCw.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCO6hl1EejjzC-wrWbDdgTxPi0Gs8g/cb=gapi.loaded_1

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/plusone.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b1d498e3e12268c6a8b066ddb3468f90be4471748e97e4cebdd4d11d5dc55f2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 09 Jun 2021 00:30:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 149066
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34410
x-xss-protection: 0
last-modified: Wed, 19 May 2021 15:07:34 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Thu, 09 Jun 2022 00:30:12 GMT

GET
DATA 200
OK truncated
/ 551 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ad9b95dc8aec99a5335567c6f5f6df98de9a73db72d236b20363d94674ec65f8

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 1018 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 76a0d76f135419f4d00213037cda0cba949a0372e01ab6a1d70072008a56bd18

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

collect
stats.g.doubleclick.net/r/
Redirect Chain

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1014385246&utmhn=commandwindows.com&utme=8(template*t*rid*bra)9(%2Farticle%2Fgrayscale*30*0*mod1)11(3!2)&utmcs=windows-1252&utms...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-29096671-22&cid=1869561420.1623347679&jid=930388466&_v=5.7.2&z=1014385246

35 B
113 B

16ms
16ms

Image
image/gif

2a00:1450:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-29096671-22&cid=1869561420.1623347679&jid=930388466&_v=5.7.2&z=1014385246

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 10 Jun 2021 17:54:38 GMT
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:38 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
location: https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-29096671-22&cid=1869561420.1623347679&jid=930388466&_v=5.7.2&z=1014385246
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 371
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 __utm.gif
ssl.google-analytics.com/r/ 35 B
54 B 22ms
21ms Image
image/gif 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=2&utmn=75915044&utmhn=commandwindows.com&utme=8(template*domain)9(%2Farticle%2Fgrayscale*commandwindows.com)&utmcs=windows-1252&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Windows%20Command%20Line%20Interpreter%7CShell%7CDOS%20Prompt%7CBatch%20Files%7CScripting&utmhid=607783575&utmr=-&utmp=%2F&utmht=1623347678643&utmac=UA-38339005-1&utmcc=__utma%3D92376719.1869561420.1623347679.1623347679.1623347679.1%3B%2B__utmz%3D92376719.1623347679.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=688886340&utmredir=1&utmmt=1&utmu=iTAgAAAIACAAAAAAAAAAAABE~

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:38 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-29 403 fastbutton Show response
apis.google.com/se/0/_/+1/ Frame 9AD1 1 KB
1 KB 448ms
448ms Document
text/html 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://apis.google.com/se/0/_/+1/fastbutton
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: 9010e5a841cf0acfb13facfaa2c3318bc8118020ec071d15de099eb9a628fd01

Request headers

:method: POST
:authority: apis.google.com
:scheme: https
:path: /se/0/_/+1/fastbutton
content-length: 3977
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
origin: https://commandwindows.com
content-type: application/x-www-form-urlencoded
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://commandwindows.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: NID=216=Zng94D_TLZrdWsxtZCJemMU4W1OoiRBg3zB0NP0XTMDm23A8NGwTcOKLB-Ix3m-X8WkqxCOEQpNKCLt6HTLO_tSLA193XO1IsUtaynvAL8Nedwx_a-p7r0vieBblGhkF-6OJ6WsZ_TuMIMwyMi3C07MN0tVzkQPf27f8lxYmHWU
Upgrade-Insecure-Requests: 1
Origin: https://commandwindows.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://commandwindows.com/

Response headers

content-length: 1103
content-type: text/html; charset=UTF-8
date: Thu, 10 Jun 2021 17:54:39 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 465 B
269 B 464ms
464ms XHR
text/plain 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1826864915106731&correlator=348537953677042&output=ldjh&impl=fif&eid=31061413%2C21068030%2C31061143%2C44744016&vrg=2021060901&ptt=17&sc=1&sfv=1-0-38&ecs=20210610&iu_parts=104418548%2Ccommandwindows_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90%7C310x320%7C340x370%7C360x370&prev_scp=iid11%3D1038248%26iit%3D4%26t%3D30%26d%3D146%26t1%3D30%26pvc%3D0%26ap%3D1001%26sap%3D1224%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dtf%26refs%3D30%26ga%3D6206860%26gala%3D1501035%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dcommandwindows_com-box-2-1038248%26eb_br%3Dcd6f7a2c58ec04ef0c75c1dae2c9187b%26eba%3D1%26ebss%3D10082%2C10061%2C10015%2C11304%26gas%3D5905158604%26asau%3D4257036031%26bv%3D3%26bvm%3D0%26bvr%3D8%26shp%3D1%26acptad%3D1%26br1%3D1800%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C0%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C919%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26hb_bidder%3Dix%26hb_adid%3D42669de0dce193%26hb_pb%3D0.08%26hb_format%3Dbanner%26hb_ssid%3D10082&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1623347678&dt=1623347678661&dlt=1623347677004&idt=967&frm=20&biw=1600&bih=1200&oid=3&adxs=238&adys=136&adks=830238079&ucis=1&ifi=1&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fcommandwindows.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=728x110&msz=728x90&ga_vid=1869561420.1623347679&ga_sid=1623347679&ga_hid=607783575&ga_fc=true&ga_wpids=UA-29096671-22&fws=4&ohw=750&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

213567f14f6b77ad4baaf4370d9dc851df9e0dc5f636b8adab27e706dccea5e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:39 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 239
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://commandwindows.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/ 0
0 48ms
14ms Other
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 466 B
270 B 452ms
451ms XHR
text/plain 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1826864915106731&correlator=2196720839191562&output=ldjh&impl=fif&eid=31061413%2C21068030%2C31061143%2C44744016&vrg=2021060901&ptt=17&sc=1&sfv=1-0-38&ecs=20210610&iu_parts=104418548%2Ccommandwindows_com-box-4&enc_prev_ius=%2F0%2F1&prev_iu_szs=250x250%7C310x320%7C310x330%7C320x330%7C410x370&prev_scp=iid11%3D1040648%26iit%3D4%26t%3D30%26d%3D146%26t1%3D30%26pvc%3D0%26ap%3D1003%26sap%3D1261%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dn%26refs%3D30%26ga%3D6206860%26gala%3D1501035%26rid%3D99998%26pt%3D3%26al%3D1003%26compid%3D0%26tap%3Dcommandwindows_com-box-4-1040648%26eb_br%3D1b53ec46d2403695cebecc9fc3f37a77%26eba%3D1%26ebss%3D10082%2C10061%2C10015%2C11304%26gas%3D2017884480%26asau%3D7210502436%26bv%3D0%26bvm%3D2%26bvr%3D7%26shp%3D3%26br1%3D1200%26br2%3D650%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D32%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C919%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1623347678&dt=1623347678666&dlt=1623347677004&idt=967&frm=20&biw=1600&bih=1200&oid=3&adxs=335&adys=1395&adks=193407168&ucis=2&ifi=2&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fcommandwindows.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=250x270&msz=250x250&ga_vid=1869561420.1623347679&ga_sid=1623347679&ga_hid=607783575&ga_fc=true&ga_wpids=UA-29096671-22&fws=4&ohw=750&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

4edf69abe305be25c210aa0774c5120c9857871befb820ee130de78fcc472fe3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:39 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 240
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://commandwindows.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.1.1/ 85 KB
30 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 15:41:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 180805
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30244
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Jun 2022 15:41:13 GMT

GET
H2 200 edmonton.webp Show response
commandwindows.com/detroitchicago/ 4 KB
1 KB 10ms
9ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/detroitchicago/edmonton.webp?dirname=commandwindows_com&cb=194-1
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 4c26e179ae492250ba315e5b2f5dab890c9ce066172bea38313ceb338bbcf92f

Request headers

:path: /detroitchicago/edmonton.webp?dirname=commandwindows_com&cb=194-1
pragma: no-cache
cookie: ezoadgid_146=-1; ezoref_146=; ezoab_146=mod1; ezopvc_146=1; ezepvv=0; ezovid_146=431109339; ezovuuidtime_146=1623347676; ezovuuid_146=5ff8d63c-403d-481b-7a20-72d8e53e121c; ezCMPCCS=false; ezouspvv=0; ezouspva=0; _pbjs_userid_consent_data=3524755945110770; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; cto_bidid=_de7eF9rUnJsNmFHOVdaMWNXZU1CUjJtNmhrT1BMSFU2ZEpJSFgxdWRoRTB6UU15Q1JRNnpTdXNXUENKWVNnQW52aVc2JTJGclpjdHRPSUNjeW1obDBtbkdIM1lBJTNEJTNE; cto_bundle=28pBK192VFBSdjVpM0FNcHBSenJjVGd0ZHlRRk9KeGJxWmdLdVUxN04xSHd0MlhuYnp0NXo5YWlRcXRpV1FXdzcxT1hIaHczMGFJQkpaTWVpMTEyQXB5VmUySiUyQnVHZEdjbkhzMFZMSnolMkJjbEtOWjJwNm4zeDFEJTJGR3pSOWdPeCUyQjglMkZQTjg; active_template::146=%2Farticle%2Fgrayscale.1623347678; __utma=92376719.1869561420.1623347679.1623347679.1623347679.1; __utmc=92376719; __utmz=92376719.1623347679.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt_e=1; __utmt_f=1; __utmb=92376719.2.10.1623347679
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:38 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex
content-length: 1328

GET
H2 200 jellyfish.webp Show response
commandwindows.com/porpoiseant/ 43 KB
10 KB 13ms
12ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/porpoiseant/jellyfish.webp?dirname=commandwindows_com&cb=194-1
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 8e4148996d058adc797a2fe1a17d9046a27a6a9e9f5f13c0c01b21d6488b9aad

Request headers

:path: /porpoiseant/jellyfish.webp?dirname=commandwindows_com&cb=194-1
pragma: no-cache
cookie: ezoadgid_146=-1; ezoref_146=; ezoab_146=mod1; ezopvc_146=1; ezepvv=0; ezovid_146=431109339; ezovuuidtime_146=1623347676; ezovuuid_146=5ff8d63c-403d-481b-7a20-72d8e53e121c; ezCMPCCS=false; ezouspvv=0; ezouspva=0; _pbjs_userid_consent_data=3524755945110770; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; cto_bidid=_de7eF9rUnJsNmFHOVdaMWNXZU1CUjJtNmhrT1BMSFU2ZEpJSFgxdWRoRTB6UU15Q1JRNnpTdXNXUENKWVNnQW52aVc2JTJGclpjdHRPSUNjeW1obDBtbkdIM1lBJTNEJTNE; cto_bundle=28pBK192VFBSdjVpM0FNcHBSenJjVGd0ZHlRRk9KeGJxWmdLdVUxN04xSHd0MlhuYnp0NXo5YWlRcXRpV1FXdzcxT1hIaHczMGFJQkpaTWVpMTEyQXB5VmUySiUyQnVHZEdjbkhzMFZMSnolMkJjbEtOWjJwNm4zeDFEJTJGR3pSOWdPeCUyQjglMkZQTjg; active_template::146=%2Farticle%2Fgrayscale.1623347678; __utma=92376719.1869561420.1623347679.1623347679.1623347679.1; __utmc=92376719; __utmz=92376719.1623347679.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt_e=1; __utmt_f=1; __utmb=92376719.2.10.1623347679
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:38 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex

GET
H2 200 seattle.js Show response
commandwindows.com/detroitchicago/ 925 B
516 B 9ms
8ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/detroitchicago/seattle.js?cb=194-1-1
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: ddef9cc59b08263b13a4e437e55888036ea31f33ce85225146867cc69aa3313f

Request headers

:path: /detroitchicago/seattle.js?cb=194-1-1
pragma: no-cache
cookie: ezoadgid_146=-1; ezoref_146=; ezoab_146=mod1; ezopvc_146=1; ezepvv=0; ezovid_146=431109339; ezovuuidtime_146=1623347676; ezovuuid_146=5ff8d63c-403d-481b-7a20-72d8e53e121c; ezCMPCCS=false; ezouspvv=0; ezouspva=0; _pbjs_userid_consent_data=3524755945110770; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; cto_bidid=_de7eF9rUnJsNmFHOVdaMWNXZU1CUjJtNmhrT1BMSFU2ZEpJSFgxdWRoRTB6UU15Q1JRNnpTdXNXUENKWVNnQW52aVc2JTJGclpjdHRPSUNjeW1obDBtbkdIM1lBJTNEJTNE; cto_bundle=28pBK192VFBSdjVpM0FNcHBSenJjVGd0ZHlRRk9KeGJxWmdLdVUxN04xSHd0MlhuYnp0NXo5YWlRcXRpV1FXdzcxT1hIaHczMGFJQkpaTWVpMTEyQXB5VmUySiUyQnVHZEdjbkhzMFZMSnolMkJjbEtOWjJwNm4zeDFEJTJGR3pSOWdPeCUyQjglMkZQTjg; active_template::146=%2Farticle%2Fgrayscale.1623347678; __utma=92376719.1869561420.1623347679.1623347679.1623347679.1; __utmc=92376719; __utmz=92376719.1623347679.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt_e=1; __utmt_f=1; __utmb=92376719.2.10.1623347679
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:38 GMT
content-encoding: br
last-modified: Wed, 02 Jun 2021 21:58:41 GMT
server: nginx/1.16.0
etag: "39d-5c3cf8fc12640;5c3cf8fc12640-gzip"
vary: Accept-Encoding Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000, public
accept-ranges: bytes
x-robots-tag: noindex
content-length: 451

GET
H2 200 anchorfix.js Show response
commandwindows.com/ezoic/ 879 B
440 B 13ms
13ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/ezoic/anchorfix.js?cb=21
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 15f0626dd31e3e991a1c21d6304f2e370b92b3c91650de3d7ed8a38f1159a457

Request headers

:path: /ezoic/anchorfix.js?cb=21
pragma: no-cache
cookie: ezoadgid_146=-1; ezoref_146=; ezoab_146=mod1; ezopvc_146=1; ezepvv=0; ezovid_146=431109339; ezovuuidtime_146=1623347676; ezovuuid_146=5ff8d63c-403d-481b-7a20-72d8e53e121c; ezCMPCCS=false; ezouspvv=0; ezouspva=0; _pbjs_userid_consent_data=3524755945110770; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; cto_bidid=_de7eF9rUnJsNmFHOVdaMWNXZU1CUjJtNmhrT1BMSFU2ZEpJSFgxdWRoRTB6UU15Q1JRNnpTdXNXUENKWVNnQW52aVc2JTJGclpjdHRPSUNjeW1obDBtbkdIM1lBJTNEJTNE; cto_bundle=28pBK192VFBSdjVpM0FNcHBSenJjVGd0ZHlRRk9KeGJxWmdLdVUxN04xSHd0MlhuYnp0NXo5YWlRcXRpV1FXdzcxT1hIaHczMGFJQkpaTWVpMTEyQXB5VmUySiUyQnVHZEdjbkhzMFZMSnolMkJjbEtOWjJwNm4zeDFEJTJGR3pSOWdPeCUyQjglMkZQTjg; active_template::146=%2Farticle%2Fgrayscale.1623347678; __utma=92376719.1869561420.1623347679.1623347679.1623347679.1; __utmc=92376719; __utmz=92376719.1623347679.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt_e=1; __utmt_f=1; __utmb=92376719.2.10.1623347679
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:38 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-robots-tag: noindex noindex
content-length: 383
expires: Fri, 10 Jun 2022 17:54:38 GMT

GET
H2 200 stickyfix.js Show response
commandwindows.com/ezoic/ 2 KB
705 B 16ms
16ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/ezoic/stickyfix.js?gcb=1&cb=19
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: dbbd9c6c56c24a1345945fb630a7ed33182f65fc8d6baa5b2e2daeee9618f649

Request headers

:path: /ezoic/stickyfix.js?gcb=1&cb=19
pragma: no-cache
cookie: ezoadgid_146=-1; ezoref_146=; ezoab_146=mod1; ezopvc_146=1; ezepvv=0; ezovid_146=431109339; ezovuuidtime_146=1623347676; ezovuuid_146=5ff8d63c-403d-481b-7a20-72d8e53e121c; ezCMPCCS=false; ezouspvv=0; ezouspva=0; _pbjs_userid_consent_data=3524755945110770; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; cto_bidid=_de7eF9rUnJsNmFHOVdaMWNXZU1CUjJtNmhrT1BMSFU2ZEpJSFgxdWRoRTB6UU15Q1JRNnpTdXNXUENKWVNnQW52aVc2JTJGclpjdHRPSUNjeW1obDBtbkdIM1lBJTNEJTNE; cto_bundle=28pBK192VFBSdjVpM0FNcHBSenJjVGd0ZHlRRk9KeGJxWmdLdVUxN04xSHd0MlhuYnp0NXo5YWlRcXRpV1FXdzcxT1hIaHczMGFJQkpaTWVpMTEyQXB5VmUySiUyQnVHZEdjbkhzMFZMSnolMkJjbEtOWjJwNm4zeDFEJTJGR3pSOWdPeCUyQjglMkZQTjg; active_template::146=%2Farticle%2Fgrayscale.1623347678; __utma=92376719.1869561420.1623347679.1623347679.1623347679.1; __utmc=92376719; __utmz=92376719.1623347679.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt_e=1; __utmt_f=1; __utmb=92376719.2.10.1623347679
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:38 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-robots-tag: noindex noindex
content-length: 671
expires: Fri, 10 Jun 2022 17:54:38 GMT

GET
H2 200 vitals.js Show response
commandwindows.com/tardisrocinante/ 4 KB
2 KB 10ms
9ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/tardisrocinante/vitals.js?gcb=1&cb=3
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 633411252cd3723532e0cb3c8c4214863de95cb26997c7ff3273aaf8f55d0d2a

Request headers

:path: /tardisrocinante/vitals.js?gcb=1&cb=3
pragma: no-cache
cookie: ezoadgid_146=-1; ezoref_146=; ezoab_146=mod1; ezopvc_146=1; ezepvv=0; ezovid_146=431109339; ezovuuidtime_146=1623347676; ezovuuid_146=5ff8d63c-403d-481b-7a20-72d8e53e121c; ezCMPCCS=false; ezouspvv=0; ezouspva=0; _pbjs_userid_consent_data=3524755945110770; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; cto_bidid=_de7eF9rUnJsNmFHOVdaMWNXZU1CUjJtNmhrT1BMSFU2ZEpJSFgxdWRoRTB6UU15Q1JRNnpTdXNXUENKWVNnQW52aVc2JTJGclpjdHRPSUNjeW1obDBtbkdIM1lBJTNEJTNE; cto_bundle=28pBK192VFBSdjVpM0FNcHBSenJjVGd0ZHlRRk9KeGJxWmdLdVUxN04xSHd0MlhuYnp0NXo5YWlRcXRpV1FXdzcxT1hIaHczMGFJQkpaTWVpMTEyQXB5VmUySiUyQnVHZEdjbkhzMFZMSnolMkJjbEtOWjJwNm4zeDFEJTJGR3pSOWdPeCUyQjglMkZQTjg; active_template::146=%2Farticle%2Fgrayscale.1623347678; __utma=92376719.1869561420.1623347679.1623347679.1623347679.1; __utmc=92376719; __utmz=92376719.1623347679.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt_e=1; __utmt_f=1; __utmb=92376719.2.10.1623347679
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:38 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex
content-length: 1657

GET
H2 200 style.css
g.ezodn.com/cmp/ 13 KB
2 KB 28ms
19ms Stylesheet
text/css 2606:4700:3032::ac43:b890
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezodn.com/cmp/style.css?domainId=146&version=0&cv=5fa625ffffff000000
Requested by: Host: ezodn.com
URL: https://ezodn.com/cmp/altconsent.js?v=8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:b890 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ce27107b911de3f53acee88832dc48d723a0e3363e91c41bedf0f55fbfbdfb39

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:38 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 30 May 2021 19:04:16 GMT
server: cloudflare
age: 301233
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=GOJNghNPejRvNQmqibzgFADS5hZ%2BzFhq8YQGzCuXO5AUIU9%2FcwlvWHxjRwRAXamO%2BE1fa3xcsML8EDkPVJACb3DLSvP9E%2FMdabFSJvH9XXGyC4cMqHUnEjxQoOhx7uF67qJ9HTc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
cache-control: public, max-age=604800
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 65d47750082bd721-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a98a8e6020000d7210a9bf000000001

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 23ms
21ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=commandwindows.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 17:54:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 16ms
14ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=commandwindows.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 17:54:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 postmessageRelay Show response
accounts.google.com/o/oauth2/ Frame 606B 566 B
880 B 35ms
15ms Document
text/html 2a00:1450:4001:811::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fcommandwindows.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.p7L79FLXQCw.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCO6hl1EejjzC-wrWbDdgTxPi0Gs8g%2Fm%3D__features__

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.p7L79FLXQCw.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCO6hl1EejjzC-wrWbDdgTxPi0Gs8g/cb=gapi.loaded_1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

84d57f14553503f2e1ce648d72f6b0efcf7ff146a3073235eb68f18540d32c8d

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Zt/XQ/R4YJP9XmnoOzq/dw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: accounts.google.com
:scheme: https
:path: /o/oauth2/postmessageRelay?parent=https%3A%2F%2Fcommandwindows.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.p7L79FLXQCw.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCO6hl1EejjzC-wrWbDdgTxPi0Gs8g%2Fm%3D__features__
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://commandwindows.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: NID=216=Zng94D_TLZrdWsxtZCJemMU4W1OoiRBg3zB0NP0XTMDm23A8NGwTcOKLB-Ix3m-X8WkqxCOEQpNKCLt6HTLO_tSLA193XO1IsUtaynvAL8Nedwx_a-p7r0vieBblGhkF-6OJ6WsZ_TuMIMwyMi3C07MN0tVzkQPf27f8lxYmHWU
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://commandwindows.com/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 10 Jun 2021 17:54:38 GMT
content-security-policy: script-src 'report-sample' 'nonce-Zt/XQ/R4YJP9XmnoOzq/dw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 466 B
271 B 619ms
618ms XHR
text/plain 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1826864915106731&correlator=3532921722308674&output=ldjh&impl=fif&eid=31061413%2C21068030%2C31061143%2C44744016&vrg=2021060901&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210610&iu_parts=104418548%2Ccommandwindows_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x600%7C310x320%7C390x340%7C420x410&prev_scp=iid11%3D1019048%26iit%3D2%26t%3D30%26d%3D146%26t1%3D30%26pvc%3D0%26ap%3D1000%26sap%3D1200%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dn%26refs%3D30%26ga%3D6206860%26gala%3D1501035%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dcommandwindows_com-box-1-1019048%26eb_br%3D01cb183a5ecc5ac8c6e133c55e55162e%26eba%3D1%26ebss%3D10082%2C10061%2C10015%2C11304%26gas%3D4452476132%26asau%3D2780302833%26bv%3D24%26bvm%3D0%26bvr%3D2%26shp%3D2%26acptad%3D1%26br1%3D1700%26br2%3D650%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C919%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26hb_bidder%3Dix%26hb_adid%3D41f2093815dfc97%26hb_pb%3D0.00%26hb_format%3Dbanner%26hb_ssid%3D10082&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1623347678&dt=1623347678807&dlt=1623347677004&idt=967&frm=20&biw=1600&bih=1200&oid=3&adxs=1012&adys=300&adks=1399567425&ucis=3&ifi=3&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fcommandwindows.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x636&msz=300x600&ga_vid=1869561420.1623347679&ga_sid=1623347679&ga_hid=607783575&ga_fc=true&ga_wpids=UA-29096671-22&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

b5d2bec329c7e1282a8ab19fb4fb8db535da201cb45f15b2611cd316eb684e8c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:39 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 241
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://commandwindows.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 combine.php Show response
commandwindows.com/utilcave_com/templates/ 5 KB
2 KB 39ms
38ms Script
text/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/utilcave_com/templates/combine.php?dirname=commandwindows_com&ezcb=194-1&d=//commandwindows.com/utilcave_com&js=%2Futilcave_com%2Fmiddleton%2Fjs.php%3Fjs%3D%2Farticle%2Fjs%2Fgrayscale_bootstrap.js%26ezcb%3D194-1
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 64dec0fded2215b030831b2a68ac02737eb2fa1c0fb136862a75a9df7be8e93d

Request headers

:path: /utilcave_com/templates/combine.php?dirname=commandwindows_com&ezcb=194-1&d=//commandwindows.com/utilcave_com&js=%2Futilcave_com%2Fmiddleton%2Fjs.php%3Fjs%3D%2Farticle%2Fjs%2Fgrayscale_bootstrap.js%26ezcb%3D194-1
pragma: no-cache
cookie: ezoadgid_146=-1; ezoref_146=; ezoab_146=mod1; ezopvc_146=1; ezepvv=0; ezovid_146=431109339; ezovuuidtime_146=1623347676; ezovuuid_146=5ff8d63c-403d-481b-7a20-72d8e53e121c; ezCMPCCS=false; ezouspvv=0; ezouspva=0; _pbjs_userid_consent_data=3524755945110770; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; cto_bidid=_de7eF9rUnJsNmFHOVdaMWNXZU1CUjJtNmhrT1BMSFU2ZEpJSFgxdWRoRTB6UU15Q1JRNnpTdXNXUENKWVNnQW52aVc2JTJGclpjdHRPSUNjeW1obDBtbkdIM1lBJTNEJTNE; cto_bundle=28pBK192VFBSdjVpM0FNcHBSenJjVGd0ZHlRRk9KeGJxWmdLdVUxN04xSHd0MlhuYnp0NXo5YWlRcXRpV1FXdzcxT1hIaHczMGFJQkpaTWVpMTEyQXB5VmUySiUyQnVHZEdjbkhzMFZMSnolMkJjbEtOWjJwNm4zeDFEJTJGR3pSOWdPeCUyQjglMkZQTjg; active_template::146=%2Farticle%2Fgrayscale.1623347678; __utma=92376719.1869561420.1623347679.1623347679.1623347679.1; __utmc=92376719; __utmz=92376719.1623347679.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt_e=1; __utmt_f=1; __utmb=92376719.2.10.1623347679
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:38 GMT
content-encoding: br
x-sol: middleton
server: nginx/1.16.0
display: staticcontent_sol
vary: Accept-Encoding Accept-Encoding,Origin
content-type: text/javascript;charset=utf-8
x-middleton-display: staticcontent_sol
cache-control: max-age=31536000, public
content-length: 1518
expires: Fri, 10 Jun 2022 17:54:38 GMT

GET
H2 200 livonia.webp Show response
commandwindows.com/detroitchicago/ 13 KB
4 KB 10ms
10ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/detroitchicago/livonia.webp?dirname=commandwindows_com&cb=194-1
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: f3bd20d01b128b188d6b6b0409a73d2cc4e4d02aa3d6a518d80567703af71c7f

Request headers

:path: /detroitchicago/livonia.webp?dirname=commandwindows_com&cb=194-1
pragma: no-cache
cookie: ezoadgid_146=-1; ezoref_146=; ezoab_146=mod1; ezopvc_146=1; ezepvv=0; ezovid_146=431109339; ezovuuidtime_146=1623347676; ezovuuid_146=5ff8d63c-403d-481b-7a20-72d8e53e121c; ezCMPCCS=false; ezouspvv=0; ezouspva=0; _pbjs_userid_consent_data=3524755945110770; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; cto_bidid=_de7eF9rUnJsNmFHOVdaMWNXZU1CUjJtNmhrT1BMSFU2ZEpJSFgxdWRoRTB6UU15Q1JRNnpTdXNXUENKWVNnQW52aVc2JTJGclpjdHRPSUNjeW1obDBtbkdIM1lBJTNEJTNE; cto_bundle=28pBK192VFBSdjVpM0FNcHBSenJjVGd0ZHlRRk9KeGJxWmdLdVUxN04xSHd0MlhuYnp0NXo5YWlRcXRpV1FXdzcxT1hIaHczMGFJQkpaTWVpMTEyQXB5VmUySiUyQnVHZEdjbkhzMFZMSnolMkJjbEtOWjJwNm4zeDFEJTJGR3pSOWdPeCUyQjglMkZQTjg; active_template::146=%2Farticle%2Fgrayscale.1623347678; __utma=92376719.1869561420.1623347679.1623347679.1623347679.1; __utmc=92376719; __utmz=92376719.1623347679.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt_e=1; __utmt_f=1; __utmb=92376719.2.10.1623347679
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:38 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-robots-tag: noindex
content-length: 3955

GET
H2 200 fire.webp Show response
commandwindows.com/porpoiseant/ 14 KB
4 KB 17ms
17ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/porpoiseant/fire.webp?dirname=commandwindows_com&cb=194-1
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: f91ee2e457ad58dfe024d4608de8cfce0b2e5fa1c5478269f4cd013377c72feb

Request headers

:path: /porpoiseant/fire.webp?dirname=commandwindows_com&cb=194-1
pragma: no-cache
cookie: ezoadgid_146=-1; ezoref_146=; ezoab_146=mod1; ezopvc_146=1; ezepvv=0; ezovid_146=431109339; ezovuuidtime_146=1623347676; ezovuuid_146=5ff8d63c-403d-481b-7a20-72d8e53e121c; ezCMPCCS=false; ezouspvv=0; ezouspva=0; _pbjs_userid_consent_data=3524755945110770; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; cto_bidid=_de7eF9rUnJsNmFHOVdaMWNXZU1CUjJtNmhrT1BMSFU2ZEpJSFgxdWRoRTB6UU15Q1JRNnpTdXNXUENKWVNnQW52aVc2JTJGclpjdHRPSUNjeW1obDBtbkdIM1lBJTNEJTNE; cto_bundle=28pBK192VFBSdjVpM0FNcHBSenJjVGd0ZHlRRk9KeGJxWmdLdVUxN04xSHd0MlhuYnp0NXo5YWlRcXRpV1FXdzcxT1hIaHczMGFJQkpaTWVpMTEyQXB5VmUySiUyQnVHZEdjbkhzMFZMSnolMkJjbEtOWjJwNm4zeDFEJTJGR3pSOWdPeCUyQjglMkZQTjg; active_template::146=%2Farticle%2Fgrayscale.1623347678; __utma=92376719.1869561420.1623347679.1623347679.1623347679.1; __utmc=92376719; __utmz=92376719.1623347679.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt_e=1; __utmt_f=1; __utmb=92376719.2.10.1623347679
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:38 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-robots-tag: noindex
content-length: 3889

GET
H2 200 jass.tail.js Show response
commandwindows.com/jass/ 16 KB
5 KB 10ms
9ms Script
text/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/jass/jass.tail.js?cb=85
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 78eeb94a98535644346ca02fe218cbdedba4fe3ab34f64a897a02849b06f49f8

Request headers

:path: /jass/jass.tail.js?cb=85
pragma: no-cache
cookie: ezoadgid_146=-1; ezoref_146=; ezoab_146=mod1; ezopvc_146=1; ezepvv=0; ezovid_146=431109339; ezovuuidtime_146=1623347676; ezovuuid_146=5ff8d63c-403d-481b-7a20-72d8e53e121c; ezCMPCCS=false; ezouspvv=0; ezouspva=0; _pbjs_userid_consent_data=3524755945110770; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; cto_bidid=_de7eF9rUnJsNmFHOVdaMWNXZU1CUjJtNmhrT1BMSFU2ZEpJSFgxdWRoRTB6UU15Q1JRNnpTdXNXUENKWVNnQW52aVc2JTJGclpjdHRPSUNjeW1obDBtbkdIM1lBJTNEJTNE; cto_bundle=28pBK192VFBSdjVpM0FNcHBSenJjVGd0ZHlRRk9KeGJxWmdLdVUxN04xSHd0MlhuYnp0NXo5YWlRcXRpV1FXdzcxT1hIaHczMGFJQkpaTWVpMTEyQXB5VmUySiUyQnVHZEdjbkhzMFZMSnolMkJjbEtOWjJwNm4zeDFEJTJGR3pSOWdPeCUyQjglMkZQTjg; active_template::146=%2Farticle%2Fgrayscale.1623347678; __utma=92376719.1869561420.1623347679.1623347679.1623347679.1; __utmc=92376719; __utmz=92376719.1623347679.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt_e=1; __utmt_f=1; __utmb=92376719.2.10.1623347679
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 10 Jun 2021 17:54:38 GMT
content-encoding: br
server: nginx/1.16.0
cache-control: max-age=31536000
vary: Accept-Encoding Accept-Encoding
content-type: text/javascript

GET
H2 200 drloader.js Show response
commandwindows.com/utilcave_com/dr/ 12 KB
3 KB 14ms
14ms Script
application/javascript 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/utilcave_com/dr/drloader.js?dirname=commandwindows_com&194-1
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: d08a9476a75ce70b809a528e013c76ce2c649c298af7cd5304204292eee19131

Request headers

:path: /utilcave_com/dr/drloader.js?dirname=commandwindows_com&194-1
pragma: no-cache
cookie: ezoadgid_146=-1; ezoref_146=; ezoab_146=mod1; ezopvc_146=1; ezepvv=0; ezovid_146=431109339; ezovuuidtime_146=1623347676; ezovuuid_146=5ff8d63c-403d-481b-7a20-72d8e53e121c; ezCMPCCS=false; ezouspvv=0; ezouspva=0; _pbjs_userid_consent_data=3524755945110770; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; cto_bidid=_de7eF9rUnJsNmFHOVdaMWNXZU1CUjJtNmhrT1BMSFU2ZEpJSFgxdWRoRTB6UU15Q1JRNnpTdXNXUENKWVNnQW52aVc2JTJGclpjdHRPSUNjeW1obDBtbkdIM1lBJTNEJTNE; cto_bundle=28pBK192VFBSdjVpM0FNcHBSenJjVGd0ZHlRRk9KeGJxWmdLdVUxN04xSHd0MlhuYnp0NXo5YWlRcXRpV1FXdzcxT1hIaHczMGFJQkpaTWVpMTEyQXB5VmUySiUyQnVHZEdjbkhzMFZMSnolMkJjbEtOWjJwNm4zeDFEJTJGR3pSOWdPeCUyQjglMkZQTjg; active_template::146=%2Farticle%2Fgrayscale.1623347678; __utma=92376719.1869561420.1623347679.1623347679.1623347679.1; __utmc=92376719; __utmz=92376719.1623347679.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt_e=1; __utmt_f=1; __utmb=92376719.2.10.1623347679
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:38 GMT
content-encoding: br
last-modified: Wed, 02 Jun 2021 21:58:41 GMT
server: nginx/1.16.0
display: staticcontent_sol
etag: "312e-5bd497273b080-gzip-gzip"
vary: Accept-Encoding Accept-Encoding
content-type: application/javascript
x-middleton-display: staticcontent_sol
cache-control: max-age=31536000
set-cookie: ezoab_146=mod1; Path=/; Domain=commandwindows.com; Expires=Thu, 10 Jun 2021 19:54:38 UTC ezoadgid_146=-1; Path=/; Domain=commandwindows.com; Expires=Thu, 10 Jun 2021 18:24:38 UTC ezoref_146=; Path=/; Domain=commandwindows.com; Expires=Thu, 10 Jun 2021 19:54:38 UTC active_template::146=%2Farticle%2Fgrayscale.1623347678; Path=/; Domain=commandwindows.com; Expires=Sat, 12 Jun 2021 17:54:38 UTC
x-sol: middleton
content-length: 2683
expires: Fri, 10 Jun 2022 17:54:38 GMT

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 469 B
273 B 588ms
587ms XHR
text/plain 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1826864915106731&correlator=2546418884617738&output=ldjh&impl=fif&eid=31061413%2C21068030%2C31061143%2C44744016&vrg=2021060901&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210610&iu_parts=104418548%2Ccommandwindows_com-banner-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x600%7C310x320%7C340x370%7C430x430&prev_scp=iid11%3D1046648%26iit%3D5%26t%3D30%26d%3D146%26t1%3D30%26pvc%3D0%26ap%3D1031%26sap%3D1031%26a%3D%257C2%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dtf%26refs%3D30%26ga%3D6206860%26gala%3D1501035%26rid%3D99998%26pt%3D31%26al%3D1031%26compid%3D0%26tap%3Dcommandwindows_com-banner-2-1046648%26eb_br%3D8440f055825a6addcb118a0018400c4d%26eba%3D1%26ebss%3D10082%2C10061%2C10015%2C11304%26gas%3D8983937454%26asau%3D4556257235%26bv%3D17%26bvm%3D0%26bvr%3D7%26shp%3D2%26br1%3D950%26br2%3D650%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D83%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C760%2C761%2C815%2C816%2C817%2C899%2C919%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26hb_bidder%3Dix%26hb_adid%3D40fae41502f9bae%26hb_pb%3D0.10%26hb_format%3Dbanner%26hb_ssid%3D10082&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1623347678&dt=1623347678840&dlt=1623347677004&idt=967&frm=20&biw=1600&bih=1200&oid=3&adxs=1012&adys=1288&adks=3518285167&ucis=4&ifi=4&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fcommandwindows.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x636&msz=300x600&ga_vid=1869561420.1623347679&ga_sid=1623347679&ga_hid=607783575&ga_fc=true&ga_wpids=UA-29096671-22&fws=4&ohw=300&btvi=2&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

5aa700badbd5f9dd9212d9aff48d65fe0c65a85b74546635c27382f66bec91fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:39 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 243
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://commandwindows.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 474 B
281 B 424ms
424ms XHR
text/plain 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1826864915106731&correlator=94355985310164&output=ldjh&impl=fif&eid=31061413%2C21068030%2C31061143%2C44744016&vrg=2021060901&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210610&iu_parts=104418548%2Ccommandwindows_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90%7C310x320%7C320x350%7C350x390&prev_scp=iid11%3D1077848%26iit%3D9%26t%3D30%26d%3D146%26t1%3D30%26pvc%3D0%26ap%3D1005%26sap%3D1300%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D6206860%26gala%3D1501035%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dcommandwindows_com-medrectangle-2-1077848%26eb_br%3De47fc8f1206acc9586d0b41cc030d12f%26eba%3D1%26ebss%3D10082%2C10061%2C10015%2C11304%26gas%3D9980134984%26asau%3D5753788832%26bv%3D12%26bvm%3D0%26bvr%3D2%26shp%3D1%26br1%3D1000%26br2%3D750%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C67%252C45%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C30%2C760%2C761%2C813%2C814%2C815%2C816%2C817%2C818%2C819%2C899%2C917%2C918%2C919%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1623347678&dt=1623347678843&dlt=1623347677004&idt=967&frm=20&biw=1600&bih=1200&oid=3&adxs=436&adys=1108&adks=4057930128&ucis=5&ifi=5&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fcommandwindows.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=728x-1&msz=728x-1&ga_vid=1869561420.1623347679&ga_sid=1623347679&ga_hid=607783575&ga_fc=true&ga_wpids=UA-29096671-22&fws=512&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

8621dc9e845793639d07546a32de71cc51911a5807c8fde420468ce06788b282

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:39 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 251
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://commandwindows.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 2038943760-postmessagerelay.js Show response
ssl.gstatic.com/accounts/o/ Frame 606B 10 KB
5 KB 26ms
6ms Script
text/javascript 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.gstatic.com/accounts/o/2038943760-postmessagerelay.js

Requested by

Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fcommandwindows.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.p7L79FLXQCw.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCO6hl1EejjzC-wrWbDdgTxPi0Gs8g%2Fm%3D__features__

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5bd9ca2f57b6c388332dd095d8c9be87dc71c2e1b78b843515ae758fe05a1223

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://accounts.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 22:07:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 157634
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/federated-signon-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4265
x-xss-protection: 0
last-modified: Fri, 04 Jun 2021 02:30:45 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 08 Jun 2022 22:07:24 GMT

GET
H3-29 200 rpc:shindig_random.js Show response
apis.google.com/js/ Frame 606B 12 KB
5 KB 27ms
27ms Script
application/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/rpc:shindig_random.js?onload=init

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

dcd36419da7937e52754772f60380387c49f3243240a21f41ca6d87346f72a0e

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-lz92NeUXzaZePz7PIBYvDw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://accounts.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
x-ua-compatible: IE=edge, chrome=1
server: ESF
x-frame-options: SAMEORIGIN
etag: "9315aed2f49db41de65f19f75330f816"
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
content-security-policy: script-src 'report-sample' 'nonce-lz92NeUXzaZePz7PIBYvDw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin: *
expires: Thu, 10 Jun 2021 17:54:38 GMT

GET
H2 204 fix Show response
commandwindows.com/jass/ 0
16 B 9ms
9ms XHR
application/json 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/jass/fix?domain=commandwindows.com&type=domain&url=commandwindows.com
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /jass/fix?domain=commandwindows.com&type=domain&url=commandwindows.com
pragma: no-cache
cookie: ezoadgid_146=-1; ezoref_146=; ezoab_146=mod1; ezopvc_146=1; ezepvv=0; ezovid_146=431109339; ezovuuidtime_146=1623347676; ezovuuid_146=5ff8d63c-403d-481b-7a20-72d8e53e121c; ezCMPCCS=false; ezouspvv=0; ezouspva=0; _pbjs_userid_consent_data=3524755945110770; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; cto_bidid=_de7eF9rUnJsNmFHOVdaMWNXZU1CUjJtNmhrT1BMSFU2ZEpJSFgxdWRoRTB6UU15Q1JRNnpTdXNXUENKWVNnQW52aVc2JTJGclpjdHRPSUNjeW1obDBtbkdIM1lBJTNEJTNE; cto_bundle=28pBK192VFBSdjVpM0FNcHBSenJjVGd0ZHlRRk9KeGJxWmdLdVUxN04xSHd0MlhuYnp0NXo5YWlRcXRpV1FXdzcxT1hIaHczMGFJQkpaTWVpMTEyQXB5VmUySiUyQnVHZEdjbkhzMFZMSnolMkJjbEtOWjJwNm4zeDFEJTJGR3pSOWdPeCUyQjglMkZQTjg; active_template::146=%2Farticle%2Fgrayscale.1623347678; __utma=92376719.1869561420.1623347679.1623347679.1623347679.1; __utmc=92376719; __utmz=92376719.1623347679.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt_e=1; __utmt_f=1; __utmb=92376719.2.10.1623347679
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 10 Jun 2021 17:54:38 GMT
cache-control: max-age=300, private
server: nginx/1.16.0
vary: Accept-Encoding
content-type: application/json

GET
H3-29 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.p7L79FLXQCw.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCO6hl1EejjzC-wrWbDdgTxPi0Gs8g/ Frame 606B 50 KB
18 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.p7L79FLXQCw.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCO6hl1EejjzC-wrWbDdgTxPi0Gs8g/cb=gapi.loaded_0

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/rpc:shindig_random.js?onload=init

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3ed7961b640cad3efd4a453277533d8f8c87368d0b46fde38fd5d8d7d9a7dea8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://accounts.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 18:54:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 169232
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18016
x-xss-protection: 0
last-modified: Wed, 19 May 2021 15:07:34 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Wed, 08 Jun 2022 18:54:06 GMT

GET
H2 200 agent Show response
commandwindows.com/jass/ 73 B
124 B 9ms
8ms XHR
application/json 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/jass/agent?agent=mozilla/5.0%20(windows%20nt%2010.0;%20win64;%20x64)%20applewebkit/537.36%20(khtml,%20like%20gecko)%20chrome/89.0.4389.72%20safari/537.36&w=1600&h=1200&ffid=1
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: 2c92e3fb093fd169d782a6b9f18349bb1a8c7de9bb2d485aaee5071b57b33780

Request headers

:path: /jass/agent?agent=mozilla/5.0%20(windows%20nt%2010.0;%20win64;%20x64)%20applewebkit/537.36%20(khtml,%20like%20gecko)%20chrome/89.0.4389.72%20safari/537.36&w=1600&h=1200&ffid=1
pragma: no-cache
cookie: ezoadgid_146=-1; ezoref_146=; ezoab_146=mod1; ezopvc_146=1; ezepvv=0; ezovid_146=431109339; ezovuuidtime_146=1623347676; ezovuuid_146=5ff8d63c-403d-481b-7a20-72d8e53e121c; ezCMPCCS=false; ezouspvv=0; ezouspva=0; _pbjs_userid_consent_data=3524755945110770; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; cto_bidid=_de7eF9rUnJsNmFHOVdaMWNXZU1CUjJtNmhrT1BMSFU2ZEpJSFgxdWRoRTB6UU15Q1JRNnpTdXNXUENKWVNnQW52aVc2JTJGclpjdHRPSUNjeW1obDBtbkdIM1lBJTNEJTNE; cto_bundle=28pBK192VFBSdjVpM0FNcHBSenJjVGd0ZHlRRk9KeGJxWmdLdVUxN04xSHd0MlhuYnp0NXo5YWlRcXRpV1FXdzcxT1hIaHczMGFJQkpaTWVpMTEyQXB5VmUySiUyQnVHZEdjbkhzMFZMSnolMkJjbEtOWjJwNm4zeDFEJTJGR3pSOWdPeCUyQjglMkZQTjg; active_template::146=%2Farticle%2Fgrayscale.1623347678; __utma=92376719.1869561420.1623347679.1623347679.1623347679.1; __utmc=92376719; __utmz=92376719.1623347679.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt_e=1; __utmt_f=1; __utmb=92376719.2.10.1623347679
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:39 GMT
content-encoding: br
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=300, private
content-length: 70

GET
H2 200 greenoaks.gif Show response
commandwindows.com/detroitchicago/ 0
104 B 9ms
8ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJkZDNkODM3NS00MWQxLTQwNjYtNGE5Zi1hZDU3NzlkNzQ4NTciLCJkb21haW5faWQiOiIxNDYiLCJ0X2Vwb2NoIjoxNjIzMzQ3Njc2LCJkYXRhIjpbeyJuYW1lIjoidGltZXJfZmlyc3RfYWRfcmVxdWVzdCIsInZhbCI6IjIxMjAifV19XQ==
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJkZDNkODM3NS00MWQxLTQwNjYtNGE5Zi1hZDU3NzlkNzQ4NTciLCJkb21haW5faWQiOiIxNDYiLCJ0X2Vwb2NoIjoxNjIzMzQ3Njc2LCJkYXRhIjpbeyJuYW1lIjoidGltZXJfZmlyc3RfYWRfcmVxdWVzdCIsInZhbCI6IjIxMjAifV19XQ==
pragma: no-cache
cookie: ezoadgid_146=-1; ezoref_146=; ezoab_146=mod1; ezopvc_146=1; ezepvv=0; ezovid_146=431109339; ezovuuidtime_146=1623347676; ezovuuid_146=5ff8d63c-403d-481b-7a20-72d8e53e121c; ezCMPCCS=false; ezouspvv=0; ezouspva=0; _pbjs_userid_consent_data=3524755945110770; ezds=ffid%3D1%2Cw%3D1600%2Ch%3D1200; ezohw=w%3D1600%2Ch%3D1200; cto_bidid=_de7eF9rUnJsNmFHOVdaMWNXZU1CUjJtNmhrT1BMSFU2ZEpJSFgxdWRoRTB6UU15Q1JRNnpTdXNXUENKWVNnQW52aVc2JTJGclpjdHRPSUNjeW1obDBtbkdIM1lBJTNEJTNE; cto_bundle=28pBK192VFBSdjVpM0FNcHBSenJjVGd0ZHlRRk9KeGJxWmdLdVUxN04xSHd0MlhuYnp0NXo5YWlRcXRpV1FXdzcxT1hIaHczMGFJQkpaTWVpMTEyQXB5VmUySiUyQnVHZEdjbkhzMFZMSnolMkJjbEtOWjJwNm4zeDFEJTJGR3pSOWdPeCUyQjglMkZQTjg; active_template::146=%2Farticle%2Fgrayscale.1623347678; __utma=92376719.1869561420.1623347679.1623347679.1623347679.1; __utmc=92376719; __utmz=92376719.1623347679.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt_e=1; __utmt_f=1; __utmb=92376719.2.10.1623347679; __gads=ID=83c3f66b23da4012-22a294565dc8009c:T=1623347678:S=ALNI_MbpUHLghtKHuj4HO2vl2GynZsul1Q
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:39 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 09 Jun 2021 17:54:38 UTC

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 18ms
18ms XHR
application/json 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021060901&st=env

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

32f8ebb215f7201adacb1c1138c3a74447de9e3ba448471ce632c5fa248ea1de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 17:54:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8516
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e684839cbcef6b16753dae73e92a49b7115f55e83662ead12d5e05bf7b9915fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1622653785071769"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Thu, 10 Jun 2021 17:54:39 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/223/ Frame 27B3 12 KB
5 KB 14ms
12ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/223/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de7dd7e8a5f2257d16c23c395b9262c6fa04689c81b0e2b8bf7f5bae9f4177dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/223/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://commandwindows.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://commandwindows.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Thu, 10 Jun 2021 16:59:40 GMT
expires: Fri, 10 Jun 2022 16:59:40 GMT
last-modified: Wed, 17 Mar 2021 18:24:30 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 3299
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame F300 783 B
784 B 16ms
16ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

ec3985cc749e98a4e14d75a969d7456838bdcb613276552f2cf5d50a4c7a013c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-F1H7mVSgX7xyCgnMyVPRmA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://commandwindows.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: NID=216=Zng94D_TLZrdWsxtZCJemMU4W1OoiRBg3zB0NP0XTMDm23A8NGwTcOKLB-Ix3m-X8WkqxCOEQpNKCLt6HTLO_tSLA193XO1IsUtaynvAL8Nedwx_a-p7r0vieBblGhkF-6OJ6WsZ_TuMIMwyMi3C07MN0tVzkQPf27f8lxYmHWU
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://commandwindows.com/

Response headers

expires: Thu, 10 Jun 2021 17:54:39 GMT
date: Thu, 10 Jun 2021 17:54:39 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-F1H7mVSgX7xyCgnMyVPRmA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 6ARyktE4tPRvvoSTtP7tfQ53d_-1azzHygxxMe6f4h8.js Show response
pagead2.googlesyndication.com/bg/ Frame 27B3 14 KB
6 KB 15ms
13ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6ARyktE4tPRvvoSTtP7tfQ53d_-1azzHygxxMe6f4h8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/223/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8047292d138b4f46fbe8493b4feed7d0e7777ffb56b3cc7ca0c7131ee9fe21f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 16:45:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4170
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5749
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 10 Jun 2022 16:45:09 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
0 39ms
38ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=gfp_cw_status&domain=commandwindows.com&host=commandwindows.com&success=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 42ms
42ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=223&t=2&li=gpt_2021060901&jk=1826864915106731&bg=!eHulez_NAAY6sG-_OrA7ACkAdvg8WpnpIDok_AaSYuY4v5maWzjXJ-9jb8MwTjPjBvK7xxrglGBL6QIAAABYUgAAAA1oAQcKANU8jtLE1wxK4COr6FcE-PcCKeZMhWgvgBqBXCTThpt6ySWa7ZH0b-Gsf3YOjq1MahQzjZEbqM4erlWIhEmXfBGaAXbaRSe6ZRA9ZYj1Hhl2OLzsB9iKsCQu5QgbE_mGz0yLqWk8SAFxObbqewV8bGVnmd2U61mVmNCyksosL-P0VnJHzZVPeqUqWGiYsnsDNhY7vh4kPYPGYzsYIp7iYP4gW-ZA78gBUt2CKq9fkBFVJx0ryjVTXSGxv7e1IRQzeBKXbx4YoafupyWelfWDVozh9VLMGFmZAn4XcCeYJXOgzhKc2AFSV3HzsI2lbNUjwfnKVj4NUSuamN8AAO6-gBqD1kLOIPufTosCt7oXhhJ-46PBr3sDUe2dg01lhwGtHb_3uXfbnVZGI8Xz7ixgLoK-wH57c5AGnnXH8XocOJNKGg0I3pTIE0PpgAc0_yFOVYppY-Gbtm2XLzfSCbXj-Bi-o4Mp8LVC1fQ_QICrFpfif3mIXCoh0kDEhIL3lB2hkDFTyYlcO2kLHS-9s1BLHhp8Pc7e7vWELRgU2sjHE3_LtGtdQ2R304-FGenWAyGefQxgUZCUl55q5Q_sU7EUEpFF2MUozRfjh33MKYQ1pj8KuXBWYctAax3koHlYrzEUFmAMSgg39BvDZmjOn9fKWDNfiaeexPbFOeDiH9OH5trWBIfIDXNdk09UybJoXzF4iRvWQG3TiD3gSMHN2D3Jm0dPni2CeaQi02PHJCyE6f5eIAxEYrIVNRqlhKhSRzsJ88w_yg7jPp5PN0uS1FtWzRrqtyTUsFnQz6vGZ4JekBf8xZOW9QY08Z7t0G0fWBSALnDsk2GGPW6QZSkVwJepzc_DDTmsmn69fWUXeKYMrfGF3ZoFNhl3MkqxZbWNQ270wL2GB8GydPLj6ICZHBRl0jCS-sx060gR03WE_T6BwPai5tsF_hD3CoO7v7NxAhJ5Tb-2CVtWCS4wPJPJinSOfkL6uEYEwdDV7B0CU3TkEdxWqRaU3caD4ILUVt9ZBpY6SyZZzv5-P8_3Al0RKmbE-WNUFs8fSPyuKlEXUk6FAh_5hiJ1w6HonB4DETHdi4yUNe2HREzjaKKGvMzG1G4oEnzgUjhrJj6Q4OFEq9MrXWTAzK443KqIqA

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200 457.json Show response
id5-sync.com/g/v2/ 213 B
536 B 45ms
12ms XHR
application/json 51.89.21.30
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/457.json

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.89.21.30 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

p25.id5-sync.com

Software

Resource Hash

409dda3bac2eea0a05f9111de254bd1cec4ec1acf42128e9cce45d997f6aa504

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://commandwindows.com
Date: Thu, 10 Jun 2021 17:53:10 GMT
Access-Control-Allow-Credentials: true
Vary: Origin
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: application/json;charset=UTF-8

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 220F 52 KB
17 KB 29ms
6ms Document
text/html 151.101.13.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=appnexus,ix,oftmedia,onetag,openx,pubmatic,rhythmone&cb=194-1-22
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.108 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://commandwindows.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://commandwindows.com/

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.13.10
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Mon, 07 Jun 2021 05:03:25 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Thu, 10 Jun 2021 17:54:41 GMT
Age: 47858
X-Served-By: cache-lga21963-LGA, cache-fra19152-FRA
X-Cache: HIT, HIT
X-Cache-Hits: 2, 327578
X-Timer: S1623347681.174485,VS0,VE0
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 23CA 52 KB
17 KB 28ms
9ms Document
text/html 151.101.13.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=appnexus,ix,oftmedia,onetag,openx,pubmatic,rhythmone&cb=194-1-22
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.108 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://commandwindows.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://commandwindows.com/

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.13.10
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Mon, 07 Jun 2021 05:03:25 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Thu, 10 Jun 2021 17:54:41 GMT
Age: 47858
X-Served-By: cache-lga21963-LGA, cache-fra19183-FRA
X-Cache: HIT, HIT
X-Cache-Hits: 2, 324407
X-Timer: S1623347681.176938,VS0,VE0
Vary: Accept-Encoding

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame 611B 2 KB
1 KB 32ms
8ms Document
text/html 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=appnexus,ix,oftmedia,onetag,openx,pubmatic,rhythmone&cb=194-1-22
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c

Request headers

Host: js-sec.indexww.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://commandwindows.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://commandwindows.com/

Response headers

Server: Apache
Last-Modified: Thu, 11 Feb 2021 16:12:45 GMT
ETag: "e20015-90b-5bb11ca420f07"
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Thu, 10 Jun 2021 17:54:41 GMT
Content-Length: 1151
Connection: keep-alive

GET
H2

200

pd Show response
eu-u.openx.net/w/1.0/ Frame A6DB
Redirect Chain

https://eu-u.openx.net/w/1.0/pd?plm=10&ph=4a396f87-5bac-47c7-9375-0b25be4ee393&gdpr=1
https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=4a396f87-5bac-47c7-9375-0b25be4ee393&gdpr=1

1007 B
864 B

18ms
17ms

Document
text/html

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=4a396f87-5bac-47c7-9375-0b25be4ee393&gdpr=1
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=appnexus,ix,oftmedia,onetag,openx,pubmatic,rhythmone&cb=194-1-22
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.208.0 /
Resource Hash: c7e09a8d53929e45435f8da63c52d877c1e6b4810d6bbeb34ead17ddf7600320

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?cc=1&plm=10&ph=4a396f87-5bac-47c7-9375-0b25be4ee393&gdpr=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://commandwindows.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: i=7c505854-2c95-0ae2-0cd3-5c1f3fa11714|1623347681
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://commandwindows.com/

Response headers

vary: Accept, Accept-Encoding
set-cookie: i=7c505854-2c95-0ae2-0cd3-5c1f3fa11714|1623347681; Version=1; Expires=Fri, 10-Jun-2022 17:54:41 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1623347681|mOgegqnskin0vNomiygu; Version=1; Expires=Fri, 25-Jun-2021 17:54:41 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.208.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Thu, 10 Jun 2021 17:54:41 GMT
content-type: text/html
content-length: 546
content-encoding: gzip
via: 1.1 google
alt-svc: clear

Redirect headers

set-cookie: i=7c505854-2c95-0ae2-0cd3-5c1f3fa11714|1623347681; Version=1; Expires=Fri, 10-Jun-2022 17:54:41 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.208.0
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=4a396f87-5bac-47c7-9375-0b25be4ee393&gdpr=1
date: Thu, 10 Jun 2021 17:54:41 GMT
content-length: 0
via: 1.1 google
alt-svc: clear

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame 01C5 2 KB
818 B 10ms
10ms Document
text/html 51.89.9.253
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?cb=1623347677883

Requested by

Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=appnexus,ix,oftmedia,onetag,openx,pubmatic,rhythmone&cb=194-1-22

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.253 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip253.ip-51-89-9.eu

Software

Resource Hash

37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

:method: GET
:authority: onetag-sys.com
:scheme: https
:path: /usync/?cb=1623347677883
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://commandwindows.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://commandwindows.com/

Response headers

content-type: text/html
cache-control: no-transform, no-cache
content-encoding: gzip
strict-transport-security: max-age=15552000

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 2DD7 38 KB
14 KB 1030ms
8ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: go.ezodn.com
URL: https://go.ezodn.com/hb/dall.js?b=appnexus,ix,oftmedia,onetag,openx,pubmatic,rhythmone&cb=194-1-22
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://commandwindows.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://commandwindows.com/

Response headers

last-modified: Tue, 11 May 2021 05:24:02 GMT
etag: "13006b6-96ca-5c2071a26cca4"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13964
content-type: text/html; charset=UTF-8
cache-control: public, max-age=132225
expires: Sat, 12 Jun 2021 06:38:27 GMT
date: Thu, 10 Jun 2021 17:54:42 GMT
vary: Accept-Encoding

GET
H/1.1

200
OK

bounce Show response
ib.adnxs.com/ Frame 220F
Redirect Chain

https://ib.adnxs.com/async_usersync?cbfn=queuePixels
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

0
822 B

15ms
13ms

Script
text/html

185.33.220.240
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.240 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

717.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:41 GMT
X-Proxy-Origin: 82.102.16.185; 82.102.16.185; 717.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.103:80
AN-X-Request-Uuid: 15ac027a-c249-4499-8759-ad3f10ef7665
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:41 GMT
X-Proxy-Origin: 82.102.16.185; 82.102.16.185; 717.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.236:80
AN-X-Request-Uuid: 4695e3f6-f7b6-43fa-af8b-7960e73add60
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

bounce Show response
ib.adnxs.com/ Frame 23CA
Redirect Chain

https://ib.adnxs.com/async_usersync?cbfn=queuePixels
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

0
821 B

13ms
13ms

Script
text/html

185.33.220.240
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.240 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

717.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:41 GMT
X-Proxy-Origin: 82.102.16.185; 82.102.16.185; 717.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.52:80
AN-X-Request-Uuid: be0b9e61-772f-4e0c-a7b4-43bb393f1ac3
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:41 GMT
X-Proxy-Origin: 82.102.16.185; 82.102.16.185; 717.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.117:80
AN-X-Request-Uuid: 91e1e5a4-b872-4c2b-850d-92c5955543c7
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

Cookie set usermatch Show response
ssum-sec.casalemedia.com/ Frame F599
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?d=https://commandwindows.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
https://ssum-sec.casalemedia.com/usermatch?d=https://commandwindows.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

2 KB
3 KB

21ms
20ms

Document
text/html

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?d=https://commandwindows.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: dfda58734126b567b24ba011ff297ac1e5585a12de2a7786bc6f8226c5c9b358

Request headers

Host: ssum-sec.casalemedia.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://js-sec.indexww.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: CMID=YMJR4fOgcTH8dSX7U1QqrgAA; CMPS=5221
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://js-sec.indexww.com/

Response headers

Server: Apache
Content-Type: text/html
Dropped-Udsids: 39|230|45|241|156|31|57|105
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Content-Length: 1721
Expires: Thu, 10 Jun 2021 17:54:41 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:41 GMT
Connection: keep-alive
Set-Cookie: CMID=YMJR4fOgcTH8dSX7U1QqrgAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 10 Jun 2022 17:54:41 GMT CMPS=5221;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Wed, 08 Sep 2021 17:54:41 GMT CMPRO=1135;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Wed, 08 Sep 2021 17:54:41 GMT CMRUM3=f160c251e105a0&1f60c251e105a00&2d60c251e105a0&9c60c251e105a00&e660c251e12760&6960c251e105a0&2760c251e10b40&3960c251e105a0;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 10 Jun 2022 17:54:41 GMT CMST=YMJR4WDCUeEA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 11 Jun 2021 17:54:41 GMT

Redirect headers

Server: Apache
Content-Length: 341
Content-Type: text/html; charset=iso-8859-1
Location: https://ssum-sec.casalemedia.com/usermatch?d=https://commandwindows.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires: Thu, 10 Jun 2021 17:54:41 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:41 GMT
Connection: keep-alive
Set-Cookie: CMID=YMJR4fOgcTH8dSX7U1QqrgAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 10 Jun 2022 17:54:41 GMT CMPS=5221;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Wed, 08 Sep 2021 17:54:41 GMT

GET
H2 200 3b3b0149-15be-a75c-67d2-8202a4d1e9a0
pr-bh.ybp.yahoo.com/sync/openx/ Frame A6DB 43 B
837 B 113ms
35ms Image
image/gif 2a00:1288:110:c305::8000
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/openx/3b3b0149-15be-a75c-67d2-8202a4d1e9a0?gdpr=1

Requested by

Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=4a396f87-5bac-47c7-9375-0b25be4ee393&gdpr=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1288:110:c305::8000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:41 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame A6DB
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_
https://pm.w55c.net/ping_match.gif?scc=1&ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_
https://eu-u.openx.net/w/1.0/sd?id=537072979&val=CHJX4CsL1LRoT75

43 B
106 B

15ms
15ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537072979&val=CHJX4CsL1LRoT75
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=4a396f87-5bac-47c7-9375-0b25be4ee393&gdpr=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.208.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:41 GMT
via: 1.1 google
server: OXGW/16.208.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:40 GMT
Server: PingMatch/v2.0.30-655-g6f0fff2#rel-ec2-master i-066a1c0b271e68364@eu-central-1b@dxedge-app-eu-central-1-prod-asg
P3P: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location: https://eu-u.openx.net/w/1.0/sd?id=537072979&val=CHJX4CsL1LRoT75
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame A6DB
Redirect Chain

https://x.bidswitch.net/sync?ssp=openx
https://x.bidswitch.net/ul_cb/sync?ssp=openx
https://dsp.nrich.ai/bidswitch/sync?bidswitch_ssp_id=openx&bsw_custom_parameter=4b1bcb40-aef1-40dd-867b-91331d60e9fd&gdpr=&gdpr_consent=&gdpr_pd=&us_privacy=
https://x.bidswitch.net/sync?dsp_id=283&user_id=6e4aa6d3-0b23-4cdb-aadb-8aa511ec4c1b&expires=1&user_group=5&ssp=openx&bsw_param=4b1bcb40-aef1-40dd-867b-91331d60e9fd
https://us-u.openx.net/w/1.0/sd?id=537072968&val=4b1bcb40-aef1-40dd-867b-91331d60e9fd

43 B
106 B

16ms
16ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072968&val=4b1bcb40-aef1-40dd-867b-91331d60e9fd
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=4a396f87-5bac-47c7-9375-0b25be4ee393&gdpr=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.208.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:41 GMT
via: 1.1 google
server: OXGW/16.208.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: //us-u.openx.net/w/1.0/sd?id=537072968&val=4b1bcb40-aef1-40dd-867b-91331d60e9fd
date: Thu, 10 Jun 2021 17:54:41 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H/1.1

200
OK

adx
match.prod.bidr.io/cookie-sync/ Frame A6DB
Redirect Chain

https://match.prod.bidr.io/cookie-sync/ox
https://match.prod.bidr.io/cookie-sync/ox?_bee_ppp=1
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFDUU9VN0JoS1FBQURLLUl6MGJvQQ&bee_sync_partners=pm%2Cpp%2Csas%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&b...
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pm%2Cpp%2Csas%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1

43 B
430 B

29ms
28ms

Image
image/gif

52.209.246.140
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pm%2Cpp%2Csas%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1

Requested by

Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=4a396f87-5bac-47c7-9375-0b25be4ee393&gdpr=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.209.246.140 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:41 GMT
Server: nginx
strict-transport-security: max-age=2592000; includeSubDomains
p3p: CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control: no-cache, must-revalidate
Connection: keep-alive
content-type: image/gif
Content-Length: 43
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:41 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pm%2Cpp%2Csas%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 360
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame A6DB
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=0f2960c2-51e1-4800-9eb3-236a687d31ac

43 B
106 B

17ms
15ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=0f2960c2-51e1-4800-9eb3-236a687d31ac
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=4a396f87-5bac-47c7-9375-0b25be4ee393&gdpr=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.208.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:41 GMT
via: 1.1 google
server: OXGW/16.208.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Thu, 10 Jun 2021 17:56:32 GMT
Server: MT3 3759 5f8f15b master cdg-pixel-x1
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=0f2960c2-51e1-4800-9eb3-236a687d31ac
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Thu, 10 Jun 2021 17:56:31 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame A6DB
Redirect Chain

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=1
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=KLEUMiuwEjEzshYwKbBaNCrnRmUztxM0fbWadL3p

43 B
122 B

23ms
21ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=KLEUMiuwEjEzshYwKbBaNCrnRmUztxM0fbWadL3p
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=4a396f87-5bac-47c7-9375-0b25be4ee393&gdpr=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.208.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:41 GMT
via: 1.1 google
server: OXGW/16.208.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:41 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=KLEUMiuwEjEzshYwKbBaNCrnRmUztxM0fbWadL3p
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame A6DB
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=22
https://c1.adform.net/serving/cookie/match?CC=1&party=22
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=7251933855628269122

43 B
106 B

16ms
16ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=7251933855628269122
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=4a396f87-5bac-47c7-9375-0b25be4ee393&gdpr=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.208.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:41 GMT
via: 1.1 google
server: OXGW/16.208.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:41 GMT
server: nginx
location: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=7251933855628269122
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 openx
match.adsrvr.org/track/cmf/ Frame A6DB 70 B
265 B 107ms
33ms Image
image/gif 76.223.111.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/openx?oxid=affc670d-8512-3515-5605-94f75b8624e9&gdpr=1
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=4a396f87-5bac-47c7-9375-0b25be4ee393&gdpr=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:41 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame A6DB
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ODM5M2I0YzctNGM2NS02YmIxLTQzZTUtY2U0ZTkxNjRlYTg5
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ODM5M2I0YzctNGM2NS02YmIxLTQzZTUtY2U0ZTkxNjRlYTg5&google_tc=

170 B
188 B

31ms
24ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ODM5M2I0YzctNGM2NS02YmIxLTQzZTUtY2U0ZTkxNjRlYTg5&google_tc=

Requested by

Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=4a396f87-5bac-47c7-9375-0b25be4ee393&gdpr=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:41 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:41 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ODM5M2I0YzctNGM2NS02YmIxLTQzZTUtY2U0ZTkxNjRlYTg5&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame A6DB
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm=&google_sc=&google_tc=
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEF1tb3EJpBxX1OMBLom-c8o&google_cver=1

43 B
106 B

15ms
15ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEF1tb3EJpBxX1OMBLom-c8o&google_cver=1
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=10&ph=4a396f87-5bac-47c7-9375-0b25be4ee393&gdpr=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.208.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:41 GMT
via: 1.1 google
server: OXGW/16.208.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:41 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEF1tb3EJpBxX1OMBLom-c8o&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame F599 70 B
264 B 39ms
33ms Image
image/gif 76.223.111.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?cm_callback_url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum&cm_dsp_id=39&cm_user_id=YMJR4fOgcTH8dSX7U1QqrgAA&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://commandwindows.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:41 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

usermatchredir
ssum-sec.casalemedia.com/ Frame F599
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YMJR4fOgcTH8dSX7U1QqrgAABG8AAAIB&gdpr_consent=&us_privacy=&gdpr=1
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEJ_tMWqNcvChqvrNM9Ms9O0&google_cver=1

43 B
315 B

18ms
18ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEJ_tMWqNcvChqvrNM9Ms9O0&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://commandwindows.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:41 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Thu, 10 Jun 2021 17:54:41 GMT

Redirect headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:41 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEJ_tMWqNcvChqvrNM9Ms9O0&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 343
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame F599
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YMJR4fOgcTH8dSX7U1QqrgAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEDAHUpBZoC-pilraNeeuZ2c&google_cver=1&gdpr=1

43 B
1001 B

14ms
13ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEDAHUpBZoC-pilraNeeuZ2c&google_cver=1&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://commandwindows.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:41 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 10 Jun 2021 17:54:41 GMT

Redirect headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:41 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEDAHUpBZoC-pilraNeeuZ2c&google_cver=1&gdpr=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 325
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame F599
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YMJR4fOgcTH8dSX7U1QqrgAABG8AAAIB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YMJR4fOgcTH8dSX7U1QqrgAABG8AAAIB&dcc=t

43 B
433 B

102ms
102ms

Image
image/gif

52.46.130.13
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YMJR4fOgcTH8dSX7U1QqrgAABG8AAAIB&dcc=t
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://commandwindows.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.46.130.13 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:41 GMT
Server: Server
Vary: User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:41 GMT
Server: Server
Vary: User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YMJR4fOgcTH8dSX7U1QqrgAABG8AAAIB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK cookiesync
bttrack.com/pixel/ Frame F599 35 B
380 B 382ms
95ms Image
image/gif 192.132.33.46
BIDTELLECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bttrack.com/pixel/cookiesync?source=67e94f23-25d6-4008-8236-375d1743c2e0&secure=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://commandwindows.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 192.132.33.46 , United States, ASN18568 (BIDTELLECT, US),
Reverse DNS: 46.bidtellect.com
Software: Microsoft-IIS/8.5 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

X-ServerName: Track001-dc3
Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:18 GMT
X-AspNetMvc-Version: 5.2
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
P3P: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
Cache-Control: private,no-cache
Content-Type: image/gif
Content-Length: 35
Expires: -1

GET
H/1.1

200
OK

noop
px.owneriq.net/ Frame F599
Redirect Chain

https://px.owneriq.net/eucm/p/cc?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D31%26external_user_id%3D(OIQ_UUID)
https://px.owneriq.net/ecc?redir=https%3a%2f%2fdsum-sec.casalemedia.com%2fcrum%3fcm_dsp_id%3d31%26external_user_id%3dQ6766340811130599509&uid=Q6766340811130599509&ref=%2Feucm%2Fp%2Fcc
https://px.owneriq.net/noop?ct=image%2Fgif

0
287 B

8ms
7ms

Image
image/gif

104.111.242.53
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.owneriq.net/noop?ct=image%2Fgif
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://commandwindows.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.242.53 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-242-53.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 10 Jun 2021 17:54:41 GMT
Server: Apache/2.2.15 (CentOS)
Connection: keep-alive
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-Powered-By: PHP/5.3.3
Content-Length: 0
Content-Type: image/gif

Redirect headers

Location: https://px.owneriq.net/noop?ct=image%2Fgif
Date: Thu, 10 Jun 2021 17:54:41 GMT
Server: AkamaiGHost
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame F599
Redirect Chain

https://p.rfihub.com/cm?in=1&pub=2079&gdpr=1
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=875739027473849282

43 B
1019 B

15ms
15ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=875739027473849282
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://commandwindows.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:41 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 10 Jun 2021 17:54:41 GMT

Redirect headers

Location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=875739027473849282
Date: Thu, 10 Jun 2021 17:54:41 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame F599
Redirect Chain

https://d.adroll.com/cm/index/ssp?gdpr=1
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=105&external_user_id=0

43 B
1020 B

15ms
15ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=105&external_user_id=0
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://commandwindows.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:41 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 10 Jun 2021 17:54:41 GMT

Redirect headers

location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=105&external_user_id=0
date: Thu, 10 Jun 2021 17:54:41 GMT
server: nginx/1.18.0
content-length: 76

GET
H/1.1 200
OK htw-pixel.gif
js-sec.indexww.com/ht/ Frame F599 43 B
425 B 9ms
8ms Image
image/gif 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://js-sec.indexww.com/ht/htw-pixel.gif?YMJR4fOgcTH8dSX7U1QqrgAA%261135
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://commandwindows.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 10 Jun 2021 17:54:41 GMT
Last-Modified: Tue, 24 Jan 2017 19:36:04 GMT
Server: Apache
ETag: "da1f1d-2b-546dc3a097100"
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=2100
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 10 Jun 2021 18:29:41 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 15ms
14ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=commandwindows.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 17:54:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 15ms
14ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=commandwindows.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 17:54:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 452 B
304 B 540ms
539ms XHR
text/plain 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1826864915106731&correlator=2922490120019326&output=ldjh&impl=fif&eid=31061413%2C21068030%2C31061143%2C44744016&vrg=2021060901&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210610&iu_parts=104418548%2Ccommandwindows_com-banner-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x600%7C310x320%7C340x370%7C430x430&ris=3&rcs=1&prev_scp=iid11%3D1046648%26iit%3D5%26t%3D30%26d%3D146%26t1%3D30%26pvc%3D0%26ap%3D1031%26sap%3D1031%26a%3D%257C2%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dtf%26refs%3D30%26ga%3D6206860%26gala%3D1501035%26rid%3D99998%26pt%3D31%26al%3D1031%26compid%3D0%26tap%3Dcommandwindows_com-banner-2-1046648%26eb_br%3D36cc80a070c5e247c8c415012358463e%2C5f2b94bb26a5aa9b1a00e66d30cfd5ec%26eba%3D1%26ebss%3D10082%2C10061%2C10015%2C11304%26gas%3D8983937454%26asau%3D4556257235%26bv%3D17%26bvm%3D0%26bvr%3D7%26shp%3D2%26br1%3D500%26br2%3D650%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D83%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C760%2C761%2C815%2C816%2C817%2C899%2C919%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26hb_bidder%3Dix%26hb_adid%3D40fae41502f9bae%26hb_pb%3D0.10%26hb_format%3Dbanner%26hb_ssid%3D10082%26lb%3D950%26reqt%3D1623347681382&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1623347681&dt=1623347681406&dlt=1623347677004&idt=967&frm=20&biw=1600&bih=1200&oid=3&adxs=1012&adys=1288&adks=3518285167&ucis=6&ifi=6&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fcommandwindows.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x636&msz=300x600&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1869561420.1623347679&ga_sid=1623347679&ga_hid=607783575&ga_fc=false&ga_wpids=UA-29096671-22&fws=4&ohw=300&btvi=3&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

f1d60dbe76d55a4181303502e62cd4125e2c7f1a34faf423a4b1a2cfaef3fe03

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:41 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 229
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://commandwindows.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 449 B
305 B 598ms
597ms XHR
text/plain 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1826864915106731&correlator=2047519648228042&output=ldjh&impl=fif&eid=31061413%2C21068030%2C31061143%2C44744016&vrg=2021060901&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210610&iu_parts=104418548%2Ccommandwindows_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x600%7C310x320%7C390x340%7C420x410&ris=3&rcs=1&prev_scp=iid11%3D1019048%26iit%3D2%26t%3D30%26d%3D146%26t1%3D30%26pvc%3D0%26ap%3D1000%26sap%3D1200%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dn%26refs%3D30%26ga%3D6206860%26gala%3D1501035%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dcommandwindows_com-box-1-1019048%26eb_br%3Dea3412e9d966df881e90978e71fbde23%2C5297de5240aa45da173a0792747e0d26%26eba%3D1%26ebss%3D10082%2C10061%2C10015%2C11304%26gas%3D4452476132%26asau%3D2780302833%26bv%3D24%26bvm%3D0%26bvr%3D2%26shp%3D2%26acptad%3D1%26br1%3D850%26br2%3D650%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C919%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26hb_bidder%3Dix%26hb_adid%3D41f2093815dfc97%26hb_pb%3D0.00%26hb_format%3Dbanner%26hb_ssid%3D10082%26lb%3D1700%26reqt%3D1623347681392&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1623347681&dt=1623347681412&dlt=1623347677004&idt=967&frm=20&biw=1600&bih=1200&oid=3&adxs=1012&adys=300&adks=1399567425&ucis=7&ifi=7&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fcommandwindows.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x636&msz=300x600&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1869561420.1623347679&ga_sid=1623347679&ga_hid=607783575&ga_fc=false&ga_wpids=UA-29096671-22&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

769d3fd7571d3271b64cf751c1892c5da94541dd33bce03193c9e1f8f8aafe1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:42 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 230
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://commandwindows.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 457 B
316 B 493ms
492ms XHR
text/plain 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1826864915106731&correlator=2389830757361541&output=ldjh&impl=fif&eid=31061413%2C21068030%2C31061143%2C44744016&vrg=2021060901&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210610&iu_parts=104418548%2Ccommandwindows_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90%7C310x320%7C320x350%7C350x390&ris=3&rcs=1&prev_scp=iid11%3D1077848%26iit%3D9%26t%3D30%26d%3D146%26t1%3D30%26pvc%3D0%26ap%3D1005%26sap%3D1300%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D6206860%26gala%3D1501035%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dcommandwindows_com-medrectangle-2-1077848%26eb_br%3D36cc80a070c5e247c8c415012358463e%2C5f2b94bb26a5aa9b1a00e66d30cfd5ec%26eba%3D1%26ebss%3D10082%2C10061%2C10015%2C11304%26gas%3D9980134984%26asau%3D5753788832%26bv%3D12%26bvm%3D0%26bvr%3D2%26shp%3D1%26br1%3D500%26br2%3D750%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C67%252C45%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C30%2C760%2C761%2C813%2C814%2C815%2C816%2C817%2C818%2C819%2C899%2C917%2C918%2C919%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D1000%26reqt%3D1623347681394&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1623347681&dt=1623347681415&dlt=1623347677004&idt=967&frm=20&biw=1600&bih=1200&oid=3&adxs=436&adys=1108&adks=4057930128&ucis=8&ifi=8&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fcommandwindows.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=728x-1&msz=728x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1869561420.1623347679&ga_sid=1623347679&ga_hid=607783575&ga_fc=false&ga_wpids=UA-29096671-22&fws=512&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

36b2c05681dfac78ce4f8846954893acbd5e7839744ec845b05607945ee75132

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:41 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 241
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://commandwindows.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 448 B
306 B 625ms
625ms XHR
text/plain 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1826864915106731&correlator=4352940036445451&output=ldjh&impl=fif&eid=31061413%2C21068030%2C31061143%2C44744016&vrg=2021060901&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210610&iu_parts=104418548%2Ccommandwindows_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90%7C310x320%7C340x370%7C360x370&ris=3&rcs=1&prev_scp=iid11%3D1038248%26iit%3D4%26t%3D30%26d%3D146%26t1%3D30%26pvc%3D0%26ap%3D1001%26sap%3D1224%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dtf%26refs%3D30%26ga%3D6206860%26gala%3D1501035%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dcommandwindows_com-box-2-1038248%26eb_br%3D8f0893a0e387415d71288777aac7d227%2Ceeb0e32289ff31f9ddef18331038e5e9%26eba%3D1%26ebss%3D10082%2C10061%2C10015%2C11304%26gas%3D5905158604%26asau%3D4257036031%26bv%3D3%26bvm%3D0%26bvr%3D8%26shp%3D1%26acptad%3D1%26br1%3D900%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C0%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C919%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26hb_bidder%3Dix%26hb_adid%3D42669de0dce193%26hb_pb%3D0.08%26hb_format%3Dbanner%26hb_ssid%3D10082%26lb%3D1800%26reqt%3D1623347681396&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1623347681&dt=1623347681417&dlt=1623347677004&idt=967&frm=20&biw=1600&bih=1200&oid=3&adxs=238&adys=136&adks=830238079&ucis=9&ifi=9&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fcommandwindows.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=728x110&msz=728x90&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1869561420.1623347679&ga_sid=1623347679&ga_hid=607783575&ga_fc=false&ga_wpids=UA-29096671-22&fws=4&ohw=750&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

413fcb7008e5ebce12725900ccdb59eb7532b272a322e6bf3eefff95758df604

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:42 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 231
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://commandwindows.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 449 B
665 B 438ms
438ms XHR
text/plain 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1826864915106731&correlator=401881232285495&output=ldjh&impl=fif&eid=31061413%2C21068030%2C31061143%2C44744016&vrg=2021060901&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210610&iu_parts=104418548%2Ccommandwindows_com-box-4&enc_prev_ius=%2F0%2F1&prev_iu_szs=250x250%7C310x320%7C310x330%7C320x330%7C410x370&ris=3&rcs=1&prev_scp=iid11%3D1040648%26iit%3D4%26t%3D30%26d%3D146%26t1%3D30%26pvc%3D0%26ap%3D1003%26sap%3D1261%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dn%26refs%3D30%26ga%3D6206860%26gala%3D1501035%26rid%3D99998%26pt%3D3%26al%3D1003%26compid%3D0%26tap%3Dcommandwindows_com-box-4-1040648%26eb_br%3D21e6a29247e405d0db3606fda8999ba6%2C5bac35e1a3b6adc56da706000a645484%26eba%3D1%26ebss%3D10082%2C10061%2C10015%2C11304%26gas%3D2017884480%26asau%3D7210502436%26bv%3D0%26bvm%3D2%26bvr%3D7%26shp%3D3%26br1%3D650%26br2%3D650%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D32%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C919%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D1200%26reqt%3D1623347681398&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1623347681&dt=1623347681421&dlt=1623347677004&idt=967&frm=20&biw=1600&bih=1200&oid=3&adxs=335&adys=1395&adks=193407168&ucis=a&ifi=10&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fcommandwindows.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=250x270&msz=250x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1869561420.1623347679&ga_sid=1623347679&ga_hid=607783575&ga_fc=false&ga_wpids=UA-29096671-22&fws=4&ohw=750&btvi=4&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

37a6841934799aa44a233feb63aa68cf17ddddfae23d2391fd0b96023e784041

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:41 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 225
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://commandwindows.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 220F 0
750 B 19ms
18ms Script
text/html 185.33.220.240
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.240 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

717.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:42 GMT
X-Proxy-Origin: 82.102.16.185; 82.102.16.185; 717.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.223.136:80
AN-X-Request-Uuid: 614f7a6e-0cdd-4b82-a52d-e7823336017a
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 2DD7 5 KB
6 KB 65ms
21ms Script
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=13816342&p=156983&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 9a5699b4783430288fd99baa5f18074d775b4ac62de05f5298cb3d029106e476

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:42 GMT
content-type: text/html; charset=UTF-8
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 23CA 0
749 B 37ms
37ms Script
text/html 185.33.220.240
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.240 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

717.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:42 GMT
X-Proxy-Origin: 82.102.16.185; 82.102.16.185; 717.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.76:80
AN-X-Request-Uuid: ea668272-f1b7-4cca-9db5-64d409bed48f
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 match Show response
c1.adform.net/serving/cookie/ Frame 03A4 35 B
468 B 22ms
22ms Document
image/gif 37.157.4.41
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://c1.adform.net/serving/cookie/match?party=14&cid=F1CD59C8-E53B-46F7-B654-6BC248B52C93

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.41 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: GET
:authority: c1.adform.net
:scheme: https
:path: /serving/cookie/match?party=14&cid=F1CD59C8-E53B-46F7-B654-6BC248B52C93
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: C=1; uid=7251933855628269122
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Thu, 10 Jun 2021 17:54:42 GMT
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
set-cookie: uid=7251933855628269122; expires=Mon, 09 Aug 2021 17:54:42 GMT; domain=adform.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame DB92
Redirect Chain

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=7403594025401785366

42 B
211 B

22ms
22ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=7403594025401785366
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method: GET
:authority: image2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=7403594025401785366
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: KADUSERCOOKIE=F1CD59C8-E53B-46F7-B654-6BC248B52C93; chkChromeAb67Sec=1; DPSync3=1624492800%3A197_219_201%7C1623369600%3A174; SyncRTB3=1624147200%3A63%7C1625875200%3A203%7C1623888000%3A67_223_15_2%7C1624492800%3A13_3_220_56_55_88_189_22_166_165_54_71_222_7_21_176_230_204_81_99_234_161_8%7C1624579200%3A35; PUBMDCID=3; KRTBCOOKIE_153=19420-7O1-0O_seNP37nzS7eww1u67LIf363nWuek3p_-E&KRTB&22979-7O1-0O_seNP37nzS7eww1u67LIf363nWuek3p_-E; PugT=1623347682; KRTBCOOKIE_409=22966-rNxJybajNtySVMbjbdNGW9Fy; KRTBCOOKIE_57=22776-2312329150650908629; KRTBCOOKIE_80=22987-CAESEBrrzVutvWm5hRZpuC6Glwk&KRTB&16514-CAESEBrrzVutvWm5hRZpuC6Glwk&KRTB&23025-CAESEBrrzVutvWm5hRZpuC6Glwk; KRTBCOOKIE_1101=23040-6972225204234614934; KRTBCOOKIE_22=14911-4342350250568899477; KRTBCOOKIE_391=22924-7251933855628269122&KRTB&23263-7251933855628269122; KRTBCOOKIE_377=6810-95116be6-1ea2-498d-82f8-9bb100c9d393&KRTB&22918-95116be6-1ea2-498d-82f8-9bb100c9d393&KRTB&23031-95116be6-1ea2-498d-82f8-9bb100c9d393; KRTBCOOKIE_27=16735-uid:0f2960c2-51e1-4800-9eb3-236a687d31ac&KRTB&16736-uid:0f2960c2-51e1-4800-9eb3-236a687d31ac&KRTB&23019-uid:0f2960c2-51e1-4800-9eb3-236a687d31ac&KRTB&23114-uid:0f2960c2-51e1-4800-9eb3-236a687d31ac; SPugT=1623338476
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Thu, 10 Jun 2021 17:54:42 GMT
content-type: image/gif; charset=utf-8
content-length: 42
set-cookie: KRTBCOOKIE_336=5844-7403594025401785366; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 10-Jul-2021 17:54:42 GMT; path=/ PugT=1623347682; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 10-Jul-2021 17:54:42 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 08-Sep-2021 17:54:42 GMT; path=/
x-lat: lhrpug014:0:565
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=7403594025401785366
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2 200 usersync.aspx Show response
dis.criteo.com/dis/ Frame B938 43 B
369 B 70ms
22ms Document
image/gif 178.250.2.151
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.151 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

:method: GET
:authority: dis.criteo.com
:scheme: https
:path: /dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

cache-control: no-cache
pragma: no-cache
content-type: image/gif
expires: Thu, 10 Jun 2021 00:00:00 GMT
server: Microsoft-IIS/10.0
x-errorlevel: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1129
x-powered-by: ASP.NET
date: Thu, 10 Jun 2021 17:54:41 GMT
content-length: 43

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame D7AD
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=9
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6972225204234614934

42 B
211 B

70ms
21ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6972225204234614934
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method: GET
:authority: simage2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6972225204234614934
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: KADUSERCOOKIE=F1CD59C8-E53B-46F7-B654-6BC248B52C93; chkChromeAb67Sec=1; DPSync3=1624492800%3A197_219_201%7C1623369600%3A174; SyncRTB3=1624147200%3A63%7C1625875200%3A203%7C1623888000%3A67_223_15_2%7C1624492800%3A13_3_220_56_55_88_189_22_166_165_54_71_222_7_21_176_230_204_81_99_234_161_8%7C1624579200%3A35
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Thu, 10 Jun 2021 17:54:42 GMT
content-type: image/gif; charset=utf-8
content-length: 42
set-cookie: KRTBCOOKIE_1101=23040-6972225204234614934; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 10-Jul-2021 17:54:42 GMT; path=/ PugT=1623347682; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 10-Jul-2021 17:54:42 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 08-Sep-2021 17:54:42 GMT; path=/
x-lat: lhrpug004:0:457
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

Server: nginx
Date: Thu, 10 Jun 2021 17:54:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
Set-Cookie: UserID1=6972225204234614934; Max-Age=7776000; domain=.adfarm1.adition.com; Path=/; SameSite=None; Secure
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6972225204234614934

GET
H/1.1

200
OK

redir Show response
rtb-csync.smartadserver.com/ Frame 9C83
Redirect Chain

https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AACQOU7BhKQAADK-Iz0boA&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Cpm%26bee_sync_curre...

43 B
163 B

57ms
17ms

Document
image/gif

185.86.138.144
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AACQOU7BhKQAADK-Iz0boA&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Cpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dpm%26bee_sync_hop_count%3D1%26userid%3DSMART_USER_ID
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.144 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Host: rtb-csync.smartadserver.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

date: Thu, 10 Jun 2021 17:54:42 GMT
content-type: image/gif
transfer-encoding: chunked

Redirect headers

Date: Thu, 10 Jun 2021 17:54:42 GMT
location: https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AACQOU7BhKQAADK-Iz0boA&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Cpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dpm%26bee_sync_hop_count%3D1%26userid%3DSMART_USER_ID
Server: nginx
strict-transport-security: max-age=2592000; includeSubDomains
Content-Length: 0
Connection: keep-alive

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 8985
Redirect Chain

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=2976814807
https://sync.1rx.io/usersync/tradedesk/95116be6-1ea2-498d-82f8-9bb100c9d393
https://sync.targeting.unrulymedia.com/csync/RX-9368bf31-3d13-4d3c-99cd-0556af1c188b-003?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-9368bf31-3d13-4d3c-99cd-0556af1c188b-003

42 B
427 B

22ms
21ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-9368bf31-3d13-4d3c-99cd-0556af1c188b-003
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method: GET
:authority: simage2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-9368bf31-3d13-4d3c-99cd-0556af1c188b-003
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: KADUSERCOOKIE=F1CD59C8-E53B-46F7-B654-6BC248B52C93; chkChromeAb67Sec=1; DPSync3=1624492800%3A197_219_201%7C1623369600%3A174; SyncRTB3=1624147200%3A63%7C1625875200%3A203%7C1623888000%3A67_223_15_2%7C1624492800%3A13_3_220_56_55_88_189_22_166_165_54_71_222_7_21_176_230_204_81_99_234_161_8%7C1624579200%3A35; PUBMDCID=3; KRTBCOOKIE_153=19420-7O1-0O_seNP37nzS7eww1u67LIf363nWuek3p_-E&KRTB&22979-7O1-0O_seNP37nzS7eww1u67LIf363nWuek3p_-E; PugT=1623347682; KRTBCOOKIE_409=22966-rNxJybajNtySVMbjbdNGW9Fy; KRTBCOOKIE_57=22776-2312329150650908629; KRTBCOOKIE_80=22987-CAESEBrrzVutvWm5hRZpuC6Glwk&KRTB&16514-CAESEBrrzVutvWm5hRZpuC6Glwk&KRTB&23025-CAESEBrrzVutvWm5hRZpuC6Glwk; KRTBCOOKIE_1101=23040-6972225204234614934; KRTBCOOKIE_22=14911-4342350250568899477; KRTBCOOKIE_391=22924-7251933855628269122&KRTB&23263-7251933855628269122; KRTBCOOKIE_377=6810-95116be6-1ea2-498d-82f8-9bb100c9d393&KRTB&22918-95116be6-1ea2-498d-82f8-9bb100c9d393&KRTB&23031-95116be6-1ea2-498d-82f8-9bb100c9d393; KRTBCOOKIE_27=16735-uid:0f2960c2-51e1-4800-9eb3-236a687d31ac&KRTB&16736-uid:0f2960c2-51e1-4800-9eb3-236a687d31ac&KRTB&23019-uid:0f2960c2-51e1-4800-9eb3-236a687d31ac&KRTB&23114-uid:0f2960c2-51e1-4800-9eb3-236a687d31ac; SPugT=1623338476; KRTBCOOKIE_466=16530-4b1bcb40-aef1-40dd-867b-91331d60e9fd; KRTBCOOKIE_336=5844-7403594025401785366; KRTBCOOKIE_218=22978-YMJR4gABsEp_nQA4&KRTB&23194-YMJR4gABsEp_nQA4&KRTB&23209-YMJR4gABsEp_nQA4&KRTB&23244-YMJR4gABsEp_nQA4; KRTBCOOKIE_1074=22956-e_136d9d8a-7ad9-4d86-a46d-055e57659896; KRTBCOOKIE_188=3189-no-consent
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Thu, 10 Jun 2021 17:54:43 GMT
content-type: image/gif; charset=utf-8
content-length: 42
set-cookie: KRTBCOOKIE_594=17105-RX-9368bf31-3d13-4d3c-99cd-0556af1c188b-003&KRTB&17107-RX-9368bf31-3d13-4d3c-99cd-0556af1c188b-003; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 08-Sep-2021 17:54:43 GMT; path=/ PugT=1623347683; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 10-Jul-2021 17:54:43 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 08-Sep-2021 17:54:43 GMT; path=/
x-lat: lhrpug016:0:499
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

server: Tengine
date: Thu, 10 Jun 2021 17:54:43 GMT
content-type: text/html
set-cookie: _rxuuid=%7B%22rx_uuid%22%3A%22RX-9368bf31-3d13-4d3c-99cd-0556af1c188b-003%22%7D; path=/; expires=Fri, 10 Jun 2022 17:54:43 GMT; domain=.targeting.unrulymedia.com; samesite=none; secure; httponly
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-9368bf31-3d13-4d3c-99cd-0556af1c188b-003
etag: RX9368bf313d134d3c99cd0556af1c188b003

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 4AD9
Redirect Chain

https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie=$UID&gdpr=0

0
88 B

74ms
28ms

Document
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie=$UID&gdpr=0
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: simage2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie=$UID&gdpr=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: KADUSERCOOKIE=F1CD59C8-E53B-46F7-B654-6BC248B52C93; chkChromeAb67Sec=1; DPSync3=1624492800%3A197_219_201%7C1623369600%3A174; SyncRTB3=1624147200%3A63%7C1625875200%3A203%7C1623888000%3A67_223_15_2%7C1624492800%3A13_3_220_56_55_88_189_22_166_165_54_71_222_7_21_176_230_204_81_99_234_161_8%7C1624579200%3A35
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Thu, 10 Jun 2021 17:54:42 GMT
content-type: text/html; charset=utf-8
x-lat: lhrpug011:2:455
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
content-encoding: gzip

Redirect headers

set-cookie: viewer_token=a06d3e78-7c23-4e40-9f29-468019f54c58; path=/; domain=csync.loopme.me; Expires=Sat, 10-Jul-2021 17:54:42 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie=$UID&gdpr=0
content-length: 0
date: Thu, 10 Jun 2021 17:54:42 GMT
server: _

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame E0F2
Redirect Chain

https://green.erne.co/pubmatic/cm?
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=rNxJybajNtySVMbjbdNGW9Fy

42 B
217 B

46ms
23ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=rNxJybajNtySVMbjbdNGW9Fy
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method: GET
:authority: image2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=rNxJybajNtySVMbjbdNGW9Fy
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: KADUSERCOOKIE=F1CD59C8-E53B-46F7-B654-6BC248B52C93; chkChromeAb67Sec=1; DPSync3=1624492800%3A197_219_201%7C1623369600%3A174; SyncRTB3=1624147200%3A63%7C1625875200%3A203%7C1623888000%3A67_223_15_2%7C1624492800%3A13_3_220_56_55_88_189_22_166_165_54_71_222_7_21_176_230_204_81_99_234_161_8%7C1624579200%3A35
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Thu, 10 Jun 2021 17:54:42 GMT
content-type: image/gif; charset=utf-8
content-length: 42
set-cookie: KRTBCOOKIE_409=22966-rNxJybajNtySVMbjbdNGW9Fy; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 10-Jul-2021 17:54:42 GMT; path=/ PugT=1623347682; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 10-Jul-2021 17:54:42 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 08-Sep-2021 17:54:42 GMT; path=/
x-lat: lhrpug013:0:463
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

server: openresty
date: Thu, 10 Jun 2021 17:54:42 GMT
content-length: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
set-cookie: u=rNxJybajNtySVMbjbdNGW9Fy; Max-Age=31536000; Domain=.erne.co; Path=/; Secure; SameSite=None
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=rNxJybajNtySVMbjbdNGW9Fy
strict-transport-security: max-age=0; includeSubDomains;

GET
H2 200 dpe Show response
ad4m.at/ad/ Frame 58DC 42 B
1009 B 46ms
25ms Document
image/gif 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ad4m.at/ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox

Request headers

:method: GET
:authority: ad4m.at
:scheme: https
:path: /ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

date: Thu, 10 Jun 2021 17:54:42 GMT
content-type: image/gif
content-length: 42
report-to: {"endpoints":[{"url":"https://as.ad4m.at/ad/vre"}],"group":"report-endpoint","max_age":86400}
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0"}
expires: 0
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy: block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
referrer-policy: same-origin
pragma: no-cache
surrogate-control: no-store
x-fastcgi-cache: BYPASS
x-backend-server: adsrv-wmp3
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-request-id: 0a98a8f413000017726b23c000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 65d477668b791772-FRA

GET
H/1.1 200
OK bridge Show response
cm.adgrx.com/ Frame 5B06 43 B
408 B 84ms
26ms Document
image/gif 72.251.241.196
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 72.251.241.196 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: Cowboy /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Host: cm.adgrx.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

Date: Thu, 10 Jun 2021 17:54:42 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
server: Cowboy
X-RealServer-NX: ams-delivery-5
Cache-Control: no-cache, no-store, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: Thu, 23 Sep 2004 17:42:04 GMT
P3P: CP="NOI OTC OTP OUR NOR"
Access-Control-Allow-Origin: *

GET
H2

200

i.match Show response
s.tribalfusion.com/z/ Frame 39A3
Redirect Chain

https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATI...
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMA...

43 B
446 B

208ms
207ms

Document
image/gif

2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0

Request headers

:method: GET
:authority: s.tribalfusion.com
:scheme: https
:path: /z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: ANON_ID=a2noeUP3rTmCiAyVsEq4D5RGvZc4VTeIcTEqSiyxF
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

date: Thu, 10 Jun 2021 17:54:42 GMT
content-type: image/gif; charset=utf-8
content-length: 43
p3p: CP="NOI DEVo TAIa OUR BUS"
x-function: 302
cache-control: no-cache private
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
set-cookie: ANON_ID=arnseFNZaiMiAmemFmDgtORZb8fYEeSBrftt0TfF9SZccAWv30GU6JUCuuIDc6ZbeVm7Zc9m9ZaZa1LXyXgBTZbvJuSm; path=/; domain=.tribalfusion.com; expires=Wed, 08-Sep-2021 17:54:42 GMT; SameSite=None; Secure; ANON_ID_old=arnseFNZaiMiAmemFmDgtORZb8fYEeSBrftt0TfF9SZccAWv30GU6JUCuuIDc6ZbeVm7Zc9m9ZaZa1LXyXgBTZbvJuSm; path=/; domain=.tribalfusion.com; expires=Wed, 08-Sep-2021 17:54:42 GMT;
cf-cache-status: DYNAMIC
cf-request-id: 0a98a8f4de000016ee71ae9000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 65d47767ce8516ee-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

Redirect headers

date: Thu, 10 Jun 2021 17:54:42 GMT
content-type: text/html
p3p: CP="NOI DEVo TAIa OUR BUS"
x-function: 206
x-reuse-index: 273
cache-control: no-cache private
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
set-cookie: ANON_ID=a2noeUP3rTmCiAyVsEq4D5RGvZc4VTeIcTEqSiyxF; path=/; domain=.tribalfusion.com; expires=Wed, 08-Sep-2021 17:54:42 GMT; SameSite=None; Secure; ANON_ID_old=a2noeUP3rTmCiAyVsEq4D5RGvZc4VTeIcTEqSiyxF; path=/; domain=.tribalfusion.com; expires=Wed, 08-Sep-2021 17:54:42 GMT;
location: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
cf-cache-status: DYNAMIC
cf-request-id: 0a98a8f421000016ee058ff000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 65d477669bc716ee-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 6B76
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=557219&ev=1&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&piggybackCookie=%%VGUID%%
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&ev=1&piggybackCookie=F22MtTMB0OFs&pid=557219

1 B
68 B

22ms
22ms

Document
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&ev=1&piggybackCookie=F22MtTMB0OFs&pid=557219
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

:method: GET
:authority: simage2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&ev=1&piggybackCookie=F22MtTMB0OFs&pid=557219
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: KADUSERCOOKIE=F1CD59C8-E53B-46F7-B654-6BC248B52C93; chkChromeAb67Sec=1; DPSync3=1624492800%3A197_219_201%7C1623369600%3A174; SyncRTB3=1624147200%3A63%7C1625875200%3A203%7C1623888000%3A67_223_15_2%7C1624492800%3A13_3_220_56_55_88_189_22_166_165_54_71_222_7_21_176_230_204_81_99_234_161_8%7C1624579200%3A35; PUBMDCID=3; KRTBCOOKIE_153=19420-7O1-0O_seNP37nzS7eww1u67LIf363nWuek3p_-E&KRTB&22979-7O1-0O_seNP37nzS7eww1u67LIf363nWuek3p_-E; PugT=1623347682; KRTBCOOKIE_409=22966-rNxJybajNtySVMbjbdNGW9Fy; KRTBCOOKIE_57=22776-2312329150650908629; KRTBCOOKIE_80=22987-CAESEBrrzVutvWm5hRZpuC6Glwk&KRTB&16514-CAESEBrrzVutvWm5hRZpuC6Glwk&KRTB&23025-CAESEBrrzVutvWm5hRZpuC6Glwk; KRTBCOOKIE_1101=23040-6972225204234614934; KRTBCOOKIE_22=14911-4342350250568899477; KRTBCOOKIE_391=22924-7251933855628269122&KRTB&23263-7251933855628269122; KRTBCOOKIE_377=6810-95116be6-1ea2-498d-82f8-9bb100c9d393&KRTB&22918-95116be6-1ea2-498d-82f8-9bb100c9d393&KRTB&23031-95116be6-1ea2-498d-82f8-9bb100c9d393; KRTBCOOKIE_27=16735-uid:0f2960c2-51e1-4800-9eb3-236a687d31ac&KRTB&16736-uid:0f2960c2-51e1-4800-9eb3-236a687d31ac&KRTB&23019-uid:0f2960c2-51e1-4800-9eb3-236a687d31ac&KRTB&23114-uid:0f2960c2-51e1-4800-9eb3-236a687d31ac; SPugT=1623338476; KRTBCOOKIE_466=16530-4b1bcb40-aef1-40dd-867b-91331d60e9fd; KRTBCOOKIE_336=5844-7403594025401785366; KRTBCOOKIE_218=22978-YMJR4gABsEp_nQA4&KRTB&23194-YMJR4gABsEp_nQA4&KRTB&23209-YMJR4gABsEp_nQA4&KRTB&23244-YMJR4gABsEp_nQA4; KRTBCOOKIE_1074=22956-e_136d9d8a-7ad9-4d86-a46d-055e57659896
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Thu, 10 Jun 2021 17:54:42 GMT
content-type: text/html; charset=utf-8
content-length: 1
set-cookie: PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 08-Sep-2021 17:54:42 GMT; path=/
x-lat: lhrpug006:0:408
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cw-server: bh-deployment-8474b759f8-h2wjm
cache-control: private, max-age=0, no-cache, no-store
expires: -1
content-language: en-US
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&ev=1&piggybackCookie=F22MtTMB0OFs&pid=557219
server: Jetty(9.4.14.v20181114)
strict-transport-security: max-age=15768000
set-cookie: INGRESSCOOKIE=8f002ce59104a32f; path=/; HttpOnly; Secure; SameSite=None

GET
H2

200

rtb-h Show response
match.taboola.com/sg/pubmatic-ssp-network/1/ Frame 5FEC
Redirect Chain

https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=f0b7b4c5-27ec-4412-b252-ec1ab430bfcb-tuct7bbd762&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdSe...

0
54 B

25ms
24ms

Document
text/plain

199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=f0b7b4c5-27ec-4412-b252-ec1ab430bfcb-tuct7bbd762&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: match.taboola.com
:scheme: https
:path: /sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=f0b7b4c5-27ec-4412-b252-ec1ab430bfcb-tuct7bbd762&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: t_gid=f0b7b4c5-27ec-4412-b252-ec1ab430bfcb-tuct7bbd762
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
accept-ranges: bytes
date: Thu, 10 Jun 2021 17:54:42 GMT
via: 1.1 varnish
x-served-by: cache-hhn11560-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1623347682.357110,VS0,VE11
content-length: 0

Redirect headers

server: nginx
set-cookie: t_gid=f0b7b4c5-27ec-4412-b252-ec1ab430bfcb-tuct7bbd762;Version=1;Path=/;Domain=.taboola.com;Expires=Fri, 10-Jun-2022 17:54:42 GMT;Max-Age=31536000;Secure;SameSite=None
location: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=f0b7b4c5-27ec-4412-b252-ec1ab430bfcb-tuct7bbd762&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
accept-ranges: bytes
date: Thu, 10 Jun 2021 17:54:42 GMT
via: 1.1 varnish
x-served-by: cache-hhn11560-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1623347682.335358,VS0,VE9
x-vcl-time-ms: 9
content-length: 0

GET
H2

200

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 2DD7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=8c1ZyOU7Rve2VGvCSLUskw%3D%3D
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

8 KB
8 KB

14ms
7ms

Image
text/html

2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:42 GMT
content-encoding: gzip
last-modified: Tue, 01 Jun 2021 06:44:25 GMT
server: Apache/2.2.15 (CentOS)
etag: "1300708-2080-5c3aeac410031"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=133234
accept-ranges: bytes
content-type: text/html; charset=UTF-8
content-length: 2586
expires: Sat, 12 Jun 2021 06:55:16 GMT

Redirect headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:42 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 272
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame 2DD7
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=0f2960c2-51e1-4800-9eb3-236a687d31ac

0
260 B

80ms
22ms

Image
text/plain

185.64.190.81
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=0f2960c2-51e1-4800-9eb3-236a687d31ac
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.81 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 15:39:58 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Thu, 10 Jun 2021 17:56:33 GMT
Server: MT3 3759 5f8f15b master cdg-pixel-x3
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=0f2960c2-51e1-4800-9eb3-236a687d31ac
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Thu, 10 Jun 2021 17:56:32 GMT

GET
H/1.1

200
OK

/
pixel.onaudience.com/ Frame 2DD7
Redirect Chain

https://pixel.onaudience.com/?partner=214&mapped=F1CD59C8-E53B-46F7-B654-6BC248B52C93
https://sync.crwdcntrl.net/map/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D
https://sync.crwdcntrl.net/map/ct=y/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D
https://pixel.onaudience.com/?partner=104&icm&cver&mapped=22c1777f3d1bb5c99b70b76a576bb4be
https://loada.exelator.com/load/?p=1164&g=1&j=r&ru=https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25
https://loada.exelator.com/load/?p=1164&g=1&j=r&ru=https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25&xl8blockcheck=1
https://pixel.onaudience.com/?partner=161&icm&cver&mapped=bca8d7385e8d609899e25a61c7889092

35 B
248 B

15ms
15ms

Image
image/gif

51.210.112.236
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.onaudience.com/?partner=161&icm&cver&mapped=bca8d7385e8d609899e25a61c7889092
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.210.112.236 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3175227.ip-51-210-112.eu
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-length: 35
content-type: image/gif

Redirect headers

date: Thu, 10 Jun 2021 17:54:42 GMT
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
location: https://pixel.onaudience.com/?partner=161&icm&cver&mapped=bca8d7385e8d609899e25a61c7889092
cache-control: no-cache
access-control-allow-credentials: true
content-type: text/html
content-length: 0

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 2DD7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RjFDRDU5QzgtRTUzQi00NkY3LUI2NTQtNkJDMjQ4QjUyQzkz&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

42 B
341 B

70ms
22ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:42 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug002:0:445
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:42 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 2DD7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEBrrzVutvWm5hRZpuC6Glwk&google_cver=1

42 B
283 B

71ms
24ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEBrrzVutvWm5hRZpuC6Glwk&google_cver=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:42 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug015:0:611
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:42 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEBrrzVutvWm5hRZpuC6Glwk&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubmatic
um.simpli.fi/ Frame 2DD7 43 B
609 B 50ms
14ms Image
image/gif 159.253.128.183
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.253.128.183 Amsterdam, Netherlands, ASN36351 (SOFTLAYER, US),

Reverse DNS

b7.80.fd9f.ip4.static.sl-reverse.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:42 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Wed, 09 Jun 2021 17:54:42 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 2DD7
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:0f2960c2-51e1-4800-9eb3-236a687d31ac&gdpr=0&gdpr_consent=

42 B
338 B

58ms
27ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:0f2960c2-51e1-4800-9eb3-236a687d31ac&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:42 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug007:0:417
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Thu, 10 Jun 2021 17:56:33 GMT
Server: MT3 3759 5f8f15b master cdg-pixel-x27
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:0f2960c2-51e1-4800-9eb3-236a687d31ac&gdpr=0&gdpr_consent=
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Thu, 10 Jun 2021 17:56:32 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 2DD7
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=7251933855628269122

42 B
233 B

73ms
26ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=7251933855628269122
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:42 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug006:0:602
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:42 GMT
server: nginx
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=7251933855628269122
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 2DD7
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=95116be6-1ea2-498d-82f8-9bb100c9d393

42 B
293 B

28ms
27ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=95116be6-1ea2-498d-82f8-9bb100c9d393
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:42 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug012:0:500
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:42 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=95116be6-1ea2-498d-82f8-9bb100c9d393
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 313

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 2DD7
Redirect Chain

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=2312329150650908629&gdpr=0&gdpr_consent=

42 B
210 B

60ms
24ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=2312329150650908629&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:42 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug003:0:437
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:42 GMT
X-Proxy-Origin: 82.102.16.185; 82.102.16.185; 717.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.103:80
AN-X-Request-Uuid: 3857e498-9b92-48c9-bbb6-52adc75963b1
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=2312329150650908629&gdpr=0&gdpr_consent=
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 F1CD59C8-E53B-46F7-B654-6BC248B52C93
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame 2DD7 43 B
193 B 38ms
34ms Image
image/gif 2a00:1288:110:c305::8000
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/F1CD59C8-E53B-46F7-B654-6BC248B52C93?gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1288:110:c305::8000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:42 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame 2DD7
Redirect Chain

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=F1CD59C8-E53B-46F7-B654-6BC248B52C93&redir=true&gdpr=0&gdpr_consent=
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-u6Td2R5E2uVmpwKIGQiFVnwWaAwLLTM-~A&gdpr=0&gdpr_consent=

0
128 B

67ms
22ms

Image
text/plain

185.64.190.81
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-u6Td2R5E2uVmpwKIGQiFVnwWaAwLLTM-~A&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.81 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 15:21:16 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Thu, 10 Jun 2021 17:54:42 GMT
Server: ATS/7.1.2.128
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-u6Td2R5E2uVmpwKIGQiFVnwWaAwLLTM-~A&gdpr=0&gdpr_consent=
Connection: keep-alive
Content-Length: 0

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 2DD7
Redirect Chain

https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=7O1-0O_seNP37nzS7eww1u67LIf363nWuek3p_-E

42 B
348 B

71ms
22ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=7O1-0O_seNP37nzS7eww1u67LIf363nWuek3p_-E
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:42 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug014:0:428
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:42 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=7O1-0O_seNP37nzS7eww1u67LIf363nWuek3p_-E
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 2DD7
Redirect Chain

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=4b1bcb40-aef1-40dd-867b-91331d60e9fd
https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=4b1bcb40-aef1-40dd-867b-91331d60e9fd
https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=488d59f2-9cc9-47cd-9a30-482599db8373&user_group=1&ssp=pubmatic&bsw_param=4b1bcb40-aef1-40dd-867b-91331d60e9fd
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=4b1bcb40-aef1-40dd-867b-91331d60e9fd&gdpr=&gdpr_consent=&gdpr_pd=

1 B
181 B

24ms
21ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=4b1bcb40-aef1-40dd-867b-91331d60e9fd&gdpr=&gdpr_consent=&gdpr_pd=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:42 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug016:0:308
server: nginx
content-type: text/html; charset=utf-8
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: //simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=4b1bcb40-aef1-40dd-867b-91331d60e9fd&gdpr=&gdpr_consent=&gdpr_pd=
date: Thu, 10 Jun 2021 17:54:42 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 2DD7
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%...
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YMJR4gABsEp_nQA4&gdpr=0&gdpr_consent=&_test=YMJR4gABsEp_nQA4

1 B
236 B

22ms
22ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YMJR4gABsEp_nQA4&gdpr=0&gdpr_consent=&_test=YMJR4gABsEp_nQA4
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:42 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug010:0:435
server: nginx
content-type: text/html; charset=utf-8
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:42 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1623347682.440026,VS0,VE0
x-served-by: cache-hhn4068-HHN
x-cache: HIT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YMJR4gABsEp_nQA4&gdpr=0&gdpr_consent=&_test=YMJR4gABsEp_nQA4
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 2DD7
Redirect Chain

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=4342350250568899477&gdpr=0&gdpr_consent=&us_privacy=

1 B
186 B

43ms
22ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=4342350250568899477&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:42 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug001:0:434
server: nginx
content-type: text/html; charset=utf-8
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=4342350250568899477&gdpr=0&gdpr_consent=&us_privacy=
pragma: no-cache
date: Thu, 10 Jun 2021 17:54:41 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2 204 current
pubmatic-match.dotomi.com/match/bounce/ Frame 2DD7 0
104 B 102ms
71ms Image
text/plain 2a02:fa8:8806:12::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=F1CD59C8-E53B-46F7-B654-6BC248B52C93&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1370 , United States, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:42 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 2DD7
Redirect Chain

https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:3f364521-8a0d-4ab2-837d-14686e4606ba&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw

42 B
110 B

21ms
21ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:3f364521-8a0d-4ab2-837d-14686e4606ba&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:42 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug020:0:340
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location: https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:3f364521-8a0d-4ab2-837d-14686e4606ba&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Date: Thu, 10 Jun 2021 17:54:42 GMT
Server: Apache/2.4.41 (Ubuntu)
Connection: Keep-Alive
Keep-Alive: timeout=5, max=3000
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 2DD7
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=no-consent&gdpr=1&gdpr_consent=

42 B
203 B

22ms
21ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=no-consent&gdpr=1&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:42 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug012:0:499
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:42 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=no-consent&gdpr=1&gdpr_consent=
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 2DD7
Redirect Chain

https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=2312329150650908629

42 B
262 B

22ms
21ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=2312329150650908629
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:43 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug007:0:346
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:43 GMT
X-Proxy-Origin: 82.102.16.185; 82.102.16.185; 717.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.186:80
AN-X-Request-Uuid: 1a4b5c46-de13-4b1f-85a1-958b546c968b
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=2312329150650908629
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 2DD7
Redirect Chain

https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw&piggybackCookie=e_136d9d8a-7ad9-4d86-a46d-055e57659896

42 B
226 B

22ms
21ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw&piggybackCookie=e_136d9d8a-7ad9-4d86-a46d-055e57659896
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:42 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug009:0:543
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw&piggybackCookie=e_136d9d8a-7ad9-4d86-a46d-055e57659896
date: Thu, 10 Jun 2021 17:54:42 GMT
p3p: CP="This is not a P3P policy"
server: nginx
timing-allow-origin: *
content-length: 0
content-language: en-US

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 15ms
15ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=commandwindows.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 17:54:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 14ms
14ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=commandwindows.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 17:54:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 17 KB
10 KB 355ms
355ms XHR
text/plain 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1826864915106731&correlator=2749894192015154&output=ldjh&impl=fif&eid=31061413%2C21068030%2C31061143%2C44744016&vrg=2021060901&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210610&iu_parts=104418548%2Ccommandwindows_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90%7C310x320%7C320x350%7C350x390&ris=2&rcs=2&prev_scp=iid11%3D1077848%26iit%3D9%26t%3D30%26d%3D146%26t1%3D30%26pvc%3D0%26ap%3D1005%26sap%3D1300%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D6206860%26gala%3D1501035%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dcommandwindows_com-medrectangle-2-1077848%26eb_br%3Dec89700e72dd339af04f416f970af998%2C3ba982fc4238dd4197b1d51b345478dc%26eba%3D1%26ebss%3D10082%2C10061%2C10015%2C11304%26gas%3D9980134984%26asau%3D5753788832%26bv%3D12%26bvm%3D0%26bvr%3D2%26shp%3D1%26br1%3D50%26br2%3D750%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C67%252C45%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C30%2C760%2C761%2C813%2C814%2C815%2C816%2C817%2C818%2C819%2C899%2C917%2C918%2C919%2C17%2C19%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D500%26reqt%3D1623347681929&eri=1&cookie=ID%3D2d78d6eabcaf12be%3AT%3D1623347681%3AS%3DALNI_MZ_fg8WxF2nqjewSYqR-sL7hHDMnw&bc=31&abxe=1&lmt=1623347682&dt=1623347682937&dlt=1623347677004&idt=967&frm=20&biw=1600&bih=1200&oid=3&adxs=436&adys=1108&adks=4057930128&ucis=b&ifi=11&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fcommandwindows.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=728x-1&msz=728x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1869561420.1623347679&ga_sid=1623347679&ga_hid=607783575&ga_fc=false&ga_wpids=UA-29096671-22&fws=512&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

bc5172fed700c33fde35f53726527534c7013d5939037a87d76fa6d907a44361

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:43 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9703
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://commandwindows.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 342 B
169 B 433ms
433ms XHR
text/plain 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1826864915106731&correlator=1307872666122330&output=ldjh&impl=fif&eid=31061413%2C21068030%2C31061143%2C44744016&vrg=2021060901&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210610&iu_parts=104418548%2Ccommandwindows_com-box-4&enc_prev_ius=%2F0%2F1&prev_iu_szs=250x250%7C310x320%7C310x330%7C320x330%7C410x370&ris=2&rcs=2&prev_scp=iid11%3D1040648%26iit%3D4%26t%3D30%26d%3D146%26t1%3D30%26pvc%3D0%26ap%3D1003%26sap%3D1261%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dn%26refs%3D30%26ga%3D6206860%26gala%3D1501035%26rid%3D99998%26pt%3D3%26al%3D1003%26compid%3D0%26tap%3Dcommandwindows_com-box-4-1040648%26eb_br%3D235a54888c7ee72f359041faf3ce4c23%2C76163170a8636ae5b88417f095893e08%26eba%3D1%26ebss%3D10082%2C10061%2C10015%2C11304%26gas%3D2017884480%26asau%3D7210502436%26bv%3D0%26bvm%3D2%26bvr%3D7%26shp%3D3%26br1%3D400%26br2%3D650%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D32%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C919%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D650%26reqt%3D1623347681930&eri=1&cookie=ID%3D2d78d6eabcaf12be%3AT%3D1623347681%3AS%3DALNI_MZ_fg8WxF2nqjewSYqR-sL7hHDMnw&bc=31&abxe=1&lmt=1623347682&dt=1623347682940&dlt=1623347677004&idt=967&frm=20&biw=1600&bih=1200&oid=3&adxs=335&adys=1395&adks=193407168&ucis=c&ifi=12&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fcommandwindows.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=250x270&msz=250x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1869561420.1623347679&ga_sid=1623347679&ga_hid=607783575&ga_fc=false&ga_wpids=UA-29096671-22&fws=4&ohw=750&btvi=5&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

a1a52148e55ef67f9b2b23a2898ce9fa4018bb7f48fddeab80196d24ba94019b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:43 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 140
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://commandwindows.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 15ms
15ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=commandwindows.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 17:54:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 15ms
15ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=commandwindows.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 17:54:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 345 B
173 B 604ms
603ms XHR
text/plain 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1826864915106731&correlator=2849044390462084&output=ldjh&impl=fif&eid=31061413%2C21068030%2C31061143%2C44744016&vrg=2021060901&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210610&iu_parts=104418548%2Ccommandwindows_com-banner-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x600%7C310x320%7C340x370%7C430x430&ris=2&rcs=2&prev_scp=iid11%3D1046648%26iit%3D5%26t%3D30%26d%3D146%26t1%3D30%26pvc%3D0%26ap%3D1031%26sap%3D1031%26a%3D%257C2%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dtf%26refs%3D30%26ga%3D6206860%26gala%3D1501035%26rid%3D99998%26pt%3D31%26al%3D1031%26compid%3D0%26tap%3Dcommandwindows_com-banner-2-1046648%26eb_br%3D119b88423fa30735563fe08dfa70a0b2%2C9e0a1ce5b2455cb9b48d5df4c6bf4053%26eba%3D1%26ebss%3D10082%2C10061%2C10015%2C11304%26gas%3D8983937454%26asau%3D4556257235%26bv%3D17%26bvm%3D0%26bvr%3D7%26shp%3D2%26br1%3D350%26br2%3D650%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D83%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C760%2C761%2C815%2C816%2C817%2C899%2C919%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26hb_bidder%3Dix%26hb_adid%3D40fae41502f9bae%26hb_pb%3D0.10%26hb_format%3Dbanner%26hb_ssid%3D10082%26lb%3D500%26reqt%3D1623347681975&eri=1&cookie=ID%3D2d78d6eabcaf12be%3AT%3D1623347681%3AS%3DALNI_MZ_fg8WxF2nqjewSYqR-sL7hHDMnw&bc=31&abxe=1&lmt=1623347682&dt=1623347682982&dlt=1623347677004&idt=967&frm=20&biw=1600&bih=1200&oid=3&adxs=1012&adys=1288&adks=3518285167&ucis=d&ifi=13&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fcommandwindows.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x636&msz=300x600&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1869561420.1623347679&ga_sid=1623347679&ga_hid=607783575&ga_fc=false&ga_wpids=UA-29096671-22&fws=4&ohw=300&btvi=6&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

aae6864078d09b52e7a5f3939bff21169e8f4cc0cd0fe56fd075a9bdd963a26c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:43 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 144
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://commandwindows.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 15ms
15ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=commandwindows.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 17:54:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 14ms
14ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=commandwindows.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 17:54:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 24 KB
11 KB 539ms
539ms XHR
text/plain 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1826864915106731&correlator=4191606664871311&output=ldjh&impl=fif&eid=31061413%2C21068030%2C31061143%2C44744016&vrg=2021060901&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210610&iu_parts=104418548%2Ccommandwindows_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x600%7C310x320%7C390x340%7C420x410&ris=2&rcs=2&prev_scp=iid11%3D1019048%26iit%3D2%26t%3D30%26d%3D146%26t1%3D30%26pvc%3D0%26ap%3D1000%26sap%3D1200%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dn%26refs%3D30%26ga%3D6206860%26gala%3D1501035%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dcommandwindows_com-box-1-1019048%26eb_br%3D49d6fb3018f8fd64edd36f2a1cd7ceb5%2Cdfa60cee6e1053fc0c9e607c8047bd28%26eba%3D1%26ebss%3D10082%2C10061%2C10015%2C11304%26gas%3D4452476132%26asau%3D2780302833%26bv%3D24%26bvm%3D0%26bvr%3D2%26shp%3D2%26acptad%3D1%26br1%3D80%26br2%3D650%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C919%2C17%2C19%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26hb_bidder%3Dix%26hb_adid%3D41f2093815dfc97%26hb_pb%3D0.00%26hb_format%3Dbanner%26hb_ssid%3D10082%26lb%3D850%26reqt%3D1623347682035&eri=1&cookie=ID%3D2d78d6eabcaf12be%3AT%3D1623347681%3AS%3DALNI_MZ_fg8WxF2nqjewSYqR-sL7hHDMnw&bc=31&abxe=1&lmt=1623347683&dt=1623347683041&dlt=1623347677004&idt=967&frm=20&biw=1600&bih=1200&oid=3&adxs=1012&adys=300&adks=1399567425&ucis=e&ifi=14&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fcommandwindows.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x636&msz=300x600&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1869561420.1623347679&ga_sid=1623347679&ga_hid=607783575&ga_fc=false&ga_wpids=UA-29096671-22&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

68abdb272d092569fb5e13221203ee350a727ad48853fea3c18d7ef14bf6c6b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:43 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11411
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://commandwindows.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 18ms
17ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=commandwindows.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 17:54:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 14ms
14ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=commandwindows.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 17:54:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 341 B
172 B 376ms
376ms XHR
text/plain 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1826864915106731&correlator=586330808828023&output=ldjh&impl=fif&eid=31061413%2C21068030%2C31061143%2C44744016&vrg=2021060901&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210610&iu_parts=104418548%2Ccommandwindows_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90%7C310x320%7C340x370%7C360x370&ris=2&rcs=2&prev_scp=iid11%3D1038248%26iit%3D4%26t%3D30%26d%3D146%26t1%3D30%26pvc%3D0%26ap%3D1001%26sap%3D1224%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dtf%26refs%3D30%26ga%3D6206860%26gala%3D1501035%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dcommandwindows_com-box-2-1038248%26eb_br%3D21e6a29247e405d0db3606fda8999ba6%2C5bac35e1a3b6adc56da706000a645484%26eba%3D1%26ebss%3D10082%2C10061%2C10015%2C11304%26gas%3D5905158604%26asau%3D4257036031%26bv%3D3%26bvm%3D0%26bvr%3D8%26shp%3D1%26acptad%3D1%26br1%3D650%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C0%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C919%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26hb_bidder%3Dix%26hb_adid%3D42669de0dce193%26hb_pb%3D0.08%26hb_format%3Dbanner%26hb_ssid%3D10082%26lb%3D900%26reqt%3D1623347682059&eri=1&cookie=ID%3D2d78d6eabcaf12be%3AT%3D1623347681%3AS%3DALNI_MZ_fg8WxF2nqjewSYqR-sL7hHDMnw&bc=31&abxe=1&lmt=1623347683&dt=1623347683065&dlt=1623347677004&idt=967&frm=20&biw=1600&bih=1200&oid=3&adxs=238&adys=136&adks=830238079&ucis=f&ifi=15&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fcommandwindows.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=728x110&msz=728x90&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1869561420.1623347679&ga_sid=1623347679&ga_hid=607783575&ga_fc=false&ga_wpids=UA-29096671-22&fws=4&ohw=750&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

b4881fa12a2ddb282c38c086e7e5186b682e9c25cc67d252a10fc36b4919b303

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:43 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 143
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://commandwindows.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame B076 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://commandwindows.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://commandwindows.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Thu, 10 Jun 2021 17:54:38 GMT
expires: Fri, 10 Jun 2022 17:54:38 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 5
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

34e9a619897b9223115c6588f352612268c90c3d83990829768973759b0d1a6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:43 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623263566164500"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28162
x-xss-protection: 0
expires: Thu, 10 Jun 2021 17:54:43 GMT

GET
H2 200 greenoaks.gif Show response
commandwindows.com/detroitchicago/ 0
65 B 9ms
8ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJkZDNkODM3NS00MWQxLTQwNjYtNGE5Zi1hZDU3NzlkNzQ4NTciLCJkb21haW5faWQiOiIxNDYiLCJ0X2Vwb2NoIjoxNjIzMzQ3Njc2LCJkYXRhIjpbeyJuYW1lIjoidGltZXJfZmlyc3RfYWRfbG9hZCIsInZhbCI6IjYzMTAifV19XQ==
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJkZDNkODM3NS00MWQxLTQwNjYtNGE5Zi1hZDU3NzlkNzQ4NTciLCJkb21haW5faWQiOiIxNDYiLCJ0X2Vwb2NoIjoxNjIzMzQ3Njc2LCJkYXRhIjpbeyJuYW1lIjoidGltZXJfZmlyc3RfYWRfbG9hZCIsInZhbCI6IjYzMTAifV19XQ==
pragma: no-cache
cookie: id5id.1st=%7B%22created_at%22%3A%222021-06-10T17%3A53%3A10.396001Z%22%2C%22id5_consent%22%3Afalse%2C%22original_uid%22%3A%220%22%2C%22universal_uid%22%3A%220%22%2C%22link_type%22%3A0%2C%22cascade_needed%22%3Afalse%2C%22privacy%22%3A%7B%22jurisdiction%22%3A%22gdpr%22%2C%22id5_consent%22%3Afalse%7D%7D; id5id.1st_last=Thu%2C%2010%20Jun%202021%2017%3A54%3A41%20GMT; __gads=ID=2d78d6eabcaf12be:T=1623347681:S=ALNI_MZ_fg8WxF2nqjewSYqR-sL7hHDMnw; ezouspvv=50; ezouspva=1; ezouspvh=50
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:43 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 09 Jun 2021 17:54:42 UTC

GET
H2 200 army.gif Show response
commandwindows.com/porpoiseant/ 0
19 B 11ms
9ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTA3Nzg0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMDUsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ5NDk0LCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoicmVmcmVzaF9jb3VudCIsInZhbCI6IjMifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjEwNzc4NDgiLCJkb21haW5faWQiOiIxNDYiLCJ1bml0IjoiZGl2LWdwdC1hZC1jb21tYW5kd2luZG93c19jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjMzNDc2NzYsImFkX3Bvc2l0aW9uIjoxMDA1LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImRkM2Q4Mzc1LTQxZDEtNDA2Ni00YTlmLWFkNTc3OWQ3NDg1NyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk2Nzg0OTQ5NCwiY3JlYXRpdmVfaWQiOjEzODI1Nzg1MjUxMiwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9iaWRfaGFzaCIsInZhbCI6ImVjODk3MDBlNzJkZDMzOWFmMDRmNDE2Zjk3MGFmOTk4LDNiYTk4MmZjNDIzOGRkNDE5N2IxZDUxYjM0NTQ3OGRjIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxMDc3ODQ4IiwiZG9tYWluX2lkIjoiMTQ2IiwidW5pdCI6ImRpdi1ncHQtYWQtY29tbWFuZHdpbmRvd3NfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjIzMzQ3Njc2LCJyZXZlbnVlIjowLCJlc3RfcmV2ZW51ZSI6MC4wMDA1LCJhZF9wb3NpdGlvbiI6MTAwNSwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwNSwiYmlkX2Zsb29yX3ByZXYiOjAuMDA1LCJzdGF0X3NvdXJjZV9pZCI6MzUsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiJkZDNkODM3NS00MWQxLTQwNjYtNGE5Zi1hZDU3NzlkNzQ4NTciLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ5Njc4NDk0OTQsImNyZWF0aXZlX2lkIjoxMzgyNTc4NTI1MTIsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxMDc3ODQ4IiwiZG9tYWluX2lkIjoiMTQ2IiwidW5pdCI6ImRpdi1ncHQtYWQtY29tbWFuZHdpbmRvd3NfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjIzMzQ3Njc2LCJhZF9wb3NpdGlvbiI6MTAwNSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiJkZDNkODM3NS00MWQxLTQwNjYtNGE5Zi1hZDU3NzlkNzQ4NTciLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ5Njc4NDk0OTQsImNyZWF0aXZlX2lkIjoxMzgyNTc4NTI1MTIsImRhdGEiOlt7Im5hbWUiOiJjcmVhdGl2ZV9pZCIsInZhbCI6IjEzODI1Nzg1MjUxMiJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTA3Nzg0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMDUsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ5NDk0LCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoibGluZWl0ZW1faWQiLCJ2YWwiOiI0OTY3ODQ5NDk0In1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTA3Nzg0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMDUsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ5NDk0LCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoicmVmcmVzaF9jb3VudCIsInZhbCI6IjMifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjEwNzc4NDgiLCJkb21haW5faWQiOiIxNDYiLCJ1bml0IjoiZGl2LWdwdC1hZC1jb21tYW5kd2luZG93c19jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjMzNDc2NzYsImFkX3Bvc2l0aW9uIjoxMDA1LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImRkM2Q4Mzc1LTQxZDEtNDA2Ni00YTlmLWFkNTc3OWQ3NDg1NyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk2Nzg0OTQ5NCwiY3JlYXRpdmVfaWQiOjEzODI1Nzg1MjUxMiwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9iaWRfaGFzaCIsInZhbCI6ImVjODk3MDBlNzJkZDMzOWFmMDRmNDE2Zjk3MGFmOTk4LDNiYTk4MmZjNDIzOGRkNDE5N2IxZDUxYjM0NTQ3OGRjIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxMDc3ODQ4IiwiZG9tYWluX2lkIjoiMTQ2IiwidW5pdCI6ImRpdi1ncHQtYWQtY29tbWFuZHdpbmRvd3NfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjIzMzQ3Njc2LCJyZXZlbnVlIjowLCJlc3RfcmV2ZW51ZSI6MC4wMDA1LCJhZF9wb3NpdGlvbiI6MTAwNSwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwNSwiYmlkX2Zsb29yX3ByZXYiOjAuMDA1LCJzdGF0X3NvdXJjZV9pZCI6MzUsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiJkZDNkODM3NS00MWQxLTQwNjYtNGE5Zi1hZDU3NzlkNzQ4NTciLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ5Njc4NDk0OTQsImNyZWF0aXZlX2lkIjoxMzgyNTc4NTI1MTIsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxMDc3ODQ4IiwiZG9tYWluX2lkIjoiMTQ2IiwidW5pdCI6ImRpdi1ncHQtYWQtY29tbWFuZHdpbmRvd3NfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjIzMzQ3Njc2LCJhZF9wb3NpdGlvbiI6MTAwNSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiJkZDNkODM3NS00MWQxLTQwNjYtNGE5Zi1hZDU3NzlkNzQ4NTciLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ5Njc4NDk0OTQsImNyZWF0aXZlX2lkIjoxMzgyNTc4NTI1MTIsImRhdGEiOlt7Im5hbWUiOiJjcmVhdGl2ZV9pZCIsInZhbCI6IjEzODI1Nzg1MjUxMiJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTA3Nzg0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMDUsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ5NDk0LCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoibGluZWl0ZW1faWQiLCJ2YWwiOiI0OTY3ODQ5NDk0In1dLCJpc19vcmlnIjpmYWxzZX1d
pragma: no-cache
cookie: id5id.1st=%7B%22created_at%22%3A%222021-06-10T17%3A53%3A10.396001Z%22%2C%22id5_consent%22%3Afalse%2C%22original_uid%22%3A%220%22%2C%22universal_uid%22%3A%220%22%2C%22link_type%22%3A0%2C%22cascade_needed%22%3Afalse%2C%22privacy%22%3A%7B%22jurisdiction%22%3A%22gdpr%22%2C%22id5_consent%22%3Afalse%7D%7D; id5id.1st_last=Thu%2C%2010%20Jun%202021%2017%3A54%3A41%20GMT; __gads=ID=2d78d6eabcaf12be:T=1623347681:S=ALNI_MZ_fg8WxF2nqjewSYqR-sL7hHDMnw; ezouspvv=50; ezouspva=1; ezouspvh=50
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:43 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 09 Jun 2021 17:54:43 UTC

GET
H2 200 4967849494 Show response
g.ezoic.net/dac/ 0
93 B 34ms
10ms XHR
text/plain 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/4967849494
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 10 Jun 2021 17:54:43 GMT
cache-control: max-age=3600, public
server: nginx/1.16.0
content-length: 0
vary: Accept-Encoding
content-type: text/plain

GET
H2 200 army.gif Show response
commandwindows.com/porpoiseant/ 0
42 B 8ms
8ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTA3Nzg0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMDUsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ5NDk0LCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoidF9sb2NhbF9kYXRlIiwidmFsIjoiMjAyMS0wNi0xMCJ9LHsibmFtZSI6InRfbG9jYWxfaG91ciIsInZhbCI6IjE5In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjQifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTEyMCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTA3Nzg0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMDUsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ5NDk0LCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoidF9sb2NhbF9kYXRlIiwidmFsIjoiMjAyMS0wNi0xMCJ9LHsibmFtZSI6InRfbG9jYWxfaG91ciIsInZhbCI6IjE5In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjQifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTEyMCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
pragma: no-cache
cookie: id5id.1st=%7B%22created_at%22%3A%222021-06-10T17%3A53%3A10.396001Z%22%2C%22id5_consent%22%3Afalse%2C%22original_uid%22%3A%220%22%2C%22universal_uid%22%3A%220%22%2C%22link_type%22%3A0%2C%22cascade_needed%22%3Afalse%2C%22privacy%22%3A%7B%22jurisdiction%22%3A%22gdpr%22%2C%22id5_consent%22%3Afalse%7D%7D; id5id.1st_last=Thu%2C%2010%20Jun%202021%2017%3A54%3A41%20GMT; __gads=ID=2d78d6eabcaf12be:T=1623347681:S=ALNI_MZ_fg8WxF2nqjewSYqR-sL7hHDMnw; ezouspvv=50; ezouspva=1; ezouspvh=50
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:43 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 09 Jun 2021 17:54:43 UTC

GET
H2 200 army.gif Show response
commandwindows.com/porpoiseant/ 0
19 B 8ms
8ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMTA3Nzg0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYXVjdGlvbl9lcG9jaCI6MTYyMzM0NzY4MywiYWRfcG9zaXRpb24iOjEwMDUsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiJkZDNkODM3NS00MWQxLTQwNjYtNGE5Zi1hZDU3NzlkNzQ4NTciLCJiaWRfZmxvb3JfaW5pdGlhbCI6MTAwMCwiYmlkX2Zsb29yX3ByZXYiOjUwMCwiYmlkX2Zsb29yX2ZpbGxlZCI6NTAsImF1Y3Rpb25fY291bnQiOjMsInJlZnJlc2hfYWRfY291bnQiOjAsImF1Y3Rpb25fZHVyYXRpb24iOjM3NSwibXVsdGlfYWRfdW5pdCI6MCwibXVsdGlfYWRfY291bnQiOjAsIm5ldHdvcmtfY29kZSI6MTA0NDE4NTQ4LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dLCJsaW5lX2l0ZW1faWQiOjQ5Njc4NDk0OTR9XQ==
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMTA3Nzg0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYXVjdGlvbl9lcG9jaCI6MTYyMzM0NzY4MywiYWRfcG9zaXRpb24iOjEwMDUsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiJkZDNkODM3NS00MWQxLTQwNjYtNGE5Zi1hZDU3NzlkNzQ4NTciLCJiaWRfZmxvb3JfaW5pdGlhbCI6MTAwMCwiYmlkX2Zsb29yX3ByZXYiOjUwMCwiYmlkX2Zsb29yX2ZpbGxlZCI6NTAsImF1Y3Rpb25fY291bnQiOjMsInJlZnJlc2hfYWRfY291bnQiOjAsImF1Y3Rpb25fZHVyYXRpb24iOjM3NSwibXVsdGlfYWRfdW5pdCI6MCwibXVsdGlfYWRfY291bnQiOjAsIm5ldHdvcmtfY29kZSI6MTA0NDE4NTQ4LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dLCJsaW5lX2l0ZW1faWQiOjQ5Njc4NDk0OTR9XQ==
pragma: no-cache
cookie: id5id.1st=%7B%22created_at%22%3A%222021-06-10T17%3A53%3A10.396001Z%22%2C%22id5_consent%22%3Afalse%2C%22original_uid%22%3A%220%22%2C%22universal_uid%22%3A%220%22%2C%22link_type%22%3A0%2C%22cascade_needed%22%3Afalse%2C%22privacy%22%3A%7B%22jurisdiction%22%3A%22gdpr%22%2C%22id5_consent%22%3Afalse%7D%7D; id5id.1st_last=Thu%2C%2010%20Jun%202021%2017%3A54%3A41%20GMT; __gads=ID=2d78d6eabcaf12be:T=1623347681:S=ALNI_MZ_fg8WxF2nqjewSYqR-sL7hHDMnw; ezouspvv=50; ezouspva=1; ezouspvh=50
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:43 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 09 Jun 2021 17:54:43 UTC

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame C4EE 624 B
344 B 19ms
18ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CK0CELqMgMoCGNaulqUBMAE&v=APEucNVKLxgX7oJzYtVSgNaZcwtlO2c6-i1SS59pmczN0Db9kcBTeJxo0EESRs1I6r90wso1n4HLVle2P04TPwahCJErR6PT7TCDZPVqQ2ZRQgouPyvhqmSc1lc_pLtBogyzTEXeWlWo2rkWXRA0eHmpyaOJAc1LRaZ6uwwjT9YfvKWHqUgX6ho

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CK0CELqMgMoCGNaulqUBMAE&v=APEucNVKLxgX7oJzYtVSgNaZcwtlO2c6-i1SS59pmczN0Db9kcBTeJxo0EESRs1I6r90wso1n4HLVle2P04TPwahCJErR6PT7TCDZPVqQ2ZRQgouPyvhqmSc1lc_pLtBogyzTEXeWlWo2rkWXRA0eHmpyaOJAc1LRaZ6uwwjT9YfvKWHqUgX6ho
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUluRECsRRlnNvz2zznbsMIVHg9aDZy1vv4jrV-EEdakjPhUzC6Z1dTe7JyRHfY
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 10 Jun 2021 17:54:43 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame B076 25 KB
13 KB 35ms
34ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CmQSwRVpaaDosQbcPTnBTqZ_Rd5vcuOYuDc3-zxogJqaQN6-CErf1UIU2TZONtNtlMlH9m-9Qscm8JwyoU_re_xxsiJmRpQt6xKrk5-n_MBpt4aCcQuY0KCxM0ZGh9lXYQ6t5Whkdz5fhuKq1rsAaM2yND0A&dbm_d=AKAmf-A4KQx2zqJRusdFAdKDLoo6IrkJv6u-IEfVmLQjz1IdEeE7jzSQ_8OxDtivrBuSx1B1E41hz22vfjvhLaFUehHTfIgwxGte_-OYvRXE5TSmSqxb5vlGdD90yAZ2s7LhZZ939nhxFLyFUWzSBcrtaF3lCCuFBtejYjSzRQQTH4C2rrFCyWkpwkXYi3kOZKGXO_xcsDzCKIMD-9fKarejcbt7NVH_WtZAA55oZYZFaYutUhgUZZYQ_moq_nWNjxQhDoLhvPscO6XSvLSQbJH_L1lJjgScapXSEUF0U3KuuvGlrcfFHtYdCgt9esSOiOjrpKIiCRJ7JrG7xzeub6G9uXG2hyXUZLkrkp8kDPBOCcivr-fKB25vmQbnks_5FygA_vwgCvzkTTb9CPdwbFvCoq-8HH6KngaP1oAp_oV4rBoHAdAoTBqapONiNgL3q7zhECk1zwQ_8ygNeaGMsigEpI7Ie5Jac4Ab84Iji9SZ4Y1DY219dhgn9K-nX9ybLGE79Hsyq3KkXiHIbAlJZ8hYkM3HKVlOIYCL8faYZuYtogyG49xSSSrb-UycWq0u2ShN_is9AoyTyyLnkPRMIIKxXrQylUGrJlEZoKXvtw3c4qS9q03s-szWNNWVKGMYEEPeZCxHWFehVXLbWXhWAGUsg9ySJSGHE4aD3hwOdwAz0s4hoNl0fLkLrTdyEqir0lwH2F9v3ftIQsBzi1YXI4mW1Gb1afUP7GdcvIvotBYhE2N7zIu4WSJVLlC7qqBVSOmPYtV3DFBmguvyN8zpHtZMQPceBaclX7XqZU4AHKaqE9ziG12R1XrwF7o-ac3gWVAFXPMal-ZbcdTdGrOgA3He9mJX1rdGCTATZK-6T17MAUW2lTumm3FfkYAyRcS-2lWYoB-S2LA67Q6ypfbHU_N1mckkaOSdIOAZej7cjlR-juJQBY_2zNkgpMRAO2jYzAu19YmpAGZOtML2dioBj-4Xntst6eHH14bTUfgxDHd-pygrVE2hjYVbiGCpy_kR8UBeegnPyKzhitl2I-TkjWkpBidugdnHlU_FVqDEZqBZ28C3MtVFY4qUgavuXsaSqISffOZAmNttU-StEgU5e7slseltYV--sg4Re1fwxA5xAA0tWFHSoF7QQl80HPMu0Nb7Ez2ZsCCBfXWbBZ6jp5UuFreDNC0Lq-LTf2srzL8WC-jgrr9peRImjVb9XIJyTHPEK7xzXBR3-MViMvfBRR512YCYizc-Ic0WIXKyh-bbIdmewowpPrbfpAF5awtm1X6iLzweYPKRSwDzN-qwIl4jZ4MwBGfnW6Q0kSyqpOTl8Ze_rv37SnKlSVbvdll1JBgZPX8cFrQz-dOc3i9GtfnmMQd_WMZNAvCHfRDia7Fr_cCwW9l-i8DPyNHIqXS75sZIi8T6ycx0CTflEwYiNrWffdg9SblE_Nw7JgHOwRQDDEV1LpFVBd7x48n7rs6Nri5TjgWg5qPzMN49o57a01swicWbl1T8xYKGIcD5qBcPFOfcVJQqbMoj6bknxmFOH7UnvRSxsdIRMspI5cWz2WIMkliClrHxUNGhaZbhKrubNg29kowFNVh7jDN7_GYO_z5KEhfjVeQCbtnKZAuwT5oymyZgs8FaPYhfcw5lSENfRxLl6JsuHqGs1QPbcvzwNkzMNz-LDyi2V7ByPfUY8PTVL4JDsiIx2Z7LI6T-aQd47A13LHZQxYUuijxDQKEP7WpI2Zg3vLg9KWeNnrt2mUqL71LDOtW4XpHBrX3_z0c1GacCgNTWLyZWnVn6a3ms5FDWcpHJMZ5E5XEOig7uRozBFMVmjnb-YzxUgjyiszGcv_CpJecq7vn8iT00ZfPWVufqFfKZI8uClHlGiu8fvTCbnpHfyOwQR89QmJX8FqOz8X2fKWEkPmLpY4_uCLsXXiKqG3rtjnJNRgf20asi3QbzWfKNg5gtGWDH4YRhYb-XTobHSmY4pSiumlOfBM2zm9ItRL1Grsdfg7ff4JHtJsCMxXucgFLbX9DgVSjP7gtjcA6iqE7v-5ZOFyGKgwJ3htYkKWhVYnw2S7B9PUzfgk30rSsaD0PB1IrIi8A2_XmADy--BJjj0E9w2HlavJ72YJhBKFnIl81kPIhmdcl0DZ0ZGHRKan3lpEzH6qfplhddgs9ASBc5fkW-_P4gsPgz_wPAM14wBabJ34cEigb-fuDe9xwbdiBSEWeHYpLVk7fNlTXNLMTckg0wybX78Ax3EtUvrOpLaWbUwUlTFjgyFMRmxTnmzAg2kuNI0lthrkDXwPZSorxtIkwT0rBXAFYf-AfCl2AOwbUzGkrlLaoais1qq7aYvFSzklCHhP4SRp_3VJ32t98bv0QbuHobTTfwVBsNVzf8nitIeqRW0HAvUHYTVhx-Bml4i4J3jroTicp_I5cipZAfllGpG5AQZovEFk08yL6HuIYr3Dukzb48mXdFN8VGVbyRyojrF0ktGrgh9RdjrKjkJkUydM2yDfVHhe9oSLQa3E5xfU7xZHBfVSuiPWPn8d5VaXnJugdSXFd2hM_YAk18-a2556S0nnLElYtFrHM4bkhYQCY5hxB4WvIrP7exsWsYhWUKZgmzvK2rEhOLzrTxiy83rIIJ3dpu5JuH6OOMjdzTFaVZo-5vR5EzAzp-mN8E3Dryntql0q8vw78da4SNobKSKKYGCxZhEx63HReAGrK2ioQOcJOHZT5hdGHr2r9Vn6FDyXEq0cn5QJGDjz7h4nld_E_a61ROAC3nuOvSSulFgGCtFGunHPvpNDVyOEi4s07qXdmUA1dU2pXBrMk8p5JwqMnC4ylEfBz0bzbd8teonaSF2g1m3a_Toz4Obb51I3Okat3UIo6Ut2TzpWtPi5lPGv-9XixGASo5SuIYx6eea6puot-VGKTNOu9N4s6eelStNq2mG5vYHzUoGc35oEZ659bDVpH4qrAgjyYscmAtSD0Hl6ZrIQpSrHFU9MdE7VZ0dRJLRhXMePSX0OFYh_L1U1qFak-CZ73kDA0g33oeLq_iNf-ylWaTpaZjLsjIRsYTndK5UXxQaXWBLePWtTAWyux11Yhc6iq_SdG36rS45FKEb4kJ8XXW0NaVH8udb8znkX2qYpCtAbb50nN9bTtOm5Q-rFP2RyV34bhk-ymj0q6AgUkBxPNm0nDiSASz3DVwcTsEao5lo_BgBDj9Adm3_S5UQ2WAIL3H-z2oIgkcWFNuLudmnV1npHtGeWGYJCfN0NYYHjydHP_OSBr6N7QneUtrC0O9R5iGpywSnJtT&cid=CAASEuRosV9JqtnGypi1GEOVgVurxA&rfl=1%2Chttps%253A%252F%252Fcommandwindows.com%252F%240

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ccd782cf644e00ad423dab2cfcb96f06cf92a67420177e38e0db763dc69999d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:43 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12996
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame B076 42 B
110 B 42ms
41ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Cg4PTRkCDXjj1BHiIwOGaf0bqNPt54IHcVjlmxKbnxQV9wHzTOVXmng4k_DYZP3g6LvAJuMguf4QJW38hSPV2hGSd93nDYE9rfSejXcxC15emFlNI

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:43 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame B076 8 KB
4 KB 17ms
13ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7c1022dbae2ac5b2997f6e92f1f25907b053736a52aa40753fb44fcf4760370

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:32:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1339
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3796
x-xss-protection: 0
last-modified: Mon, 07 Jun 2021 18:22:56 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Thu, 10 Jun 2021 18:32:24 GMT

GET
H2 200 skeleton.js Show response
pixel.adsafeprotected.com/rjss/st/695971/54149685/ Frame B076 45 KB
13 KB 121ms
56ms Script
application/javascript 52.49.15.202
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/rjss/st/695971/54149685/skeleton.js
Requested by: Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.49.15.202 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-49-15-202.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 8435698fbefd8c402d41e25a618e6a839d45a5cf1aa8e2c224565024659f1b6c

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:43 GMT
content-encoding: gzip
x-server-name: app29.ie.303net.net
content-type: application/javascript;charset=utf-8
access-control-allow-origin: pixel.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/ Frame B076 2 KB
1 KB 7ms
5ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/window_focus_fy2019.js

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1ac43e9327c147dc04b1efcd475ba7e9d464e6504eaffb167d0412d339b39e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:53:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 66
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1316
x-xss-protection: 0
server: cafe
etag: 797314601362473214
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 24 Jun 2021 17:53:37 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B076 122 KB
37 KB 23ms
20ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5e762276ffd20732a10037842bac383dc64a7b230ab1f48f2a0ff7406b8b9c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:43 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623263560240521"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37945
x-xss-protection: 0
expires: Thu, 10 Jun 2021 17:54:43 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/ Frame B076 13 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3a677da8f32851941b090ee6e9294757cba154033200b20231b2a4ca7f62a820

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 37
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5644
x-xss-protection: 0
server: cafe
etag: 16788636151609896382
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 24 Jun 2021 17:54:06 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame C4EE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDAHUpBZoC-pilraNeeuZ2c&google_cver=1

43 B
1 KB

23ms
17ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDAHUpBZoC-pilraNeeuZ2c&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CK0CELqMgMoCGNaulqUBMAE&v=APEucNVKLxgX7oJzYtVSgNaZcwtlO2c6-i1SS59pmczN0Db9kcBTeJxo0EESRs1I6r90wso1n4HLVle2P04TPwahCJErR6PT7TCDZPVqQ2ZRQgouPyvhqmSc1lc_pLtBogyzTEXeWlWo2rkWXRA0eHmpyaOJAc1LRaZ6uwwjT9YfvKWHqUgX6ho
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:43 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 10 Jun 2021 17:54:43 GMT

Redirect headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:43 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDAHUpBZoC-pilraNeeuZ2c&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame C4EE
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YMJR4fOgcTH8dSX7U1QqrgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDAHUpBZoC-pilraNeeuZ2c&google_cver=1

43 B
1020 B

16ms
16ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDAHUpBZoC-pilraNeeuZ2c&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CK0CELqMgMoCGNaulqUBMAE&v=APEucNVKLxgX7oJzYtVSgNaZcwtlO2c6-i1SS59pmczN0Db9kcBTeJxo0EESRs1I6r90wso1n4HLVle2P04TPwahCJErR6PT7TCDZPVqQ2ZRQgouPyvhqmSc1lc_pLtBogyzTEXeWlWo2rkWXRA0eHmpyaOJAc1LRaZ6uwwjT9YfvKWHqUgX6ho
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:43 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 10 Jun 2021 17:54:43 GMT

Redirect headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:43 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDAHUpBZoC-pilraNeeuZ2c&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame C4EE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESENLNVYSLqRBzWKg07OBNpSc&google_cver=1

43 B
1023 B

21ms
21ms

Image
image/gif

185.33.220.240
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESENLNVYSLqRBzWKg07OBNpSc&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CK0CELqMgMoCGNaulqUBMAE&v=APEucNVKLxgX7oJzYtVSgNaZcwtlO2c6-i1SS59pmczN0Db9kcBTeJxo0EESRs1I6r90wso1n4HLVle2P04TPwahCJErR6PT7TCDZPVqQ2ZRQgouPyvhqmSc1lc_pLtBogyzTEXeWlWo2rkWXRA0eHmpyaOJAc1LRaZ6uwwjT9YfvKWHqUgX6ho

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.240 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

717.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:43 GMT
X-Proxy-Origin: 82.102.16.185; 82.102.16.185; 717.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.223.133:80
AN-X-Request-Uuid: 7f7b2211-5248-4dac-8f9c-6bcc97ccec10
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:43 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESENLNVYSLqRBzWKg07OBNpSc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame C4EE
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjMxMjMyOTE1MDY1MDkwODYyOQ%3D%3D

170 B
188 B

26ms
24ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjMxMjMyOTE1MDY1MDkwODYyOQ%3D%3D

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:43 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:43 GMT
X-Proxy-Origin: 82.102.16.185; 82.102.16.185; 717.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.236:80
AN-X-Request-Uuid: 085d02f5-33ef-47c2-95d7-0a647889aab8
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjMxMjMyOTE1MDY1MDkwODYyOQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/ Frame B076 22 KB
8 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CmQSwRVpaaDosQbcPTnBTqZ_Rd5vcuOYuDc3-zxogJqaQN6-CErf1UIU2TZONtNtlMlH9m-9Qscm8JwyoU_re_xxsiJmRpQt6xKrk5-n_MBpt4aCcQuY0KCxM0ZGh9lXYQ6t5Whkdz5fhuKq1rsAaM2yND0A&dbm_d=AKAmf-A4KQx2zqJRusdFAdKDLoo6IrkJv6u-IEfVmLQjz1IdEeE7jzSQ_8OxDtivrBuSx1B1E41hz22vfjvhLaFUehHTfIgwxGte_-OYvRXE5TSmSqxb5vlGdD90yAZ2s7LhZZ939nhxFLyFUWzSBcrtaF3lCCuFBtejYjSzRQQTH4C2rrFCyWkpwkXYi3kOZKGXO_xcsDzCKIMD-9fKarejcbt7NVH_WtZAA55oZYZFaYutUhgUZZYQ_moq_nWNjxQhDoLhvPscO6XSvLSQbJH_L1lJjgScapXSEUF0U3KuuvGlrcfFHtYdCgt9esSOiOjrpKIiCRJ7JrG7xzeub6G9uXG2hyXUZLkrkp8kDPBOCcivr-fKB25vmQbnks_5FygA_vwgCvzkTTb9CPdwbFvCoq-8HH6KngaP1oAp_oV4rBoHAdAoTBqapONiNgL3q7zhECk1zwQ_8ygNeaGMsigEpI7Ie5Jac4Ab84Iji9SZ4Y1DY219dhgn9K-nX9ybLGE79Hsyq3KkXiHIbAlJZ8hYkM3HKVlOIYCL8faYZuYtogyG49xSSSrb-UycWq0u2ShN_is9AoyTyyLnkPRMIIKxXrQylUGrJlEZoKXvtw3c4qS9q03s-szWNNWVKGMYEEPeZCxHWFehVXLbWXhWAGUsg9ySJSGHE4aD3hwOdwAz0s4hoNl0fLkLrTdyEqir0lwH2F9v3ftIQsBzi1YXI4mW1Gb1afUP7GdcvIvotBYhE2N7zIu4WSJVLlC7qqBVSOmPYtV3DFBmguvyN8zpHtZMQPceBaclX7XqZU4AHKaqE9ziG12R1XrwF7o-ac3gWVAFXPMal-ZbcdTdGrOgA3He9mJX1rdGCTATZK-6T17MAUW2lTumm3FfkYAyRcS-2lWYoB-S2LA67Q6ypfbHU_N1mckkaOSdIOAZej7cjlR-juJQBY_2zNkgpMRAO2jYzAu19YmpAGZOtML2dioBj-4Xntst6eHH14bTUfgxDHd-pygrVE2hjYVbiGCpy_kR8UBeegnPyKzhitl2I-TkjWkpBidugdnHlU_FVqDEZqBZ28C3MtVFY4qUgavuXsaSqISffOZAmNttU-StEgU5e7slseltYV--sg4Re1fwxA5xAA0tWFHSoF7QQl80HPMu0Nb7Ez2ZsCCBfXWbBZ6jp5UuFreDNC0Lq-LTf2srzL8WC-jgrr9peRImjVb9XIJyTHPEK7xzXBR3-MViMvfBRR512YCYizc-Ic0WIXKyh-bbIdmewowpPrbfpAF5awtm1X6iLzweYPKRSwDzN-qwIl4jZ4MwBGfnW6Q0kSyqpOTl8Ze_rv37SnKlSVbvdll1JBgZPX8cFrQz-dOc3i9GtfnmMQd_WMZNAvCHfRDia7Fr_cCwW9l-i8DPyNHIqXS75sZIi8T6ycx0CTflEwYiNrWffdg9SblE_Nw7JgHOwRQDDEV1LpFVBd7x48n7rs6Nri5TjgWg5qPzMN49o57a01swicWbl1T8xYKGIcD5qBcPFOfcVJQqbMoj6bknxmFOH7UnvRSxsdIRMspI5cWz2WIMkliClrHxUNGhaZbhKrubNg29kowFNVh7jDN7_GYO_z5KEhfjVeQCbtnKZAuwT5oymyZgs8FaPYhfcw5lSENfRxLl6JsuHqGs1QPbcvzwNkzMNz-LDyi2V7ByPfUY8PTVL4JDsiIx2Z7LI6T-aQd47A13LHZQxYUuijxDQKEP7WpI2Zg3vLg9KWeNnrt2mUqL71LDOtW4XpHBrX3_z0c1GacCgNTWLyZWnVn6a3ms5FDWcpHJMZ5E5XEOig7uRozBFMVmjnb-YzxUgjyiszGcv_CpJecq7vn8iT00ZfPWVufqFfKZI8uClHlGiu8fvTCbnpHfyOwQR89QmJX8FqOz8X2fKWEkPmLpY4_uCLsXXiKqG3rtjnJNRgf20asi3QbzWfKNg5gtGWDH4YRhYb-XTobHSmY4pSiumlOfBM2zm9ItRL1Grsdfg7ff4JHtJsCMxXucgFLbX9DgVSjP7gtjcA6iqE7v-5ZOFyGKgwJ3htYkKWhVYnw2S7B9PUzfgk30rSsaD0PB1IrIi8A2_XmADy--BJjj0E9w2HlavJ72YJhBKFnIl81kPIhmdcl0DZ0ZGHRKan3lpEzH6qfplhddgs9ASBc5fkW-_P4gsPgz_wPAM14wBabJ34cEigb-fuDe9xwbdiBSEWeHYpLVk7fNlTXNLMTckg0wybX78Ax3EtUvrOpLaWbUwUlTFjgyFMRmxTnmzAg2kuNI0lthrkDXwPZSorxtIkwT0rBXAFYf-AfCl2AOwbUzGkrlLaoais1qq7aYvFSzklCHhP4SRp_3VJ32t98bv0QbuHobTTfwVBsNVzf8nitIeqRW0HAvUHYTVhx-Bml4i4J3jroTicp_I5cipZAfllGpG5AQZovEFk08yL6HuIYr3Dukzb48mXdFN8VGVbyRyojrF0ktGrgh9RdjrKjkJkUydM2yDfVHhe9oSLQa3E5xfU7xZHBfVSuiPWPn8d5VaXnJugdSXFd2hM_YAk18-a2556S0nnLElYtFrHM4bkhYQCY5hxB4WvIrP7exsWsYhWUKZgmzvK2rEhOLzrTxiy83rIIJ3dpu5JuH6OOMjdzTFaVZo-5vR5EzAzp-mN8E3Dryntql0q8vw78da4SNobKSKKYGCxZhEx63HReAGrK2ioQOcJOHZT5hdGHr2r9Vn6FDyXEq0cn5QJGDjz7h4nld_E_a61ROAC3nuOvSSulFgGCtFGunHPvpNDVyOEi4s07qXdmUA1dU2pXBrMk8p5JwqMnC4ylEfBz0bzbd8teonaSF2g1m3a_Toz4Obb51I3Okat3UIo6Ut2TzpWtPi5lPGv-9XixGASo5SuIYx6eea6puot-VGKTNOu9N4s6eelStNq2mG5vYHzUoGc35oEZ659bDVpH4qrAgjyYscmAtSD0Hl6ZrIQpSrHFU9MdE7VZ0dRJLRhXMePSX0OFYh_L1U1qFak-CZ73kDA0g33oeLq_iNf-ylWaTpaZjLsjIRsYTndK5UXxQaXWBLePWtTAWyux11Yhc6iq_SdG36rS45FKEb4kJ8XXW0NaVH8udb8znkX2qYpCtAbb50nN9bTtOm5Q-rFP2RyV34bhk-ymj0q6AgUkBxPNm0nDiSASz3DVwcTsEao5lo_BgBDj9Adm3_S5UQ2WAIL3H-z2oIgkcWFNuLudmnV1npHtGeWGYJCfN0NYYHjydHP_OSBr6N7QneUtrC0O9R5iGpywSnJtT&cid=CAASEuRosV9JqtnGypi1GEOVgVurxA&rfl=1%2Chttps%253A%252F%252Fcommandwindows.com%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cabbde8502a6598896a3c812c89ecd99ecfb3e9ca68f632c8c9b3f2a7f6e0046

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:47:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 431
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8601
x-xss-protection: 0
server: cafe
etag: 18280575870105241958
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 24 Jun 2021 17:47:32 GMT

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame B076 41 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 12:32:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 19341
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 10 Jun 2022 12:32:22 GMT

GET
H3-29 200 impl_v75.js Show response
www.googletagservices.com/dcm/ Frame B076 37 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v75.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7529b11940f8a77767d97b70e5392487b7fffeb7bcd408da18bdc71665a81d41

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 12:32:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 19339
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15538
x-xss-protection: 0
last-modified: Fri, 04 Jun 2021 19:52:24 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 10 Jun 2022 12:32:24 GMT

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 58CE 22 KB
8 KB 10ms
7ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Thu, 10 Jun 2021 12:32:25 GMT
expires: Fri, 10 Jun 2022 12:32:25 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 19338
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 B25762587.301404709;dc_ver=75.217;dc_eid=40004001;sz=728x90;u_sd=1;dc_adk=943508953;ord=j74sne;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC-Qvl4lHCYM2aPPaBx_APmdCX4... Show response
ad.doubleclick.net/ddm/adj/N1416456.3886603PMPRECISIONDE/ Frame B076 45 KB
20 KB 66ms
42ms Script
text/javascript 142.250.185.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N1416456.3886603PMPRECISIONDE/B25762587.301404709;dc_ver=75.217;dc_eid=40004001;sz=728x90;u_sd=1;dc_adk=943508953;ord=j74sne;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC-Qvl4lHCYM2aPPaBx_APmdCX4Aj_nKS2Yt-7r6rXDfAuEAEgwtPvI2CV4pCCoAegAd6XqLYByAEJqQI_2-102XO0PqgDAaoE8AFP0MdhC0mOIeOy2EF45gWq4WtTCBF5PxvGde1GciRbIw3m9kJ_H6Xi1eYdxr2qJsilhoNKXov95WApbYdWyKkNnRKJf66R3X7esGV0fq0gZF_OHLod_O9U4W30BQlb67CUedhsNHHGvQtxszVS4JjXD04QZWPLgah0NZO-UC_ShJphIo9Am29dvsFQATndXsYkPnwO9Vl3i40aKrqFXmMxxmrww_xQbfMbyWpIqwe0wxhiqwFpnpfB2H07bflrWWXsqNER2fkuK7zknlKV2Nqlao87jaBB1NmyKP7fAEghIxA4cBoTKNBMc2oz3xXKzmzABLyJ7-7GA-AEA5AGAaAGTYAHiujXyQKoB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIgOGAEBABGB2ACgOYCwHICwGADAGwE8-LqQvIE-qq6gnQEwDYEwrYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASEuRosV9JqtnGypi1GEOVgVurxA%26sig%3DAOD64_0V-TERcBKdqvYPccOwzcKeGjNPsg%26client%3Dca-pub-7958959566206860%26dbm_c%3DAKAmf-BgUC__3mNZgyJMekrKwnmK3IyhSgNJYYLijpcHmZK3odlAjPPyITBWieN7YiMqzO9q11TEtVg0Lt6InVGbHTucJHYyXPOEBAWn71xoCynXb6ITtlisIbHYotR2nAei8Id0HvauBr6sBepGwDIyJIQv67h2Tg%26dbm_d%3DAKAmf-BFFcIEw3cp27RWShigbvL-pysdze_9j6h0vJpszLoWA2WPuikq1xS-aCyOmQzLdQIhaSTgkrCZX9fGgoVSf-Oc8gpGzY_RUtxmajqv99hbBLjVYmq3BM0sjpkf4rEutujtNNI91MFZSSaaUtIBrshPg0_iAQAIXs21p2LviTtRkhR-k8Zd6WvLTkfKXWBn42qgV6ZSTfCy9oCFwvVEY28zjxgIcF4alf_Ot-RR6EAHeAXNKyfh4enaiMEJ6CPyJvH6vL516AiY0vvrc2hEYFMekGJ85BCELWKp2uThfBuiqAu46HseOEmjN4O96tFHJPw_XdmkEpe3_6gwi1tYnXqZwtuVNOUsOUZz_FfFALhJoC4q1VZ5ceSXORKuB9jBDlyHGLwuos525aC6yi_hDQt_a5E2z3eoo4rHvtfmidKlJ8RQLS3exkgcwamTSsK0OZcabur3hmaTNK7Hr9jq23WxwEkG1g%26adurl%3D;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=1,https%3A%2F%2Fcommandwindows.com%2F$0;xdt=1;crlt=DxSfoxu)Hb;osda=2;sttr=54;prcl=s

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v75.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f6.1e100.net

Software

cafe /

Resource Hash

ef9f0db83c1cdc5087c45e25abe893bb2576583ebaee1233ff8bc9ab392d03f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:43 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20372
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 14ms
14ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=commandwindows.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 17:54:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 15ms
15ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=commandwindows.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 17:54:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 342 B
168 B 332ms
331ms XHR
text/plain 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1826864915106731&correlator=3977970797037185&output=ldjh&impl=fif&eid=31061413%2C21068030%2C31061143%2C44744016&vrg=2021060901&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210610&iu_parts=104418548%2Ccommandwindows_com-box-4&enc_prev_ius=%2F0%2F1&prev_iu_szs=250x250%7C310x320%7C310x330%7C320x330%7C410x370&ris=1&rcs=3&prev_scp=iid11%3D1040648%26iit%3D4%26t%3D30%26d%3D146%26t1%3D30%26pvc%3D0%26ap%3D1003%26sap%3D1261%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dn%26refs%3D30%26ga%3D6206860%26gala%3D1501035%26rid%3D99998%26pt%3D3%26al%3D1003%26compid%3D0%26tap%3Dcommandwindows_com-box-4-1040648%26eb_br%3Db75a19eef33cd9413dfebdcbce61e0ad%2C90c3c48d0172916d27c102ea4aa9d49c%26eba%3D1%26ebss%3D10082%2C10061%2C10015%2C11304%26gas%3D2017884480%26asau%3D7210502436%26bv%3D0%26bvm%3D2%26bvr%3D7%26shp%3D3%26br1%3D300%26br2%3D650%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D32%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C919%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D400%26reqt%3D1623347683464&eri=1&cookie=ID%3D2d78d6eabcaf12be%3AT%3D1623347681%3AS%3DALNI_MZ_fg8WxF2nqjewSYqR-sL7hHDMnw&bc=31&abxe=1&lmt=1623347683&dt=1623347683474&dlt=1623347677004&idt=967&frm=20&biw=1600&bih=1200&oid=3&adxs=335&adys=1395&adks=193407168&ucis=g&ifi=16&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fcommandwindows.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=250x270&msz=250x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1869561420.1623347679&ga_sid=1623347679&ga_hid=607783575&ga_fc=false&ga_wpids=UA-29096671-22&fws=4&ohw=750&btvi=7&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

cca49db4e30966187e0ce03d122cc8236d35d17bff94c3728efd3df5f9d34c1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:43 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 139
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://commandwindows.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 6ARyktE4tPRvvoSTtP7tfQ53d_-1azzHygxxMe6f4h8.js Show response
pagead2.googlesyndication.com/bg/ Frame 58CE 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6ARyktE4tPRvvoSTtP7tfQ53d_-1azzHygxxMe6f4h8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8047292d138b4f46fbe8493b4feed7d0e7777ffb56b3cc7ca0c7131ee9fe21f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 16:45:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4174
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5749
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 10 Jun 2022 16:45:09 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_271.js Show response
s0.2mdn.net/879366/ Frame B076 111 KB
39 KB 28ms
7ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 11:50:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 21877
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39287
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 18:02:50 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 11 Jun 2021 11:50:06 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/elements/html/ Frame B076 8 KB
3 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N1416456.3886603PMPRECISIONDE/B25762587.301404709;dc_ver=75.217;dc_eid=40004001;sz=728x90;u_sd=1;dc_adk=943508953;ord=j74sne;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC-Qvl4lHCYM2aPPaBx_APmdCX4Aj_nKS2Yt-7r6rXDfAuEAEgwtPvI2CV4pCCoAegAd6XqLYByAEJqQI_2-102XO0PqgDAaoE8AFP0MdhC0mOIeOy2EF45gWq4WtTCBF5PxvGde1GciRbIw3m9kJ_H6Xi1eYdxr2qJsilhoNKXov95WApbYdWyKkNnRKJf66R3X7esGV0fq0gZF_OHLod_O9U4W30BQlb67CUedhsNHHGvQtxszVS4JjXD04QZWPLgah0NZO-UC_ShJphIo9Am29dvsFQATndXsYkPnwO9Vl3i40aKrqFXmMxxmrww_xQbfMbyWpIqwe0wxhiqwFpnpfB2H07bflrWWXsqNER2fkuK7zknlKV2Nqlao87jaBB1NmyKP7fAEghIxA4cBoTKNBMc2oz3xXKzmzABLyJ7-7GA-AEA5AGAaAGTYAHiujXyQKoB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIgOGAEBABGB2ACgOYCwHICwGADAGwE8-LqQvIE-qq6gnQEwDYEwrYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASEuRosV9JqtnGypi1GEOVgVurxA%26sig%3DAOD64_0V-TERcBKdqvYPccOwzcKeGjNPsg%26client%3Dca-pub-7958959566206860%26dbm_c%3DAKAmf-BgUC__3mNZgyJMekrKwnmK3IyhSgNJYYLijpcHmZK3odlAjPPyITBWieN7YiMqzO9q11TEtVg0Lt6InVGbHTucJHYyXPOEBAWn71xoCynXb6ITtlisIbHYotR2nAei8Id0HvauBr6sBepGwDIyJIQv67h2Tg%26dbm_d%3DAKAmf-BFFcIEw3cp27RWShigbvL-pysdze_9j6h0vJpszLoWA2WPuikq1xS-aCyOmQzLdQIhaSTgkrCZX9fGgoVSf-Oc8gpGzY_RUtxmajqv99hbBLjVYmq3BM0sjpkf4rEutujtNNI91MFZSSaaUtIBrshPg0_iAQAIXs21p2LviTtRkhR-k8Zd6WvLTkfKXWBn42qgV6ZSTfCy9oCFwvVEY28zjxgIcF4alf_Ot-RR6EAHeAXNKyfh4enaiMEJ6CPyJvH6vL516AiY0vvrc2hEYFMekGJ85BCELWKp2uThfBuiqAu46HseOEmjN4O96tFHJPw_XdmkEpe3_6gwi1tYnXqZwtuVNOUsOUZz_FfFALhJoC4q1VZ5ceSXORKuB9jBDlyHGLwuos525aC6yi_hDQt_a5E2z3eoo4rHvtfmidKlJ8RQLS3exkgcwamTSsK0OZcabur3hmaTNK7Hr9jq23WxwEkG1g%26adurl%3D;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=1,https%3A%2F%2Fcommandwindows.com%2F$0;xdt=1;crlt=DxSfoxu)Hb;osda=2;sttr=54;prcl=s

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 24 Jun 2021 17:54:11 GMT

GET
H2 200 main.gr.19.8.206.js Show response
static.adsafeprotected.com/ Frame B076 183 KB
58 KB 123ms
55ms Script
application/javascript 34.249.39.204
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.gr.19.8.206.js
Requested by: Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/rjss/st/695971/54149685/skeleton.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.249.39.204 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-39-204.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: b176de534428b3b8d36fb821412c5075cc426bfb3fe282571bcd9f00f2c0b152

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:43 GMT
content-encoding: gzip
last-modified: Tue, 01 Jun 2021 22:03:45 GMT
server: nginx/1.16.1
etag: W/"f4d80fb2c423b91d55077116728f6247"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 2D0B 1 KB
749 B 6ms
5ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 10 Jun 2021 05:40:48 GMT
expires: Fri, 11 Jun 2021 05:40:48 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 44035
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame B076 206 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4362154d3ec8f1388346290768aa48faef1de0a003bbcf4645b11a96bd37645d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 2BD8 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Thu, 10 Jun 2021 12:32:25 GMT
expires: Fri, 10 Jun 2022 12:32:25 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 19338
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 15ms
15ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=commandwindows.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 17:54:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 14ms
14ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=commandwindows.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 17:54:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 341 B
171 B 365ms
365ms XHR
text/plain 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1826864915106731&correlator=989039817375276&output=ldjh&impl=fif&eid=31061413%2C21068030%2C31061143%2C44744016&vrg=2021060901&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210610&iu_parts=104418548%2Ccommandwindows_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90%7C310x320%7C340x370%7C360x370&ris=1&rcs=3&prev_scp=iid11%3D1038248%26iit%3D4%26t%3D30%26d%3D146%26t1%3D30%26pvc%3D0%26ap%3D1001%26sap%3D1224%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dtf%26refs%3D30%26ga%3D6206860%26gala%3D1501035%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dcommandwindows_com-box-2-1038248%26eb_br%3D235a54888c7ee72f359041faf3ce4c23%2C76163170a8636ae5b88417f095893e08%26eba%3D1%26ebss%3D10082%2C10061%2C10015%2C11304%26gas%3D5905158604%26asau%3D4257036031%26bv%3D3%26bvm%3D0%26bvr%3D8%26shp%3D1%26acptad%3D1%26br1%3D400%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C0%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C919%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26hb_bidder%3Dix%26hb_adid%3D42669de0dce193%26hb_pb%3D0.08%26hb_format%3Dbanner%26hb_ssid%3D10082%26lb%3D650%26reqt%3D1623347683609&eri=1&cookie=ID%3D2d78d6eabcaf12be%3AT%3D1623347681%3AS%3DALNI_MZ_fg8WxF2nqjewSYqR-sL7hHDMnw&bc=31&abxe=1&lmt=1623347683&dt=1623347683620&dlt=1623347677004&idt=967&frm=20&biw=1600&bih=1200&oid=3&adxs=238&adys=136&adks=830238079&ucis=h&ifi=17&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fcommandwindows.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=728x110&msz=728x90&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1869561420.1623347679&ga_sid=1623347679&ga_hid=607783575&ga_fc=false&ga_wpids=UA-29096671-22&fws=4&ohw=750&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

87a2f066a272d5e6d190f00cc5ece285c63995b994b0fc58f3c091c0bb486dbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:43 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 142
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://commandwindows.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 container.html Show response
977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame AB0D 6 KB
3 KB 20ms
6ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://commandwindows.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://commandwindows.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Thu, 10 Jun 2021 17:54:38 GMT
expires: Fri, 10 Jun 2022 17:54:38 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 5
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK tag.tr Show response
red.vtracy.de/ Frame B076 16 KB
17 KB 40ms
11ms Script
text/javascript 18.195.222.183
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://red.vtracy.de/tag.tr?tr_adid=k25762587_s6701753_p301404709_c149654710&tr_mid=0&tr_sync=true&tr_uid1=DC&gdpr_consent=&gdpr=&t=701347282
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.222.183 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache /
Resource Hash: bef00539ef295191135d4cff9c5c3c4868fc8b8c44640d8859878767357ee0a2

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 10 Jun 2021 17:54:43 GMT
Server: Apache
Connection: keep-alive
Content-Length: 16726
Content-Type: text/javascript;charset=UTF-8

GET
H3-29 200 index.html Show response
s0.2mdn.net/10750551/1619025177041/Suewag_ServiceApp_MotivZ_728x90/ Frame 5CEA 3 KB
1 KB 22ms
6ms Document
text/html 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/10750551/1619025177041/Suewag_ServiceApp_MotivZ_728x90/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

591091641570ac060501bffc1fcaa1e1576a898b141721bf5d69336d37501e41

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /10750551/1619025177041/Suewag_ServiceApp_MotivZ_728x90/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 1124
date: Wed, 09 Jun 2021 19:55:05 GMT
expires: Thu, 10 Jun 2021 19:55:05 GMT
last-modified: Wed, 21 Apr 2021 17:12:57 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
age: 79178
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame B076 0
545 B 64ms
41ms Ping
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst0u9bF9CiSgglT3-76RM8aEv2zYzmkHP2JTJ4DC9lhFhUefBG5tuDZfefEvm4rs84e3pjlpsFvexyXRusAv7_zHMfNfQSYMh-t1ZM__e-hZty2ziSSI2AflhGaqI8-go0GltSjF6dMRPazKudo2eOO5Ridq44DQGFBfd58bx02Gw&sig=Cg0ArKJSzDUvngdbuMgyEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=111&cbvp=1&cstd=108&cisv=r20210607.21975&adurl=

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 17:54:43 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2

200

src=10750551;dc_pre=CJaYorDRjfECFULFsgodkm8D3A;type=suewa0;cat=servi0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=701347282
adservice.google.com/ddm/fls/z/ Frame B076
Redirect Chain

https://ad.doubleclick.net/ddm/activity/src=10750551;type=suewa0;cat=servi0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=701347282?
https://ad.doubleclick.net/ddm/activity/src=10750551;dc_pre=CJaYorDRjfECFULFsgodkm8D3A;type=suewa0;cat=servi0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=7...
https://adservice.google.com/ddm/fls/z/src=10750551;dc_pre=CJaYorDRjfECFULFsgodkm8D3A;type=suewa0;cat=servi0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=70...

42 B
107 B

41ms
41ms

Image
image/gif

2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/src=10750551;dc_pre=CJaYorDRjfECFULFsgodkm8D3A;type=suewa0;cat=servi0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=701347282

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:43 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:43 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
location: https://adservice.google.com/ddm/fls/z/src=10750551;dc_pre=CJaYorDRjfECFULFsgodkm8D3A;type=suewa0;cat=servi0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=701347282
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif Show response
commandwindows.com/porpoiseant/ 0
52 B 10ms
8ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTAxOTA0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1ib3gtMS0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ5NDc2LCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoicmVmcmVzaF9jb3VudCIsInZhbCI6IjMifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjEwMTkwNDgiLCJkb21haW5faWQiOiIxNDYiLCJ1bml0IjoiZGl2LWdwdC1hZC1jb21tYW5kd2luZG93c19jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjMzNDc2NzYsImFkX3Bvc2l0aW9uIjoxMDAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImRkM2Q4Mzc1LTQxZDEtNDA2Ni00YTlmLWFkNTc3OWQ3NDg1NyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk2Nzg0OTQ3NiwiY3JlYXRpdmVfaWQiOjEzODI1Nzg1MjUxMiwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9iaWRfaGFzaCIsInZhbCI6IjQ5ZDZmYjMwMThmOGZkNjRlZGQzNmYyYTFjZDdjZWI1LGRmYTYwY2VlNmUxMDUzZmMwYzllNjA3YzgwNDdiZDI4In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxMDE5MDQ4IiwiZG9tYWluX2lkIjoiMTQ2IiwidW5pdCI6ImRpdi1ncHQtYWQtY29tbWFuZHdpbmRvd3NfY29tLWJveC0xLTAiLCJ0X2Vwb2NoIjoxNjIzMzQ3Njc2LCJyZXZlbnVlIjowLCJlc3RfcmV2ZW51ZSI6MC4wMDA4LCJhZF9wb3NpdGlvbiI6MTAwMCwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwOCwiYmlkX2Zsb29yX3ByZXYiOjAuMDA4NSwic3RhdF9zb3VyY2VfaWQiOjM1LCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ5NDc2LCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoibG9hZGVkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTAxOTA0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1ib3gtMS0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ5NDc2LCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoiY3JlYXRpdmVfaWQiLCJ2YWwiOiIxMzgyNTc4NTI1MTIifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjEwMTkwNDgiLCJkb21haW5faWQiOiIxNDYiLCJ1bml0IjoiZGl2LWdwdC1hZC1jb21tYW5kd2luZG93c19jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjMzNDc2NzYsImFkX3Bvc2l0aW9uIjoxMDAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImRkM2Q4Mzc1LTQxZDEtNDA2Ni00YTlmLWFkNTc3OWQ3NDg1NyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk2Nzg0OTQ3NiwiY3JlYXRpdmVfaWQiOjEzODI1Nzg1MjUxMiwiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiNDk2Nzg0OTQ3NiJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTAxOTA0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1ib3gtMS0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ5NDc2LCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoicmVmcmVzaF9jb3VudCIsInZhbCI6IjMifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjEwMTkwNDgiLCJkb21haW5faWQiOiIxNDYiLCJ1bml0IjoiZGl2LWdwdC1hZC1jb21tYW5kd2luZG93c19jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjMzNDc2NzYsImFkX3Bvc2l0aW9uIjoxMDAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImRkM2Q4Mzc1LTQxZDEtNDA2Ni00YTlmLWFkNTc3OWQ3NDg1NyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk2Nzg0OTQ3NiwiY3JlYXRpdmVfaWQiOjEzODI1Nzg1MjUxMiwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9iaWRfaGFzaCIsInZhbCI6IjQ5ZDZmYjMwMThmOGZkNjRlZGQzNmYyYTFjZDdjZWI1LGRmYTYwY2VlNmUxMDUzZmMwYzllNjA3YzgwNDdiZDI4In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxMDE5MDQ4IiwiZG9tYWluX2lkIjoiMTQ2IiwidW5pdCI6ImRpdi1ncHQtYWQtY29tbWFuZHdpbmRvd3NfY29tLWJveC0xLTAiLCJ0X2Vwb2NoIjoxNjIzMzQ3Njc2LCJyZXZlbnVlIjowLCJlc3RfcmV2ZW51ZSI6MC4wMDA4LCJhZF9wb3NpdGlvbiI6MTAwMCwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwOCwiYmlkX2Zsb29yX3ByZXYiOjAuMDA4NSwic3RhdF9zb3VyY2VfaWQiOjM1LCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ5NDc2LCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoibG9hZGVkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTAxOTA0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1ib3gtMS0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ5NDc2LCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoiY3JlYXRpdmVfaWQiLCJ2YWwiOiIxMzgyNTc4NTI1MTIifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjEwMTkwNDgiLCJkb21haW5faWQiOiIxNDYiLCJ1bml0IjoiZGl2LWdwdC1hZC1jb21tYW5kd2luZG93c19jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjMzNDc2NzYsImFkX3Bvc2l0aW9uIjoxMDAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImRkM2Q4Mzc1LTQxZDEtNDA2Ni00YTlmLWFkNTc3OWQ3NDg1NyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk2Nzg0OTQ3NiwiY3JlYXRpdmVfaWQiOjEzODI1Nzg1MjUxMiwiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiNDk2Nzg0OTQ3NiJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
pragma: no-cache
cookie: id5id.1st=%7B%22created_at%22%3A%222021-06-10T17%3A53%3A10.396001Z%22%2C%22id5_consent%22%3Afalse%2C%22original_uid%22%3A%220%22%2C%22universal_uid%22%3A%220%22%2C%22link_type%22%3A0%2C%22cascade_needed%22%3Afalse%2C%22privacy%22%3A%7B%22jurisdiction%22%3A%22gdpr%22%2C%22id5_consent%22%3Afalse%7D%7D; id5id.1st_last=Thu%2C%2010%20Jun%202021%2017%3A54%3A41%20GMT; __gads=ID=2d78d6eabcaf12be:T=1623347681:S=ALNI_MZ_fg8WxF2nqjewSYqR-sL7hHDMnw; ezouspvv=130; ezouspva=2; ezouspvh=80
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:43 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 09 Jun 2021 17:54:44 UTC

GET
H2 200 4967849476 Show response
g.ezoic.net/dac/ 0
17 B 11ms
10ms XHR
text/plain 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/4967849476
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 10 Jun 2021 17:54:43 GMT
cache-control: max-age=3600, public
server: nginx/1.16.0
content-length: 0
vary: Accept-Encoding
content-type: text/plain

GET
H2 200 army.gif Show response
commandwindows.com/porpoiseant/ 0
19 B 9ms
8ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTAxOTA0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1ib3gtMS0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ5NDc2LCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoidF9sb2NhbF9kYXRlIiwidmFsIjoiMjAyMS0wNi0xMCJ9LHsibmFtZSI6InRfbG9jYWxfaG91ciIsInZhbCI6IjE5In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjQifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTEyMCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTAxOTA0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1ib3gtMS0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ5NDc2LCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoidF9sb2NhbF9kYXRlIiwidmFsIjoiMjAyMS0wNi0xMCJ9LHsibmFtZSI6InRfbG9jYWxfaG91ciIsInZhbCI6IjE5In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjQifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTEyMCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
pragma: no-cache
cookie: id5id.1st=%7B%22created_at%22%3A%222021-06-10T17%3A53%3A10.396001Z%22%2C%22id5_consent%22%3Afalse%2C%22original_uid%22%3A%220%22%2C%22universal_uid%22%3A%220%22%2C%22link_type%22%3A0%2C%22cascade_needed%22%3Afalse%2C%22privacy%22%3A%7B%22jurisdiction%22%3A%22gdpr%22%2C%22id5_consent%22%3Afalse%7D%7D; id5id.1st_last=Thu%2C%2010%20Jun%202021%2017%3A54%3A41%20GMT; __gads=ID=2d78d6eabcaf12be:T=1623347681:S=ALNI_MZ_fg8WxF2nqjewSYqR-sL7hHDMnw; ezouspvv=130; ezouspva=2; ezouspvh=80
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:43 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 09 Jun 2021 17:54:43 UTC

GET
H2 200 army.gif Show response
commandwindows.com/porpoiseant/ 0
19 B 7ms
7ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMTAxOTA0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1ib3gtMS0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYXVjdGlvbl9lcG9jaCI6MTYyMzM0NzY4NCwiYWRfcG9zaXRpb24iOjEwMDAsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiJkZDNkODM3NS00MWQxLTQwNjYtNGE5Zi1hZDU3NzlkNzQ4NTciLCJiaWRfZmxvb3JfaW5pdGlhbCI6MTcwMCwiYmlkX2Zsb29yX3ByZXYiOjg1MCwiYmlkX2Zsb29yX2ZpbGxlZCI6ODAsImF1Y3Rpb25fY291bnQiOjMsInJlZnJlc2hfYWRfY291bnQiOjAsImF1Y3Rpb25fZHVyYXRpb24iOjU4NSwibXVsdGlfYWRfdW5pdCI6MCwibXVsdGlfYWRfY291bnQiOjAsIm5ldHdvcmtfY29kZSI6MTA0NDE4NTQ4LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dLCJsaW5lX2l0ZW1faWQiOjQ5Njc4NDk0NzZ9XQ==
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMTAxOTA0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1ib3gtMS0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYXVjdGlvbl9lcG9jaCI6MTYyMzM0NzY4NCwiYWRfcG9zaXRpb24iOjEwMDAsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiJkZDNkODM3NS00MWQxLTQwNjYtNGE5Zi1hZDU3NzlkNzQ4NTciLCJiaWRfZmxvb3JfaW5pdGlhbCI6MTcwMCwiYmlkX2Zsb29yX3ByZXYiOjg1MCwiYmlkX2Zsb29yX2ZpbGxlZCI6ODAsImF1Y3Rpb25fY291bnQiOjMsInJlZnJlc2hfYWRfY291bnQiOjAsImF1Y3Rpb25fZHVyYXRpb24iOjU4NSwibXVsdGlfYWRfdW5pdCI6MCwibXVsdGlfYWRfY291bnQiOjAsIm5ldHdvcmtfY29kZSI6MTA0NDE4NTQ4LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dLCJsaW5lX2l0ZW1faWQiOjQ5Njc4NDk0NzZ9XQ==
pragma: no-cache
cookie: id5id.1st=%7B%22created_at%22%3A%222021-06-10T17%3A53%3A10.396001Z%22%2C%22id5_consent%22%3Afalse%2C%22original_uid%22%3A%220%22%2C%22universal_uid%22%3A%220%22%2C%22link_type%22%3A0%2C%22cascade_needed%22%3Afalse%2C%22privacy%22%3A%7B%22jurisdiction%22%3A%22gdpr%22%2C%22id5_consent%22%3Afalse%7D%7D; id5id.1st_last=Thu%2C%2010%20Jun%202021%2017%3A54%3A41%20GMT; __gads=ID=2d78d6eabcaf12be:T=1623347681:S=ALNI_MZ_fg8WxF2nqjewSYqR-sL7hHDMnw; ezouspvv=130; ezouspva=2; ezouspvh=80
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:43 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 09 Jun 2021 17:54:43 UTC

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 345 B
174 B 359ms
359ms XHR
text/plain 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1826864915106731&correlator=4191223233559199&output=ldjh&impl=fif&eid=31061413%2C21068030%2C31061143%2C44744016&vrg=2021060901&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210610&iu_parts=104418548%2Ccommandwindows_com-banner-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x600%7C310x320%7C340x370%7C430x430&ris=1&rcs=3&prev_scp=iid11%3D1046648%26iit%3D5%26t%3D30%26d%3D146%26t1%3D30%26pvc%3D0%26ap%3D1031%26sap%3D1031%26a%3D%257C2%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dtf%26refs%3D30%26ga%3D6206860%26gala%3D1501035%26rid%3D99998%26pt%3D31%26al%3D1031%26compid%3D0%26tap%3Dcommandwindows_com-banner-2-1046648%26eb_br%3D1f21798841bf8f06b2b01e59559e3a3d%2C86802a923a1f32517e4c5d3b6d550271%26eba%3D1%26ebss%3D10082%2C10061%2C10015%2C11304%26gas%3D8983937454%26asau%3D4556257235%26bv%3D17%26bvm%3D0%26bvr%3D7%26shp%3D2%26br1%3D200%26br2%3D650%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D83%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C760%2C761%2C815%2C816%2C817%2C899%2C919%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26hb_bidder%3Dix%26hb_adid%3D40fae41502f9bae%26hb_pb%3D0.10%26hb_format%3Dbanner%26hb_ssid%3D10082%26lb%3D350%26reqt%3D1623347683637&eri=1&cookie=ID%3D2d78d6eabcaf12be%3AT%3D1623347681%3AS%3DALNI_MZ_fg8WxF2nqjewSYqR-sL7hHDMnw&bc=31&abxe=1&lmt=1623347683&dt=1623347683663&dlt=1623347677004&idt=967&frm=20&biw=1600&bih=1200&oid=3&adxs=1012&adys=1288&adks=3518285167&ucis=i&ifi=18&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fcommandwindows.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x636&msz=300x600&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1869561420.1623347679&ga_sid=1623347679&ga_hid=607783575&ga_fc=false&ga_wpids=UA-29096671-22&fws=4&ohw=300&btvi=8&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

44d0e89b07aa7ae466e8a3a2033adb8d9f56b0b8aea824272d51b2c912d096f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:44 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 145
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://commandwindows.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 2D0B
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEJX941xET_vzq2zzWGHNAp8&google_cver=1&google_push=AYg5qPJkk7i_z29sbsixafTwZiVLN93sCcYDCZS9TWdLLjKEyLw5CfStE7...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPJkk7i_z29sbsixafTwZiVLN93sCcYDCZS9TWdLLjKEyLw5CfStE7MKWiYJfLX_93jfRyaFeCPz1qTY3220msYhiwH3M5U&google_hm=AJj1UlU...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPJkk7i_z29sbsixafTwZiVLN93sCcYDCZS9TWdLLjKEyLw5CfStE7MKWiYJfLX_93jfRyaFeCPz1qTY3220msYhiwH3M5U&google_hm=AJj1UlU...

170 B
188 B

17ms
17ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPJkk7i_z29sbsixafTwZiVLN93sCcYDCZS9TWdLLjKEyLw5CfStE7MKWiYJfLX_93jfRyaFeCPz1qTY3220msYhiwH3M5U&google_hm=AJj1UlU0oQi3cgSICJma2Q&google_tc=

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:43 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:43 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPJkk7i_z29sbsixafTwZiVLN93sCcYDCZS9TWdLLjKEyLw5CfStE7MKWiYJfLX_93jfRyaFeCPz1qTY3220msYhiwH3M5U&google_hm=AJj1UlU0oQi3cgSICJma2Q&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 436
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 2D0B
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEE922CMHVnv-NUddgcbraOQ&google_cve...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=Q0hKWDRDc0wxTFJvVDc1&google_gid=CAESEE922CMHVnv-NUddgcbraOQ&google_cver=1&google_push=AYg5qPLBFwsej1fDeTISPKsA80fuvF16tBeYcCGeav0b5sC...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=Q0hKWDRDc0wxTFJvVDc1&google_gid=CAESEE922CMHVnv-NUddgcbraOQ&google_cver=1&google_push=AYg5qPLBFwsej1fDeTISPKsA80fuvF16tBeYcCGeav0b5sC...

170 B
188 B

19ms
18ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=Q0hKWDRDc0wxTFJvVDc1&google_gid=CAESEE922CMHVnv-NUddgcbraOQ&google_cver=1&google_push=AYg5qPLBFwsej1fDeTISPKsA80fuvF16tBeYcCGeav0b5sCij9dOvQSJ1Yjh2bbs6Td1Sf20qZtnVUTlVi4NzmTvxF90nG3kG9g&google_tc=

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:43 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:43 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=Q0hKWDRDc0wxTFJvVDc1&google_gid=CAESEE922CMHVnv-NUddgcbraOQ&google_cver=1&google_push=AYg5qPLBFwsej1fDeTISPKsA80fuvF16tBeYcCGeav0b5sCij9dOvQSJ1Yjh2bbs6Td1Sf20qZtnVUTlVi4NzmTvxF90nG3kG9g&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 477
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 2D0B
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEKERIzHPCeJxUEQZmqDHPh4&google_cver=1&google_push=AYg5qPIrSAxsOT5tMVQ8xQgh8lqhYg9900QWwv1xpA9k9cGR_AQMiAsetneO6BudpYVee-zA9G58ytUedrc8ZjYPXRKGD61MHDw
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=3457FF682A56412994AC794E319BD702&google_push=AYg5qPIrSAxsOT5tMVQ8xQgh8lqhYg9900QWwv1xpA9k9cGR_AQMiAsetneO6BudpYVee-zA9G58ytUedrc8ZjY...
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=3457FF682A56412994AC794E319BD702&google_push=AYg5qPIrSAxsOT5tMVQ8xQgh8lqhYg9900QWwv1xpA9k9cGR_AQMiAsetneO6BudpYVee-zA9G58ytUedrc8ZjY...

170 B
188 B

18ms
17ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=3457FF682A56412994AC794E319BD702&google_push=AYg5qPIrSAxsOT5tMVQ8xQgh8lqhYg9900QWwv1xpA9k9cGR_AQMiAsetneO6BudpYVee-zA9G58ytUedrc8ZjYPXRKGD61MHDw&google_tc=

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:43 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:43 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=3457FF682A56412994AC794E319BD702&google_push=AYg5qPIrSAxsOT5tMVQ8xQgh8lqhYg9900QWwv1xpA9k9cGR_AQMiAsetneO6BudpYVee-zA9G58ytUedrc8ZjYPXRKGD61MHDw&google_tc=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 429
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 2D0B
Redirect Chain

https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEIN5PJVQwnPaVq4WHLwdD4o&google_cver=1&google_push=AYg5qPKlquJwrwT6EbfzGr2LyZ2YcP6aZt7a6RWjLLTFaDd0KzkPUI0CE3ZiR...
https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEIN5PJVQwnPaVq4WHLwdD4o&google_cver=1&google_push=AYg5qPKlquJwrwT6EbfzGr2LyZ2YcP6aZt7a6RWjLLTFaDd0KzkPUI0CE3ZiR...
https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=trhXnNJplLIk3DMwaxgbrg&google_push=AYg5qPKlquJwrwT6EbfzGr2LyZ2YcP6aZt7a6RWjLLTFaDd0KzkPUI0CE3ZiRlBMLRH6ThZOlcbkzOc81...

170 B
188 B

19ms
19ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=trhXnNJplLIk3DMwaxgbrg&google_push=AYg5qPKlquJwrwT6EbfzGr2LyZ2YcP6aZt7a6RWjLLTFaDd0KzkPUI0CE3ZiRlBMLRH6ThZOlcbkzOc81utBo-wWvDpge6Zk1NY

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:43 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 10 Jun 2021 17:54:43 GMT
Server: nginx
Vary: Accept
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=trhXnNJplLIk3DMwaxgbrg&google_push=AYg5qPKlquJwrwT6EbfzGr2LyZ2YcP6aZt7a6RWjLLTFaDd0KzkPUI0CE3ZiRlBMLRH6ThZOlcbkzOc81utBo-wWvDpge6Zk1NY
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 237

GET
H2

200

google_sync_status
x.bidswitch.net/ Frame 2D0B
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESELLAoblwSUThmsclgsGpiVU&google_cver=1&google_push=AYg5qPIFiyc_aCtMbB5KoyNvlZz5eZ-XmhpgdJwBNfhJUYZ61xYsifcFrPhyFVqLx6MvwBdqweNEitvAtoKPgaLyUpPq...
https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=google&bsw_custom_parameter=4b1bcb40-aef1-40dd-867b-91331d60e9fd
https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=google&bsw_custom_parameter=4b1bcb40-aef1-40dd-867b-91331d60e9fd
https://x.bidswitch.net/sync?dsp_id=4&user_id=33de9c86-9ec3-4821-a14e-69055969db45&ssp=google&expires=30&user_group=5&bsw_param=4b1bcb40-aef1-40dd-867b-91331d60e9fd
https://x.bidswitch.net/ul_cb/sync?dsp_id=4&user_id=33de9c86-9ec3-4821-a14e-69055969db45&ssp=google&expires=30&user_group=5&bsw_param=4b1bcb40-aef1-40dd-867b-91331d60e9fd
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_cm=1&google_hm=oGBQ4yXkRmKuB5Ra0TjtsA==
https://x.bidswitch.net/google_sync_status?ssp_name=google&google_gid=CAESENNqpQp20QRgIurNFtiBUXc&google_cver=1

43 B
145 B

8ms
8ms

Image
image/gif

18.195.177.11
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/google_sync_status?ssp_name=google&google_gid=CAESENNqpQp20QRgIurNFtiBUXc&google_cver=1
Requested by: Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.177.11 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:44 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:43 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://x.bidswitch.net/google_sync_status?ssp_name=google&google_gid=CAESENNqpQp20QRgIurNFtiBUXc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 316
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 2D0B
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEMw8AC0f3R5m41NTKNUNDQY&google_cver=1&google_push=AYg5qPI5SU8L63Pe0kAKfSwLpHFs5N9WnYlnjbqJfGQ2P8iYeOMLAZ6iPaMPVVv9piw8_CPaUhr7mzUks_x9PVWVM8Mi7yI...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPI5SU8L63Pe0kAKfSwLpHFs5N9WnYlnjbqJfGQ2P8iYeOMLAZ6iPaMPVVv9piw8_CPaUhr7mzUks_x9PVWVM8Mi7yI4N9E

170 B
188 B

18ms
18ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPI5SU8L63Pe0kAKfSwLpHFs5N9WnYlnjbqJfGQ2P8iYeOMLAZ6iPaMPVVv9piw8_CPaUhr7mzUks_x9PVWVM8Mi7yI4N9E

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:43 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPI5SU8L63Pe0kAKfSwLpHFs5N9WnYlnjbqJfGQ2P8iYeOMLAZ6iPaMPVVv9piw8_CPaUhr7mzUks_x9PVWVM8Mi7yI4N9E
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 2D0B
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEDnNEs83JRL1Lbk7ld8HiRk&google_cver=1&google_push=AYg5qPJVBbopJSFkdrPZTt2PtO-FB5cx6i2UOSBknzMl1CosEGklUKrwRCDrIlOOhSvaivwqs2cuBRKO...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NzI1MTkzMzg1NTYyODI2OTEyMg&google_push=AYg5qPJVBbopJSFkdrPZTt2PtO-FB5cx6i2UOSBknzMl1CosEGklUKrwRCDrIlOOhSvaivwqs2cuBR...

170 B
188 B

17ms
17ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NzI1MTkzMzg1NTYyODI2OTEyMg&google_push=AYg5qPJVBbopJSFkdrPZTt2PtO-FB5cx6i2UOSBknzMl1CosEGklUKrwRCDrIlOOhSvaivwqs2cuBRKOEREG09xYryO-OM9lw40

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:43 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:43 GMT
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NzI1MTkzMzg1NTYyODI2OTEyMg&google_push=AYg5qPJVBbopJSFkdrPZTt2PtO-FB5cx6i2UOSBknzMl1CosEGklUKrwRCDrIlOOhSvaivwqs2cuBRKOEREG09xYryO-OM9lw40
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 2D0B 0
12 B 18ms
16ms Image
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IpwtsO6pAcBp-MqMhfcBEApVU3imr6Znv-HQU5-FWOh2FBJtZ-L-xvKPdEoayzRDsjbKax

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:43 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame D925 640 B
316 B 21ms
18ms Document
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQw7j0ARiO-M6ZATAB&v=APEucNXAnZN-4HNFaK0t4huePmAt3EXgoNDK1qlGaV0mzZkzYeKWqYZz_5HlcSd-Ls8YjiNLI6TIR8Ja1cne4YHwbQK6uSoPgknehs_LWc4FvKKVZIQnN8dA1ZJu2kB28VbAi2rFsCJyPCXK9JsfRs_MF-xzrPBE1NkR5gakCZ41vUjvnwWMAoc

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CJfnugEQw7j0ARiO-M6ZATAB&v=APEucNXAnZN-4HNFaK0t4huePmAt3EXgoNDK1qlGaV0mzZkzYeKWqYZz_5HlcSd-Ls8YjiNLI6TIR8Ja1cne4YHwbQK6uSoPgknehs_LWc4FvKKVZIQnN8dA1ZJu2kB28VbAi2rFsCJyPCXK9JsfRs_MF-xzrPBE1NkR5gakCZ41vUjvnwWMAoc
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUluRECsRRlnNvz2zznbsMIVHg9aDZy1vv4jrV-EEdakjPhUzC6Z1dTe7JyRHfY
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 10 Jun 2021 17:54:43 GMT
server: cafe
cache-control: private
content-length: 295
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame AB0D 24 KB
12 KB 50ms
48ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A0POJJj4Ws8mXSAm06p_Sb-x6jYzcBmQesY7ArZ2yXOlRtKLJhDVkWLDZ9pigZO5AFqHhA5eeDOhgpkc5o8msSO89YMC6aZG5dBd3H-wzTs9PO-unJ55JsVfFRsFfTUEpWnT0m2Tcqib5GYeglQPxCVBOQMA&cry=1&dbm_d=AKAmf-DMqgkg9kZlbguO0VtwU5k0XlaGQ7vVuAfIM92wlSV_xxqbisLEk20nb_IHKqMHVfTMuK5SCOWL6YUk9BSJGZtjHl2bvpJ_bLyCUELVCce1iL54bfRIbdkdAO9_AekZQG98XdI2MKx9EpV2dv_PuoYb5jXXUZCy9novav-Pel9kfxwz7-0ELIITEJQrHO674A6r47tswp8g6ZJ5bXzbZYzhEDP8A7B6793D--t8q3mw9unSNIJ7w15L4nezEoe6pA8SgaMJ4I9Gvj-s3tIA02-_XchUuf5HggzXF7uka21vgTQCOeEUkKWvT6HmortM5W4_iJleFybD598zN-jltTSmBh6MMokA4DSxDbZbPd0KX5iDkYnDxaZimmTgg-GRHToch-9WZUV5VbhneEsAlOLi56g-TdKwtSK7qvRtuEpHkV7Cy7pHCYAjRuYyAnIhXjit8WYg99hIy2pG1VGnIuwANrqJy6J44OiJzRndCQS5owDlyDQbE3YwzFKv3YknLrxAADbE9u6kprhU2MJRjc8-i06h4ahjg7TcJx6TvckGBkpTYQsmsWbPTUwDpqiwFavDUkDEys_llZFwHTqhWnZV2EtAGd7nMpf23qRuM7eXavkAEVrvwLeBxfyhR2QrRJqwIeDCiCM_k0a21UBRJNci3ZiAwWlbWkhDOiopL5ECxGgheRx7ddm9JVUTyjEfhPBmIRVJ0YuYgTAHkLCBm-JiLH4ntUdDZ2dYm9nHTFIuBa9KEOBo9F94iU_jqBUdgtkj_fJ1MMrZNZNeUAL0MvHVkePR6A1tnlgvMNck_nIY4D6CCgkwYg8Zaa75kdoiWG7TM1LLJej9iVpIBWKqL28i0W-5HUt4dZ-w5KFhLVH_0J7jXVZ5vscC54decUO3PyOpvTSwiu0kNOXWEdGeZTZ9nhgGovX7cTzu3NtSw0yfdfJS0XK2lF1FvjMjnZhDm-BlU2o0jacsKYBFeHOT5PpMwIjhHeTFN8pCaN1dSHmFhlYmZkF1yleElNyhrKpbzlxZS4_yFXtYZ9G0j1BoCJwyog2NHqvHevDvc9gJ6u6AZ4VBzhsx1-DXUzONNM8v1EqW5bYerSip4Cd-x9AXH11kb_G86-8xcuCJaERGLFQcdHiYZYR-2KXPIQI0_76NkSAD0y3RuvSsj1Bm83_rDfzLuHkViBlcanH4ZNs4cp-K79tUpN8Vq2m1UW_ybyrork-qFE5yjggXCv32yHvbuAoYhatDvhvbi95w5i4Bi71l4QKou9c13UQ7igifFgeoo7hdSshGgioypsEFHBw42-Jrw6hjNCjk1bC2mPxjXVCzqqXR5RnqRgrpfTsS7PYV7gTOBLNRCNqOLcE3BbDMKL6To4SIzOv5wgf2Ix2vz4lu2vUc7qyqtHnLCXF0ub00O_0bpnEPuVpAKEPGc8d3JciwCNQFnvvSqluppjxyp9AOXgctI9WL7AfUIlV8zMpcKE1rVUTI1HxO-LVZauWzoVOKhNVHMwenUHnEeJBIydvwBQKxLMV0yL-OwCUAxbXMPZdIZEAzaiK3dKu2Wg9NStcvgvoJ_5eNnk6ago8BpwBhn4Ba6J2ZXVnsmmo406gavoogTIby72XiBuVsvqcDk83jEKEsPFYbWAi5bSFNmZRB5Im0Kti-hKT-HduHAFxvwnjORi3j7wEcS2Xaa6pHHLrkSXe3Vi5x6Bsf8SAtTjZbx7gfySnqJob-7QGqAO-bY3MDgR7ZdfAXIOs92ere-sPcMjh6AF_JlF5Rw45jvbkzptWg1CEgklbD8LYoUUhw4ComZ6eSnHTQt3yosXHPV3p6aYnxnBHRRaLxyoI6o23GjTBwusD2BLxbB815X2EjBiMpBQot4jufQD431-UNas80Hj2_8Uhwec07BDLbvcNBwY3voV6jik-GVeBYCjvMPRKjw1vhvWqv01pVoR2BzyOLaE8nDksePROjrq7abNhXcGjw2rSd2RoP5rcoKDSD3GIvv7dspHBRB36KE8vkekLrKBx27I3XpegxtzKcGGSS_NCZuIxwbOx8BpilDBi-5LIkKQrhZbVOM17StwjZfUx8qYjofQJY9cr4EGdaMArSUaEbO15EQENqZ2NFphMrQAdKwODGrJaK_UB2RDuZOo9cteHv5JlOIcxCo3APAZIUnq9ogC6XB2rY6XPq5f9taHmrtuF2H195tdP80qU6Of9jKKYHSMucXN5qSVVD2RjLQwJ0BY4VybcZerO0dJfYASWaMxqLtltcslMNpfPzdCE0TqjVYyJ5QeujUx20Goj8T4aW7VZ60uHREjEkK55LRQqaTPTkR66pbuV0EiD9IowDc4xOYjn1B0n9gvkVk7_bMcyf7Ae9vG1geAOwZmGucbWqrKSSW8M6UmKuMncIPrSePPeLOpCt4U3GZhC1AZK81q1sfhZjxpcMYVd_idb_PBr33G5i-3RVakmfHf5Fo8S0R1FyQG7JmfcLWzHyFrZ0CStSxZpJ1YYuBupnEeJeii9XaRxUPg6ycTTojhsSchbJ9ryCfHSc3pbmwO0dex_dgj6MojUQ0bFUl7G57hnN1ojx6SlwpSm4bvSkjDRnOl56-8BMOKUthRRjstd1X1daSF6pdxkGcrMEPtzAoCy4LgFt-j4ekmpfYy2DDKwQNB3qltBgv71q9sgoie9YECTkrk6VkTp8D8Jb4BhiCHROGNbyRhe5dGptsVDewgyfQCDQCgOgnO2u6JLZQQquwc5x79XOV-hyemZQT2OWqJoL9WsuEDyajC4_16kwyPh1d3YfJvEOYBg-l09NhbN0M4VR61XFYlzjRrCb1Dy7dZKp7z1OUgbGsUdbjPq6iO6jtmtljAV8oIDCGqAGwZymFDi2_Ki_NJ6QKeBBOFLfsV8G9_v6i695UMpX143pU8xzCehJV6u9qHNsqRqISOlRm6IroZRHmlJqWGC2Ff5N6OChN2kor-9Z6N1tsXKTxFNv2ZnsZfArZeuIqc-71wlXwBiObx5e-JHJToypsiQnZ4rWlBM6ibfQvGZZ768EWEdrTIrFfvV0sQ&cid=CAASEuRopFkMVTI-A44_yUsqV2Idww&rfl=1%2Chttps%253A%252F%252Fcommandwindows.com%252F%240

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

ef4c5e0b3c550b5550982694574260b1809223517c977154c989f79b6a54331a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:43 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12262
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame AB0D 42 B
63 B 41ms
38ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-C05kEO8E2vfLsE-2MKskd9SaCMKRoF1KBW4KOhzyLaxM9Ol9w4f3YlbgqhoXYHl7gs4Pd70HFux-xBbYbRMhCdPYGl5F73Rb_-bV-HN_XG_6DUxEs

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:43 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dvbs_src.js Show response
cdn.doubleverify.com/ Frame AB0D 2 KB
2 KB 32ms
13ms Script
application/javascript 2a02:26f0:6c00:286::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=1828362&cmp=115845&plc=4229117&sid=18330&dvregion=0&unit=300x600&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&prr=1&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0ghE8pLZyDCEKW250b0e5h6&DVP_DBM_1=3060631&DVP_DBM_2=11817075&DVP_DBM_3=32228384&DVP_DBM_4=322157582&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=17959379532&turl=https://commandwindows.com/&DVP_PP_BUNDLE_ID=
Requested by: Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:286::4469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 92f7a73eeec9544e6ba1cef5320b7ff1518bef5a5325a15d6d638e2996092b58

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 10 Jun 2021 17:54:43 GMT
Content-Encoding: gzip
Last-Modified: Thu, 10 Jun 2021 15:19:29 GMT
Server: Microsoft-IIS/10.0
ETag: "3947272c5ed71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 1338

GET
H/1.1 200
OK dvtp_src.js Show response
cdn.doubleverify.com/ Frame AB0D 7 KB
3 KB 34ms
14ms Script
application/javascript 2a02:26f0:6c00:286::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvtp_src.js?ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&advid=3398311&adsrv=0&btreg=&btadsrv=&tagtype=&dvtagver=6.1.src&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0ghE8pLZyDCEKW250b0e5h6&DVP_DBM_1=3060631&DVP_DBM_2=11817075&DVP_DBM_3=32228384&DVP_DBM_4=322157582&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=17959379532&turl=https://commandwindows.com/&DVP_PP_BUNDLE_ID=
Requested by: Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:286::4469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 7fd6685c64b8fc149daad29346247b5c8119e2ed193b0055389a91587a3ecc9c

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 10 Jun 2021 17:54:43 GMT
Content-Encoding: gzip
Last-Modified: Thu, 10 Jun 2021 14:40:30 GMT
Server: Microsoft-IIS/10.0
ETag: "0c36f8f65ed71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3122

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/ Frame AB0D 2 KB
1 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/window_focus_fy2019.js

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1ac43e9327c147dc04b1efcd475ba7e9d464e6504eaffb167d0412d339b39e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:53:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 66
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1316
x-xss-protection: 0
server: cafe
etag: 797314601362473214
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 24 Jun 2021 17:53:37 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame AB0D 122 KB
37 KB 19ms
17ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5e762276ffd20732a10037842bac383dc64a7b230ab1f48f2a0ff7406b8b9c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:43 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623263560240521"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37945
x-xss-protection: 0
expires: Thu, 10 Jun 2021 17:54:43 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/ Frame AB0D 13 KB
6 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3a677da8f32851941b090ee6e9294757cba154033200b20231b2a4ca7f62a820

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 37
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5644
x-xss-protection: 0
server: cafe
etag: 16788636151609896382
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 24 Jun 2021 17:54:06 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame AB0D 0
0 16ms
14ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQO_wAoA7A4c56_OUvBgqg05tsxzA5d_1MANLrBs_EbTPYZo5hzbCKhMDkhEkC81-dIu-eFtNM2FlP9SeVms1Ly8taNcg
Requested by: Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H/1.1 200
OK c.gif
red.vtracy.de/ Frame B076 42 B
251 B 11ms
7ms Image
image/gif 18.195.222.183
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://red.vtracy.de/c.gif?u1=1&u2=https://commandwindows.com/&u3=&u4=https://commandwindows.com/&u5=&u6=&u7=SafeFrame%20Container&u8=&u9=&u10=&u11=&v1=120&v2=1623347683760&v3=vi-b383acbe-6ff5-42e7-8e68-468ff73a82ff&v3dt=2021-06-10%2019:54:43&v3gsd=&v3aasd=&v3runsd=&v3ttdsd=&v3adfsd=&v4=1&v6=0&v7=1600x1200&v8=24&v9=undefined&v10=&v11=&v12=2&v13=3&v15=IF&c1=k25762587_s6701753_p301404709_c149654710&c2=1&request_unique_id=YMJR449E64F@yEo0--09-wAAAAs&gdpr=&gdpr_consent=&tr_mid=0&tr_uid1=DC&tr_m=&t=50117364142&source=js&ls=false
Requested by: Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.222.183 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 10 Jun 2021 17:54:43 GMT
Last-Modified: Mon, 17 May 2021 08:55:24 GMT
Server: Apache
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 42
Content-Type: image/gif

GET
H/1.1

200
OK

tr_aa
red.vtracy.de/ Frame B076
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A//red.vtracy.de/tr_aa%3Fv3%3Dvi-b383acbe-6ff5-42e7-8e68-468ff73a82ff%26adid%3Dk25762587_s6701753_p301404709_c149654710%26userId%3D%25%25COOK...
https://red.vtracy.de/tr_aa?v3=vi-b383acbe-6ff5-42e7-8e68-468ff73a82ff&adid=k25762587_s6701753_p301404709_c149654710&userId=6972225208544655510&tr_timestamp=1623347683766

49 B
478 B

12ms
9ms

Image
image/gif

18.195.222.183
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://red.vtracy.de/tr_aa?v3=vi-b383acbe-6ff5-42e7-8e68-468ff73a82ff&adid=k25762587_s6701753_p301404709_c149654710&userId=6972225208544655510&tr_timestamp=1623347683766
Requested by: Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.222.183 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 10 Jun 2021 17:54:43 GMT
Server: Apache
Vary: negotiate
Content-Type: image/gif
Cache-Control: must-revalidate
TCN: choice
Connection: keep-alive
Content-Location: tr_aa.tr
Content-Length: 49
Expires: Wed, 5 Feb 1986 06:06:06 GMT

Redirect headers

Location: https://red.vtracy.de/tr_aa?v3=vi-b383acbe-6ff5-42e7-8e68-468ff73a82ff&adid=k25762587_s6701753_p301404709_c149654710&userId=6972225208544655510&tr_timestamp=1623347683766
Date: Thu, 10 Jun 2021 17:54:43 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H/1.1

200
OK

tr_cm
red.vtracy.de/ Frame B076
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=vivakide_dmp2&google_cm&v3=vi-b383acbe-6ff5-42e7-8e68-468ff73a82ff&adid=k25762587_s6701753_p301404709_c149654710&tr_timestamp=1623347683766
https://cm.g.doubleclick.net/pixel?google_nid=vivakide_dmp2&google_cm=&v3=vi-b383acbe-6ff5-42e7-8e68-468ff73a82ff&adid=k25762587_s6701753_p301404709_c149654710&tr_timestamp=1623347683766&google_tc=
https://red.vtracy.de/tr_cm?v3=vi-b383acbe-6ff5-42e7-8e68-468ff73a82ff&adid=k25762587_s6701753_p301404709_c149654710&tr_timestamp=1623347683766&google_gid=CAESEK1WcJbMKmgm5t__wxHTroA&google_cver=1

49 B
477 B

13ms
9ms

Image
image/gif

18.195.222.183
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://red.vtracy.de/tr_cm?v3=vi-b383acbe-6ff5-42e7-8e68-468ff73a82ff&adid=k25762587_s6701753_p301404709_c149654710&tr_timestamp=1623347683766&google_gid=CAESEK1WcJbMKmgm5t__wxHTroA&google_cver=1
Requested by: Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.222.183 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 10 Jun 2021 17:54:43 GMT
Server: Apache
Vary: negotiate
Content-Type: image/gif
Cache-Control: must-revalidate
TCN: choice
Connection: keep-alive
Content-Location: tr_cm.tr
Content-Length: 49
Expires: Wed, 5 Feb 1986 06:06:06 GMT

Redirect headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:43 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://red.vtracy.de/tr_cm?v3=vi-b383acbe-6ff5-42e7-8e68-468ff73a82ff&adid=k25762587_s6701753_p301404709_c149654710&tr_timestamp=1623347683766&google_gid=CAESEK1WcJbMKmgm5t__wxHTroA&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 409
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

tr_ttd.tr
red.vtracy.de/ Frame B076
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=m82k10l&ttd_tpi=1&ttd_puid=vi-b383acbe-6ff5-42e7-8e68-468ff73a82ff
https://match.adsrvr.org/track/cmb/generic?ttd_pid=m82k10l&ttd_tpi=1&ttd_puid=vi-b383acbe-6ff5-42e7-8e68-468ff73a82ff
https://red.vtracy.de/tr_ttd.tr?&tdid=72f417ac-33c9-41c6-91c7-cda40e3dd8c0&ttd_puid=vi-b383acbe-6ff5-42e7-8e68-468ff73a82ff&ttd_puid=vi-b383acbe-6ff5-42e7-8e68-468ff73a82ff

49 B
735 B

10ms
9ms

Image
image/gif

18.195.222.183
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://red.vtracy.de/tr_ttd.tr?&tdid=72f417ac-33c9-41c6-91c7-cda40e3dd8c0&ttd_puid=vi-b383acbe-6ff5-42e7-8e68-468ff73a82ff&ttd_puid=vi-b383acbe-6ff5-42e7-8e68-468ff73a82ff
Requested by: Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.222.183 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 10 Jun 2021 17:54:43 GMT
Cache-Control: must-revalidate
Expires: Wed, 5 Feb 1986 06:06:06 GMT
Server: Apache
Connection: keep-alive
Content-Length: 49
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:43 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://red.vtracy.de/tr_ttd.tr?&tdid=72f417ac-33c9-41c6-91c7-cda40e3dd8c0&ttd_puid=vi-b383acbe-6ff5-42e7-8e68-468ff73a82ff&ttd_puid=vi-b383acbe-6ff5-42e7-8e68-468ff73a82ff
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 375

GET
H2

200

skeleton.js Show response
static.adsafeprotected.com/ Frame B076
Redirect Chain

https://pixel.adsafeprotected.com/rfw/st/695971/54149685/skeleton.js?adsafe_url=https%3A%2F%2Fcommandwindows.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F977a492a28203e0cb19507c1148aa9d9.safeframe...
https://static.adsafeprotected.com/skeleton.js

17 B
240 B

31ms
31ms

Script
application/javascript

34.249.39.204
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/skeleton.js
Requested by: Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.249.39.204 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-39-204.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:43 GMT
last-modified: Mon, 17 Aug 2020 23:54:35 GMT
server: nginx/1.16.1
age: 7026344
etag: "53fab767ecbd3bf07990b10246befbd4"
x-cache-status: HIT
content-type: application/javascript
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 17

Redirect headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:43 GMT
x-server-name: app25.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.js
cache-control: no-cache
content-length: 0
server: nginx

GET
H2 200 sca.17.5.5.js Show response
static.adsafeprotected.com/ Frame 9ABD 82 KB
21 KB 31ms
31ms Script
application/javascript 34.249.39.204
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.5.js
Requested by: Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.249.39.204 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-39-204.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 4b4924b6ea8623395984b522ee4e1fe77f464940d2bb155ae40bce56fbcd3423

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:43 GMT
content-encoding: gzip
last-modified: Thu, 29 Apr 2021 15:29:23 GMT
server: nginx/1.16.1
age: 1032324
etag: W/"5356fa8b6073c3eb408487be61ef7d77"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000

GET
H2 200 img.jpg
s0.2mdn.net/10750551/1619025177041/Suewag_ServiceApp_MotivZ_728x90/ Frame 5CEA 205 KB
205 KB 28ms
7ms Image
image/jpeg 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10750551/1619025177041/Suewag_ServiceApp_MotivZ_728x90/img.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10750551/1619025177041/Suewag_ServiceApp_MotivZ_728x90/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

718699894629308571c278f9cbcf9a55c31c8b78338011d212b378893eb994be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/10750551/1619025177041/Suewag_ServiceApp_MotivZ_728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:07:46 GMT
x-content-type-options: nosniff
last-modified: Wed, 21 Apr 2021 17:12:57 GMT
server: sffe
age: 2817
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 209565
x-xss-protection: 0
expires: Fri, 11 Jun 2021 17:07:46 GMT

GET
H3-29 200 tE64XG1cXAHgdRZqLuUmMLCyOuQ9s7LE_kL_xOEQzyo.js Show response
pagead2.googlesyndication.com/bg/ Frame 2BD8 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/tE64XG1cXAHgdRZqLuUmMLCyOuQ9s7LE_kL_xOEQzyo.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b44eb85c6d5c5c01e075166a2ee52630b0b23ae43db3b2c4fe42ffc4e110cf2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 00:54:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61214
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5784
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 10 Jun 2022 00:54:29 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/ Frame AB0D 22 KB
8 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A0POJJj4Ws8mXSAm06p_Sb-x6jYzcBmQesY7ArZ2yXOlRtKLJhDVkWLDZ9pigZO5AFqHhA5eeDOhgpkc5o8msSO89YMC6aZG5dBd3H-wzTs9PO-unJ55JsVfFRsFfTUEpWnT0m2Tcqib5GYeglQPxCVBOQMA&cry=1&dbm_d=AKAmf-DMqgkg9kZlbguO0VtwU5k0XlaGQ7vVuAfIM92wlSV_xxqbisLEk20nb_IHKqMHVfTMuK5SCOWL6YUk9BSJGZtjHl2bvpJ_bLyCUELVCce1iL54bfRIbdkdAO9_AekZQG98XdI2MKx9EpV2dv_PuoYb5jXXUZCy9novav-Pel9kfxwz7-0ELIITEJQrHO674A6r47tswp8g6ZJ5bXzbZYzhEDP8A7B6793D--t8q3mw9unSNIJ7w15L4nezEoe6pA8SgaMJ4I9Gvj-s3tIA02-_XchUuf5HggzXF7uka21vgTQCOeEUkKWvT6HmortM5W4_iJleFybD598zN-jltTSmBh6MMokA4DSxDbZbPd0KX5iDkYnDxaZimmTgg-GRHToch-9WZUV5VbhneEsAlOLi56g-TdKwtSK7qvRtuEpHkV7Cy7pHCYAjRuYyAnIhXjit8WYg99hIy2pG1VGnIuwANrqJy6J44OiJzRndCQS5owDlyDQbE3YwzFKv3YknLrxAADbE9u6kprhU2MJRjc8-i06h4ahjg7TcJx6TvckGBkpTYQsmsWbPTUwDpqiwFavDUkDEys_llZFwHTqhWnZV2EtAGd7nMpf23qRuM7eXavkAEVrvwLeBxfyhR2QrRJqwIeDCiCM_k0a21UBRJNci3ZiAwWlbWkhDOiopL5ECxGgheRx7ddm9JVUTyjEfhPBmIRVJ0YuYgTAHkLCBm-JiLH4ntUdDZ2dYm9nHTFIuBa9KEOBo9F94iU_jqBUdgtkj_fJ1MMrZNZNeUAL0MvHVkePR6A1tnlgvMNck_nIY4D6CCgkwYg8Zaa75kdoiWG7TM1LLJej9iVpIBWKqL28i0W-5HUt4dZ-w5KFhLVH_0J7jXVZ5vscC54decUO3PyOpvTSwiu0kNOXWEdGeZTZ9nhgGovX7cTzu3NtSw0yfdfJS0XK2lF1FvjMjnZhDm-BlU2o0jacsKYBFeHOT5PpMwIjhHeTFN8pCaN1dSHmFhlYmZkF1yleElNyhrKpbzlxZS4_yFXtYZ9G0j1BoCJwyog2NHqvHevDvc9gJ6u6AZ4VBzhsx1-DXUzONNM8v1EqW5bYerSip4Cd-x9AXH11kb_G86-8xcuCJaERGLFQcdHiYZYR-2KXPIQI0_76NkSAD0y3RuvSsj1Bm83_rDfzLuHkViBlcanH4ZNs4cp-K79tUpN8Vq2m1UW_ybyrork-qFE5yjggXCv32yHvbuAoYhatDvhvbi95w5i4Bi71l4QKou9c13UQ7igifFgeoo7hdSshGgioypsEFHBw42-Jrw6hjNCjk1bC2mPxjXVCzqqXR5RnqRgrpfTsS7PYV7gTOBLNRCNqOLcE3BbDMKL6To4SIzOv5wgf2Ix2vz4lu2vUc7qyqtHnLCXF0ub00O_0bpnEPuVpAKEPGc8d3JciwCNQFnvvSqluppjxyp9AOXgctI9WL7AfUIlV8zMpcKE1rVUTI1HxO-LVZauWzoVOKhNVHMwenUHnEeJBIydvwBQKxLMV0yL-OwCUAxbXMPZdIZEAzaiK3dKu2Wg9NStcvgvoJ_5eNnk6ago8BpwBhn4Ba6J2ZXVnsmmo406gavoogTIby72XiBuVsvqcDk83jEKEsPFYbWAi5bSFNmZRB5Im0Kti-hKT-HduHAFxvwnjORi3j7wEcS2Xaa6pHHLrkSXe3Vi5x6Bsf8SAtTjZbx7gfySnqJob-7QGqAO-bY3MDgR7ZdfAXIOs92ere-sPcMjh6AF_JlF5Rw45jvbkzptWg1CEgklbD8LYoUUhw4ComZ6eSnHTQt3yosXHPV3p6aYnxnBHRRaLxyoI6o23GjTBwusD2BLxbB815X2EjBiMpBQot4jufQD431-UNas80Hj2_8Uhwec07BDLbvcNBwY3voV6jik-GVeBYCjvMPRKjw1vhvWqv01pVoR2BzyOLaE8nDksePROjrq7abNhXcGjw2rSd2RoP5rcoKDSD3GIvv7dspHBRB36KE8vkekLrKBx27I3XpegxtzKcGGSS_NCZuIxwbOx8BpilDBi-5LIkKQrhZbVOM17StwjZfUx8qYjofQJY9cr4EGdaMArSUaEbO15EQENqZ2NFphMrQAdKwODGrJaK_UB2RDuZOo9cteHv5JlOIcxCo3APAZIUnq9ogC6XB2rY6XPq5f9taHmrtuF2H195tdP80qU6Of9jKKYHSMucXN5qSVVD2RjLQwJ0BY4VybcZerO0dJfYASWaMxqLtltcslMNpfPzdCE0TqjVYyJ5QeujUx20Goj8T4aW7VZ60uHREjEkK55LRQqaTPTkR66pbuV0EiD9IowDc4xOYjn1B0n9gvkVk7_bMcyf7Ae9vG1geAOwZmGucbWqrKSSW8M6UmKuMncIPrSePPeLOpCt4U3GZhC1AZK81q1sfhZjxpcMYVd_idb_PBr33G5i-3RVakmfHf5Fo8S0R1FyQG7JmfcLWzHyFrZ0CStSxZpJ1YYuBupnEeJeii9XaRxUPg6ycTTojhsSchbJ9ryCfHSc3pbmwO0dex_dgj6MojUQ0bFUl7G57hnN1ojx6SlwpSm4bvSkjDRnOl56-8BMOKUthRRjstd1X1daSF6pdxkGcrMEPtzAoCy4LgFt-j4ekmpfYy2DDKwQNB3qltBgv71q9sgoie9YECTkrk6VkTp8D8Jb4BhiCHROGNbyRhe5dGptsVDewgyfQCDQCgOgnO2u6JLZQQquwc5x79XOV-hyemZQT2OWqJoL9WsuEDyajC4_16kwyPh1d3YfJvEOYBg-l09NhbN0M4VR61XFYlzjRrCb1Dy7dZKp7z1OUgbGsUdbjPq6iO6jtmtljAV8oIDCGqAGwZymFDi2_Ki_NJ6QKeBBOFLfsV8G9_v6i695UMpX143pU8xzCehJV6u9qHNsqRqISOlRm6IroZRHmlJqWGC2Ff5N6OChN2kor-9Z6N1tsXKTxFNv2ZnsZfArZeuIqc-71wlXwBiObx5e-JHJToypsiQnZ4rWlBM6ibfQvGZZ768EWEdrTIrFfvV0sQ&cid=CAASEuRopFkMVTI-A44_yUsqV2Idww&rfl=1%2Chttps%253A%252F%252Fcommandwindows.com%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cabbde8502a6598896a3c812c89ecd99ecfb3e9ca68f632c8c9b3f2a7f6e0046

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:47:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 431
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8601
x-xss-protection: 0
server: cafe
etag: 18280575870105241958
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 24 Jun 2021 17:47:32 GMT

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame AB0D 41 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 12:32:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 19341
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 10 Jun 2022 12:32:22 GMT

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame B076 43 B
301 B 266ms
87ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=695971&asId=c590e1ea-c5f0-a6b6-6e9d-d37da76f9149&tv=%7Bc:fa9LDd,pingTime:-2,time:347,type:a,im:%7Bsf:0,pom:1,prf:%7BbdA:23,bdZ:145,beA:235,beZ:236,mfA:469,cmA:472,inA:472,inZ:478,prA:478,prZ:503,si:512,poA:513,poZ:524,cmZ:524,mfZ:524,loA:553,loZ:556,ltA:580,ltZ:581%7D%7D,sca:%7Bdfp:%7Bdf:3,sz:728.90,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:-1,vs:n,r:l,w:728,h:90,t:276%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:0,n:347,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:276,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:-1,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B107~1%5D,as:%5B107~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:szXjrzW+11%7C12%7C13%7C14%7C15%7C16%7C171%7C18%7C19%7C1a1%7C1a2%7C1a3%7C1a4%7C1a5%7C1a6%7C1a7%7C1a8%7C1a9%7C1aa%7C1ab%7C1ac%7C1ad%7C1b*.695971-54149685%7C1b1%7C1b21%7C1b3%7C1b4%7C1b5%7C1c%7C1d1,idMap:1b*,rmeas:1,rend:1,renddet:DIV.qs.sn,sinceFw:67,readyFired:true%7D&br=u
Requested by: Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:44 GMT
X-Server-Name: dt52.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame D925
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGVkhgm3QvhhS7f8MphRtWQ&google_cver=1

43 B
106 B

16ms
16ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGVkhgm3QvhhS7f8MphRtWQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQw7j0ARiO-M6ZATAB&v=APEucNXAnZN-4HNFaK0t4huePmAt3EXgoNDK1qlGaV0mzZkzYeKWqYZz_5HlcSd-Ls8YjiNLI6TIR8Ja1cne4YHwbQK6uSoPgknehs_LWc4FvKKVZIQnN8dA1ZJu2kB28VbAi2rFsCJyPCXK9JsfRs_MF-xzrPBE1NkR5gakCZ41vUjvnwWMAoc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.208.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:43 GMT
via: 1.1 google
server: OXGW/16.208.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:43 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGVkhgm3QvhhS7f8MphRtWQ&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame D925
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NjEwYjcyNTktZjczNC0yMzI4LWQyZjItNTQ4NWRiYzU1NWE3

170 B
188 B

17ms
16ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NjEwYjcyNTktZjczNC0yMzI4LWQyZjItNTQ4NWRiYzU1NWE3

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQw7j0ARiO-M6ZATAB&v=APEucNXAnZN-4HNFaK0t4huePmAt3EXgoNDK1qlGaV0mzZkzYeKWqYZz_5HlcSd-Ls8YjiNLI6TIR8Ja1cne4YHwbQK6uSoPgknehs_LWc4FvKKVZIQnN8dA1ZJu2kB28VbAi2rFsCJyPCXK9JsfRs_MF-xzrPBE1NkR5gakCZ41vUjvnwWMAoc

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:43 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 10 Jun 2021 17:54:43 GMT
content-encoding: gzip
server: OXGW/16.208.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NjEwYjcyNTktZjczNC0yMzI4LWQyZjItNTQ4NWRiYzU1NWE3
content-type: image/gif
alt-svc: clear
content-length: 0
via: 1.1 google

GET
H2

200

um
sync.teads.tv/ Frame D925
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEDxBWEz7Pmd9FrdMa4lsjbI&google_cver=1

23 B
172 B

264ms
38ms

Image
image/gif

184.31.88.106
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEDxBWEz7Pmd9FrdMa4lsjbI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQw7j0ARiO-M6ZATAB&v=APEucNXAnZN-4HNFaK0t4huePmAt3EXgoNDK1qlGaV0mzZkzYeKWqYZz_5HlcSd-Ls8YjiNLI6TIR8Ja1cne4YHwbQK6uSoPgknehs_LWc4FvKKVZIQnN8dA1ZJu2kB28VbAi2rFsCJyPCXK9JsfRs_MF-xzrPBE1NkR5gakCZ41vUjvnwWMAoc
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.31.88.106 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-31-88-106.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.3 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:44 GMT
cache-control: max-age=0, no-cache, no-store
expires: Thu, 10 Jun 2021 17:54:44 GMT
server: akka-http/10.2.3
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:43 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.teads.tv/um?eid=3&uid=CAESEDxBWEz7Pmd9FrdMa4lsjbI&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame D925
Redirect Chain

https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=ZWRlNWI1ZmI0NmI3MmNjYzkyNjQ4MGM3NzY5ODNmMTNjMmZmNDIxOQ==

170 B
188 B

17ms
17ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=ZWRlNWI1ZmI0NmI3MmNjYzkyNjQ4MGM3NzY5ODNmMTNjMmZmNDIxOQ==

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:44 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:44 GMT
server: akka-http/10.2.3
content-type: text/html; charset=UTF-8
location: https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=ZWRlNWI1ZmI0NmI3MmNjYzkyNjQ4MGM3NzY5ODNmMTNjMmZmNDIxOQ==
cache-control: max-age=0, no-cache, no-store
content-length: 197
expires: Thu, 10 Jun 2021 17:54:44 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame B076 0
60 B 42ms
42ms Ping
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 17:54:43 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 9DDF 22 KB
8 KB 7ms
7ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Thu, 10 Jun 2021 12:32:25 GMT
expires: Fri, 10 Jun 2022 12:32:25 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 19338
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK dvbs_src_internal93.js Show response
cdn.doubleverify.com/ Frame AB0D 60 KB
19 KB 8ms
7ms Script
application/javascript 2a02:26f0:6c00:286::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src_internal93.js
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=1828362&cmp=115845&plc=4229117&sid=18330&dvregion=0&unit=300x600&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&prr=1&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0ghE8pLZyDCEKW250b0e5h6&DVP_DBM_1=3060631&DVP_DBM_2=11817075&DVP_DBM_3=32228384&DVP_DBM_4=322157582&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=17959379532&turl=https://commandwindows.com/&DVP_PP_BUNDLE_ID=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:286::4469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: fef25a4facc1f38db8ba7713e4c0297b32f85f0cf50a8585d9b300ed03c9b5ef

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 10 Jun 2021 17:54:43 GMT
Content-Encoding: gzip
Last-Modified: Thu, 10 Jun 2021 15:19:46 GMT
Server: Microsoft-IIS/10.0
ETag: "0d5b8bc5ed71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=946080000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 19063

GET
H/1.1 200
OK bst2tv3.html Show response
cdn3.doubleverify.com/ Frame 2686 1 KB
1 KB 23ms
8ms Document
text/html 2a02:26f0:6c00:286::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn3.doubleverify.com/bst2tv3.html
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal93.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:286::4469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 86be5d6a3d661fd3d5d72f254a347dec5c66cad569117f51dad297acba02f558

Request headers

Host: cdn3.doubleverify.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/

Response headers

Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Tue, 02 Sep 2014 17:01:36 GMT
Accept-Ranges: bytes
ETag: "01818ecfc6cf1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Content-Length: 806
Cache-Control: max-age=25281
Date: Thu, 10 Jun 2021 17:54:44 GMT
Connection: keep-alive

GET
H/1.1 200
OK verify.js Show response
rtb0.doubleverify.com/ Frame AB0D 2 KB
1 KB 68ms
13ms Script
text/javascript 213.254.244.17
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb0.doubleverify.com/verify.js?jsCallback=__verify_callback_836847821572&jsTagObjCallback=__tagObject_callback_836847821572&num=6&ctx=1828362&cmp=115845&plc=4229117&sid=18330&advid=&adsrv=&unit=300x600&isdvvid=&uid=836847821572&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&dvp_strhd=0.40&dvpx_strhd=0.40&brid=0&brver=&bridua=3&dup=null&turl=https://commandwindows.com/&srcurlD=0&ssl=1&refD=1&htmlmsging=1&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0ghE8pLZyDCEKW250b0e5h6&DVP_DBM_1=3060631&DVP_DBM_2=11817075&DVP_DBM_3=32228384&DVP_DBM_4=322157582&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=17959379532&DVP_PP_BUNDLE_ID=&prr=1&m1=13&noc=16&fcifrms=13&brh=2&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=141&eparams=DC4FC%3Dl9EEADTbpTauTau4%40%3E%3E2%3F5H%3A%3F5%40HD%5D4%40%3ETauU2%3F4r92%3A%3Fl9EEADTbpTauTau4%40%3E%3E2%3F5H%3A%3F5%40HD%5D4%40%3ETar9EEADTbpTauTauhff2cha2aga_b6_43%60hd_f4%60%60cg22h5h%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3E&dvp_exetime=13.80
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal93.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.17 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 34078ad6af458a329ec55b2b8c4c44b5cd1ee5ca72f77e076ae62ddc59b28e67

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
X-DV-Response: 1
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
Date: Thu, 10 Jun 2021 17:54:43 GMT
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: max-age=0
Transfer-Encoding: chunked
Expires: 6/9/2021 5:54:44 PM

GET
H/1.1 200
OK dv-match6.js Show response
cdn.doubleverify.com/ Frame 2497 4 KB
2 KB 9ms
8ms Script
application/javascript 2a02:26f0:6c00:286::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dv-match6.js
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:286::4469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: d03755898b05a3d69377bf7da16ccb307e789a0f569b4dbbcb7b29bdecf967c5

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 10 Jun 2021 17:54:44 GMT
Content-Encoding: gzip
Last-Modified: Sun, 11 Mar 2018 04:45:12 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "03c84bdf3b8d31:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=24361
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1935

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 58CE 0
20 B 41ms
41ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BdV3R41HCYJKXFdvO7_UP5JiF6A8AAAAAOAHgBAI&bg=!2dql2p7NAAY6sG-_OrA7ACkAdvg8WjXAVISMd1u8vIvBTEKnRHM2aNP7LfTXnc0xkeNKD5AtZ9cJbQIAAAGLUgAAAC9oAQeZAtdB61eqL1LyhjP1CftRyHSF-tEEq7U7bS87Tljf46y2Zs0RZVAgpl2prSKkaj_0kCXH4atV-vO5xZKOhyb79QfkOdRzmUAmum7B83hZ1F1C7PifRjH9ugo9Rp3LFO4kMUFPTrhRUU6Ge7oVVVRWEIiEjjCedSTHMQ_xtTQz5rUY0aQgIKukjzGkoXm3NKIXbacS3NsReL0j85NJd5oJQILNxAy_8unvK3zr6KrEcVAM9-8UdT913NqwueTfSxKeCiNhH7y8k59e-FJnv0vGfspBBcI-UtvuEDoiLD0MfBspqfGUGXldAThMZoSRf6RciGVlzOfE3IasU0a4mQVkUgGxDQJdW-OwEDzwdplPcXphwFfhtP05wAEfZx6IB-7vK_isg4_kycAs4_5FT8y2rw4edbzku9qOzDJy93TVJYthpzTb6gc6GScT6cnUDGhk8j-7YwdJnCd-d_nFWDUuDWBYeWxW2CG7Q5M4qiteMVqX3yu5Y6og0SASeFUGgMrf_x2Hw2fQbqaZyQPSTMGvHbmv2wuuQ1qDoolS5KjMt0LCt6QsSfuRNqU7sL-fqHKfPuf-x0j-BK-B0C2vOtzzicWaj7VIyfA3ANz51Vnkg9PHYRF992Uutef_1pkpUieX8Mg2w5Caqywv-56ZchabrbdyQe-jXpwsF4wwKNj1ajA3NMamPCpQJh45WWMn3T40cZCPUa1uqnL74SMOL_0UY_T6NFGY55rD-PLi_QOGtTFVAEJsgFzfIgLOyn37p4sKfzCcM33YPQcGbjpp2iybRVCRq96KbZYdTauqeDEn8yhRngOQc3LLcsoKbcxIq6xKuJvt6JYlDHsuwFh0wuAYnFy12OjPqAkou8bY9eq_sGYVCse4g_MzJWpJfoGhD07O3JlaFedAMlapZbaPrHR8-4vYsGHFVyLCm0Q6RB86WJadsMTrLRtqvbqNvxOp1TejQk2hRk5uB1X7

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 tE64XG1cXAHgdRZqLuUmMLCyOuQ9s7LE_kL_xOEQzyo.js Show response
pagead2.googlesyndication.com/bg/ Frame 9DDF 14 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/tE64XG1cXAHgdRZqLuUmMLCyOuQ9s7LE_kL_xOEQzyo.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b44eb85c6d5c5c01e075166a2ee52630b0b23ae43db3b2c4fe42ffc4e110cf2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 00:54:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61215
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5784
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 10 Jun 2022 00:54:29 GMT

GET
H3-29 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame AB0D 8 KB
4 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal93.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7c1022dbae2ac5b2997f6e92f1f25907b053736a52aa40753fb44fcf4760370

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:32:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1340
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3796
x-xss-protection: 0
last-modified: Mon, 07 Jun 2021 18:22:56 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Thu, 10 Jun 2021 18:32:24 GMT

GET
H/1.1 200
OK bsevent.gif
tps20517.doubleverify.com/ Frame AB0D 807 B
1 KB 24ms
7ms Image
image/gif 213.254.244.17
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tps20517.doubleverify.com/bsevent.gif?impid=dc08beab43414f67bb05e2e410c84ecb&dvp_or2=1&cbust=1623347684073250
Requested by: Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.17 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 78fdf5abc0ba7951eb52c6d66c9d1a9f8766f4d1c60ca05173c26623de3f3416

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:43 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Content-Type: image/gif
Cache-Control: max-age=0
Content-Length: 860
Expires: 6/9/2021 5:54:44 PM

GET
H3-29 200 impl_v75.js Show response
www.googletagservices.com/dcm/ Frame AB0D 37 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v75.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7529b11940f8a77767d97b70e5392487b7fffeb7bcd408da18bdc71665a81d41

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 12:32:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 19340
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15538
x-xss-protection: 0
last-modified: Fri, 04 Jun 2021 19:52:24 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 10 Jun 2022 12:32:24 GMT

GET
H2 200 army.gif Show response
commandwindows.com/porpoiseant/ 0
42 B 9ms
9ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTA0NjY0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1iYW5uZXItMi0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMzEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6IndvcmRzX2JlZm9yZSIsInZhbCI6IjQ0NiJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTAzODI0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMDEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6IndvcmRzX2JlZm9yZSIsInZhbCI6IjEyNCJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTAxOTA0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1ib3gtMS0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ5NDc2LCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoid29yZHNfYmVmb3JlIiwidmFsIjoiMTQ1In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxMDc3ODQ4IiwiZG9tYWluX2lkIjoiMTQ2IiwidW5pdCI6ImRpdi1ncHQtYWQtY29tbWFuZHdpbmRvd3NfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjIzMzQ3Njc2LCJhZF9wb3NpdGlvbiI6MTAwNSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiJkZDNkODM3NS00MWQxLTQwNjYtNGE5Zi1hZDU3NzlkNzQ4NTciLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ5Njc4NDk0OTQsImNyZWF0aXZlX2lkIjoxMzgyNTc4NTI1MTIsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiI0MTQifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjEwNDA2NDgiLCJkb21haW5faWQiOiIxNDYiLCJ1bml0IjoiZGl2LWdwdC1hZC1jb21tYW5kd2luZG93c19jb20tYm94LTQtMCIsInRfZXBvY2giOjE2MjMzNDc2NzYsImFkX3Bvc2l0aW9uIjoxMDAzLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImRkM2Q4Mzc1LTQxZDEtNDA2Ni00YTlmLWFkNTc3OWQ3NDg1NyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiI0NjAifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTA0NjY0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1iYW5uZXItMi0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMzEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6IndvcmRzX2JlZm9yZSIsInZhbCI6IjQ0NiJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTAzODI0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMDEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6IndvcmRzX2JlZm9yZSIsInZhbCI6IjEyNCJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTAxOTA0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1ib3gtMS0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ5NDc2LCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoid29yZHNfYmVmb3JlIiwidmFsIjoiMTQ1In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxMDc3ODQ4IiwiZG9tYWluX2lkIjoiMTQ2IiwidW5pdCI6ImRpdi1ncHQtYWQtY29tbWFuZHdpbmRvd3NfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjIzMzQ3Njc2LCJhZF9wb3NpdGlvbiI6MTAwNSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiJkZDNkODM3NS00MWQxLTQwNjYtNGE5Zi1hZDU3NzlkNzQ4NTciLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ5Njc4NDk0OTQsImNyZWF0aXZlX2lkIjoxMzgyNTc4NTI1MTIsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiI0MTQifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjEwNDA2NDgiLCJkb21haW5faWQiOiIxNDYiLCJ1bml0IjoiZGl2LWdwdC1hZC1jb21tYW5kd2luZG93c19jb20tYm94LTQtMCIsInRfZXBvY2giOjE2MjMzNDc2NzYsImFkX3Bvc2l0aW9uIjoxMDAzLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImRkM2Q4Mzc1LTQxZDEtNDA2Ni00YTlmLWFkNTc3OWQ3NDg1NyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiI0NjAifV0sImlzX29yaWciOmZhbHNlfV0=
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:44 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 09 Jun 2021 17:54:44 UTC

GET
H2 200 army.gif Show response
commandwindows.com/porpoiseant/ 0
19 B 8ms
8ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTA0NjY0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1iYW5uZXItMi0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMzEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiMTAxMiJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiMTI4OCJ9LHsibmFtZSI6ImlzX2Zsb2F0aW5nIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjEwMzgyNDgiLCJkb21haW5faWQiOiIxNDYiLCJ1bml0IjoiZGl2LWdwdC1hZC1jb21tYW5kd2luZG93c19jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjMzNDc2NzYsImFkX3Bvc2l0aW9uIjoxMDAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImRkM2Q4Mzc1LTQxZDEtNDA2Ni00YTlmLWFkNTc3OWQ3NDg1NyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjIzOCJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiMTM2In0seyJuYW1lIjoiaXNfZmxvYXRpbmciLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTAxOTA0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1ib3gtMS0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ5NDc2LCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoicG9zX3giLCJ2YWwiOiIxMDEyIn0seyJuYW1lIjoicG9zX3kiLCJ2YWwiOiIzMDAifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxMDc3ODQ4IiwiZG9tYWluX2lkIjoiMTQ2IiwidW5pdCI6ImRpdi1ncHQtYWQtY29tbWFuZHdpbmRvd3NfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjIzMzQ3Njc2LCJhZF9wb3NpdGlvbiI6MTAwNSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiJkZDNkODM3NS00MWQxLTQwNjYtNGE5Zi1hZDU3NzlkNzQ4NTciLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ5Njc4NDk0OTQsImNyZWF0aXZlX2lkIjoxMzgyNTc4NTI1MTIsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjAifSx7Im5hbWUiOiJwb3NfeSIsInZhbCI6IjExMDAifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6InRydWUifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjEwNDA2NDgiLCJkb21haW5faWQiOiIxNDYiLCJ1bml0IjoiZGl2LWdwdC1hZC1jb21tYW5kd2luZG93c19jb20tYm94LTQtMCIsInRfZXBvY2giOjE2MjMzNDc2NzYsImFkX3Bvc2l0aW9uIjoxMDAzLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImRkM2Q4Mzc1LTQxZDEtNDA2Ni00YTlmLWFkNTc3OWQ3NDg1NyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjMzNSJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiMTM5NSJ9LHsibmFtZSI6ImlzX2Zsb2F0aW5nIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTA0NjY0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1iYW5uZXItMi0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMzEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiMTAxMiJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiMTI4OCJ9LHsibmFtZSI6ImlzX2Zsb2F0aW5nIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjEwMzgyNDgiLCJkb21haW5faWQiOiIxNDYiLCJ1bml0IjoiZGl2LWdwdC1hZC1jb21tYW5kd2luZG93c19jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjMzNDc2NzYsImFkX3Bvc2l0aW9uIjoxMDAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImRkM2Q4Mzc1LTQxZDEtNDA2Ni00YTlmLWFkNTc3OWQ3NDg1NyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjIzOCJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiMTM2In0seyJuYW1lIjoiaXNfZmxvYXRpbmciLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTAxOTA0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1ib3gtMS0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ5NDc2LCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoicG9zX3giLCJ2YWwiOiIxMDEyIn0seyJuYW1lIjoicG9zX3kiLCJ2YWwiOiIzMDAifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxMDc3ODQ4IiwiZG9tYWluX2lkIjoiMTQ2IiwidW5pdCI6ImRpdi1ncHQtYWQtY29tbWFuZHdpbmRvd3NfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjIzMzQ3Njc2LCJhZF9wb3NpdGlvbiI6MTAwNSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiJkZDNkODM3NS00MWQxLTQwNjYtNGE5Zi1hZDU3NzlkNzQ4NTciLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ5Njc4NDk0OTQsImNyZWF0aXZlX2lkIjoxMzgyNTc4NTI1MTIsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjAifSx7Im5hbWUiOiJwb3NfeSIsInZhbCI6IjExMDAifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6InRydWUifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjEwNDA2NDgiLCJkb21haW5faWQiOiIxNDYiLCJ1bml0IjoiZGl2LWdwdC1hZC1jb21tYW5kd2luZG93c19jb20tYm94LTQtMCIsInRfZXBvY2giOjE2MjMzNDc2NzYsImFkX3Bvc2l0aW9uIjoxMDAzLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImRkM2Q4Mzc1LTQxZDEtNDA2Ni00YTlmLWFkNTc3OWQ3NDg1NyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjMzNSJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiMTM5NSJ9LHsibmFtZSI6ImlzX2Zsb2F0aW5nIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfV0=
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:44 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 09 Jun 2021 17:54:44 UTC

GET
H3-29 200 B10224936.280471261;dc_ver=75.217;dc_eid=40004000;sz=300x600;u_sd=1;dc_adk=745989649;ord=9wi82z;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=1,https%3A%2F%2Fcommandwindows.... Show response
ad.doubleclick.net/ddm/adj/N1395.150740DOUBLEVERIFY/ Frame AB0D 34 KB
17 KB 37ms
37ms Script
text/javascript 142.250.185.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N1395.150740DOUBLEVERIFY/B10224936.280471261;dc_ver=75.217;dc_eid=40004000;sz=300x600;u_sd=1;dc_adk=745989649;ord=9wi82z;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=1,https%3A%2F%2Fcommandwindows.com%2F$0;xdt=1;crlt=DxSfoxu)Hb;osda=2;sttr=39;prcl=s

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v75.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f6.1e100.net

Software

cafe /

Resource Hash

2904be6a6ba734ea646365bbeddba0d35f45d56fe04b693ac28dcc8a05fb6771

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:44 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17403
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame B076 43 B
301 B 88ms
87ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=695971&asId=c590e1ea-c5f0-a6b6-6e9d-d37da76f9149&tv=%7Bc:fa9LIF,pingTime:-10,time:685,type:s,mvn:ZnNjPTEyLHNkPTMsbm89Nyxhc3A9MQ--,fsc:17.5.5v220002022000220000022002222000022220200000222200222220002222022002222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000002220002220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222222220022202200022002220222202,sd:MTcuNS41djEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNS41dk1vemlsbGF8fE5ldHNjYXBlfHxufHwxNnx8bnx8MHx8bnx8TGludXggeDg2XzY0fHxHZWNrb3x8MjAwMzAxMDd8fC0xMjB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS84OS4wLjQzODkuNzIgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,asp:1623347684228%7C%7Ca8921ae59c9238698b82cd810c3b6737%7C%7Cf34e96995ddf3ff5eb1bfde138cfe29c%7C%7Cb46ca9967b0b8d7610388041645902f2%7C%7Cb90ac04b9a7a84172d3f553daba6f0ad%7C%7C0337e917beffa807f4ef3061dc92ecd4%7C%7C480c10193ac8dcfaf34890a7ed163cbd%7C%7C58539134a582a8d5511026e8366c6cdc%7C%7C1619710151,ch:eyJiIjpbXSwibSI6ZmFsc2UsImgiOnsiYXJjaGl0ZWN0dXJlIjoiIiwibW9kZWwiOiIiLCJwbGF0Zm9ybSI6IiIsInBsYXRmb3JtVmVyc2lvbiI6IiIsInVhRnVsbFZlcnNpb24iOiIifX0-,im:%7Bimprf:%7Bttecl:621,ecd:31,tsecr:39%7D%7D%7D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:44 GMT
X-Server-Name: dt52.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2BD8 0
20 B 41ms
40ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B3gqh41HCYKiwHofP7_UP5--K6AcAAAAAOAHgBAI&bg=!W1ilWBzNAAY6sG-_OrA7ACkAdvg8Wn-67i2b5lSFimfgAjh20Q1Tjp2-2SGuTxXXlNPslPO5KPJ7YQIAAADsUgAAAB5oAQcKAIKPhLouBZGOcVzQdk--iM4UnDWprd1bGOV6tHhCAfBMxKQgE54ykZ6cekhgPFvibz-MZACSBKKNzNHn1-hntplnVOQnaCjHE1KF0ZQSZSKUY3WjuNU7vVEtXO1ijGTHn5XkqqiWUYB2lHvzN2lQdg4ZJtwhuD6kVuLjqJhesBMNRI6cmQK8yYANIad7meGYL8CfYR4EexI4avVJ2oeo7_bYGcAl3fKopw3Mph_9owZDuiaC9tXnSEMzTow4xymd0e9n89b39dYUI7jjEFkdjoePtgSPSHllZ8nn2_DrJEh35MzhSWEHV8x2jlzG9837Pg9ifu1mXTmE-dNk9KvikLl-_4k4MnUzGfdxjC7Ae0OVEOu3ra7-8L8hzlwSJ7_g9dva0flIdOO8dc8byg6yw6NXAF7sfWgrQBCw0rjwQapxQMkOn7KvB1FOTno-uckb899nzYdk99WIrNEH4zO0s-kX_OTE97AKJqXrbHdsTt_RP9d7hxAA2tVmayuCaDl9hJSKcJqJH38-sRW3ZTYdK69hCB2eVnh5-0QNzqDMdMfpafnCXCOUnU3ta-e9MB3aJ3bL8KUZS03K8Z70L0UZahqnCu1mW-SY6pFl4eI-2qf6Zs7rv5h566YgQN1Zgy0DEWctFj4byqAzCqXEgMg-sKOeiVFbagK0NsQ-h_RkkKuzCAS1jVIZsX4SkYs6GJr3IertRdSSr01cqImoalDl4gKbHg7-Gz5tvSurdCgyG97CNaytfd8lqiFkmf7z6QQwWTNb1zepQ3byKS5tU5zgjvu4pdGOxl-21QsEfoTxwzqOyAxpWFIPKTlIOkJNRjkjWsZh8MmXYtZK2PxufAhewa63RIuKxy5SAqMc_MbPaEZIOyUNdBV92bQLX1nbcDVQ-pUqEoXhup3gPxZuHDcZrjLVcwlIuIsSkREY00wIi-AKzWRNthjiqMcHgU1qlRXQ2S3BM_9MyxkCaOxKXRjO-ZcMeylB9die_2FA-CGynOIxg8C6MX3LA07z31pD-OL3v2a_HMdVETzMVl8y3ALdvwovg4TLb6YokE99vdw0iL8bnZnoZSKUSaPwERQYvf0EFI-yBbedfN1otseLWqMQQqVJAg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/elements/html/ Frame AB0D 8 KB
3 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N1395.150740DOUBLEVERIFY/B10224936.280471261;dc_ver=75.217;dc_eid=40004000;sz=300x600;u_sd=1;dc_adk=745989649;ord=9wi82z;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=1,https%3A%2F%2Fcommandwindows.com%2F$0;xdt=1;crlt=DxSfoxu)Hb;osda=2;sttr=39;prcl=s

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 33
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 24 Jun 2021 17:54:11 GMT

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame AB0D 0
23 B 56ms
42ms Ping
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstO68DvJ0jFOpNA7roGosXMME90vUKvxMEfnpZ1dmew7AFTepKgRZ4gcpWw5xehmpwXZWID1vbHRLNtiMYGk-ez9NNLQRDPFPEZq688ghMLwbutn-VXcQ-1Tu3boZqWvfV3HP98Slohy2x6tBUL&sig=Cg0ArKJSzJGAyOCnWbByEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=0&cbvp=1&cstd=0&cisv=r20210607.21926&adurl=

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 17:54:44 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1 200
OK dvtp_src.js Show response
cdn.doubleverify.com/ Frame AB0D 7 KB
3 KB 7ms
6ms Script
application/javascript 2a02:26f0:6c00:286::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvtp_src.js?ctx=13311291&cmp=10224936&sid=2641434&plc=280471261&num=&adid=&advid=2276943&adsrv=1&btreg=402490188&btadsrv=doubleclick&crt=117572789&crtname=&chnl=&unit=&pid=&uid=&tagtype=&dvtagver=6.1.src
Requested by: Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N1395.150740DOUBLEVERIFY/B10224936.280471261;dc_ver=75.217;dc_eid=40004000;sz=300x600;u_sd=1;dc_adk=745989649;ord=9wi82z;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=1,https%3A%2F%2Fcommandwindows.com%2F$0;xdt=1;crlt=DxSfoxu)Hb;osda=2;sttr=39;prcl=s
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:286::4469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 7fd6685c64b8fc149daad29346247b5c8119e2ed193b0055389a91587a3ecc9c

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 10 Jun 2021 17:54:44 GMT
Content-Encoding: gzip
Last-Modified: Thu, 10 Jun 2021 14:40:30 GMT
Server: Microsoft-IIS/10.0
ETag: "0c36f8f65ed71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3122

GET
H3-29 200 adc_hun_EndHungerStory_300x600_Evergreen.jpg
s0.2mdn.net/2276943/ Frame AB0D 59 KB
59 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/2276943/adc_hun_EndHungerStory_300x600_Evergreen.jpg

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6bc7c3ad25577ae877bf367010b15feb325f9ad391b5b3f9f9849a1ef344c331

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 13:05:32 GMT
x-content-type-options: nosniff
last-modified: Wed, 12 Jun 2019 18:23:12 GMT
server: sffe
age: 17352
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60811
x-xss-protection: 0
expires: Fri, 11 Jun 2021 13:05:32 GMT

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame AA71 22 KB
8 KB 7ms
6ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Thu, 10 Jun 2021 12:32:25 GMT
expires: Fri, 10 Jun 2022 12:32:25 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 19339
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK dv-measurements1425.js Show response
cdn.doubleverify.com/ Frame 4204 483 KB
87 KB 8ms
7ms Script
application/javascript 2a02:26f0:6c00:286::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dv-measurements1425.js
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:286::4469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 094faff6efb2d3db27fe3db9d6b6f5c9bb6788b8c159fb26c62a20e1c8651092

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 10 Jun 2021 17:54:44 GMT
Content-Encoding: gzip
Last-Modified: Thu, 10 Jun 2021 06:18:49 GMT
Server: Microsoft-IIS/10.0
ETag: "80aad779c05dd71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=946080900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 88494

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 262C 1 KB
749 B 7ms
6ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 10 Jun 2021 05:40:48 GMT
expires: Fri, 11 Jun 2021 05:40:48 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 44036
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame AB0D 207 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 308c303ae88239f79e5bc5906a6c9aca3c770fa75c0e726446d44bbedbe0fda1

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame AB0D 0
23 B 42ms
41ms Ping
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 17:54:44 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1 200
OK dv-measurements1425.js Show response
cdn.doubleverify.com/ Frame 0EAE 483 KB
87 KB 8ms
7ms Script
application/javascript 2a02:26f0:6c00:286::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dv-measurements1425.js
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:286::4469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 094faff6efb2d3db27fe3db9d6b6f5c9bb6788b8c159fb26c62a20e1c8651092

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 10 Jun 2021 17:54:44 GMT
Content-Encoding: gzip
Last-Modified: Thu, 10 Jun 2021 06:18:49 GMT
Server: Microsoft-IIS/10.0
ETag: "80aad779c05dd71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=946080900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 88494

GET
H/1.1 200
OK visit.js Show response
tps.doubleverify.com/ Frame 4204 1 KB
1 KB 29ms
12ms Script
text/javascript 213.254.244.17
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to

Full URL: https://tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&brid=97&bridua=3&bds=1&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau4%40%3E%3E2%3F5H%3A%3F5%40HD%5D4%40%3ETauU2%3F4r92%3A%3Fl9EEADTbpTauTau4%40%3E%3E2%3F5H%3A%3F5%40HD%5D4%40%3ETar9EEADTbpTauTauhff2cha2aga_b6_43%60hd_f4%60%60cg22h5h%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3E&srcurlD=0&aUrlD=0&ssl=https:&dfs=623&ddur=8&uid=1623347684406688&jsCallback=dvCallback_1623347684406582&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F89.0.4389.72%20Safari%2F537.36&htmlmsging=1&chro=0&hist=2&winh=600&winw=300&wouh=1200&wouw=1600&scah=1200&scaw=1600&jsver=1425&tgjsver=1425&lvvn=28&m1=13&refD=1&referrer=https%3A%2F%2F977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&fcifrms=13&brh=2&dvp_epl=247&noc=16&ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&adsrv=0&advid=3398311&turl=https://commandwindows.com/&errorURL=https://tps.doubleverify.com/visit.jpg&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0ghE8pLZyDCEKW250b0e5h6&DVP_DBM_1=3060631&DVP_DBM_2=11817075&DVP_DBM_3=32228384&DVP_DBM_4=322157582&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=17959379532&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_tcnt=2&dvp_sukv=398631132281.4968&dvp_tukv=107520811874.72243&dvp_uuid=76101366245.86479&dvp_strhd=0.7999954223632812&dvpx_strhd=0.7999954223632812&dvp_tuid=476684376813&dvp_vcms=34&dvp_slmsd=65&dvp_vcmsd=99
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1425.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.17 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 736741e27976b720a09de1da5ae330980592e49b3c90861fdbabbaf2485dbce1

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:44 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: max-age=0
Transfer-Encoding: chunked
Expires: 6/9/2021 5:54:44 PM

GET
H/1.1 200
OK visit.js Show response
tps.doubleverify.com/ Frame 0EAE 1 KB
1 KB 13ms
13ms Script
text/javascript 213.254.244.17
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to

Full URL: https://tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&brid=97&bridua=3&bds=1&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau4%40%3E%3E2%3F5H%3A%3F5%40HD%5D4%40%3ETauU2%3F4r92%3A%3Fl9EEADTbpTauTau4%40%3E%3E2%3F5H%3A%3F5%40HD%5D4%40%3ETar9EEADTbpTauTauhff2cha2aga_b6_43%60hd_f4%60%60cg22h5h%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3E&srcurlD=0&aUrlD=0&ssl=https:&dfs=623&ddur=8&uid=1623347684448171&jsCallback=dvCallback_1623347684448949&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F89.0.4389.72%20Safari%2F537.36&htmlmsging=1&chro=0&hist=2&winh=600&winw=300&wouh=1200&wouw=1600&scah=1200&scaw=1600&dvp_isOnHead=1&jsver=1425&tgjsver=1425&lvvn=28&m1=13&refD=1&referrer=https%3A%2F%2F977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&fcifrms=13&brh=2&dvp_epl=247&noc=16&ctx=13311291&cmp=10224936&sid=2641434&plc=280471261&crt=117572789&btreg=402490188&btadsrv=doubleclick&adsrv=1&advid=2276943&errorURL=https://tps.doubleverify.com/visit.jpg&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_tcnt=2&dvp_sukv=398631132281.4968&dvp_tukv=889279641189.2772&dvp_uuid=1563873.927162123&dvp_strhd=0.3000030517578125&dvpx_strhd=0.3000030517578125&dvp_tuid=357382668402&dvp_vcms=9&dvp_slmsd=84&dvp_vcmsd=93
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1425.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.17 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 41d7799c0ac85b8ee589bac435fcea367b156811d9e45953e5d982f64496ece5

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:43 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: max-age=0
Transfer-Encoding: chunked
Expires: 6/9/2021 5:54:44 PM

GET
H3-29 200 tE64XG1cXAHgdRZqLuUmMLCyOuQ9s7LE_kL_xOEQzyo.js Show response
pagead2.googlesyndication.com/bg/ Frame AA71 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/tE64XG1cXAHgdRZqLuUmMLCyOuQ9s7LE_kL_xOEQzyo.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b44eb85c6d5c5c01e075166a2ee52630b0b23ae43db3b2c4fe42ffc4e110cf2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 00:54:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61215
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5784
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 10 Jun 2022 00:54:29 GMT

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 262C
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESELc3fvBQGkSuDBh8-LG_cpk&google_cver=1&google_push=AYg5qPJalFy15CngY0GQM1HBx2OKj3U8uOqkhRG_LMNnBzQu0qXxtyKkE3LcHCa80ypvvO_b35x9JgndURquuM0hQTbwfIh3xd4o
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NzIyMzgxMjg4NTY5MDc2ODI3Nw==
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEEsfzRsGNjPlVnh7yzrnE-A&google_cver=1

43 B
407 B

39ms
13ms

Image
image/gif

2001:678:cb4:bbbb::11
TURN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEEsfzRsGNjPlVnh7yzrnE-A&google_cver=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (TURN, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:44 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-type: image/gif
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:44 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEEsfzRsGNjPlVnh7yzrnE-A&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 262C
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEHeL-dcH9pen0QZ3MBnjch8&google_cver=1&google_push=AYg5qPIMnkYR_Iz3H0L8IZUGXQB04iJR9oawXV64f2i2MmKblCGhem1fvVIUCRnFILSNGNugnrybv30M5EB3s4Y8...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=ALeVemofR2yj3AjQLaQ_IA2&google_push=AYg5qPIMnkYR_Iz3H0L8IZUGXQB04iJR9oawXV64f2i2MmKblCGhem1fvVIUCRnFILSNGNugnrybv30M5EB3s4Y8HVD5JdewNBkM

170 B
188 B

18ms
18ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=ALeVemofR2yj3AjQLaQ_IA2&google_push=AYg5qPIMnkYR_Iz3H0L8IZUGXQB04iJR9oawXV64f2i2MmKblCGhem1fvVIUCRnFILSNGNugnrybv30M5EB3s4Y8HVD5JdewNBkM

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:44 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 10 Jun 2021 17:54:44 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.15.12
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=ALeVemofR2yj3AjQLaQ_IA2&google_push=AYg5qPIMnkYR_Iz3H0L8IZUGXQB04iJR9oawXV64f2i2MmKblCGhem1fvVIUCRnFILSNGNugnrybv30M5EB3s4Y8HVD5JdewNBkM
x-host: tde-deliveryengine-production-84b97f78fc-vj7d5
alt-svc: clear
content-length: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 262C
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEDnNEs83JRL1Lbk7ld8HiRk&google_cver=1&google_push=AYg5qPKGjZmI3F5MCOKp8xILK7IPx65wOqtpDCVvFEVKvsX7i8TnDoC48LXB-p3uRsIcoEUUZvTyoOwC...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEDnNEs83JRL1Lbk7ld8HiRk&google_cver=1&google_push=AYg5qPKGjZmI3F5MCOKp8xILK7IPx65wOqtpDCVvFEVKvsX7i8TnDoC48LXB-p3uRsIcoEUUZvT...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjI1NTY3NjIyMTg5NjQwODYzNw&google_push=AYg5qPKGjZmI3F5MCOKp8xILK7IPx65wOqtpDCVvFEVKvsX7i8TnDoC48LXB-p3uRsIcoEUUZvTyoO...

170 B
188 B

17ms
17ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjI1NTY3NjIyMTg5NjQwODYzNw&google_push=AYg5qPKGjZmI3F5MCOKp8xILK7IPx65wOqtpDCVvFEVKvsX7i8TnDoC48LXB-p3uRsIcoEUUZvTyoOwCrEoNOoGZ5OfyRekkA4Bn

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:44 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:44 GMT
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjI1NTY3NjIyMTg5NjQwODYzNw&google_push=AYg5qPKGjZmI3F5MCOKp8xILK7IPx65wOqtpDCVvFEVKvsX7i8TnDoC48LXB-p3uRsIcoEUUZvTyoOwCrEoNOoGZ5OfyRekkA4Bn
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 262C
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEO68ty2zK3ZJTYrjKba2twQ&google_cver=1&google_push=AYg5qPII2DHTmo9muH_dwlWOmXwZHrLIBwG4Z_hK7hh27gHAuMsh32OwRHkOAydjrIm5Ibf-zSHSU-9Kod3fKyxx6...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEO68ty2zK3ZJTYrjKba2twQ&google_cver=1&google_push=AYg5qPII2DHTmo9muH_dwlWOmXwZHrLIBwG4Z_hK7hh27gHAuMsh32OwRHkOAydjrIm5Ibf-zSHSU-9Kod3fKyxx6...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPII2DHTmo9muH_dwlWOmXwZHrLIBwG4Z_hK7hh27gHAuMsh32OwRHkOAydjrIm5Ibf-zSHSU-9Kod3fKyxx6lr_BS25QYc&google_hm=610317a61f5814bb2e605be0

170 B
188 B

18ms
17ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPII2DHTmo9muH_dwlWOmXwZHrLIBwG4Z_hK7hh27gHAuMsh32OwRHkOAydjrIm5Ibf-zSHSU-9Kod3fKyxx6lr_BS25QYc&google_hm=610317a61f5814bb2e605be0

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:44 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 10 Jun 2021 17:54:44 GMT
Server: nginx
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPII2DHTmo9muH_dwlWOmXwZHrLIBwG4Z_hK7hh27gHAuMsh32OwRHkOAydjrIm5Ibf-zSHSU-9Kod3fKyxx6lr_BS25QYc&google_hm=610317a61f5814bb2e605be0
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap7ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 262C
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEI...
https://sync.targeting.unrulymedia.com/csync/RX-41a148b4-5386-4f3a-b011-316b247c60e3-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAYg5qPI-NjUm9V4SWCAUA0wft...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPI-NjUm9V4SWCAUA0wftNU1BOg8Yvo1ilW3hPgOKbhWqqfdMTCE5MixwfCAn_4zU-53GiVcm5__-8F6V-Tn5An8EVtYFR8U&google_hm=A0GhSLRThk86sBExayR8YOM

170 B
188 B

17ms
17ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPI-NjUm9V4SWCAUA0wftNU1BOg8Yvo1ilW3hPgOKbhWqqfdMTCE5MixwfCAn_4zU-53GiVcm5__-8F6V-Tn5An8EVtYFR8U&google_hm=A0GhSLRThk86sBExayR8YOM

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:44 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPI-NjUm9V4SWCAUA0wftNU1BOg8Yvo1ilW3hPgOKbhWqqfdMTCE5MixwfCAn_4zU-53GiVcm5__-8F6V-Tn5An8EVtYFR8U&google_hm=A0GhSLRThk86sBExayR8YOM
date: Thu, 10 Jun 2021 17:54:44 GMT
server: Tengine
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RX41a148b453864f3ab011316b247c60e3003
content-type: text/html

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 262C
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEHBH9dOhayssuq2SS45I-DI&google_cver=1&google_push=AYg5qPJCwvzit-k-ndS_vCEx-NPV9Sqn_Rhj-Tj5rMt9pks7BPGT4tZGAoCpIkaxlwSqmpPYrl-R50c2Aifl2T-SkkbQHR0A-6bg
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&cmp_cs=&us_privacy=&sync=1&google_push=AYg5qPJCwvzit-k-ndS_vCEx-NPV9Sqn_Rhj-Tj5rMt9pks7BPGT4tZGAoCpIkaxlwSqmpPYrl-R50c2Aifl2T-SkkbQHR0A-6bg&goog...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDM2ODEyNDY0NDEyODA4NTMxMA%3D%3D&google_push=AYg5qPJCwvzit-k-ndS_vCEx-NPV9Sqn_Rhj-Tj5rMt9pks7BPGT4tZGAoCp...

170 B
188 B

18ms
17ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDM2ODEyNDY0NDEyODA4NTMxMA%3D%3D&google_push=AYg5qPJCwvzit-k-ndS_vCEx-NPV9Sqn_Rhj-Tj5rMt9pks7BPGT4tZGAoCpIkaxlwSqmpPYrl-R50c2Aifl2T-SkkbQHR0A-6bg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:44 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDM2ODEyNDY0NDEyODA4NTMxMA%3D%3D&google_push=AYg5qPJCwvzit-k-ndS_vCEx-NPV9Sqn_Rhj-Tj5rMt9pks7BPGT4tZGAoCpIkaxlwSqmpPYrl-R50c2Aifl2T-SkkbQHR0A-6bg
date: Thu, 10 Jun 2021 17:54:44 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 262C
Redirect Chain

https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEM0dHft0WCRmQldIDP5J8Ys&google_cver=1&google_push=AYg5qPK3ChrTEd3dWMNctWH-LsVd09Z4AGESFkAJPtcLTYOUV85R1rxW4FCuuzWvaTOfqRGTgmA4w0...
https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AYg5qPK3ChrTEd3dWMNctWH-LsVd09Z4AGESFkAJPtcLTYOUV85R1rxW4FCuuzWvaTOfqRGTgmA4w0LH58RGlxeHb94NA-KCDKxf&google_hm=NTUyMTk3OD...

170 B
188 B

17ms
17ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AYg5qPK3ChrTEd3dWMNctWH-LsVd09Z4AGESFkAJPtcLTYOUV85R1rxW4FCuuzWvaTOfqRGTgmA4w0LH58RGlxeHb94NA-KCDKxf&google_hm=NTUyMTk3ODMxMzgwMTkyMTA2Ng%3D%3D

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:44 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AYg5qPK3ChrTEd3dWMNctWH-LsVd09Z4AGESFkAJPtcLTYOUV85R1rxW4FCuuzWvaTOfqRGTgmA4w0LH58RGlxeHb94NA-KCDKxf&google_hm=NTUyMTk3ODMxMzgwMTkyMTA2Ng%3D%3D
date: Thu, 10 Jun 2021 17:54:44 GMT
content-length: 0

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 262C 0
12 B 18ms
17ms Image
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JeQQqKIiEICVndRATM2b6e-MRtXHVn6fJCzir1QqTRamHRrWjqBtcvQ-WoY7TboZqB-ZNk

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:44 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9DDF 0
20 B 43ms
41ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BwIM541HCYIy0L7Kxx_APn52f6A0AAAAAOAHgBAI&bg=!4uGl4aXNAAY6sG-_OrA7ACkAdvg8WqIqOn0YIa4tGrW2VPVtHOISivDLmsDmGYQZrlXC4dcCinxJlAIAAAE5UgAAACtoAQcKAEjD2ugDCeEVd8uoOtOLAXp_wEt5x6G91m7N3qPRBI1LALf-hZ6syKKZkPUyR4a7GWhT-cFWlHwFSLX4-14LFXNM3wx6jMmClteZAsNjh1OO4HoFdmfrqFZCPSLy89R0Wda_357PQPCppN31fuMud_63_uMp8hispihhwxzcyvy3OgmSw8VeizGsqii0za_KvZ6O9Y85NS8JZt8reoO3K3BA2tk0nxlh4fEd-TAyzc6Wc-SqR3RZofxualxl-ewmJWCqFxZYLXF6BIGPwsNSAGsMCLp42gaWhLUUvUlQUvQtLdwqwgoC3gP7FbjfG6R8YoyjYOO60R1p-fECybA0WrBKV3-wpJoDn7xSeca8FY_Ti60HlGROWhJsBAdAuznnGHkL4hzxUzdqy_a-1Riqy1sDjt0eLpQhS8rMTznPI9XhiW-2F-XjNtOzCQH3zHTGRRKthIKvAFoJUKhH_HFsTS48wrmN-4uxftjzKmjt460DGF_hsv7DeZK9SYyfN-bVljRPmCledO8_nBtWpaNGbnhL2yGijXW8p_zdgmTtRoZotlI6tc-EL3mHwMl-SpFPMc2GjeHJ67mU1giXz6mjHbN_t5qtTh9Onu02YpHAIKew-Yy3sLq7NEzBvSfSJVe20CkCg6Pf73Zk8kB-BDcCs862JsHS02Lz73XXYgvMiOaxXNDI5LN1Rf6zvBQrerUB_azPVL0O-PpEQUU8nmu4dSDoVO-ENXQ9oFqEAYGEo_hAmhZjhlWO8atdr1EeYzgIHQ3OTip26T6WsspFBuf8jeYvSjNmc70e2Ln4ASOggqgwbURcmZHxXsyst5lp7EaEg0zUc4jWtU13bgKs-m88ewlQGeWzDecs-fUpHH_eK6hpJfuAOG_fq5ZPr8-cus_bFtqv70ihWucVx8FVoO4JKXbOXBvQazGNkBx5sYUAUThWnJhQsx5qNM8Rxvj3JKW0gcSr3wx00NqS4GtW6RXLex400Qw73Dnz-k6cea6ljC7cHIT69Efka849OG1O-PzCNbkSyrVcfCKwYswlJGQhpQ

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame B076 42 B
64 B 51ms
50ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstqyXmPxIZb8Any7dTs_kNBZCVyfVY3g1_zIEx6GPa2iVtp2vudbi1ztusxZx-e9w86qs_RsW9Db5wXuJroLqjd9mP8OQY4oEz6TB8Gl74YlGBVB-Ot_KQrstSKPQ&sai=AMfl-YReq7qrGYg6uvvXjmf-WMjFeXYzOT5MH8BMYYwivH0nStgPNicGDklfQCCFjJI0j5ZE5QeTx7GU7doL590lCxLumYa8b_rY3l87zTHEqYDCl_xfZ8S1fI4vqK0&sig=Cg0ArKJSzPeAy0ztJVAjEAE&cid=CAASEuRosV9JqtnGypi1GEOVgVurxA&id=lidar2&mcvt=1012&p=1108,436,1198,1164&mtos=939,1012,1012,1012,1012&tos=939,73,0,0,0&v=20210609&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=4057930128&rs=4&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ%3D%3D&vs=4&eosm=0&rst=1623347683313&dlt=11&rpt=290&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame AA71 0
20 B 42ms
42ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BBC9v5FHCYJ6dCoHz3wPr2aiIBwAAAAA4AeAEAg&bg=!Tk2lTQnNAAY6sG-_OrA7ACkAdvg8WqU7_Od_ymyBsWRGaoa6jFKGd3gC3D8LcWHZaBljq1F-aDiYbQIAAACDUgAAAA5oAQcKANKcPUAQ8TbPzyIHdLSjRw9edGeLYZw-8B8V1_SwkPuTcUmP4RosOe7CBE8vlFqJjvdEDNM-I1bG69G4BENG2wgZ0iWPBoGmZJbc4AN7AlUbd5RF4r_jjI3GSzNzz9nnCb6d8ayVa81tAJnp0LaL7VSUsSpBsECvu_zRvKhsHiKwonmtEgmiWAu-SEoQqwhmFRQO02vNTAlCTmZyql8SnSqoFHaqnOD1lUsDBKFUIhORCWTEs8kp2zRmDMHR6n65WW3pMTlKo2tVXZQ95L4KVESYsiyZAsgLUpSFMZCgdOP3F2RC2wLq6ZkrliafT7v2dR4CEuyrWvmPobqI4oq2ltrWrOkdkiAcZWpQB48TZSrU5Xm8RDan6Key9sDIjDGToSW612mnbgBfVd6oxIdUZFuvItIjU6rSyf3A7hRJLarcRpxwN36do3h4dQWbVnhbjDSHN8cmv543WUb0nCnm-ITPwpy6sQ0da5q-tSfrH5OMBQNql8iGYRAkFH_qJLi9AAHgIlB1T8zO-fWlvJCXjV4L9z2t4vfZIl8VhDgT7xxo8NlbI3MCq8wSS0qXkZElDyrpMEd4ebpMSuXDv1vKpVx98fGvskx4H_e3n5KkD3ZbR0Dw24J5GmTC6TxoSn2dJEsnvPgzZInljbPFuXwq53_DDO0FwuWP653iWI2QO9U8_OlNCh8rNeqo4deJauKm0bEf0PKxFwfGhGLdEzTEQ57EkaH8GeO0-eYID2_x9FGeR_B1Im78orCZzV99Fl64HPdoWtM9HL2ZZmAca4oSp3gEhzdiXEERdp8c2v8lzC-yzeqlA6FhlFeJ17SgLFsui7FDEZ4ADjEW982sq2Pn_otgdyO_dInrDy5lG2XfIPb41PWZ99sEIL900YMrDhTl8zjUXc7gt__TEFkN_QhzKQkigTYXkB372ee8pysq34KNGY-VyoK8v7fxTFjZPXN8fd8HRf5RIgZGex0dT3mCt7YPcoob5tGfKOP6CyIfzkNiMN7VLIabsIOJGVw9uRV4_Q0HotUVXaLpbjqAr74bwi24BVDiNPSid_R2HRFKA1Jci0ceJ_1fSg2q0wSyFiQqcJE5hwL1zzdg4HiIFlxtpO83NYoMkvA30tBfEBs8wnd6eMi1PuwiA5LD6QRPBJ6Qh8O0NFwLwFVR5_gywyGldRDz4ngN1_uUfuJemn4wzEGe49HPEuLm6jbsDzmdbmhPgfOBXgb5AuGt5ObFpLYF

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif Show response
commandwindows.com/porpoiseant/ 0
19 B 8ms
7ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTA3Nzg0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwicmV2ZW51ZSI6MCwiZXN0X3JldmVudWUiOjAsImFkX3Bvc2l0aW9uIjoxMDA1LCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYmlkX2Zsb29yX3ByZXYiOjAsInN0YXRfc291cmNlX2lkIjowLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ5NDk0LCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoidmlld2VkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTA3Nzg0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwicmV2ZW51ZSI6MCwiZXN0X3JldmVudWUiOjAsImFkX3Bvc2l0aW9uIjoxMDA1LCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYmlkX2Zsb29yX3ByZXYiOjAsInN0YXRfc291cmNlX2lkIjowLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ5NDk0LCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoidmlld2VkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:44 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 09 Jun 2021 17:54:44 UTC

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame B076 42 B
64 B 40ms
40ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuTc7AP2A8C5XBloSGvKRX6Tnh4rKFt8XMZXbbqERe-GHCusQPaO-zb_UUeVb4nUPz0u3n_p3A0UEm_ixGVSYiGnQ&sig=Cg0ArKJSzAwwgfBeJWLKEAE&id=lidar2&mcvt=1001&p=0,0,90,728&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20210609&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=34&adk=943508953&rs=6&met=mue&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ%3D%3D&vs=4&eosm=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif Show response
commandwindows.com/porpoiseant/ 0
19 B 8ms
8ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTAxOTA0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1ib3gtMS0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwicmV2ZW51ZSI6MCwiZXN0X3JldmVudWUiOjAsImFkX3Bvc2l0aW9uIjoxMDAwLCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYmlkX2Zsb29yX3ByZXYiOjAsInN0YXRfc291cmNlX2lkIjowLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ5NDc2LCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoidmlld2VkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTAxOTA0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1ib3gtMS0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwicmV2ZW51ZSI6MCwiZXN0X3JldmVudWUiOjAsImFkX3Bvc2l0aW9uIjoxMDAwLCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYmlkX2Zsb29yX3ByZXYiOjAsInN0YXRfc291cmNlX2lkIjowLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ5NDc2LCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoidmlld2VkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:44 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 09 Jun 2021 17:54:44 UTC

GET
H2 200 army.gif Show response
commandwindows.com/porpoiseant/ 0
19 B 8ms
8ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTA3Nzg0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMDUsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ5NDk0LCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX3NpemUiLCJ2YWwiOiJbNzI4LDkwXSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTA3Nzg0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMDUsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ5NDk0LCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2ZsdWlkIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjEwNzc4NDgiLCJkb21haW5faWQiOiIxNDYiLCJ1bml0IjoiZGl2LWdwdC1hZC1jb21tYW5kd2luZG93c19jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjMzNDc2NzYsImFkX3Bvc2l0aW9uIjoxMDA1LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImRkM2Q4Mzc1LTQxZDEtNDA2Ni00YTlmLWFkNTc3OWQ3NDg1NyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk2Nzg0OTQ5NCwiY3JlYXRpdmVfaWQiOjEzODI1Nzg1MjUxMiwiZGF0YSI6W3sibmFtZSI6ImRvbWFpbl9kZnBfc3R5bGVfaWQiLCJ2YWwiOiIwIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTA3Nzg0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMDUsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ5NDk0LCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX3NpemUiLCJ2YWwiOiJbNzI4LDkwXSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTA3Nzg0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMDUsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ5NDk0LCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2ZsdWlkIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjEwNzc4NDgiLCJkb21haW5faWQiOiIxNDYiLCJ1bml0IjoiZGl2LWdwdC1hZC1jb21tYW5kd2luZG93c19jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MjMzNDc2NzYsImFkX3Bvc2l0aW9uIjoxMDA1LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImRkM2Q4Mzc1LTQxZDEtNDA2Ni00YTlmLWFkNTc3OWQ3NDg1NyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk2Nzg0OTQ5NCwiY3JlYXRpdmVfaWQiOjEzODI1Nzg1MjUxMiwiZGF0YSI6W3sibmFtZSI6ImRvbWFpbl9kZnBfc3R5bGVfaWQiLCJ2YWwiOiIwIn1dLCJpc19vcmlnIjpmYWxzZX1d
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:44 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 09 Jun 2021 17:54:44 UTC

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 15ms
14ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=commandwindows.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 17:54:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 15ms
14ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=commandwindows.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 17:54:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 449 B
258 B 649ms
648ms XHR
text/plain 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1826864915106731&correlator=1482332316122461&output=ldjh&impl=fif&eid=31061413%2C21068030%2C31061143%2C44744016&vrg=2021060901&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210610&iu_parts=104418548%2Ccommandwindows_com-box-4&enc_prev_ius=%2F0%2F1&prev_iu_szs=250x250%7C310x320%7C310x330%7C320x330%7C410x370&ris=2&rcs=4&prev_scp=iid11%3D1040648%26iit%3D4%26t%3D30%26d%3D146%26t1%3D30%26pvc%3D0%26ap%3D1003%26sap%3D1261%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dn%26refs%3D30%26ga%3D6206860%26gala%3D1501035%26rid%3D99998%26pt%3D3%26al%3D1003%26compid%3D0%26tap%3Dcommandwindows_com-box-4-1040648%26eb_br%3Ddbd164b2f6ba7ab3dbb868a5cad91738%2C8de2c8ca79e8623e3cb37120a35ebaa2%26eba%3D1%26ebss%3D10082%2C10061%2C10015%2C11304%26gas%3D2017884480%26asau%3D7210502436%26bv%3D0%26bvm%3D2%26bvr%3D7%26shp%3D3%26br1%3D240%26br2%3D650%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D32%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C919%2C20%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D300%26reqt%3D1623347684000&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1623347685&dt=1623347685007&dlt=1623347677004&idt=967&frm=20&biw=1600&bih=1200&oid=3&adxs=335&adys=1395&adks=193407168&ucis=j&ifi=19&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fcommandwindows.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=250x270&msz=250x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1869561420.1623347679&ga_sid=1623347679&ga_hid=607783575&ga_fc=false&ga_wpids=UA-29096671-22&fws=4&ohw=750&btvi=9&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

8bafbee09031b633480fbd91bcdc5e7cf9cd2c360fa293b75cb1e3a31e9d8883

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:45 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 229
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://commandwindows.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif Show response
commandwindows.com/porpoiseant/ 0
65 B 8ms
8ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTAxOTA0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1ib3gtMS0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ5NDc2LCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX3NpemUiLCJ2YWwiOiJbMzAwLDYwMF0ifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjEwMTkwNDgiLCJkb21haW5faWQiOiIxNDYiLCJ1bml0IjoiZGl2LWdwdC1hZC1jb21tYW5kd2luZG93c19jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjMzNDc2NzYsImFkX3Bvc2l0aW9uIjoxMDAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImRkM2Q4Mzc1LTQxZDEtNDA2Ni00YTlmLWFkNTc3OWQ3NDg1NyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk2Nzg0OTQ3NiwiY3JlYXRpdmVfaWQiOjEzODI1Nzg1MjUxMiwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9mbHVpZCIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxMDE5MDQ4IiwiZG9tYWluX2lkIjoiMTQ2IiwidW5pdCI6ImRpdi1ncHQtYWQtY29tbWFuZHdpbmRvd3NfY29tLWJveC0xLTAiLCJ0X2Vwb2NoIjoxNjIzMzQ3Njc2LCJhZF9wb3NpdGlvbiI6MTAwMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiJkZDNkODM3NS00MWQxLTQwNjYtNGE5Zi1hZDU3NzlkNzQ4NTciLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ5Njc4NDk0NzYsImNyZWF0aXZlX2lkIjoxMzgyNTc4NTI1MTIsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiMzAifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTAxOTA0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1ib3gtMS0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ5NDc2LCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX3NpemUiLCJ2YWwiOiJbMzAwLDYwMF0ifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjEwMTkwNDgiLCJkb21haW5faWQiOiIxNDYiLCJ1bml0IjoiZGl2LWdwdC1hZC1jb21tYW5kd2luZG93c19jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MjMzNDc2NzYsImFkX3Bvc2l0aW9uIjoxMDAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImRkM2Q4Mzc1LTQxZDEtNDA2Ni00YTlmLWFkNTc3OWQ3NDg1NyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk2Nzg0OTQ3NiwiY3JlYXRpdmVfaWQiOjEzODI1Nzg1MjUxMiwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9mbHVpZCIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxMDE5MDQ4IiwiZG9tYWluX2lkIjoiMTQ2IiwidW5pdCI6ImRpdi1ncHQtYWQtY29tbWFuZHdpbmRvd3NfY29tLWJveC0xLTAiLCJ0X2Vwb2NoIjoxNjIzMzQ3Njc2LCJhZF9wb3NpdGlvbiI6MTAwMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiJkZDNkODM3NS00MWQxLTQwNjYtNGE5Zi1hZDU3NzlkNzQ4NTciLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ5Njc4NDk0NzYsImNyZWF0aXZlX2lkIjoxMzgyNTc4NTI1MTIsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiMzAifV0sImlzX29yaWciOmZhbHNlfV0=
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:45 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 09 Jun 2021 17:54:45 UTC

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 15ms
15ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=commandwindows.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 17:54:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 14ms
14ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=commandwindows.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 17:54:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 448 B
258 B 555ms
555ms XHR
text/plain 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1826864915106731&correlator=2251027046241163&output=ldjh&impl=fif&eid=31061413%2C21068030%2C31061143%2C44744016&vrg=2021060901&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210610&iu_parts=104418548%2Ccommandwindows_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90%7C310x320%7C340x370%7C360x370&ris=2&rcs=4&prev_scp=iid11%3D1038248%26iit%3D4%26t%3D30%26d%3D146%26t1%3D30%26pvc%3D0%26ap%3D1001%26sap%3D1224%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dtf%26refs%3D30%26ga%3D6206860%26gala%3D1501035%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dcommandwindows_com-box-2-1038248%26eb_br%3D1f21798841bf8f06b2b01e59559e3a3d%2C86802a923a1f32517e4c5d3b6d550271%26eba%3D1%26ebss%3D10082%2C10061%2C10015%2C11304%26gas%3D5905158604%26asau%3D4257036031%26bv%3D3%26bvm%3D0%26bvr%3D8%26shp%3D1%26acptad%3D1%26br1%3D200%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C0%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C919%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26hb_bidder%3Dix%26hb_adid%3D42669de0dce193%26hb_pb%3D0.08%26hb_format%3Dbanner%26hb_ssid%3D10082%26lb%3D400%26reqt%3D1623347684148&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1623347685&dt=1623347685154&dlt=1623347677004&idt=967&frm=20&biw=1600&bih=1200&oid=3&adxs=238&adys=136&adks=830238079&ucis=k&ifi=20&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fcommandwindows.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=728x110&msz=728x90&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1869561420.1623347679&ga_sid=1623347679&ga_hid=607783575&ga_fc=false&ga_wpids=UA-29096671-22&fws=4&ohw=750&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

bedd41e01c46dfe00a707c8d69daa16f3f269eee5d29d7202f9a2a02a3b1993d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:45 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 229
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://commandwindows.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 16ms
16ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=commandwindows.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 17:54:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 14ms
14ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=commandwindows.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 17:54:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 452 B
258 B 459ms
459ms XHR
text/plain 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1826864915106731&correlator=3942823567261750&output=ldjh&impl=fif&eid=31061413%2C21068030%2C31061143%2C44744016&vrg=2021060901&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210610&iu_parts=104418548%2Ccommandwindows_com-banner-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x600%7C310x320%7C340x370%7C430x430&ris=2&rcs=4&prev_scp=iid11%3D1046648%26iit%3D5%26t%3D30%26d%3D146%26t1%3D30%26pvc%3D0%26ap%3D1031%26sap%3D1031%26a%3D%257C2%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dtf%26refs%3D30%26ga%3D6206860%26gala%3D1501035%26rid%3D99998%26pt%3D31%26al%3D1031%26compid%3D0%26tap%3Dcommandwindows_com-banner-2-1046648%26eb_br%3De611d34e3d141bf8a95ee34718507aa2%2Cb355e9227b551c119a30a68852723b62%26eba%3D1%26ebss%3D10082%2C10061%2C10015%2C11304%26gas%3D8983937454%26asau%3D4556257235%26bv%3D17%26bvm%3D0%26bvr%3D7%26shp%3D2%26br1%3D90%26br2%3D650%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D83%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C760%2C761%2C815%2C816%2C817%2C899%2C919%2C20%2C17%2C19%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26hb_bidder%3Dix%26hb_adid%3D40fae41502f9bae%26hb_pb%3D0.10%26hb_format%3Dbanner%26hb_ssid%3D10082%26lb%3D200%26reqt%3D1623347684171&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1623347685&dt=1623347685177&dlt=1623347677004&idt=967&frm=20&biw=1600&bih=1200&oid=3&adxs=1012&adys=1288&adks=3518285167&ucis=l&ifi=21&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fcommandwindows.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x636&msz=300x600&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1869561420.1623347679&ga_sid=1623347679&ga_hid=607783575&ga_fc=false&ga_wpids=UA-29096671-22&fws=4&ohw=300&btvi=10&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

2fd2bad0e7603a201715b4a81572a8e4a8cda06b6687fff0e5b76b502a50f10c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:45 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 229
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://commandwindows.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame AB0D 42 B
64 B 45ms
44ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssnS2suWGwHJ8mDnIatzj3HP9Es9xKEniAhGFgLIy-USipt7Ek9ROAGMS5uhcFaVmQN67ee__kgV_hVyGJjOLLrW_lcE2FA5Emw79WMS7nQDf4AsfIwhq9w8r32dQ&sai=AMfl-YRfWqvmbvPjTVA91pXl9ck8nU0E9NeavV0jYQQviFNKpTbnOvpq2HQhflLd_dSX0LKL4C7-wrLsd1vS2fMo1R6aICvEut3OnlwYEJRJ4qNMltLvF0ykH74iT9M&sig=Cg0ArKJSzICwp0rlPH84EAE&cid=CAASEuRopFkMVTI-A44_yUsqV2Idww&id=lidar2&mcvt=1000&p=300,1012,904,1312&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20210609&bin=7&avms=nio&bs=0,0&mc=0.99&if=1&app=0&itpl=20&adk=1399567425&rs=4&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ%3D%3D&vs=4&eosm=0&rst=1623347683627&dlt=52&rpt=1&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:45 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame AB0D 42 B
64 B 39ms
39ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssvJ5dUQVBpSYwN_qwmSJA3nXmXXiQN-W-ML4KRDHvLOj1Xl4l5qx7_GFdP-sBaWVHJldjT3vqwixzhqGIXBKY&sig=Cg0ArKJSzC_jsVkMAwsHEAE&id=lidar2&mcvt=1002&p=0,0,600,300&mtos=1002,1002,1002,1002,1002&tos=1002,0,0,0,0&v=20210609&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=32&adk=745989649&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ%3D%3D&vs=4&eosm=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:45 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 15ms
15ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=commandwindows.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 17:54:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 15ms
14ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=commandwindows.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 17:54:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 342 B
169 B 324ms
323ms XHR
text/plain 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1826864915106731&correlator=1517636364637595&output=ldjh&impl=fif&eid=31061413%2C21068030%2C31061143%2C44744016&vrg=2021060901&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210610&iu_parts=104418548%2Ccommandwindows_com-box-4&enc_prev_ius=%2F0%2F1&prev_iu_szs=250x250%7C310x320%7C310x330%7C320x330%7C410x370&ris=1&rcs=5&prev_scp=iid11%3D1040648%26iit%3D4%26t%3D30%26d%3D146%26t1%3D30%26pvc%3D0%26ap%3D1003%26sap%3D1261%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D6%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dn%26refs%3D30%26ga%3D6206860%26gala%3D1501035%26rid%3D99998%26pt%3D3%26al%3D1003%26compid%3D0%26tap%3Dcommandwindows_com-box-4-1040648%26eb_br%3Da2b45ad7ec25aa78d8641082a295093b%2C43aa1607a0c08c74b14a9039e7b909b4%26eba%3D1%26ebss%3D10082%2C10061%2C10015%2C11304%26gas%3D2017884480%26asau%3D7210502436%26bv%3D0%26bvm%3D2%26bvr%3D7%26shp%3D3%26br1%3D220%26br2%3D650%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D32%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C919%2C20%2C20%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D240%26reqt%3D1623347685664&eri=1&cookie=ID%3Dace1d35abfd12cad%3AT%3D1623347685%3AS%3DALNI_Mb8J7kY-k5gdHjg7KkiuowXY7TKHg&bc=31&abxe=1&lmt=1623347685&dt=1623347685670&dlt=1623347677004&idt=967&frm=20&biw=1600&bih=1200&oid=3&adxs=335&adys=1395&adks=193407168&ucis=m&ifi=22&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fcommandwindows.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=250x270&msz=250x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1869561420.1623347679&ga_sid=1623347679&ga_hid=607783575&ga_fc=false&ga_wpids=UA-29096671-22&fws=4&ohw=750&btvi=11&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

bb577c363f0f367c83354861ba077b54a9b6266eeca7c9ca1ae7bb51eb6dbc31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:45 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 140
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://commandwindows.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 14 KB
8 KB 648ms
647ms XHR
text/plain 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1826864915106731&correlator=548871507164082&output=ldjh&impl=fif&eid=31061413%2C21068030%2C31061143%2C44744016&vrg=2021060901&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210610&iu_parts=104418548%2Ccommandwindows_com-banner-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x600%7C310x320%7C340x370%7C430x430&ris=1&rcs=5&prev_scp=iid11%3D1046648%26iit%3D5%26t%3D30%26d%3D146%26t1%3D30%26pvc%3D0%26ap%3D1031%26sap%3D1031%26a%3D%257C2%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D6%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dtf%26refs%3D30%26ga%3D6206860%26gala%3D1501035%26rid%3D99998%26pt%3D31%26al%3D1031%26compid%3D0%26tap%3Dcommandwindows_com-banner-2-1046648%26eb_br%3D666029ee8b3fc7d139e34438527dc02f%2C54d0fa6d5f6aabe7623cb24faa42a441%26eba%3D1%26ebss%3D10082%2C10061%2C10015%2C11304%26gas%3D8983937454%26asau%3D4556257235%26bv%3D17%26bvm%3D0%26bvr%3D7%26shp%3D2%26br1%3D30%26br2%3D650%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D83%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C760%2C761%2C815%2C816%2C817%2C899%2C919%2C20%2C17%2C19%2C20%2C17%2C19%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26hb_bidder%3Dix%26hb_adid%3D40fae41502f9bae%26hb_pb%3D0.10%26hb_format%3Dbanner%26hb_ssid%3D10082%26lb%3D90%26reqt%3D1623347685683&eri=1&cookie=ID%3Dace1d35abfd12cad%3AT%3D1623347685%3AS%3DALNI_Mb8J7kY-k5gdHjg7KkiuowXY7TKHg&bc=31&abxe=1&lmt=1623347685&dt=1623347685689&dlt=1623347677004&idt=967&frm=20&biw=1600&bih=1200&oid=3&adxs=1012&adys=1288&adks=3518285167&ucis=n&ifi=23&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fcommandwindows.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x636&msz=300x600&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1869561420.1623347679&ga_sid=1623347679&ga_hid=607783575&ga_fc=false&ga_wpids=UA-29096671-22&fws=4&ohw=300&btvi=12&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

96915e1e73870d19f43d193f2530eb0518cb9075f0703fdd0b79f6a24ea36efd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:46 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8558
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://commandwindows.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 15ms
15ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=commandwindows.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 17:54:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 15ms
14ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=commandwindows.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 17:54:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 24 KB
11 KB 411ms
411ms XHR
text/plain 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1826864915106731&correlator=1930708426456875&output=ldjh&impl=fif&eid=31061413%2C21068030%2C31061143%2C44744016&vrg=2021060901&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210610&iu_parts=104418548%2Ccommandwindows_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90%7C310x320%7C340x370%7C360x370&ris=1&rcs=5&prev_scp=iid11%3D1038248%26iit%3D4%26t%3D30%26d%3D146%26t1%3D30%26pvc%3D0%26ap%3D1001%26sap%3D1224%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D6%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26reft%3Dtf%26refs%3D30%26ga%3D6206860%26gala%3D1501035%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dcommandwindows_com-box-2-1038248%26eb_br%3D49d6fb3018f8fd64edd36f2a1cd7ceb5%2Cdfa60cee6e1053fc0c9e607c8047bd28%26eba%3D1%26ebss%3D10082%2C10061%2C10015%2C11304%26gas%3D5905158604%26asau%3D4257036031%26bv%3D3%26bvm%3D0%26bvr%3D8%26shp%3D1%26acptad%3D1%26br1%3D80%26br2%3D400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C0%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C919%2C20%2C17%2C19%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26hb_bidder%3Dix%26hb_adid%3D42669de0dce193%26hb_pb%3D0.08%26hb_format%3Dbanner%26hb_ssid%3D10082%26lb%3D200%26reqt%3D1623347685716&eri=1&cookie=ID%3D6a5e9a182245cfd9%3AT%3D1623347685%3AS%3DALNI_MYFdL4wXsmzA-ppAMNLzrExIi82Mg&bc=31&abxe=1&lmt=1623347685&dt=1623347685724&dlt=1623347677004&idt=967&frm=20&biw=1600&bih=1200&oid=3&adxs=238&adys=136&adks=830238079&ucis=o&ifi=24&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fcommandwindows.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=728x110&msz=728x90&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=1869561420.1623347679&ga_sid=1623347679&ga_hid=607783575&ga_fc=false&ga_wpids=UA-29096671-22&fws=4&ohw=750&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

2d7f6693d8493cbd0805c5e3882bf9facdc9fb3a7285bb02e0a5bcd2c45d6b80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:46 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11274
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://commandwindows.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 81 KB
31 KB 14ms
14ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KSWP59F

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/detroitchicago/seattle.js?cb=194-1-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

fc132a8b0dea4b844451b9e97289325bef8c7ea66a2c74f170b79fe54570c1f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:45 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31956
x-xss-protection: 0
last-modified: Thu, 10 Jun 2021 17:17:32 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 10 Jun 2021 17:54:45 GMT

GET
H/1.1 200
OK bsevent.gif
tps20517.doubleverify.com/ Frame AB0D 807 B
1 KB 9ms
8ms Image
image/gif 213.254.244.17
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tps20517.doubleverify.com/bsevent.gif?impid=dc08beab43414f67bb05e2e410c84ecb&pltfrm=Linux%20x86_64&cbust=1623347686074967
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.17 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 78fdf5abc0ba7951eb52c6d66c9d1a9f8766f4d1c60ca05173c26623de3f3416

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:45 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Content-Type: image/gif
Cache-Control: max-age=0
Content-Length: 860
Expires: 6/9/2021 5:54:46 PM

GET
H2 200 container.html Show response
977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame C46C 6 KB
3 KB 7ms
6ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://commandwindows.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://commandwindows.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Thu, 10 Jun 2021 17:54:38 GMT
expires: Fri, 10 Jun 2022 17:54:38 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 army.gif Show response
commandwindows.com/porpoiseant/ 0
19 B 9ms
9ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTAzODI0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMDEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ3MzM0LCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoicmVmcmVzaF9jb3VudCIsInZhbCI6IjYifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjEwMzgyNDgiLCJkb21haW5faWQiOiIxNDYiLCJ1bml0IjoiZGl2LWdwdC1hZC1jb21tYW5kd2luZG93c19jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjMzNDc2NzYsImFkX3Bvc2l0aW9uIjoxMDAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImRkM2Q4Mzc1LTQxZDEtNDA2Ni00YTlmLWFkNTc3OWQ3NDg1NyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk2Nzg0NzMzNCwiY3JlYXRpdmVfaWQiOjEzODI1Nzg1MjUxMiwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9iaWRfaGFzaCIsInZhbCI6IjQ5ZDZmYjMwMThmOGZkNjRlZGQzNmYyYTFjZDdjZWI1LGRmYTYwY2VlNmUxMDUzZmMwYzllNjA3YzgwNDdiZDI4In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxMDM4MjQ4IiwiZG9tYWluX2lkIjoiMTQ2IiwidW5pdCI6ImRpdi1ncHQtYWQtY29tbWFuZHdpbmRvd3NfY29tLWJveC0yLTAiLCJ0X2Vwb2NoIjoxNjIzMzQ3Njc2LCJyZXZlbnVlIjowLCJlc3RfcmV2ZW51ZSI6MC4wMDA4LCJhZF9wb3NpdGlvbiI6MTAwMSwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwOCwiYmlkX2Zsb29yX3ByZXYiOjAuMDAyLCJzdGF0X3NvdXJjZV9pZCI6MzUsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiJkZDNkODM3NS00MWQxLTQwNjYtNGE5Zi1hZDU3NzlkNzQ4NTciLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ5Njc4NDczMzQsImNyZWF0aXZlX2lkIjoxMzgyNTc4NTI1MTIsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxMDM4MjQ4IiwiZG9tYWluX2lkIjoiMTQ2IiwidW5pdCI6ImRpdi1ncHQtYWQtY29tbWFuZHdpbmRvd3NfY29tLWJveC0yLTAiLCJ0X2Vwb2NoIjoxNjIzMzQ3Njc2LCJhZF9wb3NpdGlvbiI6MTAwMSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiJkZDNkODM3NS00MWQxLTQwNjYtNGE5Zi1hZDU3NzlkNzQ4NTciLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ5Njc4NDczMzQsImNyZWF0aXZlX2lkIjoxMzgyNTc4NTI1MTIsImRhdGEiOlt7Im5hbWUiOiJjcmVhdGl2ZV9pZCIsInZhbCI6IjEzODI1Nzg1MjUxMiJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTAzODI0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMDEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ3MzM0LCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoibGluZWl0ZW1faWQiLCJ2YWwiOiI0OTY3ODQ3MzM0In1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTAzODI0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMDEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ3MzM0LCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoicmVmcmVzaF9jb3VudCIsInZhbCI6IjYifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjEwMzgyNDgiLCJkb21haW5faWQiOiIxNDYiLCJ1bml0IjoiZGl2LWdwdC1hZC1jb21tYW5kd2luZG93c19jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjMzNDc2NzYsImFkX3Bvc2l0aW9uIjoxMDAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImRkM2Q4Mzc1LTQxZDEtNDA2Ni00YTlmLWFkNTc3OWQ3NDg1NyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk2Nzg0NzMzNCwiY3JlYXRpdmVfaWQiOjEzODI1Nzg1MjUxMiwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9iaWRfaGFzaCIsInZhbCI6IjQ5ZDZmYjMwMThmOGZkNjRlZGQzNmYyYTFjZDdjZWI1LGRmYTYwY2VlNmUxMDUzZmMwYzllNjA3YzgwNDdiZDI4In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxMDM4MjQ4IiwiZG9tYWluX2lkIjoiMTQ2IiwidW5pdCI6ImRpdi1ncHQtYWQtY29tbWFuZHdpbmRvd3NfY29tLWJveC0yLTAiLCJ0X2Vwb2NoIjoxNjIzMzQ3Njc2LCJyZXZlbnVlIjowLCJlc3RfcmV2ZW51ZSI6MC4wMDA4LCJhZF9wb3NpdGlvbiI6MTAwMSwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwOCwiYmlkX2Zsb29yX3ByZXYiOjAuMDAyLCJzdGF0X3NvdXJjZV9pZCI6MzUsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiJkZDNkODM3NS00MWQxLTQwNjYtNGE5Zi1hZDU3NzlkNzQ4NTciLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ5Njc4NDczMzQsImNyZWF0aXZlX2lkIjoxMzgyNTc4NTI1MTIsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxMDM4MjQ4IiwiZG9tYWluX2lkIjoiMTQ2IiwidW5pdCI6ImRpdi1ncHQtYWQtY29tbWFuZHdpbmRvd3NfY29tLWJveC0yLTAiLCJ0X2Vwb2NoIjoxNjIzMzQ3Njc2LCJhZF9wb3NpdGlvbiI6MTAwMSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiJkZDNkODM3NS00MWQxLTQwNjYtNGE5Zi1hZDU3NzlkNzQ4NTciLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ5Njc4NDczMzQsImNyZWF0aXZlX2lkIjoxMzgyNTc4NTI1MTIsImRhdGEiOlt7Im5hbWUiOiJjcmVhdGl2ZV9pZCIsInZhbCI6IjEzODI1Nzg1MjUxMiJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTAzODI0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMDEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ3MzM0LCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoibGluZWl0ZW1faWQiLCJ2YWwiOiI0OTY3ODQ3MzM0In1dLCJpc19vcmlnIjpmYWxzZX1d
pragma: no-cache
cookie: __gads=ID=6a5e9a182245cfd9:T=1623347685:S=ALNI_MYFdL4wXsmzA-ppAMNLzrExIi82Mg; ezepvvr=NaN; ezouspvv=80; ezouspva=1; ezouspvh=80
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:46 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 09 Jun 2021 17:54:45 UTC

GET
H2 200 4967847334 Show response
g.ezoic.net/dac/ 0
40 B 10ms
10ms XHR
text/plain 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/4967847334
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 10 Jun 2021 17:54:46 GMT
cache-control: max-age=3600, public
server: nginx/1.16.0
content-length: 0
vary: Accept-Encoding
content-type: text/plain

GET
H2 200 army.gif Show response
commandwindows.com/porpoiseant/ 0
65 B 8ms
8ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTAzODI0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMDEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ3MzM0LCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoidF9sb2NhbF9kYXRlIiwidmFsIjoiMjAyMS0wNi0xMCJ9LHsibmFtZSI6InRfbG9jYWxfaG91ciIsInZhbCI6IjE5In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjQifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTEyMCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTAzODI0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMDEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ3MzM0LCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoidF9sb2NhbF9kYXRlIiwidmFsIjoiMjAyMS0wNi0xMCJ9LHsibmFtZSI6InRfbG9jYWxfaG91ciIsInZhbCI6IjE5In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjQifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTEyMCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
pragma: no-cache
cookie: __gads=ID=6a5e9a182245cfd9:T=1623347685:S=ALNI_MYFdL4wXsmzA-ppAMNLzrExIi82Mg; ezepvvr=NaN; ezouspvv=80; ezouspva=1; ezouspvh=80
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:46 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 09 Jun 2021 17:54:46 UTC

GET
H2 200 army.gif Show response
commandwindows.com/porpoiseant/ 0
19 B 9ms
8ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMTAzODI0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYXVjdGlvbl9lcG9jaCI6MTYyMzM0NzY4NiwiYWRfcG9zaXRpb24iOjEwMDEsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiJkZDNkODM3NS00MWQxLTQwNjYtNGE5Zi1hZDU3NzlkNzQ4NTciLCJiaWRfZmxvb3JfaW5pdGlhbCI6MTgwMCwiYmlkX2Zsb29yX3ByZXYiOjIwMCwiYmlkX2Zsb29yX2ZpbGxlZCI6ODAsImF1Y3Rpb25fY291bnQiOjYsInJlZnJlc2hfYWRfY291bnQiOjAsImF1Y3Rpb25fZHVyYXRpb24iOjQyMywibXVsdGlfYWRfdW5pdCI6MCwibXVsdGlfYWRfY291bnQiOjAsIm5ldHdvcmtfY29kZSI6MTA0NDE4NTQ4LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dLCJsaW5lX2l0ZW1faWQiOjQ5Njc4NDczMzR9XQ==
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMTAzODI0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYXVjdGlvbl9lcG9jaCI6MTYyMzM0NzY4NiwiYWRfcG9zaXRpb24iOjEwMDEsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiJkZDNkODM3NS00MWQxLTQwNjYtNGE5Zi1hZDU3NzlkNzQ4NTciLCJiaWRfZmxvb3JfaW5pdGlhbCI6MTgwMCwiYmlkX2Zsb29yX3ByZXYiOjIwMCwiYmlkX2Zsb29yX2ZpbGxlZCI6ODAsImF1Y3Rpb25fY291bnQiOjYsInJlZnJlc2hfYWRfY291bnQiOjAsImF1Y3Rpb25fZHVyYXRpb24iOjQyMywibXVsdGlfYWRfdW5pdCI6MCwibXVsdGlfYWRfY291bnQiOjAsIm5ldHdvcmtfY29kZSI6MTA0NDE4NTQ4LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dLCJsaW5lX2l0ZW1faWQiOjQ5Njc4NDczMzR9XQ==
pragma: no-cache
cookie: __gads=ID=6a5e9a182245cfd9:T=1623347685:S=ALNI_MYFdL4wXsmzA-ppAMNLzrExIi82Mg; ezepvvr=NaN; ezouspvv=80; ezouspva=1; ezouspvh=80
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:46 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 09 Jun 2021 17:54:46 UTC

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame B152 624 B
297 B 20ms
17ms Document
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQw7j0ARin186ZATAB&v=APEucNW_m4addizt27IBaWlcdsgI9UR0aZ86WBsdwpKnwLFt-Mh2C-m58RoN8i8RHzdS-AnWC-t_sPc-vlkI0zTKlPW7bWSYhdRlyGHxsuXniRS14EgpYxg67ubhijVTgwX9gl0IjiiOnJxKz9H2ewB0cwyO022Hids-4e9iGP7wz7nxLiODaZs

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CJfnugEQw7j0ARin186ZATAB&v=APEucNW_m4addizt27IBaWlcdsgI9UR0aZ86WBsdwpKnwLFt-Mh2C-m58RoN8i8RHzdS-AnWC-t_sPc-vlkI0zTKlPW7bWSYhdRlyGHxsuXniRS14EgpYxg67ubhijVTgwX9gl0IjiiOnJxKz9H2ewB0cwyO022Hids-4e9iGP7wz7nxLiODaZs
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmV3akDVSqTajdcqcSE7STArhSZ9KKNckPkyc_OTHMTdzGM4JOrvALlC5k8O_c
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 10 Jun 2021 17:54:46 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame C46C 24 KB
13 KB 41ms
37ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A8vf_kb9SWN1IxAkRmVV2dOw_-sER2cw2gXFNX5AaTYUaez_UiRzzbf48g5kYp60JrPe8SIxePEbg6ofar-qH4a2cWDxnEGW58bdK9BQJtUq2qJZP0tiIe02CE4OD9vEYi9WQji4QrOVCA3uTG7wzarFEpWg&cry=1&dbm_d=AKAmf-ACDoy0GuCHNmQ5B1MekVTf2aqnbHSxk2oAubFNbdjiGeWJqNrHz18WzNFBNz4_YSlZd5tmwETbgVaG2MozO6wqS90woKCtL0_E4dhKUo_IkQphWLh_Z1FRgjd9L0KYPOSlKaavgY1MHb03zGizfVcd_hXACAIJcPqDg6EaFPjU0xC-MVFxfV-2v9yiIC96oA9Oi5h-CaMs08PFu4I7oAR6gTk5XFzhZ9p9IlyGVYEMtbnE7UHLxqpnzXBSt0jnw2hOop6Vm-FERqtgzoU7vfQL9yaCkF_z3IQtUcBuPk5q_CWcmfnFzr1ZcVLscRW2boKVAXyQaIHeh3YTX_dW1bFs_eO6W5EH6MvkWRjuc88DCOBnevdZSEDwVjRV4oXWvR3LP_Tp3H34b0bI2kQlNptCXkryNBI3aDeV48lGhqQavVDWpEuWjKEQDpLsM0h1XhAEauCVOdd_8MxkB9txMvPHqMgS9bCHq-oOtrgM7B56rl5jsVd0RDPtyCjwhgo2ButDW9H66oKgA9GrkI-dA3Vk39Bn_A_vlkAN86BQd-fBqm2V6YrNmtcdbkLxilqO_p3Z_pJcxiFoR2pTKEFotfVBd6lprvg1-snsdSN9KxR1Pl7tsgqPRBR7f1DLxDev2ihqueL5BWoSFKusgQyswnB0O1zMhfKGhuM6PmxM4FruRfu_en_SZbaE_3mqn0aEceGYL-ZdODgsCr8LNPjIcFHGp5Ab4DW4CV5pYjIQkiajEsuBxdLMa8E23GK_VrDq-prb8dfWEvpxa3nO4we3JFDLiLNyIdjU-m3XeMTM4REI1OqmrH2gQny31v2xZXwWr3LtAH9PO3fkvw0aZJr3y9WAstKI7J9iKxakjuibRcpVRGaMTQCZhpZfPZg5XHAfiDYu15nqRibllUkZk-7ZBE9YrCavphVqWL_29n_WgL4bUWV0Ma7AhwKpdQpNFqcAAzcMMy-FUuUw7pOhTtE2Bxd5zQ5CArONV3PhqjDZdfmuN4U5R6c70GLhUj_8839YewANa1ZoJjlAvJKjQeCQ-DlW_xx7iMDYAmY4bOs-nP2ftos4dVQuP5tyBMB0HV8CfRmcYBnYAIJvzaZaLKwfGXqU_sKHYTGHhJ9ynTLZ1Ij4L4kN-MhHNyYDjjBKGd5IYHlr5YSRxUyr0cxDv2fGsG5rLFvXtAiEP1YPbVXMU6LBXB2X6x4nciAhHS28vzj7QSp9QIob8n6P9WmUZTbnQ3EWrDsfjzJ3Wc-eo6v9ExA8M8sPL893lUbCetrvWqgEwqWwEsK7a76Tym-f-3oZIvUGllR-abk8l3LraNsxbQKWepD-g2fEYgNIWGl-2Ci1GG86V3ItREkBZq38WOFxTv_9GHf7qs8SSFnHeoTxccKCWbIROKMMNjwRW5kCwp-mSGHaCdQxigzjYE9GVjsepECfrEtWHqdpSalaJ7RjzFvRNExAS8Ol6Y9V5z4zGEnW8h4fVlEOyp5R_IQFbnoym5UM1WXClGbtBC_nq-NngcvXwcaOdAQAezc17nfZNdbqVPWQ-ztaKmgvtweCXpWrBaDj2UoKzrYEWbHg5P2Rzl9vKYmdkrVwaJ--sY-fuEGyiuS2vkPAbewKdDSymSsSv6Ri0OkDRY4_T3BUzn9-gr7KhWQIIBe3Z5sfoiR_kb9EMNJjIUIxUrpfGWWJ2oDJaMiNJ7gftnJcXmXYkTTBU_lWALACvpVDLVhbFyc8DSk9e5FRHs1NFbaiF89fxnYIykpuv8yNhMVG5JLOOD0LZ7k3kSMkHgtQAHozdoeZXr-wqlz9jlLF04KFZ9qpnZFlCpeTHjasGbJ6lsNmjF3bVkmCHcRwl24rg7_Zyb0zJS7MD2NrFFZ0vNt5mPXrxbJQpriKi4f3ihPTBwr_K4Z82xswTDVBbxNQgYF1UdUAzuu9aAdoTygIbT-HHb60FBOMUz0Wdluudsv6CMar7749bjktbkpOewjk1QJpcjkGh9EvmsRyy5uBdfbTN9WUO_XFZm9Sb71BP7S3_EdDxrfL-3cDdP8L3A8ymTC0IAnle4H3A9kbbpcmzszTc61pZuMY9oS3ELxlREzDVI9RKulugWclHUoNPX31Y6fJwlwNMUj2TxON9Wjm1THBaD1JBBNnx7gUJuKczu3dt11oUMWrm_BCsMxDJyZB5Qn1U1wJBNz5qzwWlUB6iAtEHbpUC4yqNDU99kbQIJZLTvIrZpvU93IFozPzPl78U59q7YJ1s54glJTEg3KQBse0yro8Q5aZL5DGkXoFuHdtuo8Csj1jO_R44zETesIyhckA0lRIByAtU6GDx_sBqWG6B7CjTp392PPn6W3vJXvlfyHl7Iv8RJneyuABlLLnEPxiNjApbMpd9vkcDxzdZSbkTE29VK2V3SsMziuZfm97cnhGxGv5vKUQd-DONwx0i61HWTmSl1i2-2BDjGycpzZ3_x2uAh1MPVZLDsPhPrKKpopESc7JqPpau0BqMMR1aEKun7sTPTWDCzP9ImWYksoyxqALSv8GWAU4ZKRjjXsKeAmemrkYPVTxWuAHxf_Tvp5lZ-oPQy01n6S4VYr0UaeZaldnl0rN1QCxRZ9On-hSXnEVbGlmpkAa8qoa15n5Z1rHFlKcbAL1X72JdVsZmwEdLsfiC1bXYAgcJtIxIP1X_CnoCaHWi2OdlVmLoKPBzSMxRXU65ClaNPl6c7k_Ns_514wGT8o5owXBo8ayUNnN2VloKuwTLLd28fYKLpLkrWchDm0Dtp4QtA00gqACUE-NHjhIf9XVoXrlEhCmgJGsGixLMXgWu0DDVitjr0L6eNcOyTdm0TmDvNhcHk6y80xBxsXtiZMNLvyoRT-umbiP5fnG9S4hRFNZzUybhA8VYwhq9yS-TcjSkVTQ5ehv-Wk61Fv6EifwClp1gKq_ncVgCQm_i8QywcQb8x-HAoswewCCbC7Y9luj6SGiDtFcOyDlxn6cM24MMoYibSZgWZfVNWIut7-AMUgE4VKns1qtTFw00Nn2HP6Pe80hQemB&cid=CAASEuRodWJPNH7Hc4XZmkX2jjafYQ&rfl=1%2Chttps%253A%252F%252Fcommandwindows.com%252F%240

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

67f3a4b28e31f953258c27aa623611063c27076fd0201d00cf33ece8fa8219b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:46 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12791
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame C46C 42 B
63 B 42ms
39ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-ATc5yA58Mkx46y7TqO_pqjTPbo1IWvbPHerTv24grjiaZZf1ifRHhqzjqpAGTRJ0KXUkiLmm8CnjbZL-DBKM1_lgPW-bDR4CkPrz7M2kjZ5OGlfjA

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dvbs_src.js Show response
cdn.doubleverify.com/ Frame C46C 2 KB
2 KB 8ms
6ms Script
application/javascript 2a02:26f0:6c00:286::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=1828362&cmp=115845&plc=4229118&sid=18330&dvregion=0&unit=728x90&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&prr=1&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0iKzhj_xhc6k8YXtnjORMiG&DVP_DBM_1=3060631&DVP_DBM_2=11817075&DVP_DBM_3=32228384&DVP_DBM_4=322153383&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=17959379532&turl=https://commandwindows.com/&DVP_PP_BUNDLE_ID=
Requested by: Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:286::4469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 92f7a73eeec9544e6ba1cef5320b7ff1518bef5a5325a15d6d638e2996092b58

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 10 Jun 2021 17:54:46 GMT
Content-Encoding: gzip
Last-Modified: Thu, 10 Jun 2021 15:19:29 GMT
Server: Microsoft-IIS/10.0
ETag: "3947272c5ed71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 1338

GET
H/1.1 200
OK dvtp_src.js Show response
cdn.doubleverify.com/ Frame C46C 7 KB
3 KB 16ms
13ms Script
application/javascript 2a02:26f0:6c00:286::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvtp_src.js?ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&advid=3398311&adsrv=0&btreg=&btadsrv=&tagtype=&dvtagver=6.1.src&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0iKzhj_xhc6k8YXtnjORMiG&DVP_DBM_1=3060631&DVP_DBM_2=11817075&DVP_DBM_3=32228384&DVP_DBM_4=322153383&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=17959379532&turl=https://commandwindows.com/&DVP_PP_BUNDLE_ID=
Requested by: Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:286::4469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 7fd6685c64b8fc149daad29346247b5c8119e2ed193b0055389a91587a3ecc9c

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 10 Jun 2021 17:54:46 GMT
Content-Encoding: gzip
Last-Modified: Thu, 10 Jun 2021 14:40:30 GMT
Server: Microsoft-IIS/10.0
ETag: "0c36f8f65ed71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3122

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/ Frame C46C 2 KB
1 KB 8ms
5ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/window_focus_fy2019.js

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1ac43e9327c147dc04b1efcd475ba7e9d464e6504eaffb167d0412d339b39e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:53:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 69
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1316
x-xss-protection: 0
server: cafe
etag: 797314601362473214
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 24 Jun 2021 17:53:37 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C46C 122 KB
37 KB 16ms
14ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5e762276ffd20732a10037842bac383dc64a7b230ab1f48f2a0ff7406b8b9c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:46 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623263560240521"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37945
x-xss-protection: 0
expires: Thu, 10 Jun 2021 17:54:46 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/ Frame C46C 13 KB
6 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3a677da8f32851941b090ee6e9294757cba154033200b20231b2a4ca7f62a820

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 40
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5644
x-xss-protection: 0
server: cafe
etag: 16788636151609896382
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 24 Jun 2021 17:54:06 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame C46C 0
0 25ms
23ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQklPFcUOV_W0_KP27DLll2bUiLX-U_Upsc3v37piqYo-tRnK5OGZeWtfIYpQC_xZWdErsRfOmEhUzckCMgP0DH2e5Adw
Requested by: Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame B152
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGf6BkeUXtiaE5pVuHohtJo&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGf6BkeUXtiaE5pVuHohtJo&google_cver=1&C=1

43 B
1014 B

18ms
17ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGf6BkeUXtiaE5pVuHohtJo&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQw7j0ARin186ZATAB&v=APEucNW_m4addizt27IBaWlcdsgI9UR0aZ86WBsdwpKnwLFt-Mh2C-m58RoN8i8RHzdS-AnWC-t_sPc-vlkI0zTKlPW7bWSYhdRlyGHxsuXniRS14EgpYxg67ubhijVTgwX9gl0IjiiOnJxKz9H2ewB0cwyO022Hids-4e9iGP7wz7nxLiODaZs
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:46 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 10 Jun 2021 17:54:46 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:46 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGf6BkeUXtiaE5pVuHohtJo&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Thu, 10 Jun 2021 17:54:46 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame B152
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YMJR5vAKu3EekPhh0DwDugAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGf6BkeUXtiaE5pVuHohtJo&google_cver=1

43 B
894 B

17ms
15ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGf6BkeUXtiaE5pVuHohtJo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQw7j0ARin186ZATAB&v=APEucNW_m4addizt27IBaWlcdsgI9UR0aZ86WBsdwpKnwLFt-Mh2C-m58RoN8i8RHzdS-AnWC-t_sPc-vlkI0zTKlPW7bWSYhdRlyGHxsuXniRS14EgpYxg67ubhijVTgwX9gl0IjiiOnJxKz9H2ewB0cwyO022Hids-4e9iGP7wz7nxLiODaZs
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:46 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 10 Jun 2021 17:54:46 GMT

Redirect headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:46 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGf6BkeUXtiaE5pVuHohtJo&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame B152
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEC9da-R4Beprdx2SDs6K-Mc&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEC9da-R4Beprdx2SDs6K-Mc%26google_cver%3D1

43 B
1 KB

16ms
15ms

Image
image/gif

185.33.220.240
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEC9da-R4Beprdx2SDs6K-Mc%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQw7j0ARin186ZATAB&v=APEucNW_m4addizt27IBaWlcdsgI9UR0aZ86WBsdwpKnwLFt-Mh2C-m58RoN8i8RHzdS-AnWC-t_sPc-vlkI0zTKlPW7bWSYhdRlyGHxsuXniRS14EgpYxg67ubhijVTgwX9gl0IjiiOnJxKz9H2ewB0cwyO022Hids-4e9iGP7wz7nxLiODaZs

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.240 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

717.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:46 GMT
X-Proxy-Origin: 82.102.16.185; 82.102.16.185; 717.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.76:80
AN-X-Request-Uuid: bf3ce411-b76f-4ed6-81b8-cb9866f4f1b4
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:46 GMT
X-Proxy-Origin: 82.102.16.185; 82.102.16.185; 717.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.221.74:80
AN-X-Request-Uuid: 6d2300ce-c52c-4a37-a240-9d6912bd38e8
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEC9da-R4Beprdx2SDs6K-Mc%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame B152
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjA3ODYzOTI1ODc4Njg1NTk2

170 B
188 B

18ms
18ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjA3ODYzOTI1ODc4Njg1NTk2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:46 GMT
X-Proxy-Origin: 82.102.16.185; 82.102.16.185; 717.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.238:80
AN-X-Request-Uuid: 9099f5c1-5318-463a-84e3-4fd464a5b6dd
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjA3ODYzOTI1ODc4Njg1NTk2
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/ Frame C46C 22 KB
8 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A8vf_kb9SWN1IxAkRmVV2dOw_-sER2cw2gXFNX5AaTYUaez_UiRzzbf48g5kYp60JrPe8SIxePEbg6ofar-qH4a2cWDxnEGW58bdK9BQJtUq2qJZP0tiIe02CE4OD9vEYi9WQji4QrOVCA3uTG7wzarFEpWg&cry=1&dbm_d=AKAmf-ACDoy0GuCHNmQ5B1MekVTf2aqnbHSxk2oAubFNbdjiGeWJqNrHz18WzNFBNz4_YSlZd5tmwETbgVaG2MozO6wqS90woKCtL0_E4dhKUo_IkQphWLh_Z1FRgjd9L0KYPOSlKaavgY1MHb03zGizfVcd_hXACAIJcPqDg6EaFPjU0xC-MVFxfV-2v9yiIC96oA9Oi5h-CaMs08PFu4I7oAR6gTk5XFzhZ9p9IlyGVYEMtbnE7UHLxqpnzXBSt0jnw2hOop6Vm-FERqtgzoU7vfQL9yaCkF_z3IQtUcBuPk5q_CWcmfnFzr1ZcVLscRW2boKVAXyQaIHeh3YTX_dW1bFs_eO6W5EH6MvkWRjuc88DCOBnevdZSEDwVjRV4oXWvR3LP_Tp3H34b0bI2kQlNptCXkryNBI3aDeV48lGhqQavVDWpEuWjKEQDpLsM0h1XhAEauCVOdd_8MxkB9txMvPHqMgS9bCHq-oOtrgM7B56rl5jsVd0RDPtyCjwhgo2ButDW9H66oKgA9GrkI-dA3Vk39Bn_A_vlkAN86BQd-fBqm2V6YrNmtcdbkLxilqO_p3Z_pJcxiFoR2pTKEFotfVBd6lprvg1-snsdSN9KxR1Pl7tsgqPRBR7f1DLxDev2ihqueL5BWoSFKusgQyswnB0O1zMhfKGhuM6PmxM4FruRfu_en_SZbaE_3mqn0aEceGYL-ZdODgsCr8LNPjIcFHGp5Ab4DW4CV5pYjIQkiajEsuBxdLMa8E23GK_VrDq-prb8dfWEvpxa3nO4we3JFDLiLNyIdjU-m3XeMTM4REI1OqmrH2gQny31v2xZXwWr3LtAH9PO3fkvw0aZJr3y9WAstKI7J9iKxakjuibRcpVRGaMTQCZhpZfPZg5XHAfiDYu15nqRibllUkZk-7ZBE9YrCavphVqWL_29n_WgL4bUWV0Ma7AhwKpdQpNFqcAAzcMMy-FUuUw7pOhTtE2Bxd5zQ5CArONV3PhqjDZdfmuN4U5R6c70GLhUj_8839YewANa1ZoJjlAvJKjQeCQ-DlW_xx7iMDYAmY4bOs-nP2ftos4dVQuP5tyBMB0HV8CfRmcYBnYAIJvzaZaLKwfGXqU_sKHYTGHhJ9ynTLZ1Ij4L4kN-MhHNyYDjjBKGd5IYHlr5YSRxUyr0cxDv2fGsG5rLFvXtAiEP1YPbVXMU6LBXB2X6x4nciAhHS28vzj7QSp9QIob8n6P9WmUZTbnQ3EWrDsfjzJ3Wc-eo6v9ExA8M8sPL893lUbCetrvWqgEwqWwEsK7a76Tym-f-3oZIvUGllR-abk8l3LraNsxbQKWepD-g2fEYgNIWGl-2Ci1GG86V3ItREkBZq38WOFxTv_9GHf7qs8SSFnHeoTxccKCWbIROKMMNjwRW5kCwp-mSGHaCdQxigzjYE9GVjsepECfrEtWHqdpSalaJ7RjzFvRNExAS8Ol6Y9V5z4zGEnW8h4fVlEOyp5R_IQFbnoym5UM1WXClGbtBC_nq-NngcvXwcaOdAQAezc17nfZNdbqVPWQ-ztaKmgvtweCXpWrBaDj2UoKzrYEWbHg5P2Rzl9vKYmdkrVwaJ--sY-fuEGyiuS2vkPAbewKdDSymSsSv6Ri0OkDRY4_T3BUzn9-gr7KhWQIIBe3Z5sfoiR_kb9EMNJjIUIxUrpfGWWJ2oDJaMiNJ7gftnJcXmXYkTTBU_lWALACvpVDLVhbFyc8DSk9e5FRHs1NFbaiF89fxnYIykpuv8yNhMVG5JLOOD0LZ7k3kSMkHgtQAHozdoeZXr-wqlz9jlLF04KFZ9qpnZFlCpeTHjasGbJ6lsNmjF3bVkmCHcRwl24rg7_Zyb0zJS7MD2NrFFZ0vNt5mPXrxbJQpriKi4f3ihPTBwr_K4Z82xswTDVBbxNQgYF1UdUAzuu9aAdoTygIbT-HHb60FBOMUz0Wdluudsv6CMar7749bjktbkpOewjk1QJpcjkGh9EvmsRyy5uBdfbTN9WUO_XFZm9Sb71BP7S3_EdDxrfL-3cDdP8L3A8ymTC0IAnle4H3A9kbbpcmzszTc61pZuMY9oS3ELxlREzDVI9RKulugWclHUoNPX31Y6fJwlwNMUj2TxON9Wjm1THBaD1JBBNnx7gUJuKczu3dt11oUMWrm_BCsMxDJyZB5Qn1U1wJBNz5qzwWlUB6iAtEHbpUC4yqNDU99kbQIJZLTvIrZpvU93IFozPzPl78U59q7YJ1s54glJTEg3KQBse0yro8Q5aZL5DGkXoFuHdtuo8Csj1jO_R44zETesIyhckA0lRIByAtU6GDx_sBqWG6B7CjTp392PPn6W3vJXvlfyHl7Iv8RJneyuABlLLnEPxiNjApbMpd9vkcDxzdZSbkTE29VK2V3SsMziuZfm97cnhGxGv5vKUQd-DONwx0i61HWTmSl1i2-2BDjGycpzZ3_x2uAh1MPVZLDsPhPrKKpopESc7JqPpau0BqMMR1aEKun7sTPTWDCzP9ImWYksoyxqALSv8GWAU4ZKRjjXsKeAmemrkYPVTxWuAHxf_Tvp5lZ-oPQy01n6S4VYr0UaeZaldnl0rN1QCxRZ9On-hSXnEVbGlmpkAa8qoa15n5Z1rHFlKcbAL1X72JdVsZmwEdLsfiC1bXYAgcJtIxIP1X_CnoCaHWi2OdlVmLoKPBzSMxRXU65ClaNPl6c7k_Ns_514wGT8o5owXBo8ayUNnN2VloKuwTLLd28fYKLpLkrWchDm0Dtp4QtA00gqACUE-NHjhIf9XVoXrlEhCmgJGsGixLMXgWu0DDVitjr0L6eNcOyTdm0TmDvNhcHk6y80xBxsXtiZMNLvyoRT-umbiP5fnG9S4hRFNZzUybhA8VYwhq9yS-TcjSkVTQ5ehv-Wk61Fv6EifwClp1gKq_ncVgCQm_i8QywcQb8x-HAoswewCCbC7Y9luj6SGiDtFcOyDlxn6cM24MMoYibSZgWZfVNWIut7-AMUgE4VKns1qtTFw00Nn2HP6Pe80hQemB&cid=CAASEuRodWJPNH7Hc4XZmkX2jjafYQ&rfl=1%2Chttps%253A%252F%252Fcommandwindows.com%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cabbde8502a6598896a3c812c89ecd99ecfb3e9ca68f632c8c9b3f2a7f6e0046

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:47:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 434
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8601
x-xss-protection: 0
server: cafe
etag: 18280575870105241958
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 24 Jun 2021 17:47:32 GMT

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame C46C 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 12:32:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 19344
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 10 Jun 2022 12:32:22 GMT

GET
H/1.1 200
OK dvbs_src_internal93.js Show response
cdn.doubleverify.com/ Frame C46C 60 KB
19 KB 8ms
8ms Script
application/javascript 2a02:26f0:6c00:286::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src_internal93.js
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=1828362&cmp=115845&plc=4229118&sid=18330&dvregion=0&unit=728x90&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&prr=1&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0iKzhj_xhc6k8YXtnjORMiG&DVP_DBM_1=3060631&DVP_DBM_2=11817075&DVP_DBM_3=32228384&DVP_DBM_4=322153383&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=17959379532&turl=https://commandwindows.com/&DVP_PP_BUNDLE_ID=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:286::4469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: fef25a4facc1f38db8ba7713e4c0297b32f85f0cf50a8585d9b300ed03c9b5ef

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 10 Jun 2021 17:54:46 GMT
Content-Encoding: gzip
Last-Modified: Thu, 10 Jun 2021 15:19:46 GMT
Server: Microsoft-IIS/10.0
ETag: "0d5b8bc5ed71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=946080000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 19063

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame C9AC 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Thu, 10 Jun 2021 12:32:25 GMT
expires: Fri, 10 Jun 2022 12:32:25 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 19341
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK bst2tv3.html Show response
cdn3.doubleverify.com/ Frame 9D82 1 KB
1 KB 15ms
15ms Document
text/html 2a02:26f0:6c00:286::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn3.doubleverify.com/bst2tv3.html
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal93.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:286::4469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 86be5d6a3d661fd3d5d72f254a347dec5c66cad569117f51dad297acba02f558

Request headers

Host: cdn3.doubleverify.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/

Response headers

Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Tue, 02 Sep 2014 17:01:36 GMT
Accept-Ranges: bytes
ETag: "01818ecfc6cf1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Content-Length: 806
Cache-Control: max-age=25279
Date: Thu, 10 Jun 2021 17:54:46 GMT
Connection: keep-alive

GET
H/1.1 200
OK verify.js Show response
rtb0.doubleverify.com/ Frame C46C 2 KB
1 KB 11ms
11ms Script
text/javascript 213.254.244.17
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb0.doubleverify.com/verify.js?jsCallback=__verify_callback_789015431814&jsTagObjCallback=__tagObject_callback_789015431814&num=6&ctx=1828362&cmp=115845&plc=4229118&sid=18330&advid=&adsrv=&unit=728x90&isdvvid=&uid=789015431814&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&dvp_strhd=0.40&dvpx_strhd=0.40&brid=0&brver=&bridua=3&dup=null&turl=https://commandwindows.com/&srcurlD=0&ssl=1&refD=1&htmlmsging=1&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVP_PP_IMP_ID=ABAjH0iKzhj_xhc6k8YXtnjORMiG&DVP_DBM_1=3060631&DVP_DBM_2=11817075&DVP_DBM_3=32228384&DVP_DBM_4=322153383&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=17959379532&DVP_PP_BUNDLE_ID=&prr=1&m1=13&noc=16&fcifrms=14&brh=2&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=141&eparams=DC4FC%3Dl9EEADTbpTauTau4%40%3E%3E2%3F5H%3A%3F5%40HD%5D4%40%3ETauU2%3F4r92%3A%3Fl9EEADTbpTauTau4%40%3E%3E2%3F5H%3A%3F5%40HD%5D4%40%3ETar9EEADTbpTauTauhff2cha2aga_b6_43%60hd_f4%60%60cg22h5h%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3E&dvp_exetime=8.50
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal93.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.17 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 585bc93b4f17ba9642ff92432351d17e07e8c083c42e13dc995bae0e73546792

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
X-DV-Response: 1
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
Date: Thu, 10 Jun 2021 17:54:45 GMT
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: max-age=0
Transfer-Encoding: chunked
Expires: 6/9/2021 5:54:46 PM

GET
H/1.1 200
OK dv-match6.js Show response
cdn.doubleverify.com/ Frame 20FB 4 KB
2 KB 7ms
7ms Script
application/javascript 2a02:26f0:6c00:286::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dv-match6.js
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:286::4469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: d03755898b05a3d69377bf7da16ccb307e789a0f569b4dbbcb7b29bdecf967c5

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 10 Jun 2021 17:54:46 GMT
Content-Encoding: gzip
Last-Modified: Sun, 11 Mar 2018 04:45:12 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "03c84bdf3b8d31:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=24359
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1935

GET
H3-29 200 tE64XG1cXAHgdRZqLuUmMLCyOuQ9s7LE_kL_xOEQzyo.js Show response
pagead2.googlesyndication.com/bg/ Frame C9AC 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/tE64XG1cXAHgdRZqLuUmMLCyOuQ9s7LE_kL_xOEQzyo.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b44eb85c6d5c5c01e075166a2ee52630b0b23ae43db3b2c4fe42ffc4e110cf2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 00:54:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61217
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5784
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 10 Jun 2022 00:54:29 GMT

GET
H3-29 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame C46C 8 KB
4 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal93.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7c1022dbae2ac5b2997f6e92f1f25907b053736a52aa40753fb44fcf4760370

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:32:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1342
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3796
x-xss-protection: 0
last-modified: Mon, 07 Jun 2021 18:22:56 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Thu, 10 Jun 2021 18:32:24 GMT

GET
H/1.1 200
OK bsevent.gif
tps20513.doubleverify.com/ Frame C46C 807 B
1 KB 25ms
8ms Image
image/gif 213.254.244.17
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tps20513.doubleverify.com/bsevent.gif?impid=ab5987b9d33748e48afdca3adccd13d6&dvp_or2=1&cbust=1623347686252668
Requested by: Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.17 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 78fdf5abc0ba7951eb52c6d66c9d1a9f8766f4d1c60ca05173c26623de3f3416

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:45 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Content-Type: image/gif
Cache-Control: max-age=0
Content-Length: 860
Expires: 6/9/2021 5:54:46 PM

GET
H3-29 200 impl_v75.js Show response
www.googletagservices.com/dcm/ Frame C46C 37 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v75.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7529b11940f8a77767d97b70e5392487b7fffeb7bcd408da18bdc71665a81d41

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 12:32:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 19342
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15538
x-xss-protection: 0
last-modified: Fri, 04 Jun 2021 19:52:24 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 10 Jun 2022 12:32:24 GMT

GET
H3-29 200 B10224936.280246103;dc_ver=75.217;sz=728x90;u_sd=1;dc_adk=951844255;ord=2i95cb;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=1,https%3A%2F%2Fcommandwindows.com%2F$0;xdt=1;cr... Show response
ad.doubleclick.net/ddm/adj/N1395.150740DOUBLEVERIFY/ Frame C46C 34 KB
17 KB 39ms
38ms Script
text/javascript 142.250.185.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N1395.150740DOUBLEVERIFY/B10224936.280246103;dc_ver=75.217;sz=728x90;u_sd=1;dc_adk=951844255;ord=2i95cb;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=1,https%3A%2F%2Fcommandwindows.com%2F$0;xdt=1;crlt=DxSfoxu)Hb;osda=2;sttr=24;prcl=s

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v75.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f6.1e100.net

Software

cafe /

Resource Hash

0e7b9ee2f39a132f4327dc6d693699e292746f6f54735f6bf5b6e7b26aa0eceb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:46 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17544
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 greenoaks.gif Show response
commandwindows.com/detroitchicago/ 0
19 B 9ms
9ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJkZDNkODM3NS00MWQxLTQwNjYtNGE5Zi1hZDU3NzlkNzQ4NTciLCJkb21haW5faWQiOiIxNDYiLCJ0X2Vwb2NoIjoxNjIzMzQ3Njc2LCJkYXRhIjpbeyJuYW1lIjoiZGlzcGxheV9hZF92aWV3cG9ydF9weCIsInZhbCI6IjAifSx7Im5hbWUiOiJkaXNwbGF5X2FkX3ZpZXdwb3J0X2NvdW50IiwidmFsIjoiMCJ9LHsibmFtZSI6Im5hdGl2ZV9hZF92aWV3cG9ydF9weCIsInZhbCI6IjAifSx7Im5hbWUiOiJuYXRpdmVfYWRfdmlld3BvcnRfY291bnQiLCJ2YWwiOiIwIn0seyJuYW1lIjoiZGlzcGxheV9hZF9kb2NfcHgiLCJ2YWwiOiJOYU4ifSx7Im5hbWUiOiJkaXNwbGF5X2FkX2RvY19jb3VudCIsInZhbCI6IjUifSx7Im5hbWUiOiJuYXRpdmVfYWRfZG9jX3B4IiwidmFsIjoiMCJ9LHsibmFtZSI6Im5hdGl2ZV9hZF9kb2NfY291bnQiLCJ2YWwiOiIwIn0seyJuYW1lIjoidmlld3BvcnRfc2l6ZSIsInZhbCI6IjE2MDB4MTIwMCJ9LHsibmFtZSI6InZpZXdwb3J0X3B4IiwidmFsIjoiMTkyMDAwMCJ9LHsibmFtZSI6ImRvY19weCIsInZhbCI6IjQyNjg4MDAifSx7Im5hbWUiOiJkb2NfaGVpZ2h0IiwidmFsIjoiMjY2OCJ9XX1d
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJkZDNkODM3NS00MWQxLTQwNjYtNGE5Zi1hZDU3NzlkNzQ4NTciLCJkb21haW5faWQiOiIxNDYiLCJ0X2Vwb2NoIjoxNjIzMzQ3Njc2LCJkYXRhIjpbeyJuYW1lIjoiZGlzcGxheV9hZF92aWV3cG9ydF9weCIsInZhbCI6IjAifSx7Im5hbWUiOiJkaXNwbGF5X2FkX3ZpZXdwb3J0X2NvdW50IiwidmFsIjoiMCJ9LHsibmFtZSI6Im5hdGl2ZV9hZF92aWV3cG9ydF9weCIsInZhbCI6IjAifSx7Im5hbWUiOiJuYXRpdmVfYWRfdmlld3BvcnRfY291bnQiLCJ2YWwiOiIwIn0seyJuYW1lIjoiZGlzcGxheV9hZF9kb2NfcHgiLCJ2YWwiOiJOYU4ifSx7Im5hbWUiOiJkaXNwbGF5X2FkX2RvY19jb3VudCIsInZhbCI6IjUifSx7Im5hbWUiOiJuYXRpdmVfYWRfZG9jX3B4IiwidmFsIjoiMCJ9LHsibmFtZSI6Im5hdGl2ZV9hZF9kb2NfY291bnQiLCJ2YWwiOiIwIn0seyJuYW1lIjoidmlld3BvcnRfc2l6ZSIsInZhbCI6IjE2MDB4MTIwMCJ9LHsibmFtZSI6InZpZXdwb3J0X3B4IiwidmFsIjoiMTkyMDAwMCJ9LHsibmFtZSI6ImRvY19weCIsInZhbCI6IjQyNjg4MDAifSx7Im5hbWUiOiJkb2NfaGVpZ2h0IiwidmFsIjoiMjY2OCJ9XX1d
pragma: no-cache
cookie: __gads=ID=6a5e9a182245cfd9:T=1623347685:S=ALNI_MYFdL4wXsmzA-ppAMNLzrExIi82Mg; ezepvvr=NaN; ezouspvv=80; ezouspva=1; ezouspvh=80
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:46 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 09 Jun 2021 17:54:46 UTC

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/elements/html/ Frame C46C 8 KB
3 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N1395.150740DOUBLEVERIFY/B10224936.280246103;dc_ver=75.217;sz=728x90;u_sd=1;dc_adk=951844255;ord=2i95cb;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=1,https%3A%2F%2Fcommandwindows.com%2F$0;xdt=1;crlt=DxSfoxu)Hb;osda=2;sttr=24;prcl=s

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 35
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 24 Jun 2021 17:54:11 GMT

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame C46C 0
23 B 42ms
41ms Ping
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvquzF3sjsbTQGqo83U6z8qRoZi5psVxJbDtNuww0wRmy5FDYCsdRcpAUA8_SEzggJccJOd7U8FdqoARCgfpnEeNGsIUH23O_wf6yJlYO3V3lYvndtMe8NvoOgWYsEvDWjgLnu0Oj-xJBHhNaWm&sig=Cg0ArKJSzKCLImEpkbwxEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20210607.56372&adurl=

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 17:54:46 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1 200
OK dvtp_src.js Show response
cdn.doubleverify.com/ Frame C46C 7 KB
3 KB 8ms
7ms Script
application/javascript 2a02:26f0:6c00:286::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvtp_src.js?ctx=13311291&cmp=10224936&sid=2641434&plc=280246103&num=&adid=&advid=2276943&adsrv=1&btreg=315865137&btadsrv=doubleclick&crt=117573815&crtname=&chnl=&unit=&pid=&uid=&tagtype=&dvtagver=6.1.src
Requested by: Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N1395.150740DOUBLEVERIFY/B10224936.280246103;dc_ver=75.217;sz=728x90;u_sd=1;dc_adk=951844255;ord=2i95cb;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=1,https%3A%2F%2Fcommandwindows.com%2F$0;xdt=1;crlt=DxSfoxu)Hb;osda=2;sttr=24;prcl=s
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:286::4469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 7fd6685c64b8fc149daad29346247b5c8119e2ed193b0055389a91587a3ecc9c

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 10 Jun 2021 17:54:46 GMT
Content-Encoding: gzip
Last-Modified: Thu, 10 Jun 2021 14:40:30 GMT
Server: Microsoft-IIS/10.0
ETag: "0c36f8f65ed71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3122

GET
H3-29 200 adc_hun_EndHungerStory_728x90_Evergreen.jpg
s0.2mdn.net/2276943/ Frame C46C 46 KB
46 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/2276943/adc_hun_EndHungerStory_728x90_Evergreen.jpg

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

780849559953abc98981f7964d063930d1b9cdf5f9aff09e60bd64cc2d9de59a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 09 Jun 2021 18:25:15 GMT
x-content-type-options: nosniff
last-modified: Wed, 12 Jun 2019 18:23:23 GMT
server: sffe
age: 84571
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47415
x-xss-protection: 0
expires: Thu, 10 Jun 2021 18:25:15 GMT

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 2767 22 KB
8 KB 7ms
7ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Thu, 10 Jun 2021 12:32:25 GMT
expires: Fri, 10 Jun 2022 12:32:25 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 19341
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 container.html Show response
977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame CF70 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://commandwindows.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://commandwindows.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Thu, 10 Jun 2021 17:54:38 GMT
expires: Fri, 10 Jun 2022 17:54:38 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK dv-measurements1425.js Show response
cdn.doubleverify.com/ Frame 5F4A 483 KB
87 KB 9ms
8ms Script
application/javascript 2a02:26f0:6c00:286::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dv-measurements1425.js
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:286::4469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 094faff6efb2d3db27fe3db9d6b6f5c9bb6788b8c159fb26c62a20e1c8651092

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 10 Jun 2021 17:54:46 GMT
Content-Encoding: gzip
Last-Modified: Thu, 10 Jun 2021 06:18:49 GMT
Server: Microsoft-IIS/10.0
ETag: "80aad779c05dd71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=946080900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 88494

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame DF47 1 KB
749 B 6ms
6ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 10 Jun 2021 05:40:48 GMT
expires: Fri, 11 Jun 2021 05:40:48 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 44038
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame C46C 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 340922323430212ea96bbb15bd2590856062b7937adbdc35a500490a296b370a

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 army.gif Show response
commandwindows.com/porpoiseant/ 0
19 B 9ms
7ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTA0NjY0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1iYW5uZXItMi0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMzEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ5NDgyLCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoicmVmcmVzaF9jb3VudCIsInZhbCI6IjYifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjEwNDY2NDgiLCJkb21haW5faWQiOiIxNDYiLCJ1bml0IjoiZGl2LWdwdC1hZC1jb21tYW5kd2luZG93c19jb20tYmFubmVyLTItMCIsInRfZXBvY2giOjE2MjMzNDc2NzYsImFkX3Bvc2l0aW9uIjoxMDMxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImRkM2Q4Mzc1LTQxZDEtNDA2Ni00YTlmLWFkNTc3OWQ3NDg1NyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk2Nzg0OTQ4MiwiY3JlYXRpdmVfaWQiOjEzODI1Nzg1MjUxMiwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9iaWRfaGFzaCIsInZhbCI6IjY2NjAyOWVlOGIzZmM3ZDEzOWUzNDQzODUyN2RjMDJmLDU0ZDBmYTZkNWY2YWFiZTc2MjNjYjI0ZmFhNDJhNDQxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxMDQ2NjQ4IiwiZG9tYWluX2lkIjoiMTQ2IiwidW5pdCI6ImRpdi1ncHQtYWQtY29tbWFuZHdpbmRvd3NfY29tLWJhbm5lci0yLTAiLCJ0X2Vwb2NoIjoxNjIzMzQ3Njc2LCJyZXZlbnVlIjowLCJlc3RfcmV2ZW51ZSI6MC4wMDAzLCJhZF9wb3NpdGlvbiI6MTAzMSwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwMywiYmlkX2Zsb29yX3ByZXYiOjAuMDAwOSwic3RhdF9zb3VyY2VfaWQiOjM1LCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ5NDgyLCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoibG9hZGVkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTA0NjY0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1iYW5uZXItMi0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMzEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ5NDgyLCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoiY3JlYXRpdmVfaWQiLCJ2YWwiOiIxMzgyNTc4NTI1MTIifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjEwNDY2NDgiLCJkb21haW5faWQiOiIxNDYiLCJ1bml0IjoiZGl2LWdwdC1hZC1jb21tYW5kd2luZG93c19jb20tYmFubmVyLTItMCIsInRfZXBvY2giOjE2MjMzNDc2NzYsImFkX3Bvc2l0aW9uIjoxMDMxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImRkM2Q4Mzc1LTQxZDEtNDA2Ni00YTlmLWFkNTc3OWQ3NDg1NyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk2Nzg0OTQ4MiwiY3JlYXRpdmVfaWQiOjEzODI1Nzg1MjUxMiwiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiNDk2Nzg0OTQ4MiJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTA0NjY0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1iYW5uZXItMi0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMzEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ5NDgyLCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoicmVmcmVzaF9jb3VudCIsInZhbCI6IjYifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjEwNDY2NDgiLCJkb21haW5faWQiOiIxNDYiLCJ1bml0IjoiZGl2LWdwdC1hZC1jb21tYW5kd2luZG93c19jb20tYmFubmVyLTItMCIsInRfZXBvY2giOjE2MjMzNDc2NzYsImFkX3Bvc2l0aW9uIjoxMDMxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImRkM2Q4Mzc1LTQxZDEtNDA2Ni00YTlmLWFkNTc3OWQ3NDg1NyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk2Nzg0OTQ4MiwiY3JlYXRpdmVfaWQiOjEzODI1Nzg1MjUxMiwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9iaWRfaGFzaCIsInZhbCI6IjY2NjAyOWVlOGIzZmM3ZDEzOWUzNDQzODUyN2RjMDJmLDU0ZDBmYTZkNWY2YWFiZTc2MjNjYjI0ZmFhNDJhNDQxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxMDQ2NjQ4IiwiZG9tYWluX2lkIjoiMTQ2IiwidW5pdCI6ImRpdi1ncHQtYWQtY29tbWFuZHdpbmRvd3NfY29tLWJhbm5lci0yLTAiLCJ0X2Vwb2NoIjoxNjIzMzQ3Njc2LCJyZXZlbnVlIjowLCJlc3RfcmV2ZW51ZSI6MC4wMDAzLCJhZF9wb3NpdGlvbiI6MTAzMSwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwMywiYmlkX2Zsb29yX3ByZXYiOjAuMDAwOSwic3RhdF9zb3VyY2VfaWQiOjM1LCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ5NDgyLCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoibG9hZGVkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTA0NjY0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1iYW5uZXItMi0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMzEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ5NDgyLCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoiY3JlYXRpdmVfaWQiLCJ2YWwiOiIxMzgyNTc4NTI1MTIifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjEwNDY2NDgiLCJkb21haW5faWQiOiIxNDYiLCJ1bml0IjoiZGl2LWdwdC1hZC1jb21tYW5kd2luZG93c19jb20tYmFubmVyLTItMCIsInRfZXBvY2giOjE2MjMzNDc2NzYsImFkX3Bvc2l0aW9uIjoxMDMxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImRkM2Q4Mzc1LTQxZDEtNDA2Ni00YTlmLWFkNTc3OWQ3NDg1NyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk2Nzg0OTQ4MiwiY3JlYXRpdmVfaWQiOjEzODI1Nzg1MjUxMiwiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiNDk2Nzg0OTQ4MiJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
pragma: no-cache
cookie: __gads=ID=6a5e9a182245cfd9:T=1623347685:S=ALNI_MYFdL4wXsmzA-ppAMNLzrExIi82Mg; ezepvvr=NaN; ezouspvh=80; ezouspvv=110; ezouspva=2
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:46 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 09 Jun 2021 17:54:46 UTC

GET
H2 200 4967849482 Show response
g.ezoic.net/dac/ 0
17 B 11ms
9ms XHR
text/plain 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/4967849482
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 10 Jun 2021 17:54:46 GMT
cache-control: max-age=3600, public
server: nginx/1.16.0
content-length: 0
vary: Accept-Encoding
content-type: text/plain

GET
H2 200 army.gif Show response
commandwindows.com/porpoiseant/ 0
19 B 9ms
7ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTA0NjY0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1iYW5uZXItMi0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMzEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ5NDgyLCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoidF9sb2NhbF9kYXRlIiwidmFsIjoiMjAyMS0wNi0xMCJ9LHsibmFtZSI6InRfbG9jYWxfaG91ciIsInZhbCI6IjE5In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjQifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTEyMCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTA0NjY0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1iYW5uZXItMi0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMzEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ5NDgyLCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoidF9sb2NhbF9kYXRlIiwidmFsIjoiMjAyMS0wNi0xMCJ9LHsibmFtZSI6InRfbG9jYWxfaG91ciIsInZhbCI6IjE5In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjQifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTEyMCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
pragma: no-cache
cookie: __gads=ID=6a5e9a182245cfd9:T=1623347685:S=ALNI_MYFdL4wXsmzA-ppAMNLzrExIi82Mg; ezepvvr=NaN; ezouspvh=80; ezouspvv=110; ezouspva=2
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:46 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 09 Jun 2021 17:54:46 UTC

GET
H2 200 army.gif Show response
commandwindows.com/porpoiseant/ 0
19 B 10ms
8ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMTA0NjY0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1iYW5uZXItMi0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYXVjdGlvbl9lcG9jaCI6MTYyMzM0NzY4NiwiYWRfcG9zaXRpb24iOjEwMzEsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiJkZDNkODM3NS00MWQxLTQwNjYtNGE5Zi1hZDU3NzlkNzQ4NTciLCJiaWRfZmxvb3JfaW5pdGlhbCI6OTUwLCJiaWRfZmxvb3JfcHJldiI6OTAsImJpZF9mbG9vcl9maWxsZWQiOjMwLCJhdWN0aW9uX2NvdW50Ijo2LCJyZWZyZXNoX2FkX2NvdW50IjowLCJhdWN0aW9uX2R1cmF0aW9uIjo3MDksIm11bHRpX2FkX3VuaXQiOjAsIm11bHRpX2FkX2NvdW50IjowLCJuZXR3b3JrX2NvZGUiOjEwNDQxODU0OCwiZGF0YSI6W3sibmFtZSI6IiIsInZhbCI6IiJ9XSwibGluZV9pdGVtX2lkIjo0OTY3ODQ5NDgyfV0=
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMTA0NjY0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1iYW5uZXItMi0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYXVjdGlvbl9lcG9jaCI6MTYyMzM0NzY4NiwiYWRfcG9zaXRpb24iOjEwMzEsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiJkZDNkODM3NS00MWQxLTQwNjYtNGE5Zi1hZDU3NzlkNzQ4NTciLCJiaWRfZmxvb3JfaW5pdGlhbCI6OTUwLCJiaWRfZmxvb3JfcHJldiI6OTAsImJpZF9mbG9vcl9maWxsZWQiOjMwLCJhdWN0aW9uX2NvdW50Ijo2LCJyZWZyZXNoX2FkX2NvdW50IjowLCJhdWN0aW9uX2R1cmF0aW9uIjo3MDksIm11bHRpX2FkX3VuaXQiOjAsIm11bHRpX2FkX2NvdW50IjowLCJuZXR3b3JrX2NvZGUiOjEwNDQxODU0OCwiZGF0YSI6W3sibmFtZSI6IiIsInZhbCI6IiJ9XSwibGluZV9pdGVtX2lkIjo0OTY3ODQ5NDgyfV0=
pragma: no-cache
cookie: __gads=ID=6a5e9a182245cfd9:T=1623347685:S=ALNI_MYFdL4wXsmzA-ppAMNLzrExIi82Mg; ezepvvr=NaN; ezouspvh=80; ezouspvv=110; ezouspva=2
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:46 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 09 Jun 2021 17:54:45 UTC

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame C46C 0
23 B 45ms
44ms Ping
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 17:54:46 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1 200
OK dv-measurements1425.js Show response
cdn.doubleverify.com/ Frame 52EF 483 KB
87 KB 7ms
6ms Script
application/javascript 2a02:26f0:6c00:286::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dv-measurements1425.js
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:286::4469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 094faff6efb2d3db27fe3db9d6b6f5c9bb6788b8c159fb26c62a20e1c8651092

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 10 Jun 2021 17:54:46 GMT
Content-Encoding: gzip
Last-Modified: Thu, 10 Jun 2021 06:18:49 GMT
Server: Microsoft-IIS/10.0
ETag: "80aad779c05dd71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=946080900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 88494

POST
H/1.1 200
OK event.png
tps20227.doubleverify.com/ Frame 4204 67 B
491 B 27ms
7ms Ping
image/png 213.254.244.17
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to

Full URL: https://tps20227.doubleverify.com/event.png?impid=b76afaa78b3b4b18a774f151832b8a49&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&dvp_t1stMsgD=77&vdur=31&eoid=5&msrjs=1425&pltfrm=Linux%20x86_64&isvelg=1&vit=2&engms=1&engisel=1&cbust=1623347686494843
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1425.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.17 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: ebf4f635a17d10d6eb46ba680b70142419aa3220f228001a036d311a22ee9d2a

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:46 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Content-Type: image/png
Access-Control-Allow-Origin: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Content-Length: 98
Expires: 6/9/2021 5:54:46 PM

POST
H/1.1 200
OK event.png
tps20222.doubleverify.com/ Frame 0EAE 67 B
491 B 27ms
8ms Ping
image/png 213.254.244.17
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to

Full URL: https://tps20222.doubleverify.com/event.png?impid=5051b7d51cb24859b21a6a912adb3673&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&dvp_t1stMsgD=15&vdur=14&eoid=5&msrjs=1425&pltfrm=Linux%20x86_64&isvelg=1&vit=2&engms=1&engisel=1&cbust=1623347686494561
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1425.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.17 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: ebf4f635a17d10d6eb46ba680b70142419aa3220f228001a036d311a22ee9d2a

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:45 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Content-Type: image/png
Access-Control-Allow-Origin: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Content-Length: 98
Expires: 6/9/2021 5:54:46 PM

GET
H/1.1 200
OK visit.js Show response
tps.doubleverify.com/ Frame 5F4A 3 KB
1 KB 15ms
15ms Script
text/javascript 213.254.244.17
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to

Full URL: https://tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&brid=97&bridua=3&bds=1&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau4%40%3E%3E2%3F5H%3A%3F5%40HD%5D4%40%3ETauU2%3F4r92%3A%3Fl9EEADTbpTauTau4%40%3E%3E2%3F5H%3A%3F5%40HD%5D4%40%3ETar9EEADTbpTauTauhff2cha2aga_b6_43%60hd_f4%60%60cg22h5h%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3E&srcurlD=0&aUrlD=0&ssl=https:&dfs=204&ddur=9&uid=1623347686504225&jsCallback=dvCallback_1623347686504565&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F89.0.4389.72%20Safari%2F537.36&htmlmsging=1&chro=0&hist=2&winh=90&winw=728&wouh=1200&wouw=1600&scah=1200&scaw=1600&jsver=1425&tgjsver=1425&lvvn=28&m1=13&refD=1&referrer=https%3A%2F%2F977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&fcifrms=15&brh=2&dvp_epl=247&noc=16&ctx=3397726&cmp=3398513&sid=pp3&plc=33985131&adsrv=0&advid=3398311&turl=https://commandwindows.com/&errorURL=https://tps.doubleverify.com/visit.jpg&DVP_PROG_REP=1&DVP_DV_TT=1&DVP_PP_ID=3&DVP_DV_CT=1&DVPX_PP_IMP_ID=ABAjH0iKzhj_xhc6k8YXtnjORMiG&DVP_DBM_1=3060631&DVP_DBM_2=11817075&DVP_DBM_3=32228384&DVP_DBM_4=322153383&DVP_DBM_5=1&DVP_DBM_6=1&DVP_DBM_7=17959379532&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_tcnt=2&dvp_sukv=97680127.74066278&dvp_tukv=1210849388258.093&dvp_uuid=203665074207.30334&dvp_strhd=0.29999542236328125&dvpx_strhd=0.29999542236328125&dvp_tuid=1385764217953&dvp_vcms=9&dvp_slmsd=72&dvp_vcmsd=81
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1425.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.17 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: ddb331f9167b5261f5b344042627aa9c95729f065b5d297b0360569d882342f2

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:45 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: max-age=0
Transfer-Encoding: chunked
Expires: 6/9/2021 5:54:46 PM

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 8AD4 640 B
316 B 18ms
18ms Document
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COD5IRCYs44CGIDB8KwBMAE&v=APEucNVQ3C0u2X9qhY1Xe8xSW1BWbHZYr_PfE707jOkCIwFf4ixgHROfmQojwVujTLDzM0mPNzQhOT0sMlWE5aFYrx_fBApkWfOLNCEO2pD7sqs71t5UW5Xu-2CrUIHNSgqBRmdb_GpJjNRy7iYeMEfvTjrx-6v1cdq79nbSGKbuS5hp8GyjLqA

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=COD5IRCYs44CGIDB8KwBMAE&v=APEucNVQ3C0u2X9qhY1Xe8xSW1BWbHZYr_PfE707jOkCIwFf4ixgHROfmQojwVujTLDzM0mPNzQhOT0sMlWE5aFYrx_fBApkWfOLNCEO2pD7sqs71t5UW5Xu-2CrUIHNSgqBRmdb_GpJjNRy7iYeMEfvTjrx-6v1cdq79nbSGKbuS5hp8GyjLqA
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmV3akDVSqTajdcqcSE7STArhSZ9KKNckPkyc_OTHMTdzGM4JOrvALlC5k8O_c
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Thu, 10 Jun 2021 17:54:46 GMT
server: cafe
cache-control: private
content-length: 295
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame CF70 58 KB
24 KB 42ms
40ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C5b7hwLCT-n0fMib-sUMTCQhytpq6SARVTfsrs7koRaxcA3NTjHmnpXXnzBnpoL8e6MYQ4oa1mubpFHVt_wyx3IadlChfrhg-iIBomPyv6l6dHSVtdgGd3vUr86d09En_CWMN4joydnhVzf9tldmF50_BIiw&dbm_d=AKAmf-ACy2cXPLXINADCjUxRXNzrS-5oRjXd6mS1_xRRd8TR1fmMw-hHaLAFB2iC6rdx0ySybu3UJD2qBCdqSVY-aIQR5d1Codpwfn05NwfRTvkWbb2ytDZiVRjWTGLR2SYzDRdZuxVzA3gixDD93ZtRbi_yvzeXIDOV17mnDEyQpz1wq0udDjkviPtgv-FnzLBdWIeat0YDoiqkmEugLySookfke4kM4NLd6prx2CQNa7B4q88WcLY4h9-4FQrxlfavHaKPzTNWHwQjiCKRYPFwfVgQnXCsd8Y_fG2bjRxyPS5EexqPifPvxseoP8ZV6OeEnmnm5GVsgb5fXYnnTj7LWRavi_HS1D5osZ6LXvTpCJ9ENpIwiiSliwZLBSHPyG32KhtHmrCBqdIVdUu3q101orEcS9WjbY21Cy3fzs4eZ78fyec2BJM2SepwlC54R-rhjPw2W5kRXAHuOhjxKAalqk96Ex9tzU3N3idKX_6mU2HdlMwWPoilmXY_JkYsUrupdqKEKKjgAvTyx4JabkUWOZCF0cOPRiNgM2MdPm1mjgwWKGbCC5I92zZctBtp_03WLgC29C6iwBl72ho9VwcnOL_2giJ8vSIHJ0wrkNuX_M25HWiGjtZxr3rtKJ1WpPp6VYABbiJkjaFlS8CJK6GzZ7YcNPTpoL3JLZ1bHPyYTLyKuz5ZMRnlFsXedn3uulIs4XB3ckpKDYeAsbUhJLr21q2CGcUqvn2WwWWQHPEGpxYfKLSUQM8xzhR7EGTlcU3dxiPz-DJ6PWMsaunOgB-5w5UK1BbnQDCAeNTwMYot7Yd4orSahd0zdXR-M9zQuBuvIzl1TsCrWq2eXqFs13lyEVRQIz4RdrxqilcTn6pc_YvzQ_IU6M6Be_evxKaXrc0-1DxpcGSFpvojDLw0nCfOGsC4IK9tNlNmV68QIQFSTFvnf4oR1w-LbLmmo4O9vy1bxnQGeOdAqMBc0GKYsFrnofUBggd6L7o6XY8AGRCiZMvMxZEgoVFcYG2Rs9m_7bzoj6WSFqnJXbo91uZF_5k9nBxIMf4j-oCxpe8u1cy5fKkmmdqXTsCzc8rFySru0ZATYTjlvkTwge5ibf_bdlgwg7LDQuxIhf1KUjMWnQ2PHHzI4l1hvtWN9Ec3m8DPL4CwOmfGX2M_NzWUZPdn1uzh1g03aTjynCdf4AgiT5PEo8pllZvphq33A8FajW-DL6ZyPPVKuhJkfcoq-jYXoqWclnv3qXPr4QmAH7Jga-W-qsQukLi_WbYnyidi3hUocLpcyuu3gUsar_vkgDqAsxiW9ceyrZjqUOmQItAAUTrBaRT3AGsRyHTpefaILaWvJhFKcKcq1sxpG0ITf2AbIEg_vUUoNzEPp2txdgn32AyN7ftdIzMX5VtYuNtddL47iNRfukQUkqnxNChtQMSYWPc-LIg0z8zgsId1XoUlInhCSRnYVrNUt7oZLimXgQqdIDLJPHwlzZccpiDdjsEOkcnVW3Ap5nWJaVAC_WYHQ2r6Qoze25C0yRcZ1motZSsXQQgV0gF87pdXfrtae61ZsYfUq58N7rBxuFeILElAgPKxCHPo6e8rctuHQXkeU61n0-B2XpKokmEDNqUTkR-8A-cz1Yzm5ho4K_NwnhliwDyeJsG86esZ__ow_HUMuhlhI-x5Xk0qx3JCqyJX6hq2x35Zzn9yD7te6HzI2SDHb7nSYba5w5FFlxzK2VwsWSMIaOA-prk-WA-Wxhq2XBAOMW5p3YDqcz6xLQO6aO4vCDrnfT-tKVEHG9KDW_WUQN8SXgsaruBxgO1LGHpbB2SfO8JD54B0J0c8tr_32dxuDcRNDM7Frw_-pTbRYtIgBe5GXwsa3aKk0_NRLd37G0ag3_wAWfT77hCVWb_0kq6Z-j7tZ4_hQVHTZAQ15prU-94vplEA0hR7_ZeToau2SXYG6oy6nPHzy7vuF7fIoXBo8kPglLbHbsLoWgqPND8YqKyW7FQzwXCZzOCQYbf3f05PwJ6sAAVIbimFkIhrz3PdGwKpZxpWSdjxpU87K1b78JN_AN8i1MuiI9eBNncRAB4YXmhi1MRwkwWgntwAabpEG2uplf3G3W8YdlqpqkLq11y9VngbCd8wnNvivMaEwlaVvLDGZay4vjV7yJpwEdXd2-jg1KyyxXBS-ysrO-MIn7LqMw4Rpb7GMmkz8gE4mS35cps506oTp_FlX-C9z7v9UJFChHofcZFWYgy53dmf5qKnVgdbd0WRwmBhjt-Tn4nnDLdL2yBgW5i-I5aNhNgrHDmnfGRaqhhPWG34q_LlwdIZA6ZPvUM8LTTI6vyATQcLI4JCmA_jDb3PKr3orlSOI5RloHl7rZb-pBaL2NZdm6ht0Ci1m8SctdWCGJn7CjCQeOAYUvQ73pCytz70Na2iaDISZGovRjmF6SUd7ctXFWIf8qSpXKnWCOUfH-eTiaXeyqNZaxdDy4IOKE7ZiyJ76b03RJZXL26TTgNaurSy0RfHox7LXLLUCyFzKEpr8ArXcjgCDMatKZ0w9l6WgCObsILme14hTzd8qtome7as9WHgwW8DhFhvC3BLj4VrozJ2pOFWtxw0U6QoZvykzj9y0HZY5GmN5ltj49xO89k7sFlDq0GJxrKff-RzIFn618la0YjhTnIQqW4TwimiXj_KEndzwk6X2Ckduqj3ZaYAs0RgCuHMnwv5A05alvCwoHKHdrq10k0j3dWsThSogTNYhzpsIWPOu0p4ZnMsICQB-uq6nQgPXjmzAp-kY5WTo0FpBsYiD5vkJ-M96EEe0EOePwcazGQJvPn765eJwj0sguQf70iUPhi22SCinKLmPHBccrED0RgGBVKvqvaEd41jPi5EJbX4f3C-M1D9cKrh5c4sYgTpFwWXHF7lXLyG3MmOGAzH2n_XPI2Twdl0e5Eu-KvOfbxq5kRs4IfMseAum-OEPsN32a_FKuS27QxKwcXv4ACWkri33MK8gfHQwRhmk38tN7Vvdajnh4QEhILpDjKPctdXJaaWjLml5YM423CqypLkju1t95zNGuvFFCbzUQ8Qcc2jIRpc1ehTpfVg6xDnrjfp-LLuRKyO&cid=CAASEuRojA2UIrwBp1LegLpPErYfqA&rfl=1%2Chttps%253A%252F%252Fcommandwindows.com%252F%240

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

3f096985235603f28354aef601904f3d5ac9002f8cf52ab7a944ac6f37807654

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:46 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24199
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame CF70 42 B
63 B 42ms
40ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DuNOkGFYQrkCfyTseZQRnzsmUvs9CPHjuGHabOsXGaZss2JIbpqn9S29K4hp5wEuZkyVBh2iJXDezzrbZGcvXe6Uc05YjsYLtKMor1MGPC9Se9mkU

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/ Frame CF70 2 KB
1 KB 8ms
5ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/window_focus_fy2019.js

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1ac43e9327c147dc04b1efcd475ba7e9d464e6504eaffb167d0412d339b39e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:53:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 69
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1316
x-xss-protection: 0
server: cafe
etag: 797314601362473214
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 24 Jun 2021 17:53:37 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CF70 122 KB
37 KB 16ms
14ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5e762276ffd20732a10037842bac383dc64a7b230ab1f48f2a0ff7406b8b9c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:46 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623263560240521"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37945
x-xss-protection: 0
expires: Thu, 10 Jun 2021 17:54:46 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/ Frame CF70 13 KB
6 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210607/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3a677da8f32851941b090ee6e9294757cba154033200b20231b2a4ca7f62a820

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 40
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5644
x-xss-protection: 0
server: cafe
etag: 16788636151609896382
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 24 Jun 2021 17:54:06 GMT

GET
H/1.1 200
OK visit.js Show response
tps.doubleverify.com/ Frame 52EF 1 KB
1 KB 15ms
13ms Script
text/javascript 213.254.244.17
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to

Full URL: https://tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&brid=97&bridua=3&bds=1&tstype=128&eparams=DC4FC%3Dl9EEADTbpTauTau4%40%3E%3E2%3F5H%3A%3F5%40HD%5D4%40%3ETauU2%3F4r92%3A%3Fl9EEADTbpTauTau4%40%3E%3E2%3F5H%3A%3F5%40HD%5D4%40%3ETar9EEADTbpTauTauhff2cha2aga_b6_43%60hd_f4%60%60cg22h5h%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3E&srcurlD=0&aUrlD=0&ssl=https:&dfs=204&ddur=9&uid=1623347686535758&jsCallback=dvCallback_1623347686535270&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F89.0.4389.72%20Safari%2F537.36&htmlmsging=1&chro=0&hist=2&winh=90&winw=728&wouh=1200&wouw=1600&scah=1200&scaw=1600&dvp_isOnHead=1&jsver=1425&tgjsver=1425&lvvn=28&m1=13&refD=1&referrer=https%3A%2F%2F977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&fcifrms=15&brh=2&dvp_epl=247&noc=16&ctx=13311291&cmp=10224936&sid=2641434&plc=280246103&crt=117573815&btreg=315865137&btadsrv=doubleclick&adsrv=1&advid=2276943&errorURL=https://tps.doubleverify.com/visit.jpg&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_tcnt=2&dvp_sukv=97680127.74066278&dvp_tukv=887690616.1277066&dvp_uuid=207904708.77952284&dvp_strhd=0.3000030517578125&dvpx_strhd=0.3000030517578125&dvp_tuid=616685929281&dvp_vcms=7&dvp_slmsd=52&dvp_vcmsd=59
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1425.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.17 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 4352cfa8fda2d24a3124d33de7ec0e1729191a6b72b705ab0511f08cf16526c9

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:46 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: max-age=0
Transfer-Encoding: chunked
Expires: 6/9/2021 5:54:46 PM

GET
H2 200 dpixel
cms.quantserve.com/ Frame DF47 35 B
462 B 10ms
8ms Image
image/gif 2620:116:800d:21:8c6e:cf2c:8d6:9fb5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEEgNygQWwqsUZiuWqR9snRw&google_cver=1&google_push=AYg5qPLdl9Dx_vwDN5laxI2KicTgeLTavQsOUOpy5kvkL2dG-MSxDC0Ic98woudS33eQFZbUfeT9qA34Kx_m28VA1dcwzF1Kpw

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:46 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame DF47
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEAcBQHM5t2wsxibM67E2KP0&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEAcBQHM5t2wsxibM67E2KP0&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=SjZsaDNTU2ExTFJvVGM1&google_gid=CAESEAcBQHM5t2wsxibM67E2KP0&google_cver=1&google_push=AYg5qPIO68V50lJ_F3m_E-ElQUZLl5DAkSl38uDapJoAx1L...

170 B
188 B

17ms
17ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=SjZsaDNTU2ExTFJvVGM1&google_gid=CAESEAcBQHM5t2wsxibM67E2KP0&google_cver=1&google_push=AYg5qPIO68V50lJ_F3m_E-ElQUZLl5DAkSl38uDapJoAx1LWma18FDOndmgYqxvjPs-NqZyz8qSLmKIJWLY4ORMM7_lUWEgw

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:46 GMT
Server: PingMatch/v2.0.30-655-g6f0fff2#rel-ec2-master i-09aa64c92a07a6de3@eu-central-1a@dxedge-app-eu-central-1-prod-asg
P3P: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=SjZsaDNTU2ExTFJvVGM1&google_gid=CAESEAcBQHM5t2wsxibM67E2KP0&google_cver=1&google_push=AYg5qPIO68V50lJ_F3m_E-ElQUZLl5DAkSl38uDapJoAx1LWma18FDOndmgYqxvjPs-NqZyz8qSLmKIJWLY4ORMM7_lUWEgw
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame DF47 0
191 B 25ms
23ms Image
text/plain 66.155.71.25
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEMA8xwVog_Ub-YJ3W_svH2Y&google_cver=1&google_push=AYg5qPIllhbUMEnW5GoVAPCMQC2t7i_9ilGv3rMbr7yZiMY5POY2C-vLmAFg5XVz7TQGwlyxcU7xHkQlsb11UpRNCtd20jzA
Requested by: Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.25 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:46 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame DF47
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEKbCJcXTsv5OA6JdMF59M7o&google_cver=1&google_push=AYg5qPLLDKe8vsnSZTpdsViimbOrEwR9ZeoQQRaU1IECVRN0M48BXKvrlJ6mthsxHBY4lMyg6X2F5TXCQ_M...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPLLDKe8vsnSZTpdsViimbOrEwR9ZeoQQRaU1IECVRN0M48BXKvrlJ6mthsxHBY4lMyg6X2F5TXCQ_MK6_lzCmu5B0LR&google_hm=qHPD0-JTTl-YQkFiAz2cAbk

170 B
188 B

18ms
17ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPLLDKe8vsnSZTpdsViimbOrEwR9ZeoQQRaU1IECVRN0M48BXKvrlJ6mthsxHBY4lMyg6X2F5TXCQ_MK6_lzCmu5B0LR&google_hm=qHPD0-JTTl-YQkFiAz2cAbk

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:46 GMT
via: 1.1 google
server: Apache-Coyote/1.1
status: 302
p3p: CP="NOI DSP COR NID CUR OUR NOR"
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPLLDKe8vsnSZTpdsViimbOrEwR9ZeoQQRaU1IECVRN0M48BXKvrlJ6mthsxHBY4lMyg6X2F5TXCQ_MK6_lzCmu5B0LR&google_hm=qHPD0-JTTl-YQkFiAz2cAbk
cache-control: no-cache, must-revalidate
content-type: text/html;charset=UTF-8
alt-svc: clear
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame DF47
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEOwEJ7NM-pKVNMOqiebz3DE&google_cver=1&google_push=AYg5qPL4wCJc7gOjSpf4bbmKXtXCH03hWvg7yw0DYthrOawgNCGLXapxTqVpR1WGs-0EE2cRMHOcs1Nvx3wH-e...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=Njk3MjIyNTIwODU0NDY1NTUxMA%3D%3D&google_push=AYg5qPL4wCJc7gOjSpf4bbmKXtXCH03hWvg7yw0DYthrOawgNCGLXapxTqVpR1WGs-0EE2cRMHOcs1Nvx3wH-eofJZ...

170 B
188 B

17ms
17ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=Njk3MjIyNTIwODU0NDY1NTUxMA%3D%3D&google_push=AYg5qPL4wCJc7gOjSpf4bbmKXtXCH03hWvg7yw0DYthrOawgNCGLXapxTqVpR1WGs-0EE2cRMHOcs1Nvx3wH-eofJZqUEK-EQw

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=Njk3MjIyNTIwODU0NDY1NTUxMA%3D%3D&google_push=AYg5qPL4wCJc7gOjSpf4bbmKXtXCH03hWvg7yw0DYthrOawgNCGLXapxTqVpR1WGs-0EE2cRMHOcs1Nvx3wH-eofJZqUEK-EQw
Date: Thu, 10 Jun 2021 17:54:46 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame DF47
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEMCcovmtNqtcGyrFMujFqFQ&google_cver=1&google_push=AYg5qPJIjnu0gVqsLc3YtkM5tHgV2YHdfq_nCmvIo9FnON3hNP1MxICVeZn923JUS3dgwwwYgoGmrr1mKEbZrCxnGllv1h2MjA
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPJIjnu0gVqsLc3YtkM5tHgV2YHdfq_nCmvIo9FnON3hNP1MxICVeZn923JUS3dgwwwYgoGmrr1mKEbZrCxnGllv1h2MjA&google_hm=Mzg0MTk5ODYxODg5OTU0NDE2

170 B
188 B

17ms
17ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPJIjnu0gVqsLc3YtkM5tHgV2YHdfq_nCmvIo9FnON3hNP1MxICVeZn923JUS3dgwwwYgoGmrr1mKEbZrCxnGllv1h2MjA&google_hm=Mzg0MTk5ODYxODg5OTU0NDE2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 10 Jun 2021 17:54:46 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPJIjnu0gVqsLc3YtkM5tHgV2YHdfq_nCmvIo9FnON3hNP1MxICVeZn923JUS3dgwwwYgoGmrr1mKEbZrCxnGllv1h2MjA&google_hm=Mzg0MTk5ODYxODg5OTU0NDE2
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame DF47 0
12 B 16ms
15ms Image
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KXzLDXebslCN4qZwTc8tUIBKHHOItBYeaF9S61a7T0QIzxTLVxr9Z42izXwM0gUw

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:46 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 tE64XG1cXAHgdRZqLuUmMLCyOuQ9s7LE_kL_xOEQzyo.js Show response
pagead2.googlesyndication.com/bg/ Frame 2767 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/tE64XG1cXAHgdRZqLuUmMLCyOuQ9s7LE_kL_xOEQzyo.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b44eb85c6d5c5c01e075166a2ee52630b0b23ae43db3b2c4fe42ffc4e110cf2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 00:54:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61217
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5784
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 10 Jun 2022 00:54:29 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 8AD4
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGVkhgm3QvhhS7f8MphRtWQ&google_cver=1

43 B
106 B

16ms
16ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGVkhgm3QvhhS7f8MphRtWQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COD5IRCYs44CGIDB8KwBMAE&v=APEucNVQ3C0u2X9qhY1Xe8xSW1BWbHZYr_PfE707jOkCIwFf4ixgHROfmQojwVujTLDzM0mPNzQhOT0sMlWE5aFYrx_fBApkWfOLNCEO2pD7sqs71t5UW5Xu-2CrUIHNSgqBRmdb_GpJjNRy7iYeMEfvTjrx-6v1cdq79nbSGKbuS5hp8GyjLqA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.208.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:46 GMT
via: 1.1 google
server: OXGW/16.208.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:46 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGVkhgm3QvhhS7f8MphRtWQ&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 8AD4
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NjEwYjcyNTktZjczNC0yMzI4LWQyZjItNTQ4NWRiYzU1NWE3

170 B
188 B

18ms
17ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NjEwYjcyNTktZjczNC0yMzI4LWQyZjItNTQ4NWRiYzU1NWE3

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COD5IRCYs44CGIDB8KwBMAE&v=APEucNVQ3C0u2X9qhY1Xe8xSW1BWbHZYr_PfE707jOkCIwFf4ixgHROfmQojwVujTLDzM0mPNzQhOT0sMlWE5aFYrx_fBApkWfOLNCEO2pD7sqs71t5UW5Xu-2CrUIHNSgqBRmdb_GpJjNRy7iYeMEfvTjrx-6v1cdq79nbSGKbuS5hp8GyjLqA

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 10 Jun 2021 17:54:46 GMT
content-encoding: gzip
server: OXGW/16.208.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NjEwYjcyNTktZjczNC0yMzI4LWQyZjItNTQ4NWRiYzU1NWE3
content-type: image/gif
alt-svc: clear
content-length: 0
via: 1.1 google

GET
H2

200

um
sync.teads.tv/ Frame 8AD4
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEDxBWEz7Pmd9FrdMa4lsjbI&google_cver=1

23 B
172 B

35ms
35ms

Image
image/gif

184.31.88.106
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEDxBWEz7Pmd9FrdMa4lsjbI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COD5IRCYs44CGIDB8KwBMAE&v=APEucNVQ3C0u2X9qhY1Xe8xSW1BWbHZYr_PfE707jOkCIwFf4ixgHROfmQojwVujTLDzM0mPNzQhOT0sMlWE5aFYrx_fBApkWfOLNCEO2pD7sqs71t5UW5Xu-2CrUIHNSgqBRmdb_GpJjNRy7iYeMEfvTjrx-6v1cdq79nbSGKbuS5hp8GyjLqA
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.31.88.106 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-31-88-106.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.3 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:46 GMT
cache-control: max-age=0, no-cache, no-store
expires: Thu, 10 Jun 2021 17:54:46 GMT
server: akka-http/10.2.3
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:46 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.teads.tv/um?eid=3&uid=CAESEDxBWEz7Pmd9FrdMa4lsjbI&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 8AD4
Redirect Chain

https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=ZWRlNWI1ZmI0NmI3MmNjYzkyNjQ4MGM3NzY5ODNmMTNjMmZmNDIxOQ==

170 B
188 B

18ms
17ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=ZWRlNWI1ZmI0NmI3MmNjYzkyNjQ4MGM3NzY5ODNmMTNjMmZmNDIxOQ==

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:46 GMT
server: akka-http/10.2.3
content-type: text/html; charset=UTF-8
location: https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=ZWRlNWI1ZmI0NmI3MmNjYzkyNjQ4MGM3NzY5ODNmMTNjMmZmNDIxOQ==
cache-control: max-age=0, no-cache, no-store
content-length: 197
expires: Thu, 10 Jun 2021 17:54:46 GMT

GET
H3-29 200 express_html_inpage_rendering_lib_200_271.js Show response
s0.2mdn.net/879366/ Frame CF70 111 KB
38 KB 21ms
6ms Script
text/javascript 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 11:50:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 21880
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39287
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 18:02:50 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 11 Jun 2021 11:50:06 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/elements/html/ Frame CF70 8 KB
3 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C5b7hwLCT-n0fMib-sUMTCQhytpq6SARVTfsrs7koRaxcA3NTjHmnpXXnzBnpoL8e6MYQ4oa1mubpFHVt_wyx3IadlChfrhg-iIBomPyv6l6dHSVtdgGd3vUr86d09En_CWMN4joydnhVzf9tldmF50_BIiw&dbm_d=AKAmf-ACy2cXPLXINADCjUxRXNzrS-5oRjXd6mS1_xRRd8TR1fmMw-hHaLAFB2iC6rdx0ySybu3UJD2qBCdqSVY-aIQR5d1Codpwfn05NwfRTvkWbb2ytDZiVRjWTGLR2SYzDRdZuxVzA3gixDD93ZtRbi_yvzeXIDOV17mnDEyQpz1wq0udDjkviPtgv-FnzLBdWIeat0YDoiqkmEugLySookfke4kM4NLd6prx2CQNa7B4q88WcLY4h9-4FQrxlfavHaKPzTNWHwQjiCKRYPFwfVgQnXCsd8Y_fG2bjRxyPS5EexqPifPvxseoP8ZV6OeEnmnm5GVsgb5fXYnnTj7LWRavi_HS1D5osZ6LXvTpCJ9ENpIwiiSliwZLBSHPyG32KhtHmrCBqdIVdUu3q101orEcS9WjbY21Cy3fzs4eZ78fyec2BJM2SepwlC54R-rhjPw2W5kRXAHuOhjxKAalqk96Ex9tzU3N3idKX_6mU2HdlMwWPoilmXY_JkYsUrupdqKEKKjgAvTyx4JabkUWOZCF0cOPRiNgM2MdPm1mjgwWKGbCC5I92zZctBtp_03WLgC29C6iwBl72ho9VwcnOL_2giJ8vSIHJ0wrkNuX_M25HWiGjtZxr3rtKJ1WpPp6VYABbiJkjaFlS8CJK6GzZ7YcNPTpoL3JLZ1bHPyYTLyKuz5ZMRnlFsXedn3uulIs4XB3ckpKDYeAsbUhJLr21q2CGcUqvn2WwWWQHPEGpxYfKLSUQM8xzhR7EGTlcU3dxiPz-DJ6PWMsaunOgB-5w5UK1BbnQDCAeNTwMYot7Yd4orSahd0zdXR-M9zQuBuvIzl1TsCrWq2eXqFs13lyEVRQIz4RdrxqilcTn6pc_YvzQ_IU6M6Be_evxKaXrc0-1DxpcGSFpvojDLw0nCfOGsC4IK9tNlNmV68QIQFSTFvnf4oR1w-LbLmmo4O9vy1bxnQGeOdAqMBc0GKYsFrnofUBggd6L7o6XY8AGRCiZMvMxZEgoVFcYG2Rs9m_7bzoj6WSFqnJXbo91uZF_5k9nBxIMf4j-oCxpe8u1cy5fKkmmdqXTsCzc8rFySru0ZATYTjlvkTwge5ibf_bdlgwg7LDQuxIhf1KUjMWnQ2PHHzI4l1hvtWN9Ec3m8DPL4CwOmfGX2M_NzWUZPdn1uzh1g03aTjynCdf4AgiT5PEo8pllZvphq33A8FajW-DL6ZyPPVKuhJkfcoq-jYXoqWclnv3qXPr4QmAH7Jga-W-qsQukLi_WbYnyidi3hUocLpcyuu3gUsar_vkgDqAsxiW9ceyrZjqUOmQItAAUTrBaRT3AGsRyHTpefaILaWvJhFKcKcq1sxpG0ITf2AbIEg_vUUoNzEPp2txdgn32AyN7ftdIzMX5VtYuNtddL47iNRfukQUkqnxNChtQMSYWPc-LIg0z8zgsId1XoUlInhCSRnYVrNUt7oZLimXgQqdIDLJPHwlzZccpiDdjsEOkcnVW3Ap5nWJaVAC_WYHQ2r6Qoze25C0yRcZ1motZSsXQQgV0gF87pdXfrtae61ZsYfUq58N7rBxuFeILElAgPKxCHPo6e8rctuHQXkeU61n0-B2XpKokmEDNqUTkR-8A-cz1Yzm5ho4K_NwnhliwDyeJsG86esZ__ow_HUMuhlhI-x5Xk0qx3JCqyJX6hq2x35Zzn9yD7te6HzI2SDHb7nSYba5w5FFlxzK2VwsWSMIaOA-prk-WA-Wxhq2XBAOMW5p3YDqcz6xLQO6aO4vCDrnfT-tKVEHG9KDW_WUQN8SXgsaruBxgO1LGHpbB2SfO8JD54B0J0c8tr_32dxuDcRNDM7Frw_-pTbRYtIgBe5GXwsa3aKk0_NRLd37G0ag3_wAWfT77hCVWb_0kq6Z-j7tZ4_hQVHTZAQ15prU-94vplEA0hR7_ZeToau2SXYG6oy6nPHzy7vuF7fIoXBo8kPglLbHbsLoWgqPND8YqKyW7FQzwXCZzOCQYbf3f05PwJ6sAAVIbimFkIhrz3PdGwKpZxpWSdjxpU87K1b78JN_AN8i1MuiI9eBNncRAB4YXmhi1MRwkwWgntwAabpEG2uplf3G3W8YdlqpqkLq11y9VngbCd8wnNvivMaEwlaVvLDGZay4vjV7yJpwEdXd2-jg1KyyxXBS-ysrO-MIn7LqMw4Rpb7GMmkz8gE4mS35cps506oTp_FlX-C9z7v9UJFChHofcZFWYgy53dmf5qKnVgdbd0WRwmBhjt-Tn4nnDLdL2yBgW5i-I5aNhNgrHDmnfGRaqhhPWG34q_LlwdIZA6ZPvUM8LTTI6vyATQcLI4JCmA_jDb3PKr3orlSOI5RloHl7rZb-pBaL2NZdm6ht0Ci1m8SctdWCGJn7CjCQeOAYUvQ73pCytz70Na2iaDISZGovRjmF6SUd7ctXFWIf8qSpXKnWCOUfH-eTiaXeyqNZaxdDy4IOKE7ZiyJ76b03RJZXL26TTgNaurSy0RfHox7LXLLUCyFzKEpr8ArXcjgCDMatKZ0w9l6WgCObsILme14hTzd8qtome7as9WHgwW8DhFhvC3BLj4VrozJ2pOFWtxw0U6QoZvykzj9y0HZY5GmN5ltj49xO89k7sFlDq0GJxrKff-RzIFn618la0YjhTnIQqW4TwimiXj_KEndzwk6X2Ckduqj3ZaYAs0RgCuHMnwv5A05alvCwoHKHdrq10k0j3dWsThSogTNYhzpsIWPOu0p4ZnMsICQB-uq6nQgPXjmzAp-kY5WTo0FpBsYiD5vkJ-M96EEe0EOePwcazGQJvPn765eJwj0sguQf70iUPhi22SCinKLmPHBccrED0RgGBVKvqvaEd41jPi5EJbX4f3C-M1D9cKrh5c4sYgTpFwWXHF7lXLyG3MmOGAzH2n_XPI2Twdl0e5Eu-KvOfbxq5kRs4IfMseAum-OEPsN32a_FKuS27QxKwcXv4ACWkri33MK8gfHQwRhmk38tN7Vvdajnh4QEhILpDjKPctdXJaaWjLml5YM423CqypLkju1t95zNGuvFFCbzUQ8Qcc2jIRpc1ehTpfVg6xDnrjfp-LLuRKyO&cid=CAASEuRojA2UIrwBp1LegLpPErYfqA&rfl=1%2Chttps%253A%252F%252Fcommandwindows.com%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 35
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 24 Jun 2021 17:54:11 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/ Frame CF70 22 KB
8 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210607/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cabbde8502a6598896a3c812c89ecd99ecfb3e9ca68f632c8c9b3f2a7f6e0046

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:47:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 434
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8601
x-xss-protection: 0
server: cafe
etag: 18280575870105241958
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 24 Jun 2021 17:47:32 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C9AC 0
20 B 42ms
41ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B6nfr5lHCYJX2CpvX3gOAnKPICAAAAAA4AeAEAg&bg=!JiWlJWHNAAY6sG-_OrA7ACkAdvg8Wt5ZSPNnV810znwYt5f95-maXJOadrG7LRdHSQYMLi0ewDmBrAIAAADlUgAAAC9oAQeZAs1ul-XpdkinOAL0GW5K_idKQG85fzA01dY36HKd3WqsvzbvwszLOnCeZqzIHyjzECUMF2eJugPyuC6RzJ9eeE3-8Jjlh8PRgGMdReoUMYfDXBsoGza5ymZJitJP8PYvrkuySwB6xL7uomKPInXtxYqG2CMlEgGtw9gX32eg8FYsZbdE3Aol9rp_qYmaBOiMIulqhmOcldeM4S_by5JP8vthHsxiA5uKhmODmiPMBwcDATQrPmc0I-zTp53GKJtxsmJ6m3nKdw8xZyJvwg92PJLrddqXwkb4x_vS-saDdzvHsF86oXdOpRwqELkuUViLRGR0Q9gZCo3jvnLVir6eNT0ot5vOmkkVw9DjqczhYtYynEAsKgultYUQWvcbycTAaaDarF3hHnryJLyyyrkfoijsSTQV35uTctmyrWaGSI0mYpl1XCE7oG1UzMdTP41Dic_pQ5-oFzy5cEmnvr_UnO6P-EdPfjM7Ug89pMATB47KuyMtZ_gB5jTeabArby4jHhaJi7fi1Vn4GTpGOBhWM-NsdidhsQEvaN32CBBAiGy5FNbOPWf8dOTQjQdeoUR5GUbaHZbMSOMIZJtafdgUZwFCw7RqWgO7q6Z5eTWhnZFolxyzeaa1sHxLFcpwoerUDwV1dg_TMtrJT8anvVnbXW1DMuOjlbWhWUR4GfXuYWMG04HTHabm2DuS46xVKpoyz8z5v1QGP_QnVEHZLy6b9QTFI-j9f5fvVOKUBg6phaf3R-kgdiULyj7yqtP-9e6h-XJbog_Oiwbx7vYVb3G4T6wK1_343eBX2aKXLpRPkYTQa0ciF235FXdmirmulANrXpmkeRAHQYKqBGU6F8GRuFkS1Z-DoDMiDgKrv-wALHAczM6KOUzYbwfXyM4g00YtQJu0aEoRgx7E7KdW0XaxRB4NtDFuNlqfm96JObpSCqKrRzECWj8ZDKBz2veri10

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame CF70 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 12:32:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 19344
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 10 Jun 2022 12:32:22 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame CE20 1 KB
749 B 6ms
5ms Document
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 10 Jun 2021 05:40:48 GMT
expires: Fri, 11 Jun 2021 05:40:48 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 44038
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame CF70 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2c59cec3db47ccd3f015e06fc31feaac076be942fd55c8336d6af899033eccc6

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 300x600.html Show response
s0.2mdn.net/9342312/1623245861579/ Frame 0BDC 69 KB
16 KB 7ms
6ms Document
text/html 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9342312/1623245861579/300x600.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

51752e4d90e0d6db81458bfca64027a5b7eb132518699da4804cb5f03467f533

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /9342312/1623245861579/300x600.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 16758
date: Thu, 10 Jun 2021 13:40:12 GMT
expires: Fri, 11 Jun 2021 13:40:12 GMT
last-modified: Wed, 09 Jun 2021 13:37:41 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
age: 15274
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame CF70 0
24 B 51ms
51ms Ping
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssrPIDIK1CF-dW9O8OqJEnh3b5oycJm-bd-sLtkfWW0ukXchoA3StexSiUXA-n4J0qyNwLW-LfABydNMaq6lfmAmxESf3jiU1-The3pkuJ1g0l8zOQMCPczfkDYIQx3mC3KPqiKRRZPrQTeMQihoKq_sYZ2ksVQ9Y-5135xzHh1rp2T7RiCcqI6lPXsQg_oQybf3ocAqc-8HeKFpRB3y5b_r9haDhncsQjh9tnzodMR6n3eJynLJNCj8aAkTHhZkaLFpnD8lLZJTYm2tjz19_X7eVXPp-34xbxeBy89VpmDh7WsNfNZ-lgsk3pK2k67M9QH1Fz_LeIzvJKolUXkxeb8liJSCsAl1sH_K_FK1Mldb8dYNkvWqer3_Tb5ZVPeUkHQxQPocEegxxsIQ5cI-eQ4yeSBxjfJ6U7FBGS7oI59z6pclDPeF5bu_PjcNvRAOrIVBwQWA9V-luszh77FLNp2-XrbOnbIbtremcMZ5BpFW_PWLE7ajmcVGnB_BzVwQRI9jVejvL24Nn9zzsSDqBsHkrVJBicGOBIvRYG89cuAfUXSmIIV7UJHqDlnO_VQc1VzssOyQNAWhn-YqiV-2ViP-RhVLjD93S1NQwIpZCgXBdyDryESWoWhQ2YmrrrPSphgD1TZI8bRX6fLbJnuBePAC1x5hgPrGX2ZS2_Q42-54R3t2zm0WJqGBSCb-1CYxqIg-XI-eo8UxzCdjm2qgdlmlq2EE4eLtXB8dDGCidunpDQX0GOLOqeItkj8Ao1gLbv1-zCVYxED_2fTPxqGAXcChTKaV8cvkRxq7-CkvHNby2kYx0ISSMdfM9Jj-oq259OCV5OJiytAefYwFJT-UNZuDCkdzzTXbyTPYtlc2vxK2UrcUj3_Xufaoqh14ymkTW01ziUPwmAUm8d7yfK9tkR1jsBUh003lW2n6Uja9gKYEnpe1TnkgRH_4iASaqYg6lrcAeNbL2DYiaHMxGUyv0-_plNZPe2uq-TG_NgC2jbeZKKtZvfQTrfSQuZDDqT8Af1Us3d1KWDrsXwe5Xuw3M7kGDYrjAiVaIj5kKO7tlfLpI3nvZ0pyERe_4wzVJ9uvoEa-s40dY96AOEm-TwwfLPsQL9CYEQZ8OlyaCTP3nYybgxBHXJ3NQausc5clA523uuWnCOwlDPPi_d6R_FWDk1reMX9ZPPg4wLtZDFJKBZr1OYZoelG0mZmwelV06cAlaPoaYbTZIbs6R5wPzNt0akbmridGSxB_UGfM-nuDUnwyHJMh0MC-Ak7jUQ419w911vE0Mv1&sai=AMfl-YRfE8ehnywMCiuaKRzpT1nPSlCxfMxfa1GsAJjbs347dWHubr3d8Q0gaj05h-lm9hQyswAXYMvpztR-4_roROa150XDST36kyZ-QrPnIys6fu1S5Ozbr04q6wZtPsogBai-NXAjxtxujqHnifutexu0Bln5Og&sig=Cg0ArKJSzAyUXR-HVyBLEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=82&cbvp=1&cstd=80&cisv=r20210607.26002&adurl=

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Thu, 10 Jun 2021 17:54:46 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1

200
OK

px.gif
d.adtriba.com/ Frame CF70
Redirect Chain

https://d.adtriba.com/collect?atb_ptid=e774d0b4&atb_dpuid=adlicious&atb_dcaid=display.awa_jahpak-mega
https://d.adtriba.com/px.gif

42 B
227 B

8ms
8ms

Image
image/gif

3.124.222.92
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adtriba.com/px.gif
Requested by: Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.222.92 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 10 Jun 2021 17:54:46 GMT
Cache-Control: public, max-age=86400
Server: nginx/1.16.1
Connection: keep-alive
Content-Length: 42
Content-Type: image/gif

Redirect headers

Date: Thu, 10 Jun 2021 17:54:46 GMT
Last-Modified: Thu, 10 Jun 2021 17:54:46 GMT
Server: nginx/1.16.1
P3P: CP="This is not a P3P policy! See https://www.adtriba.com/privacy-policy.html for more info."
Location: /px.gif
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 01:00:00 GMT

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 8F76 22 KB
8 KB 7ms
6ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Thu, 10 Jun 2021 12:32:25 GMT
expires: Fri, 10 Jun 2022 12:32:25 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 19341
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 createjs.min.js Show response
code.createjs.com/1.0.0/ Frame 0BDC 236 KB
63 KB 35ms
15ms Script
text/javascript 2a02:26f0:6c00::210:ba2a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://code.createjs.com/1.0.0/createjs.min.js
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/9342312/1623245861579/300x600.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00::210:ba2a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Apache /
Resource Hash: e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:46 GMT
content-encoding: gzip
server: Apache
cache-control: max-age=900
vary: Accept-Encoding
content-type: text/javascript
x-n: S
accept-ranges: bytes
expires: Thu, 10 Jun 2021 18:09:46 GMT

GET /
google2waycm.netmng.com/cm/ Frame CE20 0
0

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame CE20 70 B
264 B 35ms
33ms Image
image/gif 76.223.111.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEMtDADqCgrC-hRxxo-83MeQ&google_cver=1&google_push=AYg5qPKxI4uDza92eZU02LZiKnuDpZLH79_-rMiXVE0V8ciojM__YU6t54VdmxdA5mhZY9gXpsgiYpaeuCQzVusjKkgr-r7LMQLC
Requested by: Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:46 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET match
um.wbtrk.net/doubleclick/user/ Frame CE20 0
0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame CE20
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEIN8HlUp1KvxbjQ6t7iNbho&google_cver=1&google_push=AYg5qPLNWg9aDTMthnInPQMvrafiNeYbuJAxlpDyi5KkZjkIR7YYTPx13dtEpv53ZMbsTstGPRc...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1BSN0FSTTctMUUtMU1BOA==&google_push=AYg5qPLNWg9aDTMthnInPQMvrafiNeYbuJAxlpDyi5KkZjkIR7YYTPx13dtEpv53ZMbsTstGPRcgPR2Kj31MLYCRD8ezDpf5JJBZNw

170 B
188 B

17ms
17ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1BSN0FSTTctMUUtMU1BOA==&google_push=AYg5qPLNWg9aDTMthnInPQMvrafiNeYbuJAxlpDyi5KkZjkIR7YYTPx13dtEpv53ZMbsTstGPRcgPR2Kj31MLYCRD8ezDpf5JJBZNw

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1BSN0FSTTctMUUtMU1BOA==&google_push=AYg5qPLNWg9aDTMthnInPQMvrafiNeYbuJAxlpDyi5KkZjkIR7YYTPx13dtEpv53ZMbsTstGPRcgPR2Kj31MLYCRD8ezDpf5JJBZNw
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 37b22a0c36bd84993dd2cda4a5e04b1d
Expires: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame CE20
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEJaqdEotYlHCFtw_gwg4jjo&google_cver=1&google_push=AYg5qPJlc9GSu0SsWWokWTaAL9Om7fOf5ltUPhaRBpgiSJT9vWje_b2CfrJ68Lz9li7VSxNFezixrkI1PGgzrsVh...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPJlc9GSu0SsWWokWTaAL9Om7fOf5ltUPhaRBpgiSJT9vWje_b2CfrJ68Lz9li7VSxNFezixrkI1PGgzrsVhYThk15U31VRnog

170 B
188 B

17ms
16ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPJlc9GSu0SsWWokWTaAL9Om7fOf5ltUPhaRBpgiSJT9vWje_b2CfrJ68Lz9li7VSxNFezixrkI1PGgzrsVhYThk15U31VRnog

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Thu, 10 Jun 2021 17:54:46 GMT
via: 1.1 9603ab49d77e9b1b00dc0c80e48bd7e8.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: CDG50-P2
x-cache: Miss from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPJlc9GSu0SsWWokWTaAL9Om7fOf5ltUPhaRBpgiSJT9vWje_b2CfrJ68Lz9li7VSxNFezixrkI1PGgzrsVhYThk15U31VRnog
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: 6ak5URGmJE1bVSSgUWDMahA672OnxgqTANBTfPP8FE65ZQ_UmgfcWQ==

GET
H/1.1

200
OK

redir
ssbsync.smartadserver.com/api/cma/ Frame CE20
Redirect Chain

https://ssbsync.smartadserver.com/api/cma?callerid=3&google_gid=smart_adserver_eb&google_cver=1&google_gid=CAESEJ2WJqpyO9hreDA526-6dUg&google_cver=1&google_push=AYg5qPLsfcYjYO8KKOB9dLfxLVeYjxiXpcx_...
https://bh.contextweb.com/bh/rtset?pid=560288&ev=1&rurl=https%3A%2F%2Fssbsync.smartadserver.com%2Fapi%2Fcma%2Fredir%3Fpartnerid%3D92%26partneruserid%3D%25%25VGUID%25%25
https://ssbsync.smartadserver.com/api/cma/redir?partnerid=92&partneruserid=nmZciapVeZSn&ev=1&pid=560288

0
221 B

20ms
19ms

Image
text/plain

185.86.137.122
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/cma/redir?partnerid=92&partneruserid=nmZciapVeZSn&ev=1&pid=560288
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.122 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:46 GMT
content-length: 0

Redirect headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language: en-US
location: https://ssbsync.smartadserver.com/api/cma/redir?partnerid=92&partneruserid=nmZciapVeZSn&ev=1&pid=560288
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-8474b759f8-b2w8f
expires: -1

GET
H3-29 200 dot.gif
s0.2mdn.net/ Frame CE20 43 B
63 B 15ms
13ms Image
image/gif 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESEJoAhT6wcmPCQcMNc-cBh34&google_cver=1&google_push=AYg5qPL5aSG1E7U_CnYwPQWhVOfY0ITc5QHOUWrno_9dzOgDZ0bKOF8ZmBSS8EfM3M9SSrwDgdZEUZtl_8tllNy8MoaZhQbuumnxyvc

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:46 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
expires: Fri, 11 Jun 2021 17:54:46 GMT

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame CE20 0
12 B 16ms
14ms Image
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13ImocypCbZkAc1Gj1JZOrOz8F2pHCiRSMrdrLA6Ktpb4GBfViJiE31f2k8ICJ3zIcajFoUOXw

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:46 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 tE64XG1cXAHgdRZqLuUmMLCyOuQ9s7LE_kL_xOEQzyo.js Show response
pagead2.googlesyndication.com/bg/ Frame 8F76 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/tE64XG1cXAHgdRZqLuUmMLCyOuQ9s7LE_kL_xOEQzyo.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b44eb85c6d5c5c01e075166a2ee52630b0b23ae43db3b2c4fe42ffc4e110cf2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 00:54:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61217
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5784
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 10 Jun 2022 00:54:29 GMT

GET
H3-29 200 Aldi_NORD2x.png
s0.2mdn.net/9342312/1623245861579/ Frame 0BDC 3 KB
3 KB 7ms
6ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9342312/1623245861579/Aldi_NORD2x.png

Requested by

Host: 977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
URL: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6bbfe8230161b4ec8b7ebf7872269f7865940f8c7bde022475b95feb3772e292

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9342312/1623245861579/300x600.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 13:40:12 GMT
x-content-type-options: nosniff
last-modified: Wed, 09 Jun 2021 13:37:41 GMT
server: sffe
age: 15274
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3199
x-xss-protection: 0
expires: Fri, 11 Jun 2021 13:40:12 GMT

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame CF70 0
23 B 44ms
44ms Ping
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 17:54:46 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 Aldi_SUED2x.png
s0.2mdn.net/9342312/1623245861579/ Frame 0BDC 12 KB
12 KB 7ms
6ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9342312/1623245861579/Aldi_SUED2x.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c4b77b6214183c17cc86a95a77074d19adf0f18c1acdc135104cb9323b0f4833

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9342312/1623245861579/300x600.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 13:40:13 GMT
x-content-type-options: nosniff
last-modified: Wed, 09 Jun 2021 13:37:41 GMT
server: sffe
age: 15273
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11876
x-xss-protection: 0
expires: Fri, 11 Jun 2021 13:40:13 GMT

GET
H3-29 200 Handy.png
s0.2mdn.net/9342312/1623245861579/ Frame 0BDC 14 KB
14 KB 7ms
6ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9342312/1623245861579/Handy.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4b8f918aa4331fa88ea1079ea8c0131487f22dc2469627c8286c192edeb45ad8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9342312/1623245861579/300x600.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 13:40:12 GMT
x-content-type-options: nosniff
last-modified: Wed, 09 Jun 2021 13:37:41 GMT
server: sffe
age: 15274
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14751
x-xss-protection: 0
expires: Fri, 11 Jun 2021 13:40:12 GMT

GET
H3-29 200 Pack.png
s0.2mdn.net/9342312/1623245861579/ Frame 0BDC 27 KB
27 KB 7ms
6ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9342312/1623245861579/Pack.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

815a97ed7e60fa43d827e40ba32f82c30b3ef7038dbcefb53ef9310a2d8e5c5b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9342312/1623245861579/300x600.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 13:40:12 GMT
x-content-type-options: nosniff
last-modified: Wed, 09 Jun 2021 13:37:41 GMT
server: sffe
age: 15274
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27633
x-xss-protection: 0
expires: Fri, 11 Jun 2021 13:40:12 GMT

GET
H3-29 200 Talk_Logo.png
s0.2mdn.net/9342312/1623245861579/ Frame 0BDC 3 KB
3 KB 7ms
6ms Image
image/png 2a00:1450:4001:82a::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9342312/1623245861579/Talk_Logo.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

400fe79399099ea15ff9e2b9a10c983ecc76d497c58cce9cd7b1ab3171246f8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9342312/1623245861579/300x600.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 13:40:12 GMT
x-content-type-options: nosniff
last-modified: Wed, 09 Jun 2021 13:37:42 GMT
server: sffe
age: 15274
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3046
x-xss-protection: 0
expires: Fri, 11 Jun 2021 13:40:12 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2767 0
20 B 42ms
41ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BSI--5lHCYKyPE6aO7_UPhtGxqA4AAAAAOAHgBAI&bg=!nZ6lntrNAAY6sG-_OrA7ACkAdvg8WibvaPZ_5_AICM-bREf7txIRy-PedwEk63dgdCH5OEeCkHlZwAIAAADyUgAAAB1oAQcKAGX-HFKInjuw2fPQFLBhllWHL48qdHVkm02yog39oyuHu8igHhcym-6MExRFVMEy0qpnx89k3yb88P4vJdKO-gMSgcm_07rLXSOLiBCKz6MaQWKnQOsTuo4inaLNmx6VZj2gYOZf4pkCryMriIpmT0Sy-ZmsxGEt8AQrSHjyV9BqC5CxkAmv7kngJ2H3nHa045C1LI2njdK2YvCWcSili5QGPFqbn-deq3MTFNwdeexXeALs-mU6ffPUOSIUMZvicoHDHKDEFLM_ADAkatrQlYWb5BbIohoR24_lJVUrTwFA_eSAYBpMkr3n76LXj7ANDYBJiiogzJpRIiOA9BF8WdmWErCUfHjCppYxYXcPI23r1inLrOdGn6cpp6vqPe1RnPJwsqoQoa_vVrXg6JYQnNnIwUtsDNWTHRmyIhmPvpFn_JGlEMixKCaahsNRbFI0FfujsOLMNvLL1nGKBUMbIBA5O7uZHB1vr653LtrqOqPuIuxhipsmVR_Qe2L4eXNS4mPHfGyq8YJ-wK-GRFRavZ7wVXY-SiI_rvvTRA9_bgLRQaP2kzrfL6w6SxJWhmnRs92b1Le_e0wkBzUyLr-e8S-LbRzn0ZBxEidF3uc1fz_VF9AYUMDokrzQvg4W8_YGImLAIxZgrQ_c1QnJvVpwaEGZHmUoSUiCEM77aRInjAeMgT-6Vw8Qsy120cZ_bAXmo2ZjUyTgsvMrhlhS4CXM7-S6eoicpQcD284o7-I03YyHVZYXF8ANGolJMLA0uXkesjBQDq4OuLYyNCSRjmb2eJO_rPAdGoEtDzWBA3DeRZIJsu56OxbasP-mlgxnEy_tvZS8aynvNU0V3i1hAbwjVPr5nX43eu3faLaY7-SaIfK6p00xwDcJsecGMPqjNJSkfuKKGQDkEupnj8Zxv8ZyArgPLwTeT6xMVABdQ539zm9TFfqJILgf_3WsD_lgVkM1s-gotkwE2SEMJ025aV_arlLLdY_sigsDZ4zYq_Ra0BsuwvJxtBktKUUbGWR0cQyjG-SeUb3BvriajrDyemrAvI1fVYpGEbIcxw

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8F76 0
20 B 41ms
41ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B28CL5lHCYOPPIOyU9u8PiJOqmAEAAAAAOAHgBAI&bg=!MDOlM3fNAAY6sG-_OrA7ACkAdvg8WqfpWvTTkzNJhG4rlyRNSBiWqwCfWilfSKrW8ffmINA3rlz9LAIAAADSUgAAACBoAQeZArLGOqv0v_y1qOAt6cOTt9ANTRsNBiVHtQnVuACcKQWsASuckrhWPDRagaDsnPDBwQin0R08e7qleCXRD_igTDlrlv--7gcf2uTOLY8jtZqJy6dPSNLklqWARi8RK60FJFYoVrOE9lquLhUfR__uj_v8zPQCWh7zGZrMtjSjU4G60obOYQALpCRhV_CT-SV8tLQvXt_PuMlIKNCJmj4hCCrKmI-Pcl-cnDZMjbbUWJWXsVQ7Ve-oH8q1owKMamneqbyhV8SqLg2YWycrjb6NOQyv8HE7vEDO3UpFbcxWgbHjk0NCrg7DV8p_UfYmktSPUWIjPxbgR3361LW5ZEACArkMrF_7YTtXAgw20ZtrNV1lO6UNC6V8XcW8A5a9vQQjriNMr_8yOc0YkayusVTFbBkpBl5xCWxe5s2InbiRyU0nETgGZgJj8g53cyarwGBEPBGigY9Anv-25m2_A3k-7VnaDkzW05GFinYrmUcgrEI6grd-FVNJDj7X2ZYdWG2uNRyjN5nYMnbD3XRyr4O6NWsW_cuc-vDS6_MN0IM1x3EjHyn2unbbdp-3Nuhxy9KKoJSDsJK9M7X7pbl3vASEfbEb8-XDoE5hgxKmawptQlQEjzzESyRPChZfmCeeb8PM7GWAyi4UpUMyv_lQEchWIVNFTmkUzxXNGaJiHGxUxHn92PUGmx35QXFv8CKdIoc03yaYfmEDY8cYBYN7DNuMUWmVMh8_MBfrxShygn8awQmLag7QYg3vCA4yuAlOTgsotMSm-2D46tOPBFvWEPB_whWvV2BPIUfMsLUziIskkYe4ZsQJ6jZG98-CB49nnwFOnqOcY9mvbHo10_66wMKZRIeXvzzFxPsSCaF4Qanw5EvKcdnu0bT0FYEEKCwTSUxnltRMlAvC66FvIIbneu5x_rXmb7o

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 15ms
15ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=commandwindows.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 17:54:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 15ms
15ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=commandwindows.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 17:54:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 342 B
169 B 656ms
656ms XHR
text/plain 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1826864915106731&correlator=379681481227144&output=ldjh&impl=fif&eid=31061413%2C21068030%2C31061143%2C44744016&vrg=2021060901&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210610&iu_parts=104418548%2Ccommandwindows_com-box-4&enc_prev_ius=%2F0%2F1&prev_iu_szs=250x250%7C310x320%7C310x330%7C320x330%7C410x370&ris=2&rcs=6&prev_scp=iid11%3D1040648%26iit%3D4%26t%3D30%26d%3D146%26t1%3D30%26pvc%3D0%26ap%3D1003%26sap%3D1261%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D7%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dn%26refs%3D30%26ga%3D6206860%26gala%3D1501035%26rid%3D99998%26pt%3D3%26al%3D1003%26compid%3D0%26tap%3Dcommandwindows_com-box-4-1040648%26eb_br%3D1f21798841bf8f06b2b01e59559e3a3d%2C86802a923a1f32517e4c5d3b6d550271%26eba%3D1%26ebss%3D10082%2C10061%2C10015%2C11304%26gas%3D2017884480%26asau%3D7210502436%26bv%3D0%26bvm%3D2%26bvr%3D7%26shp%3D3%26br1%3D200%26br2%3D650%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D32%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C919%2C20%2C20%2C20%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D220%26reqt%3D1623347686183&eri=1&cookie=ID%3D6a5e9a182245cfd9%3AT%3D1623347685%3AS%3DALNI_MYFdL4wXsmzA-ppAMNLzrExIi82Mg&bc=31&abxe=1&lmt=1623347687&dt=1623347687191&dlt=1623347677004&idt=967&frm=20&biw=1600&bih=1200&oid=3&adxs=335&adys=1395&adks=193407168&ucis=p&ifi=25&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fcommandwindows.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=250x270&msz=250x250&ga_vid=1869561420.1623347679&ga_sid=1623347679&ga_hid=607783575&ga_fc=false&ga_wpids=UA-29096671-22&fws=4&ohw=750&btvi=13&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

b59d5e05ba02aeecbb237e8f720a98eae8f415019e0ea199367c64d2a4c280f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:47 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 140
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://commandwindows.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif Show response
commandwindows.com/porpoiseant/ 0
42 B 8ms
8ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTAzODI0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwicmV2ZW51ZSI6MCwiZXN0X3JldmVudWUiOjAsImFkX3Bvc2l0aW9uIjoxMDAxLCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYmlkX2Zsb29yX3ByZXYiOjAsInN0YXRfc291cmNlX2lkIjowLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ3MzM0LCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoidmlld2VkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTAzODI0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwicmV2ZW51ZSI6MCwiZXN0X3JldmVudWUiOjAsImFkX3Bvc2l0aW9uIjoxMDAxLCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYmlkX2Zsb29yX3ByZXYiOjAsInN0YXRfc291cmNlX2lkIjowLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ3MzM0LCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoidmlld2VkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
pragma: no-cache
cookie: __gads=ID=6a5e9a182245cfd9:T=1623347685:S=ALNI_MYFdL4wXsmzA-ppAMNLzrExIi82Mg; ezepvvr=NaN; ezouspvh=80; ezouspvv=110; ezouspva=2
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:47 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 09 Jun 2021 17:54:46 UTC

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C46C 42 B
64 B 39ms
39ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuPTCFaHPla1xaMSElY7Sx2k_BZXB92DqQjg_TUNu0DUYoy5BXryT9PGEWxOjczxhjSGykN1974T0VDr6HJvDQ&sig=Cg0ArKJSzL8VCS6JmWotEAE&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210609&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=32&adk=951844255&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ%3D%3D&vs=4&eosm=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C46C 42 B
64 B 46ms
46ms Fetch
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstDjGQMdrl75f4aqhTjUFseNB8-ppKSrY21Fr9r9zopSuX645rIP0Yhfz_P23gH7eJQbcEOfDt0BRr3eKWfDyqwODVP70ccasHWmJ0QdY-Dp8WAfgnI8Yclu14Kkw&sai=AMfl-YTzNC2nIYvOmx47OD-LlaVf0gcldJni1fQ1skfXfUmgilWoUmvembTMssug9RBJ1C_oIlCczIJ5-0y13lLmVebQfGalUsuhdPvFgwHK_LPU0H5I4xTwdTsX02U&sig=Cg0ArKJSzGEsWRFpVCIXEAE&cid=CAASEuRodWJPNH7Hc4XZmkX2jjafYQ&id=lidar2&mcvt=1002&p=136,238,230,966&mtos=0,1002,1002,1002,1002&tos=0,1002,0,0,0&v=20210609&bin=7&avms=nio&bs=0,0&mc=0.96&if=1&app=0&itpl=20&adk=830238079&rs=4&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ%3D%3D&vs=4&eosm=0&rst=1623347686148&dlt=8&rpt=1&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Jun 2021 17:54:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK event.png
tps20227.doubleverify.com/ Frame 4204 67 B
491 B 9ms
8ms Ping
image/png 213.254.244.17
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to

Full URL: https://tps20227.doubleverify.com/event.png?impid=b76afaa78b3b4b18a774f151832b8a49&gdpr=&gdpr_consent=&msrcanlm=392&msrcannum=3&eoid=7&ismms=46&isumms=45&isvelg=1&nvr=6&isgmmims=46&isgmv4mims=46&elmtp=6&isbxdms=2165&b0=100&b11=2153&adhgt=600&adwdth=300&norwdth=300&norhgt=600&engisel=1&vsos=9&dvp_vsosnmr=16&lftb=2253&sftb=2253&msrdp=4&naral=128&vct=512&vphgt=1200&vpwdth=1600&chgt=600&cwdth=300&invcs=false&scrhgt=1200&scrwdth=1600&strp=0&advisonl=false&isiabvms=1046&isuiabvms=1046&isgmpims=151&isgmv4dpims=1046&ispmxpms=1046&engalms=44&engscrlms=152&dvp_pageEng=true&dvp_dpr=1&cbust=1623347687480670
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1425.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.17 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: ebf4f635a17d10d6eb46ba680b70142419aa3220f228001a036d311a22ee9d2a

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:47 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Content-Type: image/png
Access-Control-Allow-Origin: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Content-Length: 98
Expires: 6/9/2021 5:54:47 PM

POST
H/1.1 200
OK event.png
tps20222.doubleverify.com/ Frame 0EAE 67 B
491 B 8ms
7ms Ping
image/png 213.254.244.17
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to

Full URL: https://tps20222.doubleverify.com/event.png?impid=5051b7d51cb24859b21a6a912adb3673&gdpr=&gdpr_consent=&msrcanlm=394&msrcannum=4&eoid=7&ismms=15&isumms=14&isvelg=1&nvr=6&elmtp=3&isbxdms=2120&b0=100&b11=2154&adhgt=600&adwdth=300&norwdth=300&norhgt=600&engisel=1&vsos=9&dvp_vsosnmr=16&lftb=2254&sftb=2254&msrdp=7&naral=2&vct=512&vphgt=1200&vpwdth=1600&chgt=600&cwdth=300&invcs=false&scrhgt=1200&scrwdth=1600&strp=0&advisonl=false&isiabvms=1014&isuiabvms=1014&ispmxpms=1014&engalms=14&engscrlms=119&dvp_pageEng=true&dvp_dpr=1&cbust=1623347687486465
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1425.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.17 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: ebf4f635a17d10d6eb46ba680b70142419aa3220f228001a036d311a22ee9d2a

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:46 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Content-Type: image/png
Access-Control-Allow-Origin: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Content-Length: 98
Expires: 6/9/2021 5:54:47 PM

GET
H2 200 army.gif Show response
commandwindows.com/porpoiseant/ 0
42 B 8ms
8ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTAzODI0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMDEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ3MzM0LCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX3NpemUiLCJ2YWwiOiJbNzI4LDkwXSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTAzODI0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMDEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ3MzM0LCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2ZsdWlkIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjEwMzgyNDgiLCJkb21haW5faWQiOiIxNDYiLCJ1bml0IjoiZGl2LWdwdC1hZC1jb21tYW5kd2luZG93c19jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjMzNDc2NzYsImFkX3Bvc2l0aW9uIjoxMDAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImRkM2Q4Mzc1LTQxZDEtNDA2Ni00YTlmLWFkNTc3OWQ3NDg1NyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk2Nzg0NzMzNCwiY3JlYXRpdmVfaWQiOjEzODI1Nzg1MjUxMiwiZGF0YSI6W3sibmFtZSI6ImRvbWFpbl9kZnBfc3R5bGVfaWQiLCJ2YWwiOiIwIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTAzODI0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMDEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ3MzM0LCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX3NpemUiLCJ2YWwiOiJbNzI4LDkwXSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTAzODI0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMDEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ3MzM0LCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2ZsdWlkIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjEwMzgyNDgiLCJkb21haW5faWQiOiIxNDYiLCJ1bml0IjoiZGl2LWdwdC1hZC1jb21tYW5kd2luZG93c19jb20tYm94LTItMCIsInRfZXBvY2giOjE2MjMzNDc2NzYsImFkX3Bvc2l0aW9uIjoxMDAxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImRkM2Q4Mzc1LTQxZDEtNDA2Ni00YTlmLWFkNTc3OWQ3NDg1NyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk2Nzg0NzMzNCwiY3JlYXRpdmVfaWQiOjEzODI1Nzg1MjUxMiwiZGF0YSI6W3sibmFtZSI6ImRvbWFpbl9kZnBfc3R5bGVfaWQiLCJ2YWwiOiIwIn1dLCJpc19vcmlnIjpmYWxzZX1d
pragma: no-cache
cookie: __gads=ID=6a5e9a182245cfd9:T=1623347685:S=ALNI_MYFdL4wXsmzA-ppAMNLzrExIi82Mg; ezepvvr=NaN; ezouspvh=80; ezouspvv=110; ezouspva=2
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:47 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 09 Jun 2021 17:54:47 UTC

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 14ms
14ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=commandwindows.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 17:54:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 14ms
14ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=commandwindows.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 17:54:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 342 B
170 B 337ms
337ms XHR
text/plain 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1826864915106731&correlator=1511506390116395&output=ldjh&impl=fif&eid=31061413%2C21068030%2C31061143%2C44744016&vrg=2021060901&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210610&iu_parts=104418548%2Ccommandwindows_com-box-4&enc_prev_ius=%2F0%2F1&prev_iu_szs=250x250%7C310x320%7C310x330%7C320x330%7C410x370&ris=1&rcs=7&prev_scp=iid11%3D1040648%26iit%3D4%26t%3D30%26d%3D146%26t1%3D30%26pvc%3D0%26ap%3D1003%26sap%3D1261%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D8%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dn%26refs%3D30%26ga%3D6206860%26gala%3D1501035%26rid%3D99998%26pt%3D3%26al%3D1003%26compid%3D0%26tap%3Dcommandwindows_com-box-4-1040648%26eb_br%3Db07f0a682484a2a69597aa47c6dbb7ac%2C9ae587f95e95c876b7b76fd4c72a3838%26eba%3D1%26ebss%3D10082%2C10061%2C10015%2C11304%26gas%3D2017884480%26asau%3D7210502436%26bv%3D0%26bvm%3D2%26bvr%3D7%26shp%3D3%26br1%3D180%26br2%3D650%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D32%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C919%2C20%2C20%2C20%2C20%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D200%26reqt%3D1623347687856&eri=1&cookie=ID%3D6a5e9a182245cfd9%3AT%3D1623347685%3AS%3DALNI_MYFdL4wXsmzA-ppAMNLzrExIi82Mg&bc=31&abxe=1&lmt=1623347687&dt=1623347687864&dlt=1623347677004&idt=967&frm=20&biw=1600&bih=1200&oid=3&adxs=335&adys=1395&adks=193407168&ucis=q&ifi=26&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fcommandwindows.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=250x270&msz=250x250&ga_vid=1869561420.1623347679&ga_sid=1623347679&ga_hid=607783575&ga_fc=false&ga_wpids=UA-29096671-22&fws=4&ohw=750&btvi=14&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

90e2f054067bfa46e933d69a3b06d60f46ade51c403a2dbfff30f6f61868d75e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:48 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 141
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://commandwindows.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif Show response
commandwindows.com/porpoiseant/ 0
42 B 8ms
8ms XHR
text/plain 3.126.196.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://commandwindows.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTA0NjY0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1iYW5uZXItMi0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMzEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ5NDgyLCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX3NpemUiLCJ2YWwiOiJbMzAwLDYwMF0ifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjEwNDY2NDgiLCJkb21haW5faWQiOiIxNDYiLCJ1bml0IjoiZGl2LWdwdC1hZC1jb21tYW5kd2luZG93c19jb20tYmFubmVyLTItMCIsInRfZXBvY2giOjE2MjMzNDc2NzYsImFkX3Bvc2l0aW9uIjoxMDMxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImRkM2Q4Mzc1LTQxZDEtNDA2Ni00YTlmLWFkNTc3OWQ3NDg1NyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk2Nzg0OTQ4MiwiY3JlYXRpdmVfaWQiOjEzODI1Nzg1MjUxMiwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9mbHVpZCIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxMDQ2NjQ4IiwiZG9tYWluX2lkIjoiMTQ2IiwidW5pdCI6ImRpdi1ncHQtYWQtY29tbWFuZHdpbmRvd3NfY29tLWJhbm5lci0yLTAiLCJ0X2Vwb2NoIjoxNjIzMzQ3Njc2LCJhZF9wb3NpdGlvbiI6MTAzMSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiJkZDNkODM3NS00MWQxLTQwNjYtNGE5Zi1hZDU3NzlkNzQ4NTciLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ5Njc4NDk0ODIsImNyZWF0aXZlX2lkIjoxMzgyNTc4NTI1MTIsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiMzAifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: commandwindows.com
URL: https://commandwindows.com/jass/jass.head.js?cb=85
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.126.196.163 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-196-163.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTA0NjY0OCIsImRvbWFpbl9pZCI6IjE0NiIsInVuaXQiOiJkaXYtZ3B0LWFkLWNvbW1hbmR3aW5kb3dzX2NvbS1iYW5uZXItMi0wIiwidF9lcG9jaCI6MTYyMzM0NzY3NiwiYWRfcG9zaXRpb24iOjEwMzEsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiZGQzZDgzNzUtNDFkMS00MDY2LTRhOWYtYWQ1Nzc5ZDc0ODU3IiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjo0OTY3ODQ5NDgyLCJjcmVhdGl2ZV9pZCI6MTM4MjU3ODUyNTEyLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX3NpemUiLCJ2YWwiOiJbMzAwLDYwMF0ifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjEwNDY2NDgiLCJkb21haW5faWQiOiIxNDYiLCJ1bml0IjoiZGl2LWdwdC1hZC1jb21tYW5kd2luZG93c19jb20tYmFubmVyLTItMCIsInRfZXBvY2giOjE2MjMzNDc2NzYsImFkX3Bvc2l0aW9uIjoxMDMxLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImRkM2Q4Mzc1LTQxZDEtNDA2Ni00YTlmLWFkNTc3OWQ3NDg1NyIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6NDk2Nzg0OTQ4MiwiY3JlYXRpdmVfaWQiOjEzODI1Nzg1MjUxMiwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9mbHVpZCIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxMDQ2NjQ4IiwiZG9tYWluX2lkIjoiMTQ2IiwidW5pdCI6ImRpdi1ncHQtYWQtY29tbWFuZHdpbmRvd3NfY29tLWJhbm5lci0yLTAiLCJ0X2Vwb2NoIjoxNjIzMzQ3Njc2LCJhZF9wb3NpdGlvbiI6MTAzMSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiJkZDNkODM3NS00MWQxLTQwNjYtNGE5Zi1hZDU3NzlkNzQ4NTciLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjQ5Njc4NDk0ODIsImNyZWF0aXZlX2lkIjoxMzgyNTc4NTI1MTIsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiMzAifV0sImlzX29yaWciOmZhbHNlfV0=
pragma: no-cache
cookie: __gads=ID=6a5e9a182245cfd9:T=1623347685:S=ALNI_MYFdL4wXsmzA-ppAMNLzrExIi82Mg; ezepvvr=NaN; ezouspvh=80; ezouspvv=110; ezouspva=2
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: empty
:authority: commandwindows.com
referer: https://commandwindows.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 17:54:47 GMT
server: nginx/1.16.0
vary: Accept-Encoding Accept-Encoding
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-length: 0
expires: Wed, 09 Jun 2021 17:54:48 UTC

GET
H/1.1 200
OK bsevent.gif
tps20513.doubleverify.com/ Frame C46C 807 B
1 KB 15ms
14ms Image
image/gif 213.254.244.17
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tps20513.doubleverify.com/bsevent.gif?impid=ab5987b9d33748e48afdca3adccd13d6&pltfrm=Linux%20x86_64&cbust=1623347688253410
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.17 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 78fdf5abc0ba7951eb52c6d66c9d1a9f8766f4d1c60ca05173c26623de3f3416

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:47 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Content-Type: image/gif
Cache-Control: max-age=0
Content-Length: 860
Expires: 6/9/2021 5:54:48 PM

POST
H/1.1 200
OK event.png
tps20225.doubleverify.com/ Frame 5F4A 67 B
491 B 28ms
9ms Ping
image/png 213.254.244.17
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to

Full URL: https://tps20225.doubleverify.com/event.png?impid=f8103741b1974b3d849ab1257f498246&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&dvp_t1stMsgD=45&vdur=16&eoid=5&msrjs=1425&pltfrm=Linux%20x86_64&isvelg=1&vit=2&engms=1&engisel=1&cbust=1623347688567401
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1425.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.17 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: ebf4f635a17d10d6eb46ba680b70142419aa3220f228001a036d311a22ee9d2a

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:47 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Content-Type: image/png
Access-Control-Allow-Origin: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Content-Length: 98
Expires: 6/9/2021 5:54:48 PM

POST
H/1.1 200
OK event.png
tps20229.doubleverify.com/ Frame 52EF 67 B
491 B 24ms
8ms Ping
image/png 213.254.244.21
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://tps20229.doubleverify.com/event.png?impid=db2151e3ca474635aa597b40b3757487&gdpr=&gdpr_consent=&dvp_gdpr_Error=3&dvp_gdv2_Error=3&dvp_ealrgx=1&dvp_ealmp=1&dvp_ealslr=1&dvp_t1stMsgD=14&vdur=16&eoid=5&msrjs=1425&pltfrm=Linux%20x86_64&isvelg=1&vit=2&engms=1&engisel=1&cbust=1623347688575624
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements1425.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.21 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: ebf4f635a17d10d6eb46ba680b70142419aa3220f228001a036d311a22ee9d2a

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:48 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Content-Type: image/png
Access-Control-Allow-Origin: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Content-Length: 98
Expires: 6/9/2021 5:54:48 PM

GET
H/1.1 200
OK bsevent.gif
tps20517.doubleverify.com/ Frame AB0D 807 B
1 KB 9ms
8ms Image
image/gif 213.254.244.17
DOUBLE-VERIFY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tps20517.doubleverify.com/bsevent.gif?impid=dc08beab43414f67bb05e2e410c84ecb&mascid=kpr7apitd5z7zta55nl5r95uzv79kxp2&dvp_masver=6&dvp_tisf=2&dvp_t1stMsgB=414&cbust=1623347689021759
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.17 , United States, ASN36062 (DOUBLE-VERIFY, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 78fdf5abc0ba7951eb52c6d66c9d1a9f8766f4d1c60ca05173c26623de3f3416

Request headers

Referer: https://977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 10 Jun 2021 17:54:48 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Content-Type: image/gif
Cache-Control: max-age=0
Content-Length: 860
Expires: 6/9/2021 5:54:49 PM

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 15ms
14ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=commandwindows.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 17:54:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 14ms
14ms Script
application/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=commandwindows.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060901.js?31061413

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://commandwindows.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Jun 2021 17:54:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET ads
securepubads.g.doubleclick.net/gampad/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: google2waycm.netmng.com
URL: https://google2waycm.netmng.com/cm/?google_gid=CAESENewhcDsalMshQpE7omFQnc&google_cver=1&google_push=AYg5qPIaq7OwJA-MxefwE_KqmqJCAM574L2hV99RACPqaahwWTNGevJ07BwK89vj8SXgNBA7Icpx2qqS2bQoeHuM2oVRrXTbuqQbaQ

Domain: um.wbtrk.net
URL: https://um.wbtrk.net/doubleclick/user/match?google_gid=CAESEHLbp36inuU3SuHJpN_tURc&google_cver=1&google_push=AYg5qPIyTnW4XRO5p-DK7ksmuzglQG5WRszzq2vaJ83AlHR5PIWJAgu3lIlRhwqi6zANx2CAKA542wtVTu5w6bnSbP8DVzPA1cNj

Domain: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1826864915106731&correlator=2560872345500662&output=ldjh&impl=fif&eid=31061413%2C21068030%2C31061143%2C44744016&vrg=2021060901&ptt=17&us_privacy=1---&sc=1&sfv=1-0-38&ecs=20210610&iu_parts=104418548%2Ccommandwindows_com-box-4&enc_prev_ius=%2F0%2F1&prev_iu_szs=250x250%7C310x320%7C310x330%7C320x330%7C410x370&ris=2&rcs=8&prev_scp=iid11%3D1040648%26iit%3D4%26t%3D30%26d%3D146%26t1%3D30%26pvc%3D0%26ap%3D1003%26sap%3D1261%26a%3D%257C5%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D9%26at%3Dbf%26adr%3D399%26ezosn%3D2%26reft%3Dn%26refs%3D30%26ga%3D6206860%26gala%3D1501035%26rid%3D99998%26pt%3D3%26al%3D1003%26compid%3D0%26tap%3Dcommandwindows_com-box-4-1040648%26eb_br%3Dzero%26eba%3D1%26ebss%3D10082%2C10061%2C10015%2C11304%26gas%3D2017884480%26asau%3D7210502436%26bv%3D0%26bvm%3D2%26bvr%3D7%26shp%3D3%26br1%3D0%26br2%3D650%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D32%252C0%252C28%252C67%252C45%252C122%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C760%2C815%2C817%2C899%2C919%2C20%2C20%2C20%2C20%2C20%2C17%2C18%2C19%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D180%26reqt%3D1623347688367%26ss38%3D1%26ss9%3D1&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1623347689&dt=1623347689374&dlt=1623347677004&idt=967&frm=20&biw=1600&bih=1200&oid=3&adxs=335&adys=1395&adks=193407168&ucis=r&ifi=27&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fcommandwindows.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=250x270&msz=250x250&ga_vid=1869561420.1623347679&ga_sid=1623347679&ga_hid=607783575&ga_fc=false&ga_wpids=UA-29096671-22&fws=4&ohw=750&btvi=15&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Verdicts & Comments Add Verdict or Comment

264 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

24 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.commandwindows.com/	1970-01-19 18:55:48	Name: __utmt_f Value: 1
.google.com/	1970-01-19 23:19:18	Name: NID Value: 216=Zng94D_TLZrdWsxtZCJemMU4W1OoiRBg3zB0NP0XTMDm23A8NGwTcOKLB-Ix3m-X8WkqxCOEQpNKCLt6HTLO_tSLA193XO1IsUtaynvAL8Nedwx_a-p7r0vieBblGhkF-6OJ6WsZ_TuMIMwyMi3C07MN0tVzkQPf27f8lxYmHWU
.commandwindows.com/	1970-01-19 18:58:40	Name: ezovuuidtime_146 Value: 1623347676
.commandwindows.com/	1970-01-19 18:55:49	Name: ezovid_146 Value: 431109339
.commandwindows.com/	1970-01-19 18:55:48	Name: __utmt_e Value: 1
.commandwindows.com/	1970-01-19 18:55:49	Name: __utmb Value: 92376719.2.10.1623347679
.commandwindows.com/	1969-12-31 23:59:59	Name: __utmc Value: 92376719
.commandwindows.com/	1970-01-19 18:55:54	Name: ezoref_146 Value:
.commandwindows.com/	1970-01-19 18:58:40	Name: active_template::146 Value: %2Farticle%2Fgrayscale.1623347678
commandwindows.com/	1970-01-20 04:17:30	Name: cto_bundle Value: 28pBK192VFBSdjVpM0FNcHBSenJjVGd0ZHlRRk9KeGJxWmdLdVUxN04xSHd0MlhuYnp0NXo5YWlRcXRpV1FXdzcxT1hIaHczMGFJQkpaTWVpMTEyQXB5VmUySiUyQnVHZEdjbkhzMFZMSnolMkJjbEtOWjJwNm4zeDFEJTJGR3pSOWdPeCUyQjglMkZQTjg
.commandwindows.com/	1970-01-20 12:26:59	Name: __utma Value: 92376719.1869561420.1623347679.1623347679.1623347679.1
commandwindows.com/	1970-01-20 04:17:30	Name: cto_bidid Value: _de7eF9rUnJsNmFHOVdaMWNXZU1CUjJtNmhrT1BMSFU2ZEpJSFgxdWRoRTB6UU15Q1JRNnpTdXNXUENKWVNnQW52aVc2JTJGclpjdHRPSUNjeW1obDBtbkdIM1lBJTNEJTNE
.commandwindows.com/	1970-01-19 18:57:14	Name: ezepvv Value: 0
.commandwindows.com/	1970-01-19 23:18:35	Name: __utmz Value: 92376719.1623347679.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
commandwindows.com/	1969-12-31 23:59:59	Name: ezouspvv Value: 0
.commandwindows.com/	1970-01-22 08:14:59	Name: ezohw Value: w%3D1600%2Ch%3D1200
commandwindows.com/	1970-01-19 19:38:59	Name: _pbjs_userid_consent_data Value: 3524755945110770
commandwindows.com/	1969-12-31 23:59:59	Name: ezouspva Value: 0
.commandwindows.com/	1970-01-22 08:14:59	Name: ezds Value: ffid%3D1%2Cw%3D1600%2Ch%3D1200
.commandwindows.com/	1970-01-19 18:55:49	Name: ezovuuid_146 Value: 5ff8d63c-403d-481b-7a20-72d8e53e121c
.commandwindows.com/	1970-01-20 03:41:23	Name: ezCMPCCS Value: false
.commandwindows.com/	1970-01-19 18:55:49	Name: ezopvc_146 Value: 1
.commandwindows.com/	1970-01-19 18:55:49	Name: ezoadgid_146 Value: -1
.commandwindows.com/	1970-01-19 18:55:54	Name: ezoab_146 Value: mod1

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	debug	URL: https://static.adsafeprotected.com/sca.17.5.5.js(Line 32) Message: a: 0.001708984375 ms

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

977a492a28203e0cb19507c1148aa9d9.safeframe.googlesyndication.com
a.tribalfusion.com
accounts.google.com
acdn.adnxs.com
ad.doubleclick.net
ad.turn.com
ad4m.at
ads.creative-serving.com
ads.playground.xyz
ads.pubmatic.com
ads.travelaudience.com
adservice.google.com
adservice.google.de
ajax.googleapis.com
ap.lijit.com
apis.google.com
bh.contextweb.com
bttrack.com
c.amazon-adsystem.com
c1.adform.net
cdn-3.commandwindows.com
cdn.doubleverify.com
cdn3.doubleverify.com
cm.adgrx.com
cm.g.doubleclick.net
cms.quantserve.com
code.createjs.com
commandwindows.com
csync.loopme.me
d.adroll.com
d.adtriba.com
d5p.de17a.com
dis.criteo.com
dsp.adfarm1.adition.com
dsp.nrich.ai
dsum-sec.casalemedia.com
dt.adsafeprotected.com
eb2.3lift.com
eu-u.openx.net
ezodn.com
ezoic-d.openx.net
g.ezodn.com
g.ezoic.net
gcm.ctnsnet.com
go.ezodn.com
go.ezoic.net
google2waycm.netmng.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
green.erne.co
gum.criteo.com
hbopenbid.pubmatic.com
htlb.casalemedia.com
ib.adnxs.com
id5-sync.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
js-sec.indexww.com
loada.exelator.com
match.adsby.bidtheatre.com
match.adsrvr.org
match.prod.bidr.io
match.taboola.com
mug.criteo.com
onetag-sys.com
p.rfihub.com
pagead2.googlesyndication.com
pixel-sync.sitescout.com
pixel.adsafeprotected.com
pixel.onaudience.com
pixel.quantserve.com
pixel.rubiconproject.com
pm.w55c.net
pool.admedo.com
pr-bh.ybp.yahoo.com
pubmatic-match.dotomi.com
px.owneriq.net
r.turn.com
red.vtracy.de
rtb-csync.smartadserver.com
rtb.gumgum.com
rtb0.doubleverify.com
s.ad.smaato.net
s.amazon-adsystem.com
s.tribalfusion.com
s0.2mdn.net
secure.adnxs.com
securepubads.g.doubleclick.net
simage2.pubmatic.com
ssbsync.smartadserver.com
ssl.google-analytics.com
ssl.gstatic.com
ssum-sec.casalemedia.com
static.adsafeprotected.com
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.1rx.io
sync.crwdcntrl.net
sync.mathtag.com
sync.targeting.unrulymedia.com
sync.teads.tv
tag.1rx.io
tpc.googlesyndication.com
tps.doubleverify.com
tps20222.doubleverify.com
tps20225.doubleverify.com
tps20227.doubleverify.com
tps20229.doubleverify.com
tps20513.doubleverify.com
tps20517.doubleverify.com
tracking.m6r.eu
trc.taboola.com
um.simpli.fi
um.wbtrk.net
ups.analytics.yahoo.com
us-u.openx.net
www.google.com
www.googletagmanager.com
www.googletagservices.com
x.bidswitch.net
google2waycm.netmng.com
securepubads.g.doubleclick.net
um.wbtrk.net
104.111.242.53
104.244.36.20
142.250.184.194
142.250.185.162
142.250.185.230
142.250.185.98
151.101.114.49
151.101.13.108
159.253.128.183
162.55.6.210
178.250.2.146
178.250.2.151
178.62.202.251
18.156.0.31
18.156.95.187
18.159.182.76
18.195.105.17
18.195.177.11
18.195.222.183
18.198.126.47
184.31.88.106
185.29.135.226
185.33.220.240
185.64.189.112
185.64.190.78
185.64.190.80
185.64.190.81
185.86.137.122
185.86.138.144
192.132.33.46
193.0.160.129
198.148.27.140
199.232.137.44
2.18.233.180
2.18.234.21
2.21.111.28
2001:678:cb4:bbbb::11
213.155.156.166
213.19.147.42
213.19.147.45
213.254.244.17
213.254.244.21
216.52.2.39
2600:9000:2156:1800:2:cb38:840:93a1
2606:4700:20::ac43:4a81
2606:4700:3032::ac43:b890
2606:4700:3033::ac43:818c
2606:4700::6812:c05
2620:116:800d:21:8c6e:cf2c:8d6:9fb5
2a00:1288:110:c305::8000
2a00:1450:4001:801::2002
2a00:1450:4001:802::2001
2a00:1450:4001:809::2002
2a00:1450:4001:80e::2002
2a00:1450:4001:80f::2002
2a00:1450:4001:80f::2003
2a00:1450:4001:80f::200e
2a00:1450:4001:810::2001
2a00:1450:4001:811::2002
2a00:1450:4001:811::200d
2a00:1450:4001:812::2008
2a00:1450:4001:813::2004
2a00:1450:4001:813::200a
2a00:1450:4001:827::2008
2a00:1450:4001:82a::2006
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::2004
2a00:1450:400c:c00::9c
2a02:2638:1::13
2a02:26f0:6c00:286::4469
2a02:26f0:6c00::210:ba2a
2a02:fa8:8806:12::1370
3.124.222.92
3.126.196.163
34.249.39.204
34.98.107.212
34.98.64.218
35.186.193.173
35.190.0.66
35.210.53.219
37.157.4.41
51.210.112.236
51.68.39.188
51.89.21.30
51.89.9.253
52.208.41.69
52.209.246.140
52.222.174.45
52.222.200.121
52.30.140.199
52.46.130.13
52.49.15.202
52.58.194.104
54.74.23.153
66.155.71.25
69.173.144.138
72.251.241.196
72.251.244.142
76.223.111.131
85.114.159.93
94.23.171.206
0280b3f24cb632b54830216ae0ea2e888adf56eed9dfd5ada84811d58fe772de
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
094faff6efb2d3db27fe3db9d6b6f5c9bb6788b8c159fb26c62a20e1c8651092
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0b9a8a3f27fa969797b4fbec0716dcacd5aaa38202277691d7baf41a540963fd
0e7b9ee2f39a132f4327dc6d693699e292746f6f54735f6bf5b6e7b26aa0eceb
0f4b08d07ecca9f8fcaf108ea78bb163fc98cfc19a844bd0f87412ab34a41873
0ffb5757efc34c840d59db5ef73859bf7afd7a5f21563007729059c80c91b619
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
15f0626dd31e3e991a1c21d6304f2e370b92b3c91650de3d7ed8a38f1159a457
160b8958c636851c64813685c13d067eb1e68f55c97e334a9d859227cd703d71
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
187e5ab1d37aaa4779205fddec1d0bd632c73ba09db7590c8f79bc238557932f
1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74
1c5ad2fd42dffdf04a0f1d757c1cccb4d840218d7ecada79d6cc9db33ca40319
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944
1d6f7818a09adfc9c11ff7110eb866179ef9d36a3625cd1c02e23292d315daaa
213567f14f6b77ad4baaf4370d9dc851df9e0dc5f636b8adab27e706dccea5e5
2904be6a6ba734ea646365bbeddba0d35f45d56fe04b693ac28dcc8a05fb6771
2c59cec3db47ccd3f015e06fc31feaac076be942fd55c8336d6af899033eccc6
2c92e3fb093fd169d782a6b9f18349bb1a8c7de9bb2d485aaee5071b57b33780
2d62387ccb392e7adc19bc2c04a883f83b29a90697d639e07a2e477e09a9ef70
2d7f6693d8493cbd0805c5e3882bf9facdc9fb3a7285bb02e0a5bcd2c45d6b80
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2fd2bad0e7603a201715b4a81572a8e4a8cda06b6687fff0e5b76b502a50f10c
308c303ae88239f79e5bc5906a6c9aca3c770fa75c0e726446d44bbedbe0fda1
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
32f8ebb215f7201adacb1c1138c3a74447de9e3ba448471ce632c5fa248ea1de
33b0e16e10bede6f307255874e70adb6ec77a8490801c94b570831388838ed61
34078ad6af458a329ec55b2b8c4c44b5cd1ee5ca72f77e076ae62ddc59b28e67
340922323430212ea96bbb15bd2590856062b7937adbdc35a500490a296b370a
34e9a619897b9223115c6588f352612268c90c3d83990829768973759b0d1a6e
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
36b2c05681dfac78ce4f8846954893acbd5e7839744ec845b05607945ee75132
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
37a6841934799aa44a233feb63aa68cf17ddddfae23d2391fd0b96023e784041
3a677da8f32851941b090ee6e9294757cba154033200b20231b2a4ca7f62a820
3ab790f0057f16ba85f2ef67be0e5109dfffa102cda0356dadb2b0a4f4d14b41
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3dc0b6e4edbfc8d6d8446e112130624fd05d7b8a8cfe62839046fc733c8b19a8
3ed7961b640cad3efd4a453277533d8f8c87368d0b46fde38fd5d8d7d9a7dea8
3f096985235603f28354aef601904f3d5ac9002f8cf52ab7a944ac6f37807654
400fe79399099ea15ff9e2b9a10c983ecc76d497c58cce9cd7b1ab3171246f8b
409dda3bac2eea0a05f9111de254bd1cec4ec1acf42128e9cce45d997f6aa504
413fcb7008e5ebce12725900ccdb59eb7532b272a322e6bf3eefff95758df604
41d7799c0ac85b8ee589bac435fcea367b156811d9e45953e5d982f64496ece5
41eb9054d5d5527274926b32631be8eb22dd6254f15a4d9d14cfe2688ea4f538
4352cfa8fda2d24a3124d33de7ec0e1729191a6b72b705ab0511f08cf16526c9
4362154d3ec8f1388346290768aa48faef1de0a003bbcf4645b11a96bd37645d
44d0e89b07aa7ae466e8a3a2033adb8d9f56b0b8aea824272d51b2c912d096f8
482e5a29dfc92cf0f3f2bdc1034b270edcfecc29e81311d2ed277c74ec091232
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4908e3bea0e8ead2913b57d52ec3ab989594499e1d50e956a7b7cb6fd3387e8e
49b4590226bef6c7dcb22c0b11a0b97870947589e4e74d0a8c6269fb157e9a90
4b4924b6ea8623395984b522ee4e1fe77f464940d2bb155ae40bce56fbcd3423
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b8f918aa4331fa88ea1079ea8c0131487f22dc2469627c8286c192edeb45ad8
4c26e179ae492250ba315e5b2f5dab890c9ce066172bea38313ceb338bbcf92f
4d097a0116293da844fdeeaa11f41dd941e511e6df699ff2195e8499de8a42fd
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e3cb1a2b68a23ad3a0882885045a67625e2404a40a09192465af27dc5c2ecef
4edf69abe305be25c210aa0774c5120c9857871befb820ee130de78fcc472fe3
4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0
4fa130b2ad67bd88b0865097551bb1d189565b1851051e412fb75396a9179ba5
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
51752e4d90e0d6db81458bfca64027a5b7eb132518699da4804cb5f03467f533
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5578a62b81f315375d072cfe506fc13813e844f94c910bdb15ce20e1fc3ef50a
5745b0df5bcc2a347423d33f0568830c1827bef979108651948fb97eab5d547e
585bc93b4f17ba9642ff92432351d17e07e8c083c42e13dc995bae0e73546792
591091641570ac060501bffc1fcaa1e1576a898b141721bf5d69336d37501e41
5aa700badbd5f9dd9212d9aff48d65fe0c65a85b74546635c27382f66bec91fd
5bd9ca2f57b6c388332dd095d8c9be87dc71c2e1b78b843515ae758fe05a1223
61c594d28088d85f871844ffafd76abd358d7c358fc313f0fab548b6654802d4
633411252cd3723532e0cb3c8c4214863de95cb26997c7ff3273aaf8f55d0d2a
64dec0fded2215b030831b2a68ac02737eb2fa1c0fb136862a75a9df7be8e93d
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
67f3a4b28e31f953258c27aa623611063c27076fd0201d00cf33ece8fa8219b3
68abdb272d092569fb5e13221203ee350a727ad48853fea3c18d7ef14bf6c6b5
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6bbfe8230161b4ec8b7ebf7872269f7865940f8c7bde022475b95feb3772e292
6bc7c3ad25577ae877bf367010b15feb325f9ad391b5b3f9f9849a1ef344c331
718699894629308571c278f9cbcf9a55c31c8b78338011d212b378893eb994be
736741e27976b720a09de1da5ae330980592e49b3c90861fdbabbaf2485dbce1
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
7529b11940f8a77767d97b70e5392487b7fffeb7bcd408da18bdc71665a81d41
769d3fd7571d3271b64cf751c1892c5da94541dd33bce03193c9e1f8f8aafe1e
76a0d76f135419f4d00213037cda0cba949a0372e01ab6a1d70072008a56bd18
780849559953abc98981f7964d063930d1b9cdf5f9aff09e60bd64cc2d9de59a
78eeb94a98535644346ca02fe218cbdedba4fe3ab34f64a897a02849b06f49f8
78fdf5abc0ba7951eb52c6d66c9d1a9f8766f4d1c60ca05173c26623de3f3416
7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c
7fd6685c64b8fc149daad29346247b5c8119e2ed193b0055389a91587a3ecc9c
815a97ed7e60fa43d827e40ba32f82c30b3ef7038dbcefb53ef9310a2d8e5c5b
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8435698fbefd8c402d41e25a618e6a839d45a5cf1aa8e2c224565024659f1b6c
84d57f14553503f2e1ce648d72f6b0efcf7ff146a3073235eb68f18540d32c8d
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
8621dc9e845793639d07546a32de71cc51911a5807c8fde420468ce06788b282
86be5d6a3d661fd3d5d72f254a347dec5c66cad569117f51dad297acba02f558
87a2f066a272d5e6d190f00cc5ece285c63995b994b0fc58f3c091c0bb486dbc
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8b988d1d4d7625ce5d8cb96e2c06bdd5ce1049f17b82604926db091297b5270d
8bafbee09031b633480fbd91bcdc5e7cf9cd2c360fa293b75cb1e3a31e9d8883
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e4148996d058adc797a2fe1a17d9046a27a6a9e9f5f13c0c01b21d6488b9aad
9010e5a841cf0acfb13facfaa2c3318bc8118020ec071d15de099eb9a628fd01
90e2f054067bfa46e933d69a3b06d60f46ade51c403a2dbfff30f6f61868d75e
917bd901ebb58505bebb8551fba4ff051c2d8f5b22cf960908141f4911bab005
92f7a73eeec9544e6ba1cef5320b7ff1518bef5a5325a15d6d638e2996092b58
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
96915e1e73870d19f43d193f2530eb0518cb9075f0703fdd0b79f6a24ea36efd
9a5699b4783430288fd99baa5f18074d775b4ac62de05f5298cb3d029106e476
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9c8cf38d1dee0b9ea30d20299c7cd8fa25b9d646c6bd86d364313aa04f009cac
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a191197c3f5a5965a00a9cd71c3270ce3f2ca55bfc5eca06303f7b990e5c6da9
a1a52148e55ef67f9b2b23a2898ce9fa4018bb7f48fddeab80196d24ba94019b
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5e762276ffd20732a10037842bac383dc64a7b230ab1f48f2a0ff7406b8b9c8
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
aa38e9c5c9ca09d79ad868756fde8ee873151dfcac2703033c73279e92def693
aae6864078d09b52e7a5f3939bff21169e8f4cc0cd0fe56fd075a9bdd963a26c
ad9b95dc8aec99a5335567c6f5f6df98de9a73db72d236b20363d94674ec65f8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b176de534428b3b8d36fb821412c5075cc426bfb3fe282571bcd9f00f2c0b152
b1d498e3e12268c6a8b066ddb3468f90be4471748e97e4cebdd4d11d5dc55f2a
b25d60344a243968e6588253f0e2ba19cd2847e72627c4fb70f8efb125366891
b44eb85c6d5c5c01e075166a2ee52630b0b23ae43db3b2c4fe42ffc4e110cf2a
b4881fa12a2ddb282c38c086e7e5186b682e9c25cc67d252a10fc36b4919b303
b59d5e05ba02aeecbb237e8f720a98eae8f415019e0ea199367c64d2a4c280f3
b5d2bec329c7e1282a8ab19fb4fb8db535da201cb45f15b2611cd316eb684e8c
bb577c363f0f367c83354861ba077b54a9b6266eeca7c9ca1ae7bb51eb6dbc31
bc5172fed700c33fde35f53726527534c7013d5939037a87d76fa6d907a44361
bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05
bedd41e01c46dfe00a707c8d69daa16f3f269eee5d29d7202f9a2a02a3b1993d
bef00539ef295191135d4cff9c5c3c4868fc8b8c44640d8859878767357ee0a2
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c45b55f456b7dd076e63c2a4b5962a72593647b487d17b50c9f4494092febb55
c4b77b6214183c17cc86a95a77074d19adf0f18c1acdc135104cb9323b0f4833
c7e09a8d53929e45435f8da63c52d877c1e6b4810d6bbeb34ead17ddf7600320
c80203c7eae413cecc09a4ed0974e31a8538060cddd5bc1f1a5bfa53db672c9e
cabbde8502a6598896a3c812c89ecd99ecfb3e9ca68f632c8c9b3f2a7f6e0046
cca49db4e30966187e0ce03d122cc8236d35d17bff94c3728efd3df5f9d34c1d
ccd782cf644e00ad423dab2cfcb96f06cf92a67420177e38e0db763dc69999d7
ce27107b911de3f53acee88832dc48d723a0e3363e91c41bedf0f55fbfbdfb39
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d03755898b05a3d69377bf7da16ccb307e789a0f569b4dbbcb7b29bdecf967c5
d08a9476a75ce70b809a528e013c76ce2c649c298af7cd5304204292eee19131
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d1ac43e9327c147dc04b1efcd475ba7e9d464e6504eaffb167d0412d339b39e5
d52f2f6e332c39ebc19dec4c0dda31d2a33423c1d1adbf8aed0a143b264be973
dbbd9c6c56c24a1345945fb630a7ed33182f65fc8d6baa5b2e2daeee9618f649
dcd36419da7937e52754772f60380387c49f3243240a21f41ca6d87346f72a0e
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
ddb331f9167b5261f5b344042627aa9c95729f065b5d297b0360569d882342f2
ddef9cc59b08263b13a4e437e55888036ea31f33ce85225146867cc69aa3313f
de7dd7e8a5f2257d16c23c395b9262c6fa04689c81b0e2b8bf7f5bae9f4177dc
dfda58734126b567b24ba011ff297ac1e5585a12de2a7786bc6f8226c5c9b358
dffc5094a1944f9e0f4f1fffeecfe22502dfe74602220895120ecf8a26f34d37
e1a156c3daa4ae0c41f21ef266131ca5a34d56695e3d860b232da142ef031234
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5
e684839cbcef6b16753dae73e92a49b7115f55e83662ead12d5e05bf7b9915fb
e8047292d138b4f46fbe8493b4feed7d0e7777ffb56b3cc7ca0c7131ee9fe21f
ebf4f635a17d10d6eb46ba680b70142419aa3220f228001a036d311a22ee9d2a
ec3985cc749e98a4e14d75a969d7456838bdcb613276552f2cf5d50a4c7a013c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef4c5e0b3c550b5550982694574260b1809223517c977154c989f79b6a54331a
ef9f0db83c1cdc5087c45e25abe893bb2576583ebaee1233ff8bc9ab392d03f6
f1d60dbe76d55a4181303502e62cd4125e2c7f1a34faf423a4b1a2cfaef3fe03
f3bd20d01b128b188d6b6b0409a73d2cc4e4d02aa3d6a518d80567703af71c7f
f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df
f69dfe383fe0ef66df2c8de098fda546a826801c150ec22e7e09b8020b221dae
f7c1022dbae2ac5b2997f6e92f1f25907b053736a52aa40753fb44fcf4760370
f91ee2e457ad58dfe024d4608de8cfce0b2e5fa1c5478269f4cd013377c72feb
fc132a8b0dea4b844451b9e97289325bef8c7ea66a2c74f170b79fe54570c1f3
fef25a4facc1f38db8ba7713e4c0297b32f85f0cf50a8585d9b300ed03c9b5ef

commandwindows.com Open in urlscan Pro 3.126.196.163 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

430 Requests

99 %HTTPS

30 %IPv6

75 Domains

121 Subdomains

74 IPs

9 Countries

2558 kBTransfer

7603 kBSize

24 Cookies

4 Outgoing links

Page URL History

Redirected requests

430 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

commandwindows.com Open in urlscan Pro
3.126.196.163 Public Scan

Screenshot
Live screenshot

Full Image

430
Requests

99 %
HTTPS

30 %
IPv6

75
Domains

121
Subdomains

74
IPs

9
Countries

2558 kB
Transfer

7603 kB
Size

24
Cookies

430 HTTP transactions
6 data transactions