URL: https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-m...
Submission: On December 07 via manual from US — Scanned from DE

Summary

This website contacted 64 IPs in 12 countries across 63 domains to perform 234 HTTP transactions. The main IP is 104.92.81.94, located in Frankfurt am Main, Germany and belongs to AKAMAI-AS, US. The main domain is www.postfun.com.
TLS certificate: Issued by R3 on December 3rd 2021. Valid for: 3 months.
This is the only time www.postfun.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
61 104.92.81.94 16625 (AKAMAI-AS)
3 142.250.184.226 15169 (GOOGLE)
2 18.66.248.14 16509 (AMAZON-02)
1 4 151.101.193.44 54113 (FASTLY)
5 2600:9000:211... 16509 (AMAZON-02)
1 13.35.253.75 16509 (AMAZON-02)
2 3 2620:116:800d... 16509 (AMAZON-02)
5 2a00:1450:400... 15169 (GOOGLE)
4 13.32.29.201 16509 (AMAZON-02)
1 3 72.251.249.13 29791 (VOXEL-DOT...)
5 35.244.159.8 15169 (GOOGLE)
1 178.162.133.150 60781 (LEASEWEB-...)
1 34.197.208.127 14618 (AMAZON-AES)
1 2a0c:5c81:514... 55081 (24SHELLS)
2 3 185.33.221.87 29990 (ASN-APPNEX)
1 2.21.111.28 16625 (AKAMAI-AS)
1 52.28.162.206 16509 (AMAZON-02)
2 18.197.121.240 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:231... 16509 (AMAZON-02)
1 2600:9000:211... 16509 (AMAZON-02)
1 13.35.253.10 16509 (AMAZON-02)
1 52.217.85.16 16509 (AMAZON-02)
11 2a03:2880:f02... 32934 (FACEBOOK)
12 34.243.93.43 16509 (AMAZON-02)
1 44.238.136.108 16509 (AMAZON-02)
1 27 2a03:2880:f12... 32934 (FACEBOOK)
2 54.187.25.111 16509 (AMAZON-02)
2 2 185.33.221.13 29990 (ASN-APPNEX)
1 8 34.211.237.159 16509 (AMAZON-02)
5 7 35.71.131.137 16509 (AMAZON-02)
2 20 185.64.190.80 62713 (AS-PUBMATIC)
12 15 142.250.181.226 15169 (GOOGLE)
5 5 185.29.134.248 30419 (MEDIAMATH...)
6 6 213.19.147.44 3356 (LEVEL3)
1 52.89.213.37 16509 (AMAZON-02)
1 6 62.149.0.72 15497 (COLOCALL ...)
1 185.255.84.153 200271 (IGUANE-)
2 2.18.233.180 16625 (AKAMAI-AS)
2 7 76.223.111.18 16509 (AMAZON-02)
1 169.197.150.7 398989 (DEEPINTENT)
1 2.21.141.232 16625 (AKAMAI-AS)
1 1 193.0.160.129 54312 (ROCKETFUEL)
5 178.162.133.149 60781 (LEASEWEB-...)
1 1 2606:4700:10:... 13335 (CLOUDFLAR...)
4 5 18.194.4.47 16509 (AMAZON-02)
1 2 198.148.27.139 19189 (PULSEPOINT)
2 2 66.155.71.25 13768 (COGECO-PEER1)
1 35.186.253.211 15169 (GOOGLE)
2 34.98.64.218 15169 (GOOGLE)
5 6 37.157.4.29 198622 (ADFORM)
1 198.47.127.19 3257 (GTT-BACKB...)
1 2620:119:50e7... 14413 (LINKEDIN)
1 2 2a05:d018:d29... 16509 (AMAZON-02)
1 2620:1ec:c11:... 8068 (MICROSOFT...)
1 2 52.46.130.91 16509 (AMAZON-02)
1 1 64.74.236.63 22075 (AS-OUTBRAIN)
2 2 2001:678:cb4:... 56396 (AMOBEE)
2 2 213.155.156.169 1299 (TWELVE99 ...)
1 178.250.2.151 44788 (ASN-CRITE...)
1 1 85.114.159.93 24961 (MYLOC-AS ...)
2 2 151.101.194.49 54113 (FASTLY)
3 3 52.215.68.151 16509 (AMAZON-02)
1 185.86.139.114 201081 (SMARTADSE...)
1 1 23.88.75.189 24940 (HETZNER-AS)
1 1 52.200.181.105 14618 (AMAZON-AES)
1 1 188.165.4.142 16276 (OVH)
1 72.251.241.196 29791 (VOXEL-DOT...)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
1 195.5.165.20 44968 (IPROM-AS)
2 198.47.127.20 3257 (GTT-BACKB...)
2 2 51.210.112.236 16276 (OVH)
2 2 52.19.22.209 16509 (AMAZON-02)
1 2 2606:4700:10:... 13335 (CLOUDFLAR...)
1 169.50.137.182 36351 (SOFTLAYER)
2 2 18.156.0.31 16509 (AMAZON-02)
1 34.98.67.61 15169 (GOOGLE)
1 2a02:fa8:8806... 41041 (VCLK-EU-SE)
1 1 159.65.196.12 14061 (DIGITALOC...)
1 1 34.102.253.54 15169 (GOOGLE)
1 54.194.104.251 16509 (AMAZON-02)
1 185.64.190.81 ()
234 64
Apex Domain
Subdomains
Transfer
61 postfun.com
www.postfun.com
676 KB
27 facebook.com
www.facebook.com
5 KB
26 pubmatic.com
image2.pubmatic.com
ads.pubmatic.com
image6.pubmatic.com
simage2.pubmatic.com
image4.pubmatic.com
simage4.pubmatic.com
31 KB
19 doubleclick.net
securepubads.g.doubleclick.net
stats.g.doubleclick.net
cm.g.doubleclick.net
146 KB
12 hmstats.com
s.update.hmstats.com
52 KB
11 ad.gt
a.ad.gt
p.ad.gt
ids.ad.gt
pixels.ad.gt
16 KB
11 facebook.net
connect.facebook.net
739 KB
8 3lift.com
tlx.3lift.com
eb2.3lift.com
3 KB
8 openx.net
hive-d.openx.net
u.openx.net
eu-u.openx.net
rtb.openx.net
us-u.openx.net
11 KB
7 adsrvr.org
match.adsrvr.org
3 KB
7 consensu.org
quantcast.mgr.consensu.org
test.quantcast.mgr.consensu.org
audit-tcfv2.quantcast.mgr.consensu.org
177 KB
6 adform.net
c1.adform.net
3 KB
6 sonobi.com
apex.go.sonobi.com
sync.go.sonobi.com
5 KB
6 amazon-adsystem.com
c.amazon-adsystem.com
s.amazon-adsystem.com
41 KB
5 bidswitch.net
x.bidswitch.net
2 KB
5 mathtag.com
sync.mathtag.com
3 KB
5 adnxs.com
ib.adnxs.com
secure.adnxs.com
19 KB
5 spotim.market
ghb.spotim.market
sync.spotim.market
3 KB
5 google-analytics.com
www.google-analytics.com
24 KB
4 yahoo.com
pr-bh.ybp.yahoo.com
ups.analytics.yahoo.com
2 KB
4 1rx.io
sync.1rx.io
2 KB
4 taboola.com
cdn.taboola.com
trc.taboola.com
match.taboola.com
2 KB
4 p-n.io
cdn.p-n.io
k.p-n.io
56 KB
3 bidr.io
match.prod.bidr.io
2 KB
3 lijit.com
ap.lijit.com
1 KB
3 quantserve.com
secure.quantserve.com
pixel.quantserve.com
11 KB
2 zeotap.com
spl.zeotap.com
mwzeom.zeotap.com
896 B
2 crwdcntrl.net
sync.crwdcntrl.net
1 KB
2 onaudience.com
pixel.onaudience.com
883 B
2 everesttech.net
sync-tm.everesttech.net
744 B
2 de17a.com
d5p.de17a.com
637 B
2 turn.com
ad.turn.com
930 B
2 adtelligent.com
sync.adtelligent.com
788 B
2 sitescout.com
pixel-sync.sitescout.com
603 B
2 contextweb.com
bh.contextweb.com
784 B
2 zemanta.com
prebidtest.zemanta.com
b1sync.zemanta.com
653 B
2 unrulymedia.com
sync.targeting.unrulymedia.com
1 KB
2 casalemedia.com
htlb.casalemedia.com
ssum-sec.casalemedia.com
645 B
1 gumgum.com
rtb.gumgum.com
238 B
1 playground.xyz
ads.playground.xyz
463 B
1 bidtheatre.com
match.adsby.bidtheatre.com
534 B
1 dotomi.com
pubmatic-match.dotomi.com
104 B
1 mookie1.com
odr.mookie1.com
324 B
1 simpli.fi
um.simpli.fi
618 B
1 iprom.net
core.iprom.net
279 B
1 ad4m.at
ad4m.at
915 B
1 adgrx.com
cm.adgrx.com
408 B
1 erne.co
green.erne.co
327 B
1 stackadapt.com
sync.srv.stackadapt.com
650 B
1 loopme.me
csync.loopme.me
216 B
1 smartadserver.com
rtb-csync.smartadserver.com
163 B
1 adition.com
dsp.adfarm1.adition.com
501 B
1 criteo.com
dis.criteo.com
334 B
1 bing.com
c.bing.com
594 B
1 linkedin.com
px.ads.linkedin.com
812 B
1 rfihub.com
p.rfihub.com
750 B
1 deepintent.com
match.deepintent.com
44 B
1 omnitagjs.com
visitor.omnitagjs.com
158 B
1 aufp.io
aufp.io
3 KB
1 amazonaws.com
hivemedia-images.s3.us-east-1.amazonaws.com
8 KB
1 quantcount.com
rules.quantcount.com
356 B
1 postrelease.com
exchange.postrelease.com
393 B
1 scorecardresearch.com
sb.scorecardresearch.com
1 KB
234 63
Domain Requested by
61 www.postfun.com www.postfun.com
27 www.facebook.com 1 redirects connect.facebook.net
15 cm.g.doubleclick.net 12 redirects eu-u.openx.net
eb2.3lift.com
12 s.update.hmstats.com www.postfun.com
s.update.hmstats.com
11 simage2.pubmatic.com ads.pubmatic.com
11 connect.facebook.net www.postfun.com
connect.facebook.net
9 image2.pubmatic.com 2 redirects ads.pubmatic.com
8 ids.ad.gt 1 redirects
7 eb2.3lift.com 2 redirects www.postfun.com
eb2.3lift.com
7 match.adsrvr.org 5 redirects eu-u.openx.net
eb2.3lift.com
6 c1.adform.net 5 redirects ads.pubmatic.com
5 x.bidswitch.net 4 redirects eb2.3lift.com
5 sync.go.sonobi.com
5 sync.mathtag.com 5 redirects
5 www.google-analytics.com www.postfun.com
www.google-analytics.com
5 quantcast.mgr.consensu.org www.postfun.com
quantcast.mgr.consensu.org
4 sync.spotim.market 1 redirects www.postfun.com
4 sync.1rx.io 4 redirects
4 c.amazon-adsystem.com www.postfun.com
c.amazon-adsystem.com
3 match.prod.bidr.io 3 redirects
3 eu-u.openx.net www.postfun.com
eu-u.openx.net
3 ib.adnxs.com 2 redirects www.postfun.com
3 ap.lijit.com 1 redirects www.postfun.com
3 securepubads.g.doubleclick.net www.postfun.com
securepubads.g.doubleclick.net
2 ups.analytics.yahoo.com 2 redirects
2 sync.crwdcntrl.net 2 redirects
2 pixel.onaudience.com 2 redirects
2 image4.pubmatic.com ads.pubmatic.com
2 sync-tm.everesttech.net 2 redirects
2 d5p.de17a.com 2 redirects
2 ad.turn.com 2 redirects
2 s.amazon-adsystem.com 1 redirects eb2.3lift.com
2 pr-bh.ybp.yahoo.com 1 redirects ads.pubmatic.com
2 us-u.openx.net eu-u.openx.net
2 pixel.quantserve.com 2 redirects
2 sync.adtelligent.com ads.pubmatic.com
2 pixel-sync.sitescout.com 2 redirects
2 bh.contextweb.com 1 redirects
2 ads.pubmatic.com www.postfun.com
ads.pubmatic.com
2 trc.taboola.com 1 redirects
2 sync.targeting.unrulymedia.com 2 redirects
2 secure.adnxs.com 2 redirects
2 k.p-n.io cdn.p-n.io
2 cdn.p-n.io www.postfun.com
cdn.p-n.io
1 simage4.pubmatic.com ads.pubmatic.com
1 rtb.gumgum.com ads.pubmatic.com
1 ads.playground.xyz 1 redirects
1 match.adsby.bidtheatre.com 1 redirects
1 pubmatic-match.dotomi.com ads.pubmatic.com
1 odr.mookie1.com ads.pubmatic.com
1 um.simpli.fi ads.pubmatic.com
1 mwzeom.zeotap.com ads.pubmatic.com
1 spl.zeotap.com 1 redirects
1 match.taboola.com ads.pubmatic.com
1 core.iprom.net ads.pubmatic.com
1 ad4m.at ads.pubmatic.com
1 cm.adgrx.com ads.pubmatic.com
1 green.erne.co 1 redirects
1 sync.srv.stackadapt.com 1 redirects
1 csync.loopme.me 1 redirects
1 rtb-csync.smartadserver.com ads.pubmatic.com
1 dsp.adfarm1.adition.com 1 redirects
1 dis.criteo.com ads.pubmatic.com
1 b1sync.zemanta.com 1 redirects
1 c.bing.com eb2.3lift.com
1 px.ads.linkedin.com eb2.3lift.com
1 image6.pubmatic.com ads.pubmatic.com
1 rtb.openx.net
1 prebidtest.zemanta.com 1 redirects
1 p.rfihub.com 1 redirects
1 ssum-sec.casalemedia.com www.postfun.com
1 match.deepintent.com www.postfun.com
1 visitor.omnitagjs.com www.postfun.com
1 u.openx.net
1 pixels.ad.gt p.ad.gt
1 p.ad.gt a.ad.gt
1 aufp.io a.ad.gt
1 a.ad.gt www.postfun.com
1 hivemedia-images.s3.us-east-1.amazonaws.com
1 audit-tcfv2.quantcast.mgr.consensu.org quantcast.mgr.consensu.org
1 test.quantcast.mgr.consensu.org quantcast.mgr.consensu.org
1 rules.quantcount.com secure.quantserve.com
1 stats.g.doubleclick.net www.google-analytics.com
1 tlx.3lift.com www.postfun.com
1 htlb.casalemedia.com www.postfun.com
1 ghb.spotim.market www.postfun.com
1 exchange.postrelease.com www.postfun.com
1 apex.go.sonobi.com www.postfun.com
1 hive-d.openx.net www.postfun.com
1 secure.quantserve.com www.postfun.com
1 sb.scorecardresearch.com www.postfun.com
1 cdn.taboola.com www.postfun.com
234 92

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
www.pinterest.com
twitter.com
Subject Issuer Validity Valid
www.trend-chaser.com
R3
2021-12-03 -
2022-03-03
3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3
2021-11-08 -
2022-01-31
3 months crt.sh
pushlycdn.com
Amazon
2021-03-16 -
2022-04-14
a year crt.sh
*.taboola.com
DigiCert TLS RSA SHA256 2020 CA1
2021-11-28 -
2022-12-29
a year crt.sh
quantcast.mgr.consensu.org
Amazon
2021-04-24 -
2022-05-23
a year crt.sh
*.scorecardresearch.com
Amazon
2021-02-28 -
2022-03-29
a year crt.sh
*.quantserve.com
DigiCert TLS RSA SHA256 2020 CA1
2021-09-22 -
2022-09-21
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2021-11-01 -
2022-01-24
3 months crt.sh
c.amazon-adsystem.com
Amazon
2021-07-06 -
2022-06-27
a year crt.sh
*.lijit.com
Go Daddy Secure Certificate Authority - G2
2021-03-11 -
2022-04-12
a year crt.sh
*.openx.net
GeoTrust RSA CA 2018
2021-07-08 -
2022-08-08
a year crt.sh
*.go.sonobi.com
Go Daddy Secure Certificate Authority - G2
2020-12-06 -
2022-01-07
a year crt.sh
*.postrelease.com
Amazon
2021-01-28 -
2022-02-25
a year crt.sh
ghb.spotim.market
ZeroSSL ECC Domain Secure Site CA
2021-10-27 -
2022-01-25
3 months crt.sh
*.adnxs.com
GeoTrust ECC CA 2018
2021-03-05 -
2022-02-19
a year crt.sh
san.casalemedia.com
GeoTrust RSA CA 2018
2021-02-05 -
2022-02-09
a year crt.sh
*.3lift.com
Amazon
2021-06-12 -
2022-07-11
a year crt.sh
*.p-n.io
Amazon
2021-01-26 -
2022-02-23
a year crt.sh
s3.amazonaws.com
DigiCert Baltimore CA-2 G2
2021-06-23 -
2022-07-24
a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2021-09-15 -
2021-12-14
3 months crt.sh
update.hmstats.com
R3
2021-11-01 -
2022-01-30
3 months crt.sh
*.ad.gt
Amazon
2021-06-09 -
2022-07-08
a year crt.sh
aufp.io
Amazon
2021-11-26 -
2022-12-24
a year crt.sh
omnitagjs.com
Sectigo RSA Domain Validation Secure Server CA
2021-05-24 -
2022-06-23
a year crt.sh
*.pubmatic.com
DigiCert SHA2 Secure Server CA
2021-03-30 -
2022-04-04
a year crt.sh
sync.spotim.market
ZeroSSL ECC Domain Secure Site CA
2021-11-30 -
2022-02-28
3 months crt.sh
*.deepintent.com
Go Daddy Secure Certificate Authority - G2
2020-04-09 -
2022-06-08
2 years crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020
2021-03-18 -
2022-04-19
a year crt.sh
px.ads.linkedin.com
DigiCert SHA2 Secure Server CA
2021-12-03 -
2022-06-03
6 months crt.sh
*.bidswitch.net
Sectigo RSA Domain Validation Secure Server CA
2020-04-23 -
2022-05-04
2 years crt.sh
www.bing.com
Microsoft RSA TLS CA 02
2021-09-30 -
2022-03-30
6 months crt.sh
track.adform.net
DigiCert TLS RSA SHA256 2020 CA1
2021-09-06 -
2022-10-07
a year crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2021-12-01 -
2022-02-26
3 months crt.sh
*.smartadserver.com
DigiCert ECC Secure Server CA
2020-01-30 -
2022-02-03
2 years crt.sh
public1.adgear.com
Sectigo RSA Domain Validation Secure Server CA
2021-02-24 -
2022-03-26
a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2021-07-08 -
2022-07-07
a year crt.sh
*.iprom.net
R3
2021-10-04 -
2022-01-02
3 months crt.sh
sync.adtelligent.com
ZeroSSL ECC Domain Secure Site CA
2021-11-30 -
2022-02-28
3 months crt.sh
*.simpli.fi
DigiCert TLS RSA SHA256 2020 CA1
2021-10-27 -
2022-11-27
a year crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA
2021-08-24 -
2022-02-16
6 months crt.sh
*.dotomi.com
GlobalSign RSA OV SSL CA 2018
2021-08-10 -
2022-09-11
a year crt.sh
*.gumgum.com
Amazon
2021-06-05 -
2022-07-04
a year crt.sh

This page contains 34 frames:

Primary Page: https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ
Frame ID: 7FCA5DEAE4895B25C91D283F6A412797
Requests: 164 HTTP requests in this frame

Frame: https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dfalse%26app_id%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df9d8b219d7e198%2526domain%253Dwww.postfun.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fwww.postfun.com%25252Ff6aab08844b7c%2526relation%253Dparent.parent%26container_width%3D300%26hide_cover%3Dfalse%26hide_cta%3Dtrue%26href%3Dhttp%253A%252F%252Fwww.facebook.com%252FPostFun%252F%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dfalse%26width%3D300
Frame ID: 1CA63852C921644625D10AD17F4DB378
Requests: 1 HTTP requests in this frame

Frame: blob://https://www.postfun.com/fb019e54-4d5b-4e62-830b-6b4f4f0489e5
Frame ID: 5769A7347E23E0F7AD5C45548EE089CE
Requests: 1 HTTP requests in this frame

Frame: data://truncated
Frame ID: 102D9D7E4950C2A6413D654ED5834AD8
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: C34BC703224698530C6B55EDC78539F7
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: DB907DDE070B77D0C410919ACE5883C6
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 6C6D5AB0925C81B55F9B26BA9A0E26D7
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 7ABA05C2AE54C8A3363BE3BB6285840C
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 86187D246A2CDAD076B754458BF0EBA7
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 1021083ED1A3D7D72BD52FF325226175
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 81F688C6F5409C5E9D6F45A5CB359CAE
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=f60de073-c819-4b11-822a-b93701a28c65&gdpr=0
Frame ID: 5C6295169DB28C7C206A33ADF5968D25
Requests: 7 HTTP requests in this frame

Frame: https://visitor.omnitagjs.com/visitor/bsync?uid=a2f4646f0e2874d3
Frame ID: 5E856BC987424E04A2904B483EB678C2
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Frame ID: D65EADA22F1629A7F97AE8899A11F241
Requests: 23 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?&ld=1
Frame ID: 3CF876BC7DC6F505B6BBDC956B609F46
Requests: 11 HTTP requests in this frame

Frame: https://sync.spotim.market/csync?t=a&ep=323548&extuid=4946990725677477747
Frame ID: 9297E5BC9E347FDE2CE65DA83D1A8431
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13416134
Frame ID: 8E6D4FEBF41FEAE36B9341737DA54246
Requests: 1 HTTP requests in this frame

Frame: https://match.deepintent.com/usersync/136?id=unk&gdpr={gdpr}&gdpr_consent={gdpr_consent}&us_privacy={us_privacy}&redir=https%3A%2F%2Fsync.spotim.market%2Fcsync%3Ft%3Da%26ep%3D462323%26extuid%3D
Frame ID: 2759F072EA34EC758C6C7B8A87B6D5C4
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatchredir?s=%20190532&cb=https%3A%2F%2Fsync.spotim.market%2Fcsync%3Ft%3Da%26ep%3D323546%26extuid%3D
Frame ID: 86C5D58416C1918E71F28C2D7109403F
Requests: 1 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=26CFC5F6-FC26-45F5-81AD-CC3EBF7B08FE
Frame ID: 63B96B71E28F9DBF908677313AF4D527
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=4815254603872434894
Frame ID: 55590FE98A49533FF9D0784356C0B16B
Requests: 1 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: D3E92AB6322E74F2C3ACED18D494D492
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7038787181459601555
Frame ID: 0331F3CAD49D374510918437DB2C5B5B
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Ya7LpgAKBVP5vgAz&gdpr=0&gdpr_consent=&_test=Ya7LpgAKBVP5vgAz
Frame ID: E2090069A3FE2A9589FE206CDE24AE87
Requests: 1 HTTP requests in this frame

Frame: https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AArVgU7DXZcAAH2sjHsDFQ&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Cpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2%26userid%3DSMART_USER_ID
Frame ID: 777BD03052E907EDD53570B6700CC07E
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-043d6d66-9e7a-4f06-b461-e21e0c63d7bb-003
Frame ID: 8CD93E5F6DBF379EB5398B9DC0878690
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
Frame ID: B9DB12B70473C30FD5690106D7C067C3
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=X21iblsnQN18-TWJYWmbZcEbDhg
Frame ID: DF56DEEAD034CEDBA09EEC0C30F07EE8
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=3NHaNOmpjkOoVSql0xQMX8Jp
Frame ID: E2785F70321A653C7B0C7766C903EC23
Requests: 1 HTTP requests in this frame

Frame: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Frame ID: E2F94DCF9E92AC231992ABA7F91F2A1B
Requests: 1 HTTP requests in this frame

Frame: https://ad4m.at/ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID
Frame ID: DAEBBF65E9AA28935F19828B7AFB3411
Requests: 1 HTTP requests in this frame

Frame: https://core.iprom.net/cookiesync
Frame ID: C1E2EEF673B67788004D40DA813939BB
Requests: 1 HTTP requests in this frame

Frame: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=23284b73-ea0c-4930-986b-5e58c1bc909b-tuct8a85126&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Frame ID: 16AAE3BAC90F71B94221F5065D1A08D9
Requests: 1 HTTP requests in this frame

Frame: https://sync.adtelligent.com/csync?t=a&ep=281178&extuid=26CFC5F6-FC26-45F5-81AD-CC3EBF7B08FE
Frame ID: D92A999ADE8263AB4491F3754E50D8D9
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

These NBA Players Are Working 9-5 Jobs Since Retiring - Post Fun

Page Statistics

234
Requests

81 %
HTTPS

21 %
IPv6

63
Domains

92
Subdomains

64
IPs

12
Countries

2027 kB
Transfer

6635 kB
Size

132
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 102
  • https://www.facebook.com/v2.7/plugins/page.php?adapt_container_width=false&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df9d8b219d7e198%26domain%3Dwww.postfun.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.postfun.com%252Ff6aab08844b7c%26relation%3Dparent.parent&container_width=300&hide_cover=false&hide_cta=true&href=http%3A%2F%2Fwww.facebook.com%2FPostFun%2F&locale=en_US&sdk=joey&show_facepile=true&small_header=false&width=300 HTTP 302
  • https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dfalse%26app_id%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df9d8b219d7e198%2526domain%253Dwww.postfun.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fwww.postfun.com%25252Ff6aab08844b7c%2526relation%253Dparent.parent%26container_width%3D300%26hide_cover%3Dfalse%26hide_cta%3Dtrue%26href%3Dhttp%253A%252F%252Fwww.facebook.com%252FPostFun%252F%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dfalse%26width%3D300
Request Chain 130
  • https://secure.adnxs.com/getuid?https://ids.ad.gt/api/v1/match?id=a1fe1406-4ec8-4c8c-a289-1f79043d6f17&adnxs_id=$UID HTTP 302
  • https://ids.ad.gt/api/v1/match?id=a1fe1406-4ec8-4c8c-a289-1f79043d6f17&adnxs_id=4946990725677477747
Request Chain 131
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=8gkxb6n&ttd_tpi=1&gpdr=0&ttd_puid=a1fe1406-4ec8-4c8c-a289-1f79043d6f17 HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=8gkxb6n&ttd_tpi=1&gpdr=0&ttd_puid=a1fe1406-4ec8-4c8c-a289-1f79043d6f17 HTTP 302
  • https://ids.ad.gt/api/v1/t_match?tdid=85f4d67c-3ab3-450c-b420-539570656946&id=a1fe1406-4ec8-4c8c-a289-1f79043d6f17
Request Chain 132
  • https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3Da1fe1406-4ec8-4c8c-a289-1f79043d6f17 HTTP 302
  • https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3Da1fe1406-4ec8-4c8c-a289-1f79043d6f17 HTTP 302
  • https://ids.ad.gt/api/v1/pbm_match?pbm=26CFC5F6-FC26-45F5-81AD-CC3EBF7B08FE&id=a1fe1406-4ec8-4c8c-a289-1f79043d6f17
Request Chain 133
  • https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_cm&google_sc&google_ula=450542624&id=a1fe1406-4ec8-4c8c-a289-1f79043d6f17 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_cm=&google_sc=&google_ula=450542624&id=a1fe1406-4ec8-4c8c-a289-1f79043d6f17&google_tc= HTTP 302
  • https://ids.ad.gt/api/v1/g_match?id=a1fe1406-4ec8-4c8c-a289-1f79043d6f17&google_gid=CAESEFdRLy1PsUHQyohjGGDyLf0&google_cver=1&google_ula=450542624,0
Request Chain 134
  • https://ids.ad.gt/api/v1/g_hosted?id=a1fe1406-4ec8-4c8c-a289-1f79043d6f17 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=YTFmZTE0MDYtNGVjOC00YzhjLWEyODktMWY3OTA0M2Q2ZjE3
Request Chain 135
  • https://sync.mathtag.com/sync/img?redir=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fmediamath_match%3Fuser_id%3D%5BMM_UUID%5D%26id%3Da1fe1406-4ec8-4c8c-a289-1f79043d6f17 HTTP 302
  • https://ids.ad.gt/api/v1/mediamath_match?user_id=20ed61ae-cba3-4900-bb52-7cc570c2c565&id=a1fe1406-4ec8-4c8c-a289-1f79043d6f17
Request Chain 136
  • https://sync.1rx.io/usersync/audigent/0?dspret=1&redir=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Funruly%3Fid%3Da1fe1406-4ec8-4c8c-a289-1f79043d6f17%26unruly_id%3D%5BRX_UUID%5D HTTP 302
  • https://sync.1rx.io/usersync/audigent/0?zcc=1&dspret=1&redir=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Funruly%3Fid%3Da1fe1406-4ec8-4c8c-a289-1f79043d6f17%26unruly_id%3D%5BRX_UUID%5D&cb=1638845347894 HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-043d6d66-9e7a-4f06-b461-e21e0c63d7bb-003?redir=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Funruly%3Fid%3Da1fe1406-4ec8-4c8c-a289-1f79043d6f17%26unruly_id%3DRX-043d6d66-9e7a-4f06-b461-e21e0c63d7bb-003 HTTP 302
  • https://ids.ad.gt/api/v1/unruly?id=a1fe1406-4ec8-4c8c-a289-1f79043d6f17&unruly_id=RX-043d6d66-9e7a-4f06-b461-e21e0c63d7bb-003
Request Chain 163
  • https://sync.spotim.market/csync?redir=https://visitor.omnitagjs.com/visitor/bsync?uid={uid}&name=PrebidServer&gdpr_consent_string={gdpr_consent}&gdpr={gdpr}&us_privacy={us_privacy} HTTP 302
  • https://visitor.omnitagjs.com/visitor/bsync?uid=a2f4646f0e2874d3
Request Chain 165
  • https://eb2.3lift.com/sync HTTP 302
  • https://eb2.3lift.com/sync?&ld=1
Request Chain 166
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.spotim.market%2Fcsync%3Ft%3Da%26ep%3D323548%26extuid%3D%24UID HTTP 302
  • https://sync.spotim.market/csync?t=a&ep=323548&extuid=4946990725677477747
Request Chain 170
  • https://p.rfihub.com/cm?pub=35683&in=1 HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=zt&nuid=5134455419715221554
Request Chain 171
  • https://prebidtest.zemanta.com/usersync/prebidtest?gdpr={gdpr}&gdpr_consent={gdpr_consent}&us_privacy={us_privacy}&cb=https%3A%2F%2Fsync.spotim.market%2Fcsync%3Ft%3Da%26ep%3D509691%26extuid%3D%24%7BUID%7D HTTP 302
  • https://sync.spotim.market/csync?t=a&ep=509691&extuid=${UID}&gdpr={gdpr}&gdpr_consent={gdpr_consent}&us_privacy={us_privacy}
Request Chain 172
  • https://x.bidswitch.net/sync?ssp=sonobi&gdpr=0&gdpr_consent= HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=sonobi&gdpr=0&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=sonobi&bsw_param=1f8476eb-12db-48e8-8a7b-70f627cd680e&google_hm=MWY4NDc2ZWItMTJkYi00OGU4LThhN2ItNzBmNjI3Y2Q2ODBl HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEPtkqLPng8vOthjvz1K9BMo&google_cver=1&ssp=sonobi&bsw_param=1f8476eb-12db-48e8-8a7b-70f627cd680e HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=1f8476eb-12db-48e8-8a7b-70f627cd680e
Request Chain 173
  • https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID] HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=20ed61ae-cba3-4900-bb52-7cc570c2c565
Request Chain 174
  • https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=Mzg0MzljZmUtNzNjZC00Zjg5LTkwMWEtNDJmZDRiOWFiMTQx HTTP 302
  • https://sync.go.sonobi.com/usg.gif?google_gid=CAESEKXTHna6n5ZGaNHJf2bSNXU&google_cver=1
Request Chain 175
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.spotim.market%2Fcsync%3Ft%3Da%26ep%3D323551%26extuid%3D%24UID HTTP 307
  • https://sync.spotim.market/csync?t=a&ep=323551&extuid=4d4d8792758de91c53e79d87
Request Chain 176
  • https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=38439cfe-73cd-4f89-901a-42fd4b9ab141&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=N3NaNUJZblRpdlo3bFpPMElDSmw4UQ&gdpr=&gdpr_consent= HTTP 302
  • https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEFwaXDwenFOJUNshwEyo-Ws&google_cver=1
Request Chain 177
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=117&redir=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D309017%26extuid%3D%7BuserId%7D HTTP 302
  • https://sync.adtelligent.com/csync?t=a&ep=309017&extuid=no-consent
Request Chain 179
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=15a74ec6ff&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=td&nuid=85f4d67c-3ab3-450c-b420-539570656946&pubid=15a74ec6ff
Request Chain 180
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=536872786&val=20ed61ae-cba3-4900-bb52-7cc570c2c565
Request Chain 181
  • https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=OCIscG1xLCMjJikgOnVgdmsjdHQjI3gtPSM_r3Bd
Request Chain 182
  • https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=8231746660794167020
Request Chain 185
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPYl2A3JtYRHrzUxYVlZX7I&google_cver=1
Request Chain 188
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=1&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=5989&xuid=CAESELrjo6oLE41z6WtsE1UjNOg&dongle=c627&gdpr=1&gdpr_consent=&google_cver=1
Request Chain 189
  • https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=1&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTA1NTU4OTU2MTk0MjU5MDk3MjI%3D
Request Chain 191
  • https://pr-bh.ybp.yahoo.com/sync/triplelift/10555895619425909722?gdpr=1&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=2662&xuid=y-5PiWpWZE2oQrC_M_mMu0m2Cn6KzPlU4pphFr2idSOg--~A&dongle=0883
Request Chain 194
  • https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=10555895619425909722 HTTP 302
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=10555895619425909722&dcc=t
Request Chain 195
  • https://b1sync.zemanta.com/usersync/triplelift?gdpr=1&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Request Chain 196
  • https://ad.turn.com/r/cs?pid=49&gdpr=1&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=4771&xuid=7541914379559443183&dongle=d407
Request Chain 197
  • https://c1.adform.net/serving/cookie/match?party=14&cid=26CFC5F6-FC26-45F5-81AD-CC3EBF7B08FE HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=26CFC5F6-FC26-45F5-81AD-CC3EBF7B08FE
Request Chain 198
  • https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
  • https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=4815254603872434894
Request Chain 200
  • https://dsp.adfarm1.adition.com/cookie/?ssp=9 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7038787181459601555
Request Chain 201
  • https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&_test=Ya7LpgAKBVP5vgAz HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Ya7LpgAKBVP5vgAz&gdpr=0&gdpr_consent=&_test=Ya7LpgAKBVP5vgAz
Request Chain 202
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent= HTTP 303
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1 HTTP 303
  • https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFyVmdVN0RYWmNBQUgyc2pIc0RGUQ&bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 302
  • https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 303
  • https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AArVgU7DXZcAAH2sjHsDFQ&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Cpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2%26userid%3DSMART_USER_ID
Request Chain 203
  • https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=8231100746 HTTP 302
  • https://sync.1rx.io/usersync/tradedesk/85f4d67c-3ab3-450c-b420-539570656946 HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-043d6d66-9e7a-4f06-b461-e21e0c63d7bb-003?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%3D%26piggybackCookie%3DRX-043d6d66-9e7a-4f06-b461-e21e0c63d7bb-003 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-043d6d66-9e7a-4f06-b461-e21e0c63d7bb-003
Request Chain 204
  • https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={device_id}&gdpr=0&gdpr_consent= HTTP 307
  • https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
Request Chain 205
  • https://sync.srv.stackadapt.com/sync?nid=11 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=X21iblsnQN18-TWJYWmbZcEbDhg
Request Chain 206
  • https://green.erne.co/pubmatic/cm HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=3NHaNOmpjkOoVSql0xQMX8Jp
Request Chain 210
  • https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID HTTP 302
  • https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=23284b73-ea0c-4930-986b-5e58c1bc909b-tuct8a85126&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Request Chain 212
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Js_F9vwmRfWBrcw-v3sI_g%3D%3D HTTP 302
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Request Chain 213
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=20ed61ae-cba3-4900-bb52-7cc570c2c565
Request Chain 214
  • https://pixel.onaudience.com/?partner=214&mapped=26CFC5F6-FC26-45F5-81AD-CC3EBF7B08FE HTTP 302
  • https://sync.crwdcntrl.net/map/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D HTTP 302
  • https://sync.crwdcntrl.net/map/ct=y/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D HTTP 302
  • https://pixel.onaudience.com/?partner=104&icm&cver&mapped=2d801dbde08aa8e01942fe6cba78b9b0 HTTP 302
  • https://spl.zeotap.com/?zdid=1332&zcluid=efa6c9c55b2df06f HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=ac88f6f5-2ef1-4089-5ba3-99f87c92b4f8&reqId=a8e4d257-4f93-44e8-6bb7-0f3a240e135f&zcluid=efa6c9c55b2df06f&zdid=1332 HTTP 302
  • https://mwzeom.zeotap.com/mw?google_gid=CAESEMYD8fQSJP4EDvnOYwOiJWQ&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=ac88f6f5-2ef1-4089-5ba3-99f87c92b4f8&reqId=a8e4d257-4f93-44e8-6bb7-0f3a240e135f&zcluid=efa6c9c55b2df06f&zdid=1332
Request Chain 215
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=MjZDRkM1RjYtRkMyNi00NUY1LTgxQUQtQ0MzRUJGN0IwOEZF&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Request Chain 216
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESED7VVhxhvUk-mIY1Hcmpvyw&google_cver=1
Request Chain 218
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:20ed61ae-cba3-4900-bb52-7cc570c2c565&gdpr=0&gdpr_consent=
Request Chain 219
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=85f4d67c-3ab3-450c-b420-539570656946
Request Chain 220
  • https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=3820115528378156269
Request Chain 221
  • https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=4946990725677477747&gdpr=0&gdpr_consent=
Request Chain 222
  • https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=7v4M-butDKr1-gmp7KlA_73_VP31_1ik6__u4-Tm
Request Chain 223
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=26CFC5F6-FC26-45F5-81AD-CC3EBF7B08FE&redir=true&gdpr=0&gdpr_consent= HTTP 302
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=26CFC5F6-FC26-45F5-81AD-CC3EBF7B08FE&redir=true&gdpr=0&gdpr_consent=&verify=true HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-5NIitN5E2uXj3DYhtlQ1hzSzOHUTZNU-~A&gdpr=0&gdpr_consent=
Request Chain 225
  • https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
  • https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=1f8476eb-12db-48e8-8a7b-70f627cd680e&ssp=pubmatic&gdpr=0&gdpr_consent=
Request Chain 226
  • https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=7974259943787010799&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 228
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=no-consent&gdpr=1&gdpr_consent=
Request Chain 229
  • https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:ef653911-274c-4af5-8b07-b5b8dfca5dde&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Request Chain 230
  • https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
  • https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=4946990725677477747

234 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/
271 KB
45 KB
Document
General
Full URL
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
nginx / WP Engine
Resource Hash
5f6f0b1a73b3923455ddd8d7fe81135732102ea9b0b2489252071dc8acba2708

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

server
nginx
content-type
text/html; charset=UTF-8
link
<https://www.postfun.com/wp-json/>; rel="https://api.w.org/" <https://www.postfun.com/wp-json/wp/v2/posts/61254>; rel="alternate"; type="application/json" <https://www.postfun.com/?p=61254>; rel=shortlink
x-powered-by
WP Engine
x-cacheable
bot
x-cache-group
bot
access-control-allow-origin
*
content-encoding
gzip
content-length
45172
cache-control
must-revalidate, max-age=3600
expires
Tue, 07 Dec 2021 03:49:05 GMT
date
Tue, 07 Dec 2021 02:49:05 GMT
vary
Accept-Encoding
endpoint.php
www.postfun.com/wp-content/plugins/wp-ajax/
197 KB
20 KB
Script
General
Full URL
https://www.postfun.com/wp-content/plugins/wp-ajax/endpoint.php?action=hive_page_config&site=13
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
nginx / WP Engine
Resource Hash
afb3501c74391644e2029381ab1df63c381d66334e33d74f5c7859236768604f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-cache-group
normal
content-encoding
gzip
x-content-type-options
nosniff
x-cacheable
SHORT
server
nginx
x-powered-by
WP Engine
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
must-revalidate, max-age=3600
date
Tue, 07 Dec 2021 02:49:05 GMT
x-robots-tag
noindex
content-length
20327
expires
Tue, 07 Dec 2021 03:49:05 GMT
gpt.js
securepubads.g.doubleclick.net/tag/js/
79 KB
27 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
sffe /
Resource Hash
98853c314da19dd937694bcabe140f6549fe2bd27e641bcfbb534a9c804ff487
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1065 / 731 of 1000 / last-modified: 1638832296"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27070
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Tue, 07 Dec 2021 02:49:05 GMT
extended_intermediate_header.js
www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/
314 KB
97 KB
Script
General
Full URL
https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
fd0b79a723b6dbed0292bd8c0cb7c57ee81100a3f2f7b5c606210b85f8e5a567

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:05 GMT
content-encoding
gzip
last-modified
Tue, 30 Nov 2021 22:50:06 GMT
server
nginx
etag
W/"61a6aa9e-4e87f"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
content-length
98656
expires
Wed, 07 Dec 2022 02:49:05 GMT
style.css
www.postfun.com/wp-content/themes/hive-master/
71 KB
12 KB
Stylesheet
General
Full URL
https://www.postfun.com/wp-content/themes/hive-master/style.css?ver=1618419954
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
75ad566950298a23b6ce73ed61b4597ae66a72daf102daa806efd58c18fa7c3d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:05 GMT
content-encoding
gzip
last-modified
Wed, 14 Apr 2021 17:05:54 GMT
server
nginx
etag
W/"607720f2-11dba"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
content-length
12289
expires
Wed, 07 Dec 2022 02:49:05 GMT
style.css
www.postfun.com/wp-content/themes/postfun/
46 KB
9 KB
Stylesheet
General
Full URL
https://www.postfun.com/wp-content/themes/postfun/style.css?ver=1637623479
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
b209eb175909bbe172d0e6f9762eabcf99f07ecab1ecc7da56ae44e25a650ce9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:05 GMT
content-encoding
gzip
last-modified
Mon, 22 Nov 2021 23:24:39 GMT
server
nginx
etag
W/"619c26b7-b613"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
content-length
8966
expires
Wed, 07 Dec 2022 02:49:05 GMT
pushly-sdk.min.js
cdn.p-n.io/
294 KB
54 KB
Script
General
Full URL
https://cdn.p-n.io/pushly-sdk.min.js?domain_key=JevblhQ9s30chxqS2hYVk68UDa3qtHajpMUG
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-14.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
084f6476011a1c250d41279bc05a27a78c804a91bd11610eb2be4bb1b5a73c18

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:38:29 GMT
content-encoding
gzip
last-modified
Mon, 29 Nov 2021 17:42:51 GMT
server
AmazonS3
age
637
etag
W/"b8d3311981745fbeb105aa6ddc40aa96"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
cache-control
max-age=900
x-amz-cf-pop
DUS51-P1
x-amz-cf-id
OltCb8f9k3DIcYakUU0m3K00jykbI4eRf821s9QUtBQxV731tlBy9A==
id.js
cdn.taboola.com/webpush/
1 KB
928 B
Script
General
Full URL
https://cdn.taboola.com/webpush/id.js
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b985af57dc59fdf0a9743d410836168fdbceaa641b51d4e427f9edff6cc62625

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id
5AeHNYhajGCudi_TrYZ80Y0gwu0a6ryl
content-encoding
gzip
etag
"94b1f08de63835708c45d9c61d268b29"
age
12934
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
489
x-amz-id-2
ObkPt3qtG9WgCLn0LZ25N6Fh+UAou7TbzUsU3ZkFxx8tSOhVgzoGLtE5WD9Okh8gZzTUHBkceOI=
x-served-by
cache-hhn4077-HHN
last-modified
Thu, 03 Jun 2021 07:06:05 GMT
server
AmazonS3
x-timer
S1638845346.921707,VS0,VE0
date
Tue, 07 Dec 2021 02:49:05 GMT
vary
Accept-Encoding
x-amz-request-id
C4YN7QSN0AK2380N
via
1.1 varnish
cache-control
private,max-age=14400
accept-ranges
bytes
content-type
application/javascript
abp
98
x-cache-hits
29
prebid.js
www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/BV/
364 KB
115 KB
Script
General
Full URL
https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/BV/prebid.js?ver=1638818615
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
384030f05a2241cb62e91acb3eb557b1dc64bccb7a1bf43011ef572b19b5c4d9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:05 GMT
content-encoding
gzip
last-modified
Mon, 06 Dec 2021 19:23:35 GMT
server
nginx
etag
W/"61ae6337-5b1ec"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
content-length
116898
expires
Wed, 07 Dec 2022 02:49:05 GMT
footer.js
www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/
223 KB
64 KB
Script
General
Full URL
https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/footer.js?ver=1638312606
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
de2b4eba3c242546aae7f2ff97cd39bcb010dcf1847ec4bec38876d29e838b9c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:05 GMT
content-encoding
gzip
last-modified
Tue, 30 Nov 2021 22:50:06 GMT
server
nginx
etag
W/"61a6aa9e-37a7e"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
content-length
65110
expires
Wed, 07 Dec 2022 02:49:05 GMT
footer.js
www.postfun.com/wp-content/themes/hive-master/assets/js/
6 KB
2 KB
Script
General
Full URL
https://www.postfun.com/wp-content/themes/hive-master/assets/js/footer.js?ver=1635964025
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
8352a0484081022114518db98c4f7bd828fff01a3bba53b1e9fe55e31602413e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:05 GMT
content-encoding
gzip
last-modified
Wed, 03 Nov 2021 18:27:05 GMT
server
nginx
etag
W/"6182d479-181a"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
content-length
2085
expires
Wed, 07 Dec 2022 02:49:05 GMT
wp-embed.min.js
www.postfun.com/wp-includes/js/
1 KB
964 B
Script
General
Full URL
https://www.postfun.com/wp-includes/js/wp-embed.min.js?ver=5.8.2
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:05 GMT
content-encoding
gzip
last-modified
Wed, 06 Jan 2021 15:29:24 GMT
server
nginx
etag
W/"5ff5d754-592"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
content-length
765
expires
Wed, 07 Dec 2022 02:49:05 GMT
offscreen-bg.jpg
www.postfun.com/wp-content/themes/postfun/assets/images/
50 KB
50 KB
Image
General
Full URL
https://www.postfun.com/wp-content/themes/postfun/assets/images/offscreen-bg.jpg
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/themes/postfun/style.css?ver=1637623479
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
41e365250a82e0e0ee15c8661ca0efb65228a061f31c8ae3884127d0efa0d369

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/wp-content/themes/postfun/style.css?ver=1637623479
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:05 GMT
last-modified
Thu, 21 Feb 2019 19:26:16 GMT
server
nginx
etag
"5c6efb58-c667"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
50791
expires
Wed, 07 Dec 2022 02:49:05 GMT
icomoon.ttf
www.postfun.com/wp-content/themes/hive-master/assets/fonts/
3 KB
3 KB
Font
General
Full URL
https://www.postfun.com/wp-content/themes/hive-master/assets/fonts/icomoon.ttf?fo61nq
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/themes/hive-master/style.css?ver=1618419954
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
f8ee0d666b3091eb93def38dd12b8f2a7009d640e6b0cf389cc35a2c4a425b09

Request headers

Referer
https://www.postfun.com/wp-content/themes/hive-master/style.css?ver=1618419954
Origin
https://www.postfun.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:05 GMT
last-modified
Tue, 29 Sep 2020 18:21:32 GMT
server
nginx
etag
"5f737b2c-c58"
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
3160
expires
Wed, 07 Dec 2022 02:49:05 GMT
OpenSans-Regular.woff
www.postfun.com/wp-content/themes/hive-master/assets/fonts/
20 KB
20 KB
Font
General
Full URL
https://www.postfun.com/wp-content/themes/hive-master/assets/fonts/OpenSans-Regular.woff
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/themes/hive-master/style.css?ver=1618419954
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
724ffca6332d70f4cbb540b05753e0e5d59a9b25a0eefd2e46fbf841ad41889b

Request headers

Referer
https://www.postfun.com/wp-content/themes/hive-master/style.css?ver=1618419954
Origin
https://www.postfun.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:05 GMT
last-modified
Wed, 25 Jul 2018 20:20:05 GMT
server
nginx
etag
"5b58db75-50d8"
content-type
font/woff
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
20696
expires
Wed, 07 Dec 2022 02:49:05 GMT
OpenSans-ExtraBold.woff
www.postfun.com/wp-content/themes/hive-master/assets/fonts/
21 KB
21 KB
Font
General
Full URL
https://www.postfun.com/wp-content/themes/hive-master/assets/fonts/OpenSans-ExtraBold.woff
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/themes/hive-master/style.css?ver=1618419954
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
bb6d1fca9040272fd9341da48df6827bbea229b08574eadc105dc55fb5c2fc9f

Request headers

Referer
https://www.postfun.com/wp-content/themes/hive-master/style.css?ver=1618419954
Origin
https://www.postfun.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:06 GMT
last-modified
Wed, 25 Jul 2018 20:20:05 GMT
server
nginx
etag
"5b58db75-5420"
content-type
font/woff
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
21536
expires
Wed, 07 Dec 2022 02:49:06 GMT
OpenSans-SemiBold.woff
www.postfun.com/wp-content/themes/hive-master/assets/fonts/
20 KB
21 KB
Font
General
Full URL
https://www.postfun.com/wp-content/themes/hive-master/assets/fonts/OpenSans-SemiBold.woff
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/themes/hive-master/style.css?ver=1618419954
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
c32b66dae6aaac220d224bd147ce2e70a205a34bc53b62ca4f9eb0d7754ccfa4

Request headers

Referer
https://www.postfun.com/wp-content/themes/hive-master/style.css?ver=1618419954
Origin
https://www.postfun.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:06 GMT
last-modified
Wed, 25 Jul 2018 20:20:05 GMT
server
nginx
etag
"5b58db75-513c"
content-type
font/woff
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
20796
expires
Wed, 07 Dec 2022 02:49:06 GMT
postfun-logo-55299.svg
www.postfun.com/wp-content/uploads/sites/13/2019/02/
4 KB
2 KB
Image
General
Full URL
https://www.postfun.com/wp-content/uploads/sites/13/2019/02/postfun-logo-55299.svg
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
7f59166cede1b29d613c38e7da6dcd9227fdb898893f6508356e2ca5ad7b7293

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Tue, 07 Dec 2021 02:49:06 GMT
content-encoding
gzip
last-modified
Tue, 05 Mar 2019 07:21:58 GMT
server
nginx
etag
W/"f6c28497d484ff937b91169cc3600909"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31536000
content-length
1949
expires
Wed, 07 Dec 2022 02:49:06 GMT
mark-blount-35978.jpg
www.postfun.com/wp-content/uploads/2019/05/
156 KB
157 KB
Image
General
Full URL
https://www.postfun.com/wp-content/uploads/2019/05/mark-blount-35978.jpg
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
732be07cfd0af57869ce60bc525acf0b5dbd06a47345945b41f551bcac33a432

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Tue, 07 Dec 2021 02:49:06 GMT
last-modified
Sun, 16 Jun 2019 09:23:08 GMT
server
nginx
etag
"365c5c37b380b0bba1f069e38f3625d3"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
content-length
160228
expires
Wed, 07 Dec 2022 02:49:06 GMT
pubads_impl_2021120201.js
securepubads.g.doubleclick.net/gpt/
347 KB
117 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120201.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
sffe /
Resource Hash
947dd8624842a892adc7ecc70ec3270e5792bb3cc509dd1ff5720f2f8fe66419
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
119206
x-xss-protection
0
last-modified
Thu, 02 Dec 2021 15:41:51 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Tue, 07 Dec 2021 02:49:06 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/
152 B
127 B
XHR
General
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.postfun.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
cafe /
Resource Hash
9537144bb39250368e21895ffb3a0e5c0f976a68b191729a73f247bb0608f2a3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 07 Dec 2021 02:49:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
102
x-xss-protection
0
expires
Tue, 07 Dec 2021 02:49:06 GMT
choice.js
quantcast.mgr.consensu.org/choice/sDavpVA1K-z6d/www.postfun.com/
4 KB
2 KB
Script
General
Full URL
https://quantcast.mgr.consensu.org/choice/sDavpVA1K-z6d/www.postfun.com/choice.js
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:1c00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
02355aa57f07068f48ce739f70f73bd9264ed16f066e946b3eca256d814356ff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Tue, 07 Dec 2021 02:49:07 GMT
content-encoding
br
last-modified
Thu, 28 Oct 2021 18:54:26 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C2
etag
W/"246ffc83ebd2b675d67afff3f1845e85"
vary
Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
via
1.1 95adda0bdbd310a1a9e4f54f540543e2.cloudfront.net (CloudFront)
cache-control
max-age=900
cross-origin-resource-policy
cross-origin
x-amz-cf-id
wz_Nb3ZTkm61rQheS3Ft_SBV0Rn73HtZhO-jNyBBxcDba0IbsirDWg==
hive_hash
www.postfun.com/events2/topic/
0
177 B
XHR
General
Full URL
https://www.postfun.com/events2/topic/hive_hash
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
akka-http/10.0.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/json

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:06 GMT
server
akka-http/10.0.3
access-control-allow-origin
https://www.postfun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
0
expires
Tue, 07 Dec 2021 02:49:06 GMT
hive_loaded
www.postfun.com/events2/topic/
0
177 B
XHR
General
Full URL
https://www.postfun.com/events2/topic/hive_loaded
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
akka-http/10.0.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/json

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:06 GMT
server
akka-http/10.0.3
access-control-allow-origin
https://www.postfun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
0
expires
Tue, 07 Dec 2021 02:49:06 GMT
hive_session
www.postfun.com/events2/topic/
0
177 B
XHR
General
Full URL
https://www.postfun.com/events2/topic/hive_session
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
akka-http/10.0.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/json

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:06 GMT
server
akka-http/10.0.3
access-control-allow-origin
https://www.postfun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
0
expires
Tue, 07 Dec 2021 02:49:06 GMT
hive_location
www.postfun.com/events2/topic/
0
177 B
XHR
General
Full URL
https://www.postfun.com/events2/topic/hive_location
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
akka-http/10.0.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ&chrome=1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/json

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:06 GMT
server
akka-http/10.0.3
access-control-allow-origin
https://www.postfun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
0
expires
Tue, 07 Dec 2021 02:49:06 GMT
carb_init
www.postfun.com/events2/topic/
0
177 B
XHR
General
Full URL
https://www.postfun.com/events2/topic/carb_init
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
akka-http/10.0.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ&chrome=1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/json

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:06 GMT
server
akka-http/10.0.3
access-control-allow-origin
https://www.postfun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
0
expires
Tue, 07 Dec 2021 02:49:06 GMT
beacon.js
sb.scorecardresearch.com/
1 KB
1 KB
Script
General
Full URL
https://sb.scorecardresearch.com/beacon.js
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.253.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-253-75.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Mon, 06 Dec 2021 05:06:17 GMT
content-encoding
gzip
etag
W/"1827f116c73f319409b97f10b8a58ade"
last-modified
Fri, 26 Feb 2021 14:35:05 GMT
server
AmazonS3
age
153705
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 2f471134491a4de5cfcaef646caf9dde.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
x-amz-cf-id
z1Nhf_tXVvJpT5DIjoSgGOV79FJVg_pK2_6i8TmbJPX7lrHZmeCsjQ==
quant.js
secure.quantserve.com/
24 KB
10 KB
Script
General
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:f916:5049:f87f:108e , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
487fce51fd801415c362f3f9f2df43c445a4b9ba38f9b6d49dfc898dc85ede94

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:06 GMT
content-encoding
gzip
etag
"FMCWFRCBdbNj8Eh2c0G78Q=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
expires
Tue, 14 Dec 2021 02:49:06 GMT
analytics.js
www.google-analytics.com/
49 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
4443
date
Tue, 07 Dec 2021 01:35:03 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Tue, 07 Dec 2021 03:35:03 GMT
hive_benchmark
www.postfun.com/events2/topic/
0
177 B
XHR
General
Full URL
https://www.postfun.com/events2/topic/hive_benchmark
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
akka-http/10.0.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ&chrome=1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/json

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:06 GMT
server
akka-http/10.0.3
access-control-allow-origin
https://www.postfun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
0
expires
Tue, 07 Dec 2021 02:49:06 GMT
spacer.gif
www.postfun.com/images/
807 B
982 B
Image
General
Full URL
https://www.postfun.com/images/spacer.gif?abk=1&adnet=1
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ&chrome=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
0eafa55998d0d61f477653cb15168105c06763c74aaebe8ff7e55da98457f030

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ&chrome=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:06 GMT
last-modified
Tue, 17 Jul 2018 22:56:00 GMT
server
nginx
etag
"5b4e7400-327"
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
807
expires
Wed, 07 Dec 2022 02:49:06 GMT
bddc-min.js
www.postfun.com/wp-content/plugins/outrigger/scripts/legacy/misc/
79 KB
29 KB
Script
General
Full URL
https://www.postfun.com/wp-content/plugins/outrigger/scripts/legacy/misc/bddc-min.js
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
5d8d13c958e7f08ce7c2be4315fe352515b00c28047ff52c5205199a9a37581e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ&chrome=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:06 GMT
content-encoding
gzip
last-modified
Mon, 01 Jun 2020 22:48:42 GMT
server
nginx
etag
W/"5ed585ca-13dca"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
content-length
29056
expires
Wed, 07 Dec 2022 02:49:06 GMT
hive_dfp
www.postfun.com/events2/topic/
0
177 B
XHR
General
Full URL
https://www.postfun.com/events2/topic/hive_dfp
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
akka-http/10.0.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ&chrome=1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/json

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:06 GMT
server
akka-http/10.0.3
access-control-allow-origin
https://www.postfun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
0
expires
Tue, 07 Dec 2021 02:49:06 GMT
apstag.js
c.amazon-adsystem.com/aax2/
134 KB
36 KB
Script
General
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.29.201 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-29-201.fra56.r.cloudfront.net
Software
Server /
Resource Hash
de80309d98405d566c6fb1912811b24c8ad3a8380f6819d26a6c1eac5cd99185

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id
KuXuY5mbG6yln5YsEdf9JaPJtFF6aIqm
content-encoding
gzip
server
Server
x-amz-cf-pop
FRA56-C2
x-amz-rid
083A47M8D7XG5QPQ4C34
etag
1e39d25f07f5619925357b752ab10d04
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 07fbd2276304c86925071791c7032951.cloudfront.net (CloudFront)
cache-control
public, max-age=900
date
Tue, 07 Dec 2021 02:49:06 GMT
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
csF9C8_X_laOqUFoMLnZCqanD1k8yAnW44HWbR_Z3tWVtd_aTSgjfw==
hive_benchmark
www.postfun.com/events2/topic/
0
177 B
XHR
General
Full URL
https://www.postfun.com/events2/topic/hive_benchmark
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
akka-http/10.0.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ&chrome=1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/json

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:06 GMT
server
akka-http/10.0.3
access-control-allow-origin
https://www.postfun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
0
expires
Tue, 07 Dec 2021 02:49:06 GMT
pbjs_auction_init
www.postfun.com/events2/topic/
0
177 B
XHR
General
Full URL
https://www.postfun.com/events2/topic/pbjs_auction_init
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
akka-http/10.0.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ&chrome=1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/json

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:06 GMT
server
akka-http/10.0.3
access-control-allow-origin
https://www.postfun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
0
expires
Tue, 07 Dec 2021 02:49:06 GMT
hive_benchmark
www.postfun.com/events2/topic/
0
177 B
XHR
General
Full URL
https://www.postfun.com/events2/topic/hive_benchmark
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
akka-http/10.0.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ&chrome=1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/json

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:06 GMT
server
akka-http/10.0.3
access-control-allow-origin
https://www.postfun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
0
expires
Tue, 07 Dec 2021 02:49:06 GMT
bid
ap.lijit.com/rtb/
94 B
742 B
XHR
General
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_4.27.0
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/BV/prebid.js?ver=1638818615
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.251.249.13 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
/
Resource Hash
71579509feaec66395bc8bed449847a80a8eeeb006aa59d93fb2dbd44bbcb3fb

Request headers

Referer
https://www.postfun.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Date
Tue, 07 Dec 2021 02:49:06 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://www.postfun.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap2ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
98
arj
hive-d.openx.net/w/1.0/
30 KB
9 KB
XHR
General
Full URL
https://hive-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.postfun.com%2Fbasketball%2Fthese-nba-players-are-working-9-5-jobs-since-retiring%2F%3Futm_source%3Dtb%26utm_medium%3Dmsn-msn-home-tb%26utm_content%3D3056256962%26utm_campaign%3D14664189-tb%26utm_cpc%3D-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ%3D%26tblci%3DGiD6x_f6YEJcfZSyDZ%26chrome%3D1&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=dc221122-dc18-4a94-a868-2e147b26b731%2Cba59171e-48ad-45a7-bf76-a7716e3026a1%2Cb4d60638-391a-4ef7-9322-e047f1917dcb%2Caa4ad79b-a557-4321-abf4-8bfd83d3e792%2Ccf2bfb52-747e-43ae-96f5-c194876ad2d5%2C8120dc3f-a498-4b81-8ca6-c9d0669e1415&nocache=1638845346233&gdpr=0&pubcid=b4eddd14-8c22-4f34-8853-a34d9c1cb30c&aus=728x90%7C728x90%7C300x250%2C300x600%2C160x600%7C300x250%2C300x600%2C160x600%7C300x250%2C300x600%2C160x600%7C160x600&divIds=primary-over-next%2Cprimary-under-title%2Csecondary-P1%2Csecondary-P3%2Csecondary-P5%2Clefternary-P1&auid=540151321%2C540151325%2C540151331%2C540151365%2C540151335%2C540151316
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/BV/prebid.js?ver=1638818615
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.221.0 /
Resource Hash
1a2401c0f0f0989b66fea7819705936c7409ab0686efdc90c47f90584af8c63d

Request headers

Referer
https://www.postfun.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:06 GMT
content-encoding
gzip
server
OXGW/16.221.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://www.postfun.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9013
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
trinity.json
apex.go.sonobi.com/
1 KB
2 KB
XHR
General
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%22%2F21287525%2Fpu_desktop-primary-over-next%7C250fb011d45b8e2%22%3A%22728x90%22%2C%22%2F21287525%2Fpu_desktop-primary-under-title%7C26751c138de9dd7%22%3A%22728x90%22%2C%22%2F21287525%2Fpu_desktop-secondary-P1%7C2742fbd070afdec%22%3A%22300x250%2C300x600%2C160x600%22%2C%22%2F21287525%2Fpu_desktop-secondary-P1_flex%7C2811c9e44c5c78a%22%3A%22300x250%2C300x600%2C160x600%22%2C%22%2F21287525%2Fpu_desktop-secondary-P3%7C296ed75a7bca8fb%22%3A%22300x250%2C300x600%2C160x600%22%2C%22%2F21287525%2Fpu_desktop-secondary-P3_flex%7C30a16b79bcebf03%22%3A%22300x250%2C300x600%2C160x600%22%2C%22%2F21287525%2Fpu_desktop-left-p1%7C31850fd89567394%22%3A%22300x250%2C300x600%2C160x600%22%2C%22%2F21287525%2Fpu_desktop-secondary-P5%7C323f76a23624221%22%3A%22300x250%2C300x600%2C160x600%22%2C%22%2F21287525%2Fpu_desktop-quaternary-P1%7C33be24075ce9b68%22%3A%22160x600%22%2C%22%2F21287525%2Fpu_desktop-left-p1%7C34d0d3f617ba978%22%3A%22160x600%22%7D&ref=https%3A%2F%2Fwww.postfun.com%2Fbasketball%2Fthese-nba-players-are-working-9-5-jobs-since-retiring%2F%3Futm_source%3Dtb%26utm_medium%3Dmsn-msn-home-tb%26utm_content%3D3056256962%26utm_campaign%3D14664189-tb%26utm_cpc%3D-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ%3D%26tblci%3DGiD6x_f6YEJcfZSyDZ%26chrome%3D1&s=9000fc88-97ce-4a45-8d9f-cbd77b38ce01&pv=51575eda-a153-4300-9f7d-4f3615c53a3d&vp=desktop&lib_name=prebid&lib_v=4.27.0&us=0&ius=1&gdpr=false
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/BV/prebid.js?ver=1638818615
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.162.133.150 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
ams-1-apex.go.sonobi.com
Software
sonobi-go /
Resource Hash
5867c4e1ca42a3ae09b2f294bda3d6d8493d9dd2d1560ae7289ca58b6bb13e4e
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.postfun.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Tue, 07 Dec 2021 02:49:06 GMT
Content-Encoding
gzip
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
apex-ams-1-6-128
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
https://www.postfun.com
Cache-Control
no-cache, no-store, private
Access-Control-Allow-Credentials
true
Tcn
Choice
Content-Type
application/json
Content-Length
760
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
prebid
exchange.postrelease.com/
0
393 B
XHR
General
Full URL
https://exchange.postrelease.com/prebid?ntv_gdpr_consent=undefined&ntv_ptd=1127033,1127132,1127035,1127036&ntv_pb_rid=35dcc7a96460dec&ntv_ppc=eyJhZFVuaXRzIjpbeyJhZFVuaXRDb2RlIjoicHJpbWFyeS1vdmVyLW5leHQiLCJtZWRpYVR5cGVzIjp7ImJhbm5lciI6eyJzaXplcyI6W1s3MjgsOTBdXX19fSx7ImFkVW5pdENvZGUiOiJzZWNvbmRhcnktUDEiLCJtZWRpYVR5cGVzIjp7ImJhbm5lciI6eyJzaXplcyI6W1szMDAsMjUwXSxbMzAwLDYwMF0sWzE2MCw2MDBdXX19fSx7ImFkVW5pdENvZGUiOiJzZWNvbmRhcnktUDMiLCJtZWRpYVR5cGVzIjp7ImJhbm5lciI6eyJzaXplcyI6W1szMDAsMjUwXSxbMzAwLDYwMF0sWzE2MCw2MDBdXX19fSx7ImFkVW5pdENvZGUiOiJzZWNvbmRhcnktUDUiLCJtZWRpYVR5cGVzIjp7ImJhbm5lciI6eyJzaXplcyI6W1szMDAsMjUwXSxbMzAwLDYwMF0sWzE2MCw2MDBdXX19fV19&ntv_url=https%3A%2F%2Fwww.postfun.com%2Fbasketball%2Fthese-nba-players-are-working-9-5-jobs-since-retiring%2F%3Futm_source%3Dtb%26utm_medium%3Dmsn-msn-home-tb%26utm_content%3D3056256962%26utm_campaign%3D14664189-tb%26utm_cpc%3D-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ%3D%26tblci%3DGiD6x_f6YEJcfZSyDZ%26chrome%3D1
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/BV/prebid.js?ver=1638818615
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.197.208.127 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-197-208-127.compute-1.amazonaws.com
Software
nginx/1.12.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:06 GMT
content-encoding
gzip
server
nginx/1.12.1
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
https://www.postfun.com
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-credentials
true
content-type
application/json;charset=UTF-8
content-length
20
expires
Mon, 1 Jan 1990 12:00:00 GMT
auction
ghb.spotim.market/v2/
11 KB
1 KB
XHR
General
Full URL
https://ghb.spotim.market/v2/auction
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/BV/prebid.js?ver=1638818615
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software
VertaMedia 1.0 /
Resource Hash
690d7ec1b7cadb8c57efcc5ca4d8062e2826ad74304a2cf1c8210821866f7571

Request headers

Referer
https://www.postfun.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Date
Tue, 07 Dec 2021 02:49:06 GMT
Content-Encoding
gzip
Server
VertaMedia 1.0
Content-Type
application/json; charset=UTF-8
Access-Control-Allow-Origin
https://www.postfun.com
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Length
1130
prebid
ib.adnxs.com/ut/v3/
99 KB
15 KB
XHR
General
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/BV/prebid.js?ver=1638818615
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
7a2b44d696ca571e00b0db7d7a110984b48af49a176bd95ddddae23cdfe1ca65
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.postfun.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Date
Tue, 07 Dec 2021 02:49:06 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
193.27.14.24; 193.27.14.24; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
268cc6c8-3a35-4fde-96de-9680da33c15d
Server
nginx/1.17.9
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://www.postfun.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
cygnus
htlb.casalemedia.com/
37 B
330 B
XHR
General
Full URL
https://htlb.casalemedia.com/cygnus?s=268079&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%2256a3f19d948c841%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fwww.postfun.com%2Fbasketball%2Fthese-nba-players-are-working-9-5-jobs-since-retiring%2F%3Futm_source%3Dtb%26utm_medium%3Dmsn-msn-home-tb%26utm_content%3D3056256962%26utm_campaign%3D14664189-tb%26utm_cpc%3D-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ%3D%26tblci%3DGiD6x_f6YEJcfZSyDZ%26chrome%3D1%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22mfu%22%3A0%2C%22bu%22%3A7%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allU%22%3A7%2C%22ren%22%3Afalse%2C%22version%22%3A%224.27.0%22%2C%22msd%22%3A0%2C%22msi%22%3A0%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A0%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2257d0633017d979f%22%2C%22ext%22%3A%7B%22siteID%22%3A%22268079%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2258f5d8d30c948ee%22%2C%22ext%22%3A%7B%22siteID%22%3A%22268083%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%225957dc6ee4cf3e3%22%2C%22ext%22%3A%7B%22siteID%22%3A%22268089%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2260fe3006b869d48%22%2C%22ext%22%3A%7B%22siteID%22%3A%22268089%22%2C%22sid%22%3A%22300x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2261823b6c57aea18%22%2C%22ext%22%3A%7B%22siteID%22%3A%22268089%22%2C%22sid%22%3A%22160x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A160%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2262c2edb17dcdcb6%22%2C%22ext%22%3A%7B%22siteID%22%3A%22268092%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%226361d4a24204be6%22%2C%22ext%22%3A%7B%22siteID%22%3A%22268092%22%2C%22sid%22%3A%22300x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2264fb7182b091801%22%2C%22ext%22%3A%7B%22siteID%22%3A%22268092%22%2C%22sid%22%3A%22160x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A160%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22653d36e54f2711a%22%2C%22ext%22%3A%7B%22siteID%22%3A%22268094%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2266f90be47e99c15%22%2C%22ext%22%3A%7B%22siteID%22%3A%22268094%22%2C%22sid%22%3A%22300x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22671cda33b1cea14%22%2C%22ext%22%3A%7B%22siteID%22%3A%22268094%22%2C%22sid%22%3A%22160x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A160%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22685e4a9b77367ca%22%2C%22ext%22%3A%7B%22siteID%22%3A%22268084%22%2C%22sid%22%3A%22160x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A160%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22696721524b63b7a%22%2C%22ext%22%3A%7B%22siteID%22%3A%22268074%22%2C%22sid%22%3A%22160x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A160%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%5D%7D
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/BV/prebid.js?ver=1638818615
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.21.111.28 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-21-111-28.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
ea3b8c6d48b3b39628750c41d1dbb2dfafdd65fbf1c12e1a7fa79126702bda72

Request headers

Referer
https://www.postfun.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:06 GMT
x-ak-initial-geo
CC:[DE], RC:[HE], CN:[EU], CIP:[193.27.14.24], XFF:[]
server
Apache
content-type
application/json
access-control-allow-origin
https://www.postfun.com
x-cs-client-geo
12
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
37
x-ak-client-geo
12
expires
Tue, 07 Dec 2021 02:49:06 GMT
auction
tlx.3lift.com/header/
19 B
264 B
XHR
General
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=4.27.0&referrer=https%3A%2F%2Fwww.postfun.com%2Fbasketball%2Fthese-nba-players-are-working-9-5-jobs-since-retiring%2F%3Futm_source%3Dtb%26utm_medium%3Dmsn-msn-home-tb%26utm_content%3D3056256962%26utm_campaign%3D14664189-tb%26utm_cpc%3D-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ%3D%26tblci%3DGiD6x_f6YEJcfZSyDZ%26chrome%3D1&tmax=3000&gdpr=false
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/BV/prebid.js?ver=1638818615
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.28.162.206 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-162-206.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.postfun.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:06 GMT
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.postfun.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
pushly-sdk.min.css
cdn.p-n.io/
26 KB
2 KB
Stylesheet
General
Full URL
https://cdn.p-n.io/pushly-sdk.min.css?domain_key=JevblhQ9s30chxqS2hYVk68UDa3qtHajpMUG
Requested by
Host: cdn.p-n.io
URL: https://cdn.p-n.io/pushly-sdk.min.js?domain_key=JevblhQ9s30chxqS2hYVk68UDa3qtHajpMUG
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-14.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
501b84d7db37a158e0313efd545c334fc75d82750e1248fa383321c67728b1ce

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Mon, 06 Dec 2021 17:46:32 GMT
content-encoding
gzip
last-modified
Wed, 07 Jul 2021 15:59:32 GMT
server
AmazonS3
age
32555
etag
W/"f78fe2b0b79df0619d393cfc42450ddf"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
via
1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
cache-control
max-age=86400
x-amz-cf-pop
DUS51-P1
x-amz-cf-id
q2VwncssqflanGbPqK4G_Itrq4QRl3HcVtK4iEY44toZQB0fb9qz7Q==
linkid.js
www.google-analytics.com/plugins/ua/
2 KB
884 B
Script
General
Full URL
https://www.google-analytics.com/plugins/ua/linkid.js
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 01:57:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3125
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
859
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Tue, 07 Dec 2021 02:57:01 GMT
config
c.amazon-adsystem.com/cdn/prod/
0
311 B
XHR
General
Full URL
https://c.amazon-adsystem.com/cdn/prod/config?src=3475&u=https%3A%2F%2Fwww.postfun.com
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.29.201 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-29-201.fra56.r.cloudfront.net
Software
Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Mon, 06 Dec 2021 23:25:45 GMT
via
1.1 07fbd2276304c86925071791c7032951.cloudfront.net (CloudFront)
server
Server
age
12201
x-cache
Hit from cloudfront
access-control-allow-origin
https://www.postfun.com
cache-control
max-age=21550, s-maxage=21600
access-control-allow-credentials
true
x-amz-cf-pop
FRA56-C2
x-amz-cf-id
lfhL3sW_WW6IAAVKl5ZHH6I9H2RkRsb_5IR1xX9RgcbNzes2ANr64A==
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/
6 KB
3 KB
XHR
General
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.29.201 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-29-201.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-version-id
gYbY2ORQY5Qmsyt0ob0SiGH6tjIhuo4B
content-encoding
gzip
etag
W/"a4d296427fc806b21335359e398c025c"
age
86240
x-cache
Hit from cloudfront
access-control-max-age
3000
access-control-allow-origin
*
last-modified
Tue, 09 Nov 2021 22:55:20 GMT
server
AmazonS3
date
Mon, 06 Dec 2021 02:51:47 GMT
vary
Origin
access-control-allow-methods
GET
content-type
application/javascript
via
1.1 e6959f77d21557f69683da8f0cd5578a.cloudfront.net (CloudFront)
cache-control
public, max-age=86400
x-amz-cf-pop
FRA56-C2
x-amz-cf-id
wFWuadZbhdSWn5mpISrc-QuBmXeCyRgSeP_ZlUDqjdniT8e-kQbK5Q==
event-stream
k.p-n.io/
0
126 B
Fetch
General
Full URL
https://k.p-n.io/event-stream
Requested by
Host: cdn.p-n.io
URL: https://cdn.p-n.io/pushly-sdk.min.js?domain_key=JevblhQ9s30chxqS2hYVk68UDa3qtHajpMUG
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.197.121.240 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-197-121-240.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
*
date
Tue, 07 Dec 2021 02:49:06 GMT
access-control-allow-headers
*
access-control-max-age
600
access-control-allow-methods
*
event-stream
k.p-n.io/
0
125 B
Fetch
General
Full URL
https://k.p-n.io/event-stream
Requested by
Host: cdn.p-n.io
URL: https://cdn.p-n.io/pushly-sdk.min.js?domain_key=JevblhQ9s30chxqS2hYVk68UDa3qtHajpMUG
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.197.121.240 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-197-121-240.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
*
date
Tue, 07 Dec 2021 02:49:06 GMT
access-control-allow-headers
*
access-control-max-age
600
access-control-allow-methods
*
collect
www.google-analytics.com/j/
4 B
24 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1472210078&t=pageview&_s=1&dl=https%3A%2F%2Fwww.postfun.com%2Fbasketball%2Fthese-nba-players-are-working-9-5-jobs-since-retiring%2F%3Futm_source%3Dtb%26utm_medium%3Dmsn-msn-home-tb%26utm_content%3D3056256962%26utm_campaign%3D14664189-tb%26utm_cpc%3D-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ%3D%26tblci%3DGiD6x_f6YEJcfZSyDZ%26chrome%3D1&ul=en-us&de=UTF-8&dt=These%20NBA%20Players%20Are%20Working%209-5%20Jobs%20Since%20Retiring%20-%20Post%20Fun&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGBAAEIhAAAAAC~&jid=1549359512&gjid=1275442257&cid=557766180.1638845346&uid=1c9a7f65-b410-42e3-ada7-65b134ade33f&tid=UA-68286463-2&_gid=964288077.1638845346&_r=1&_slc=1&cd1=tb_other_14664189-tb_d_3056256962_530-030128&cd2=530-030128&cd3=&cd4=1&cd5=&cd6=61254&cd7=&cd8=rlk&cd9=197405&cd10=alyssamihalik&cd11=&z=1168651390
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.postfun.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:06 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.postfun.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/
1 B
439 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-68286463-2&cid=557766180.1638845346&jid=1549359512&uid=1c9a7f65-b410-42e3-ada7-65b134ade33f&gjid=1275442257&_gid=964288077.1638845346&_u=aGBAAEIgAAAAAC~&z=846145860
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0a::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.postfun.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Tue, 07 Dec 2021 02:49:06 GMT
content-type
text/plain
access-control-allow-origin
https://www.postfun.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
bid
c.amazon-adsystem.com/e/dtb/
64 B
532 B
XHR
General
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=3475&u=https%3A%2F%2Fwww.postfun.com%2Fbasketball%2Fthese-nba-players-are-working-9-5-jobs-since-retiring%2F%3Futm_source%3Dtb%26utm_medium%3Dmsn-msn-home-tb%26utm_content%3D3056256962%26utm_campaign%3D14664189-tb%26utm_cpc%3D-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ%3D%26tblci%3DGiD6x_f6YEJcfZSyDZ%26chrome%3D1&pid=3gGjc90NSPmoZ&cb=0&ws=1600x1200&v=7.71.1&t=2000&slots=%5B%7B%22sd%22%3A%22primary-over-next%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F21287525%2Fpu_desktop-primary-over-next%22%7D%2C%7B%22sd%22%3A%22primary-under-title%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F21287525%2Fpu_desktop-primary-under-title%22%7D%2C%7B%22sd%22%3A%22secondary-P1%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%2C%22160x600%22%5D%2C%22sn%22%3A%22%2F21287525%2Fpu_desktop-secondary-P1_flex%22%7D%2C%7B%22sd%22%3A%22secondary-P3%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%2C%22160x600%22%5D%2C%22sn%22%3A%22%2F21287525%2Fpu_desktop-secondary-P3_flex%22%7D%2C%7B%22sd%22%3A%22secondary-P5%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%2C%22160x600%22%5D%2C%22sn%22%3A%22%2F21287525%2Fpu_desktop-secondary-P5%22%7D%2C%7B%22sd%22%3A%22quaternary-P1%22%2C%22s%22%3A%5B%22160x600%22%5D%2C%22sn%22%3A%22%2F21287525%2Fpu_desktop-quaternary-P1%22%7D%2C%7B%22sd%22%3A%22lefternary-P1%22%2C%22s%22%3A%5B%22160x600%22%5D%2C%22sn%22%3A%22%2F21287525%2Fpu_desktop-left-p1%22%7D%5D&gdprl=%7B%22status%22%3A%22tcfv2-timeout%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.29.201 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-29-201.fra56.r.cloudfront.net
Software
Server /
Resource Hash
d278491b1de51ad826d16be5ab27b1746999c02d45200f107218427e34eed798
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:06 GMT
via
1.1 07fbd2276304c86925071791c7032951.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA56-C2
x-amz-rid
AB3RQER0X0WA2P2Y65Q0
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://www.postfun.com
access-control-allow-credentials
true
permissions-policy
interest-cohort=()
strict-transport-security
max-age=47474747; includeSubDomains; preload
timing-allow-origin
*
content-length
64
x-amz-cf-id
9B80JeTCF5L9dn37HK-xP9zCqVA2MhWuyb3UIy6uxJwQFcHbDuBeng==
hive_ga_session
www.postfun.com/events2/topic/
0
177 B
XHR
General
Full URL
https://www.postfun.com/events2/topic/hive_ga_session
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
akka-http/10.0.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ&chrome=1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/json

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:07 GMT
server
akka-http/10.0.3
access-control-allow-origin
https://www.postfun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
0
expires
Tue, 07 Dec 2021 02:49:07 GMT
rules-p-sDavpVA1K-z6d.js
rules.quantcount.com/
2 B
356 B
Script
General
Full URL
https://rules.quantcount.com/rules-p-sDavpVA1K-z6d.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2315:4800:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 01:55:14 GMT
via
1.1 374989d04bb9f7efef831637d8f4b234.cloudfront.net (CloudFront)
server
AmazonS3
age
3231
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600
cross-origin-resource-policy
cross-origin
x-cache
Hit from cloudfront
x-amz-cf-pop
DUS51-P2
content-length
2
x-amz-cf-id
Bg3zkE1_ZTkn1AsMQpuR7375dL7ZkZCTR4IYyrfh3Oh3WTOh9Jpdwg==
cmp2.js
quantcast.mgr.consensu.org/tcfv2/
179 KB
44 KB
Script
General
Full URL
https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=www.postfun.com
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/choice/sDavpVA1K-z6d/www.postfun.com/choice.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:1c00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3b850fd9301b5a95c9c7ead67c57622e1a06680f69bf8d2f5ce57983011da3b1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:06 GMT
content-encoding
br
x-amz-cf-pop
FRA56-C2
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
access-control-max-age
86400
access-control-allow-origin
*
last-modified
Thu, 04 Nov 2021 17:39:32 GMT
server
AmazonS3
etag
W/"0a70fce71435f53991adb4bbecc5d2cf"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/javascript;charset=UTF-8
via
1.1 95adda0bdbd310a1a9e4f54f540543e2.cloudfront.net (CloudFront)
cache-control
max-age=3600
x-amz-meta-qc-ineu
True
x-amz-cf-id
ifFRja86B4Jt0Qh8gDExuw5rOAyYUTob74JjgGhzTq_tfgkOMXEuEg==
cmp-list.json
test.quantcast.mgr.consensu.org/GVL-v2/
9 KB
3 KB
XHR
General
Full URL
https://test.quantcast.mgr.consensu.org/GVL-v2/cmp-list.json
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=www.postfun.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:8c00:3:a4cd:8380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
72974cf5c2f0384df6f0b6810376dee8106ab9bb157d8a3c441c6ba418c904da

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.postfun.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Mon, 06 Dec 2021 03:00:36 GMT
content-encoding
br
age
85711
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
access-control-max-age
86400
access-control-allow-origin
*
last-modified
Sun, 05 Dec 2021 19:52:29 GMT
server
AmazonS3
etag
W/"8e6c34e38aca6825175859c7dd582794"
vary
Accept-Encoding
access-control-allow-methods
GET
x-amz-version-id
qahrklIGWhNop1jsfuctewiwkcaAhdcE
via
1.1 08b9c2fd11813ffdb8fa03129d0a465d.cloudfront.net (CloudFront)
cache-control
max-age=172800
x-amz-cf-pop
FRA56-C2
content-type
application/json
x-amz-cf-id
Y5sdP_KicbcEmBjFdns9u71rP1qn_2TqKNyaHUZIctKZHWQBChFVgg==
hive_benchmark
www.postfun.com/events2/topic/
0
177 B
XHR
General
Full URL
https://www.postfun.com/events2/topic/hive_benchmark
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
akka-http/10.0.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ&chrome=1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/json

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:07 GMT
server
akka-http/10.0.3
access-control-allow-origin
https://www.postfun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
0
expires
Tue, 07 Dec 2021 02:49:07 GMT
hive_benchmark
www.postfun.com/events2/topic/
0
177 B
XHR
General
Full URL
https://www.postfun.com/events2/topic/hive_benchmark
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
akka-http/10.0.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ&chrome=1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/json

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:07 GMT
server
akka-http/10.0.3
access-control-allow-origin
https://www.postfun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
0
expires
Tue, 07 Dec 2021 02:49:07 GMT
hive_benchmark
www.postfun.com/events2/topic/
0
177 B
XHR
General
Full URL
https://www.postfun.com/events2/topic/hive_benchmark
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
akka-http/10.0.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ&chrome=1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/json

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:07 GMT
server
akka-http/10.0.3
access-control-allow-origin
https://www.postfun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
0
expires
Tue, 07 Dec 2021 02:49:07 GMT
hive_benchmark
www.postfun.com/events2/topic/
0
177 B
XHR
General
Full URL
https://www.postfun.com/events2/topic/hive_benchmark
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
akka-http/10.0.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ&chrome=1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/json

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:07 GMT
server
akka-http/10.0.3
access-control-allow-origin
https://www.postfun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
0
expires
Tue, 07 Dec 2021 02:49:07 GMT
hive_benchmark
www.postfun.com/events2/topic/
0
177 B
XHR
General
Full URL
https://www.postfun.com/events2/topic/hive_benchmark
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
akka-http/10.0.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ&chrome=1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/json

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:07 GMT
server
akka-http/10.0.3
access-control-allow-origin
https://www.postfun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
0
expires
Tue, 07 Dec 2021 02:49:07 GMT
hive_benchmark
www.postfun.com/events2/topic/
0
177 B
XHR
General
Full URL
https://www.postfun.com/events2/topic/hive_benchmark
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
akka-http/10.0.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ&chrome=1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/json

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:07 GMT
server
akka-http/10.0.3
access-control-allow-origin
https://www.postfun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
0
expires
Tue, 07 Dec 2021 02:49:07 GMT
hive_benchmark
www.postfun.com/events2/topic/
0
177 B
XHR
General
Full URL
https://www.postfun.com/events2/topic/hive_benchmark
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
akka-http/10.0.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ&chrome=1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/json

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:07 GMT
server
akka-http/10.0.3
access-control-allow-origin
https://www.postfun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
0
expires
Tue, 07 Dec 2021 02:49:07 GMT
hive_benchmark
www.postfun.com/events2/topic/
0
177 B
XHR
General
Full URL
https://www.postfun.com/events2/topic/hive_benchmark
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
akka-http/10.0.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ&chrome=1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/json

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:07 GMT
server
akka-http/10.0.3
access-control-allow-origin
https://www.postfun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
0
expires
Tue, 07 Dec 2021 02:49:07 GMT
hive_benchmark
www.postfun.com/events2/topic/
0
177 B
XHR
General
Full URL
https://www.postfun.com/events2/topic/hive_benchmark
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
akka-http/10.0.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ&chrome=1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/json

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:07 GMT
server
akka-http/10.0.3
access-control-allow-origin
https://www.postfun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
0
expires
Tue, 07 Dec 2021 02:49:07 GMT
hive_benchmark
www.postfun.com/events2/topic/
0
177 B
XHR
General
Full URL
https://www.postfun.com/events2/topic/hive_benchmark
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
akka-http/10.0.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ&chrome=1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/json

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:07 GMT
server
akka-http/10.0.3
access-control-allow-origin
https://www.postfun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
0
expires
Tue, 07 Dec 2021 02:49:07 GMT
cmp2ui-en.js
quantcast.mgr.consensu.org/tcfv2/36/
224 KB
58 KB
Script
General
Full URL
https://quantcast.mgr.consensu.org/tcfv2/36/cmp2ui-en.js
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=www.postfun.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:1c00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d261bc09d55ca6390f043aa5a196a8c4d49d38bb48792e007e539a9b67a86bbb

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sun, 05 Dec 2021 15:31:07 GMT
content-encoding
gzip
age
127080
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
access-control-max-age
86400
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
last-modified
Thu, 04 Nov 2021 17:39:16 GMT
server
AmazonS3
etag
W/"e9e236ee73ca8337502cca2d209ee395"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/javascript;charset=UTF-8
via
1.1 95adda0bdbd310a1a9e4f54f540543e2.cloudfront.net (CloudFront)
cache-control
max-age=172800
x-amz-cf-pop
FRA56-C2
x-amz-cf-id
HBfF_O7pwLkMxHp8bOG2Z9DQCimTjcUzylqMQ8Cwy26UD8Gn8VidOA==
vendor-list-trimmed-v1.json
quantcast.mgr.consensu.org/GVL-v2/
278 KB
33 KB
XHR
General
Full URL
https://quantcast.mgr.consensu.org/GVL-v2/vendor-list-trimmed-v1.json
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=www.postfun.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:1c00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2a21d440ddb36b335b7c29c1356276d61c86d5c5f2f42c1c349fbe285008776b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Mon, 06 Dec 2021 03:00:36 GMT
content-encoding
br
age
85711
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
access-control-max-age
86400
access-control-allow-origin
*
last-modified
Mon, 06 Dec 2021 03:00:32 GMT
server
AmazonS3
etag
W/"0f2bde1e7bc4e473fc1ffbcbe672ac05"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json
via
1.1 1a3d61cabf9778724765b3e70befe816.cloudfront.net (CloudFront)
cache-control
max-age=172800
x-amz-cf-pop
FRA56-C2
x-amz-cf-id
etAe7hPycANvthULmPj9ZELmZuGl6-yv4uN5fgiF6uG4XZ3Lk5Hwlw==
google-atp-list.json
quantcast.mgr.consensu.org/tcfv2/
154 KB
37 KB
XHR
General
Full URL
https://quantcast.mgr.consensu.org/tcfv2/google-atp-list.json
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/cmp2.js?referer=www.postfun.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:1c00:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9aaa0167f4abb8eb86f2182c46287c6bddc68d7538f0bfa9e71287db2c700a60

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.postfun.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Mon, 06 Dec 2021 03:01:31 GMT
content-encoding
gzip
vary
Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
age
85656
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
access-control-allow-origin
*
last-modified
Mon, 06 Dec 2021 03:01:28 GMT
server
AmazonS3
etag
W/"9ab4b5bb20a76f8a622d53bc30f59776"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/json
via
1.1 1a3d61cabf9778724765b3e70befe816.cloudfront.net (CloudFront)
cache-control
max-age=172800
access-control-allow-credentials
true
x-amz-cf-pop
FRA56-C2
x-amz-cf-id
P_K5yyg_7LtfjqhSKpA9CBrjD8zIvN1HaqGExYIpicYqaawnhWKMiw==
/
audit-tcfv2.quantcast.mgr.consensu.org/
80 B
506 B
XHR
General
Full URL
https://audit-tcfv2.quantcast.mgr.consensu.org/?log=%7B%22accountId%22%3A%22sDavpVA1K-z6d%22%2C%22domain%22%3A%22www.postfun.com%22%2C%22publisher%22%3A%22Postfun%22%2C%22cmpId%22%3A10%2C%22cmpVersion%22%3A%222.36%22%2C%22displayType%22%3A%22tcfui%3Amandatory%22%2C%22configurationHashCode%22%3A%22H%2BWOMznn4jUzY7KMOI0JXA%22%2C%22clientTimestamp%22%3A1638845346648%2C%22operationType%22%3A%22init%22%2C%22sessionId%22%3A%22GDPR-sivxgp64syqdncbhgvzb%22%7D
Requested by
Host: quantcast.mgr.consensu.org
URL: https://quantcast.mgr.consensu.org/tcfv2/36/cmp2ui-en.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.253.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-253-10.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2d0f6b590917e7d27ddeb026b280d62dde9d03bb92f47f56342fc5f68f0c24eb

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.postfun.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Mon, 06 Dec 2021 18:45:31 GMT
via
1.1 9810d82af8847b51b9c3048141069a65.cloudfront.net (CloudFront)
age
29311
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
access-control-max-age
3000
content-length
80
last-modified
Tue, 26 Nov 2019 14:21:44 GMT
server
AmazonS3
etag
"0614149d8033903db5de46d6c184bbfd"
vary
Origin
access-control-allow-methods
GET
content-type
text/html
access-control-allow-origin
*
x-amz-cf-pop
FRA6-C1
accept-ranges
bytes
x-amz-cf-id
zwmMA5ysPfQJKkgszC9gSiV6AVZ7CjZSc8a9MMjlDMaCmZwGDNLJCA==
postfun-logo-color.png
hivemedia-images.s3.us-east-1.amazonaws.com/logo/
8 KB
8 KB
Image
General
Full URL
https://hivemedia-images.s3.us-east-1.amazonaws.com/logo/postfun-logo-color.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.217.85.16 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-us-east-1-r-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
3d022bdc2470de1ee83e2693341ae618f6fc08a90edbe3290e5c870faeefec4f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 07 Dec 2021 02:49:08 GMT
Last-Modified
Wed, 27 Oct 2021 21:30:54 GMT
Server
AmazonS3
x-amz-request-id
2T9Q08966C79RFGS
ETag
"cbd52eb89658ab01520e047cd389230d"
Content-Type
image/png
Accept-Ranges
bytes
Content-Length
8130
x-amz-id-2
QPb/QzwKwyJnoQOiBuViq3nNRL3w0Sk7+za2SxHeQ1gpkoP/HDA76j/9HJdoqUNJ5waV4SfvnNI=
hive_benchmark
www.postfun.com/events2/topic/
0
177 B
XHR
General
Full URL
https://www.postfun.com/events2/topic/hive_benchmark
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
akka-http/10.0.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ&chrome=1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/json

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:07 GMT
server
akka-http/10.0.3
access-control-allow-origin
https://www.postfun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
0
expires
Tue, 07 Dec 2021 02:49:07 GMT
carb_placement
www.postfun.com/events2/topic/
0
177 B
XHR
General
Full URL
https://www.postfun.com/events2/topic/carb_placement
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
akka-http/10.0.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ&chrome=1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/json

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:07 GMT
server
akka-http/10.0.3
access-control-allow-origin
https://www.postfun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
0
expires
Tue, 07 Dec 2021 02:49:07 GMT
carb_placement
www.postfun.com/events2/topic/
0
177 B
XHR
General
Full URL
https://www.postfun.com/events2/topic/carb_placement
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
akka-http/10.0.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ&chrome=1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/json

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:07 GMT
server
akka-http/10.0.3
access-control-allow-origin
https://www.postfun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
0
expires
Tue, 07 Dec 2021 02:49:07 GMT
carb_placement
www.postfun.com/events2/topic/
0
177 B
XHR
General
Full URL
https://www.postfun.com/events2/topic/carb_placement
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
akka-http/10.0.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ&chrome=1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/json

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:07 GMT
server
akka-http/10.0.3
access-control-allow-origin
https://www.postfun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
0
expires
Tue, 07 Dec 2021 02:49:07 GMT
carb_placement
www.postfun.com/events2/topic/
0
177 B
XHR
General
Full URL
https://www.postfun.com/events2/topic/carb_placement
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
akka-http/10.0.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ&chrome=1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/json

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:07 GMT
server
akka-http/10.0.3
access-control-allow-origin
https://www.postfun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
0
expires
Tue, 07 Dec 2021 02:49:07 GMT
sdk.js
connect.facebook.net/en_US/
3 KB
2 KB
Script
General
Full URL
https://connect.facebook.net/en_US/sdk.js
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
3112fccfa0c39fb02ce507b3f6ce23b9a465f852a49a32f8c664a802e1444688
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
WOIvvXAcLHMs0nkJC901JA==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
1685
x-fb-rlafr
0
x-fb-debug
+ODJ6sbXoJvYnzPghqoNcCpx5KDX/YqhnSQfZyniwsQXO6CNUBioyvVGcpARYtK20/RS+60zc+w9SkUUprZutg==
x-fb-trip-id
917726464
x-fb-content-md5
eab900ad191010ad435ef29608992700
x-frame-options
DENY
date
Tue, 07 Dec 2021 02:49:07 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"2538f2a923ef1b30dbd8572289212fad"
timing-allow-origin
*
priority
u=3,i
expires
Tue, 07 Dec 2021 03:01:08 GMT
carb_placement
www.postfun.com/events2/topic/
0
177 B
XHR
General
Full URL
https://www.postfun.com/events2/topic/carb_placement
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
akka-http/10.0.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ&chrome=1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/json

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:07 GMT
server
akka-http/10.0.3
access-control-allow-origin
https://www.postfun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
0
expires
Tue, 07 Dec 2021 02:49:07 GMT
carb_placement
www.postfun.com/events2/topic/
0
177 B
XHR
General
Full URL
https://www.postfun.com/events2/topic/carb_placement
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
akka-http/10.0.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ&chrome=1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/json

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:07 GMT
server
akka-http/10.0.3
access-control-allow-origin
https://www.postfun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
0
expires
Tue, 07 Dec 2021 02:49:07 GMT
carb_placement
www.postfun.com/events2/topic/
0
177 B
XHR
General
Full URL
https://www.postfun.com/events2/topic/carb_placement
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
akka-http/10.0.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ&chrome=1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/json

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:07 GMT
server
akka-http/10.0.3
access-control-allow-origin
https://www.postfun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
0
expires
Tue, 07 Dec 2021 02:49:07 GMT
fbevents.js
connect.facebook.net/en_US/
98 KB
26 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/footer.js?ver=1638312606
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
25965
x-xss-protection
0
pragma
public
x-fb-debug
CkzaLcyMJW/a7NH4iW8lIyOQ8FVjyTeNN1nmcl5+V0X1Q7r5YDxeuIpARlecyMbnqKb68pNvubLZhWUgJoVWyQ==
x-fb-trip-id
917726464
x-frame-options
DENY
date
Tue, 07 Dec 2021 02:49:07 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
expires
Sat, 01 Jan 2000 00:00:00 GMT
hive_fb_pixel
www.postfun.com/events2/topic/
0
177 B
XHR
General
Full URL
https://www.postfun.com/events2/topic/hive_fb_pixel
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
akka-http/10.0.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ&chrome=1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/json

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:07 GMT
server
akka-http/10.0.3
access-control-allow-origin
https://www.postfun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
0
expires
Tue, 07 Dec 2021 02:49:07 GMT
hive_fb_pixel
www.postfun.com/events2/topic/
0
177 B
XHR
General
Full URL
https://www.postfun.com/events2/topic/hive_fb_pixel
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
akka-http/10.0.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ&chrome=1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/json

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:07 GMT
server
akka-http/10.0.3
access-control-allow-origin
https://www.postfun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
0
expires
Tue, 07 Dec 2021 02:49:07 GMT
hive_fb_pixel
www.postfun.com/events2/topic/
0
177 B
XHR
General
Full URL
https://www.postfun.com/events2/topic/hive_fb_pixel
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
akka-http/10.0.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ&chrome=1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/json

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:07 GMT
server
akka-http/10.0.3
access-control-allow-origin
https://www.postfun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
0
expires
Tue, 07 Dec 2021 02:49:07 GMT
hive_fb_pixel
www.postfun.com/events2/topic/
0
177 B
XHR
General
Full URL
https://www.postfun.com/events2/topic/hive_fb_pixel
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
akka-http/10.0.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ&chrome=1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/json

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:07 GMT
server
akka-http/10.0.3
access-control-allow-origin
https://www.postfun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
0
expires
Tue, 07 Dec 2021 02:49:07 GMT
hive_fb_pixel
www.postfun.com/events2/topic/
0
177 B
XHR
General
Full URL
https://www.postfun.com/events2/topic/hive_fb_pixel
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
akka-http/10.0.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ&chrome=1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/json

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:07 GMT
server
akka-http/10.0.3
access-control-allow-origin
https://www.postfun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
0
expires
Tue, 07 Dec 2021 02:49:07 GMT
hive_fb_pixel
www.postfun.com/events2/topic/
0
177 B
XHR
General
Full URL
https://www.postfun.com/events2/topic/hive_fb_pixel
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
akka-http/10.0.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ&chrome=1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/json

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:07 GMT
server
akka-http/10.0.3
access-control-allow-origin
https://www.postfun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
0
expires
Tue, 07 Dec 2021 02:49:07 GMT
carb_placement
www.postfun.com/events2/topic/
0
177 B
XHR
General
Full URL
https://www.postfun.com/events2/topic/carb_placement
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
akka-http/10.0.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ&chrome=1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/json

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:07 GMT
server
akka-http/10.0.3
access-control-allow-origin
https://www.postfun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
0
expires
Tue, 07 Dec 2021 02:49:07 GMT
analytics.js
s.update.hmstats.com/2/486951/
6 KB
3 KB
Script
General
Full URL
https://s.update.hmstats.com/2/486951/analytics.js?dt=4869511559931891252000&ti=6c826cd7-c979-4ff8-b2a3-aed8e6d2cbbc&ui=1c9a7f65-b410-42e3-ada7-65b134ade33f&di=www.postfun.com&c1=14664189-tb&c2=tb&c3=msn-msn-home-tb&de=2&gt=DE&dm=1600x1200
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.243.93.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-243-93-43.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
c507ad3b9d297645f447934d8eb6e29712a6fc759daab791de19be72af08ed6b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 07 Dec 2021 02:49:07 GMT
Content-Encoding
gzip
Accept-Ch
Viewport-Width, Width, DPR, RTT, ECT, Device-Memory, Downlink, Save-Data
Vary
*
Content-Type
text/javascript; charset=utf-8
Cache-Control
no-cache, no-store, must-revalidate, no-transform, private, max-age=0
Strict-Transport-Security
max-age=31536000; includeSubDomains
Timing-Allow-Origin
*
Content-Length
2792
Expires
0
hive_fb_pixel
www.postfun.com/events2/topic/
0
177 B
XHR
General
Full URL
https://www.postfun.com/events2/topic/hive_fb_pixel
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
akka-http/10.0.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ&chrome=1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/json

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:07 GMT
server
akka-http/10.0.3
access-control-allow-origin
https://www.postfun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
0
expires
Tue, 07 Dec 2021 02:49:07 GMT
hive_fb_pixel
www.postfun.com/events2/topic/
0
177 B
XHR
General
Full URL
https://www.postfun.com/events2/topic/hive_fb_pixel
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
akka-http/10.0.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ&chrome=1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/json

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:07 GMT
server
akka-http/10.0.3
access-control-allow-origin
https://www.postfun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
0
expires
Tue, 07 Dec 2021 02:49:07 GMT
354
a.ad.gt/api/v1/u/matches/
3 KB
4 KB
Script
General
Full URL
https://a.ad.gt/api/v1/u/matches/354?url=https%3A%2F%2Fwww.postfun.com%2Fbasketball%2Fthese-nba-players-are-working-9-5-jobs-since-retiring%2F%3Futm_source%3Dtb%26utm_medium%3Dmsn-msn-home-tb%26utm_content%3D3056256962%26utm_campaign%3D14664189-tb%26utm_cpc%3D-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ%3D%26tblci%3DGiD6x_f6YEJcfZSyDZ%26chrome%3D1&ref=
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.238.136.108 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-238-136-108.us-west-2.compute.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
d74430c6c02b1f752d521694f0e346b93b9eddd6cf39f53015abe27fbecf301f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:07 GMT
server
nginx/1.18.0
content-length
3379
content-type
application/javascript
carb_placement
www.postfun.com/events2/topic/
0
177 B
XHR
General
Full URL
https://www.postfun.com/events2/topic/carb_placement
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
akka-http/10.0.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ&chrome=1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/json

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:07 GMT
server
akka-http/10.0.3
access-control-allow-origin
https://www.postfun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
0
expires
Tue, 07 Dec 2021 02:49:07 GMT
hive_fb_pixel
www.postfun.com/events2/topic/
0
177 B
XHR
General
Full URL
https://www.postfun.com/events2/topic/hive_fb_pixel
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
akka-http/10.0.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ&chrome=1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/json

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:07 GMT
server
akka-http/10.0.3
access-control-allow-origin
https://www.postfun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
0
expires
Tue, 07 Dec 2021 02:49:07 GMT
hive_fb_pixel
www.postfun.com/events2/topic/
0
177 B
XHR
General
Full URL
https://www.postfun.com/events2/topic/hive_fb_pixel
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
akka-http/10.0.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ&chrome=1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/json

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:07 GMT
server
akka-http/10.0.3
access-control-allow-origin
https://www.postfun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
0
expires
Tue, 07 Dec 2021 02:49:07 GMT
hive_fb_pixel
www.postfun.com/events2/topic/
0
177 B
XHR
General
Full URL
https://www.postfun.com/events2/topic/hive_fb_pixel
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
akka-http/10.0.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ&chrome=1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/json

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:07 GMT
server
akka-http/10.0.3
access-control-allow-origin
https://www.postfun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
0
expires
Tue, 07 Dec 2021 02:49:07 GMT
hive_fb_pixel
www.postfun.com/events2/topic/
0
177 B
XHR
General
Full URL
https://www.postfun.com/events2/topic/hive_fb_pixel
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/extended_intermediate_header.js?ver=1638312606
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.92.81.94 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-81-94.deploy.static.akamaitechnologies.com
Software
akka-http/10.0.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/basketball/these-nba-players-are-working-9-5-jobs-since-retiring/?utm_source=tb&utm_medium=msn-msn-home-tb&utm_content=3056256962&utm_campaign=14664189-tb&utm_cpc=-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ=&tblci=GiD6x_f6YEJcfZSyDZ&chrome=1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/json

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:07 GMT
server
akka-http/10.0.3
access-control-allow-origin
https://www.postfun.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
0
expires
Tue, 07 Dec 2021 02:49:07 GMT
sdk.js
connect.facebook.net/en_US/
286 KB
81 KB
Script
General
Full URL
https://connect.facebook.net/en_US/sdk.js?hash=34c7acae0335f6af8dadd205bade9d25
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
b4dc13dc644c41fff30da814b78b35bd07d270a01e3fcbf58fbe484b94ea975b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.postfun.com/
Origin
https://www.postfun.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
TY9cQ49hcInDfcevUk3ebA==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
82786
x-fb-rlafr
0
x-fb-debug
pKTNZyVdx1T4MoAViKYf5YRJaqCg7TicoIvgMl5c4IIwjVVp4FYmyExpDRNNrTQiUVzu1xE90aXmgOfCU9VKXA==
x-fb-content-md5
82c8bcb16751086b8d677d37dab14494
x-frame-options
DENY
date
Tue, 07 Dec 2021 02:49:07 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
etag
"97b2a989c6a72a5e989659d47a1814fc"
timing-allow-origin
*
priority
u=3,i
expires
Wed, 07 Dec 2022 01:18:48 GMT
identity.js
connect.facebook.net/signals/plugins/
64 KB
20 KB
Script
General
Full URL
https://connect.facebook.net/signals/plugins/identity.js?v=2.9.48
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
ddbc1a158d7d13b63c0fda8fd2ece421016468e9e88914d2b81d3e8929c19df1
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
20661
x-xss-protection
0
pragma
public
x-fb-debug
lkrOtCR8T6R8GKDd9aQDIg1b32nn+koAozfBt7wnYcqzGeftzfE56JcflQ2sRopBSjXwd676Qs1mLrgYJDQ51A==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 07 Dec 2021 02:49:07 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
353329068859326
connect.facebook.net/signals/config/
305 KB
87 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/353329068859326?v=2.9.48&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e9bbac6ecbcbd46820ae9165f18bb5ad8e58a243850e838d0680bb50e0b7b229
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
x-xss-protection
0
pragma
public
x-fb-debug
dT1WI/6pgTkTioOispGYTblD0MIdjM1qcG7jrs0KJBUEtyWGmHWimLH5WDKVj439dbVQ7XkbYQdqc6UY1k5oIA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 07 Dec 2021 02:49:07 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/login/ Frame 1CA6
Redirect Chain
  • https://www.facebook.com/v2.7/plugins/page.php?adapt_container_width=false&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df9d8b219d7e198%26d...
  • https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dfalse%26app_id%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fcon...
0
0
Document
General
Full URL
https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dfalse%26app_id%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df9d8b219d7e198%2526domain%253Dwww.postfun.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fwww.postfun.com%25252Ff6aab08844b7c%2526relation%253Dparent.parent%26container_width%3D300%26hide_cover%3Dfalse%26hide_cta%3Dtrue%26href%3Dhttp%253A%252F%252Fwww.facebook.com%252FPostFun%252F%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dfalse%26width%3D300
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=34c7acae0335f6af8dadd205bade9d25
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
about:blank

Response headers

vary
Accept-Encoding
content-encoding
br
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-rlafr
0
document-policy
force-load-at-top
cross-origin-opener-policy
same-origin-allow-popups
pragma
no-cache
cache-control
private, no-cache, no-store, must-revalidate
expires
Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options
nosniff
x-xss-protection
0
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
content-type
text/html; charset="utf-8"
x-fb-debug
Wg7qY0rgQ1HuDqV3pTM9JODx6m3auORhr3HU+wZ++Q9oZUw6qaUC3b7/VgHIKA7JZKfZmB2mzY37h0wQghZQvw==
date
Tue, 07 Dec 2021 02:49:07 GMT
priority
u=3,i
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600

Redirect headers

location
https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dfalse%26app_id%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df9d8b219d7e198%2526domain%253Dwww.postfun.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fwww.postfun.com%25252Ff6aab08844b7c%2526relation%253Dparent.parent%26container_width%3D300%26hide_cover%3Dfalse%26hide_cta%3Dtrue%26href%3Dhttp%253A%252F%252Fwww.facebook.com%252FPostFun%252F%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dfalse%26width%3D300
x-fb-rlafr
0
document-policy
force-load-at-top
cross-origin-opener-policy
unsafe-none
pragma
no-cache
cache-control
private, no-cache, no-store, must-revalidate
expires
Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options
nosniff
x-xss-protection
0
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
facebook-api-version
v5.0
strict-transport-security
max-age=15552000; preload
content-type
text/html; charset="utf-8"
x-fb-debug
1eS4wFNbA4ENjvG/UeNkMw1J48aBYUrS7yEDUW+qhc5q+SDSAqO0vx5jcgGkA5fWztdi+grEj+Mc5HyWW5rj9Q==
content-length
0
date
Tue, 07 Dec 2021 02:49:07 GMT
priority
u=3,i
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
756416304915569
connect.facebook.net/signals/config/
305 KB
87 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/756416304915569?v=2.9.48&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
89082227eb43e2295815f3f62d29cdc5f806cfef98416d0b88539131f79b5af5
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
x-xss-protection
0
pragma
public
x-fb-debug
gMcWNRz0pz+po59cjqU1JBqf4PYdLtS28N0w8IeMepX6qtrsSmMdbC618+OqGtwpfxkKevPi3YbdFbbfdj8kwA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 07 Dec 2021 02:49:07 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/
44 B
340 B
Image
General
Full URL
https://www.facebook.com/tr/?id=353329068859326&ev=PageView&dl=https%3A%2F%2Fwww.postfun.com%2Fbasketball%2Fthese-nba-players-are-working-9-5-jobs-since-retiring%2F%3Futm_source%3Dtb%26utm_medium%3Dmsn-msn-home-tb%26utm_content%3D3056256962%26utm_campaign%3D14664189-tb%26utm_cpc%3D-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ%3D%26tblci%3DGiD6x_f6YEJcfZSyDZ%26chrome%3D1&rl=&if=false&ts=1638845347471&sw=1600&sh=1200&ud[external_id]=2d69fa0fe3f07cfe5f99e45bbf655a0a40623cc715c4bfe573ccc910c5e2bd07&v=2.9.48&r=stable&ec=0&o=30&fbp=fb.1.1638845347470.1202371439&it=1638845347337&coo=false&dpo=&eid=5a5b78fb-caf9-45c9-9584-bf14d10b5151_1638845347298&exp=p0&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:07 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
44
expires
Tue, 07 Dec 2021 02:49:07 GMT
/
www.facebook.com/tr/
44 B
212 B
Image
General
Full URL
https://www.facebook.com/tr/?id=353329068859326&ev=PageValue&dl=https%3A%2F%2Fwww.postfun.com%2Fbasketball%2Fthese-nba-players-are-working-9-5-jobs-since-retiring%2F%3Futm_source%3Dtb%26utm_medium%3Dmsn-msn-home-tb%26utm_content%3D3056256962%26utm_campaign%3D14664189-tb%26utm_cpc%3D-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ%3D%26tblci%3DGiD6x_f6YEJcfZSyDZ%26chrome%3D1&rl=&if=false&ts=1638845347473&cd[currency]=USD&cd[page]=1&cd[value]=0&cd[total_value]=0&sw=1600&sh=1200&ud[external_id]=2d69fa0fe3f07cfe5f99e45bbf655a0a40623cc715c4bfe573ccc910c5e2bd07&v=2.9.48&r=stable&ec=1&o=30&fbp=fb.1.1638845347470.1202371439&it=1638845347337&coo=false&dpo=&eid=587aad34-97c2-43d7-8239-2d5594a24477_1638845347299&exp=p0&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:07 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
44
expires
Tue, 07 Dec 2021 02:49:07 GMT
/
www.facebook.com/tr/
44 B
212 B
Image
General
Full URL
https://www.facebook.com/tr/?id=353329068859326&ev=PageValue&dl=https%3A%2F%2Fwww.postfun.com%2Fbasketball%2Fthese-nba-players-are-working-9-5-jobs-since-retiring%2F%3Futm_source%3Dtb%26utm_medium%3Dmsn-msn-home-tb%26utm_content%3D3056256962%26utm_campaign%3D14664189-tb%26utm_cpc%3D-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ%3D%26tblci%3DGiD6x_f6YEJcfZSyDZ%26chrome%3D1&rl=&if=false&ts=1638845347475&cd[currency]=USD&cd[page]=1&cd[value]=0&cd[total_value]=0&sw=1600&sh=1200&ud[external_id]=2d69fa0fe3f07cfe5f99e45bbf655a0a40623cc715c4bfe573ccc910c5e2bd07&v=2.9.48&r=stable&ec=2&o=30&fbp=fb.1.1638845347470.1202371439&it=1638845347337&coo=false&dpo=&eid=b48b90fb-6a9b-44d3-881c-bad4f4c328cf_1638845347302&exp=p0&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:07 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
44
expires
Tue, 07 Dec 2021 02:49:07 GMT
postback
s.update.hmstats.com/2/2.42.0/486951/APIaX9sIEPIZSXgQ/
0
145 B
XHR
General
Full URL
https://s.update.hmstats.com/2/2.42.0/486951/APIaX9sIEPIZSXgQ/postback?oz_pl=1&dm=1600x1200&dt=4869511559931891252000&ti=6c826cd7-c979-4ff8-b2a3-aed8e6d2cbbc&c1=14664189-tb&c2=tb&gt=DE&ui=1c9a7f65-b410-42e3-ada7-65b134ade33f&di=www.postfun.com&c3=msn-msn-home-tb&de=2&ci=486951&_x=1
Requested by
Host: s.update.hmstats.com
URL: https://s.update.hmstats.com/2/486951/analytics.js?dt=4869511559931891252000&ti=6c826cd7-c979-4ff8-b2a3-aed8e6d2cbbc&ui=1c9a7f65-b410-42e3-ada7-65b134ade33f&di=www.postfun.com&c1=14664189-tb&c2=tb&c3=msn-msn-home-tb&de=2&gt=DE&dm=1600x1200
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.243.93.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-243-93-43.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 07 Dec 2021 02:49:07 GMT
Timing-Allow-Origin
*
Content-Length
0
Vary
Origin
main.js
s.update.hmstats.com/2/2.42.0/
154 KB
48 KB
Script
General
Full URL
https://s.update.hmstats.com/2/2.42.0/main.js
Requested by
Host: s.update.hmstats.com
URL: https://s.update.hmstats.com/2/486951/analytics.js?dt=4869511559931891252000&ti=6c826cd7-c979-4ff8-b2a3-aed8e6d2cbbc&ui=1c9a7f65-b410-42e3-ada7-65b134ade33f&di=www.postfun.com&c1=14664189-tb&c2=tb&c3=msn-msn-home-tb&de=2&gt=DE&dm=1600x1200
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.243.93.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-243-93-43.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
537af3e7035e7f334c4414cf45d25f378f279843c35eeb375675639f24202ee8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 07 Dec 2021 02:49:07 GMT
Content-Encoding
br
Accept-Ch
Viewport-Width, Width, DPR, RTT, ECT, Device-Memory, Downlink, Save-Data
Vary
Origin, Accept-Encoding
Content-Type
text/javascript; charset=utf-8
Cache-Control
public, no-transform, immutable, max-age=999999999
Strict-Transport-Security
max-age=31536000; includeSubDomains
Timing-Allow-Origin
*
Content-Length
48512
Expires
Thu, 14 Aug 2053 21:30:25 GMT
142192547407081
connect.facebook.net/signals/config/
305 KB
87 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/142192547407081?v=2.9.48&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
cf5926114e876f2c89a01dff181af963f57e14fe1df703045d8c024400466007
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
x-xss-protection
0
pragma
public
x-fb-debug
qC1oAc9cKKocmRRnOPGtHARdttiRFVqD66XOiXPS090FiqmrvavxSj4Ud2b3aLeIvvvnw0y6O1bYardtR8BOKw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 07 Dec 2021 02:49:07 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/
44 B
88 B
Image
General
Full URL
https://www.facebook.com/tr/?id=756416304915569&ev=PageView&dl=https%3A%2F%2Fwww.postfun.com%2Fbasketball%2Fthese-nba-players-are-working-9-5-jobs-since-retiring%2F%3Futm_source%3Dtb%26utm_medium%3Dmsn-msn-home-tb%26utm_content%3D3056256962%26utm_campaign%3D14664189-tb%26utm_cpc%3D-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ%3D%26tblci%3DGiD6x_f6YEJcfZSyDZ%26chrome%3D1&rl=&if=false&ts=1638845347560&sw=1600&sh=1200&ud[external_id]=2d69fa0fe3f07cfe5f99e45bbf655a0a40623cc715c4bfe573ccc910c5e2bd07&v=2.9.48&r=stable&ec=0&o=30&fbp=fb.1.1638845347470.1202371439&it=1638845347337&coo=false&dpo=&eid=8994dcba-2fbd-4aae-b5a6-c793b1580956_1638845347304&exp=p0&rqm=GET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:07 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
expires
Tue, 07 Dec 2021 02:49:07 GMT
/
www.facebook.com/tr/
44 B
88 B
Image
General
Full URL
https://www.facebook.com/tr/?id=353329068859326&ev=PageValue&dl=https%3A%2F%2Fwww.postfun.com%2Fbasketball%2Fthese-nba-players-are-working-9-5-jobs-since-retiring%2F%3Futm_source%3Dtb%26utm_medium%3Dmsn-msn-home-tb%26utm_content%3D3056256962%26utm_campaign%3D14664189-tb%26utm_cpc%3D-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ%3D%26tblci%3DGiD6x_f6YEJcfZSyDZ%26chrome%3D1&rl=&if=false&ts=1638845347560&cd[currency]=USD&cd[page]=1&cd[value]=0&cd[total_value]=0&sw=1600&sh=1200&ud[external_id]=2d69fa0fe3f07cfe5f99e45bbf655a0a40623cc715c4bfe573ccc910c5e2bd07&v=2.9.48&r=stable&ec=3&o=30&fbp=fb.1.1638845347470.1202371439&it=1638845347337&coo=false&dpo=&eid=755a0186-decc-4489-9e38-48d7c2ddd552_1638845347305&exp=p0&rqm=GET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:07 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
expires
Tue, 07 Dec 2021 02:49:07 GMT
/
www.facebook.com/tr/
44 B
88 B
Image
General
Full URL
https://www.facebook.com/tr/?id=756416304915569&ev=PageValue&dl=https%3A%2F%2Fwww.postfun.com%2Fbasketball%2Fthese-nba-players-are-working-9-5-jobs-since-retiring%2F%3Futm_source%3Dtb%26utm_medium%3Dmsn-msn-home-tb%26utm_content%3D3056256962%26utm_campaign%3D14664189-tb%26utm_cpc%3D-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ%3D%26tblci%3DGiD6x_f6YEJcfZSyDZ%26chrome%3D1&rl=&if=false&ts=1638845347561&cd[currency]=USD&cd[page]=1&cd[value]=0&cd[total_value]=0&sw=1600&sh=1200&ud[external_id]=2d69fa0fe3f07cfe5f99e45bbf655a0a40623cc715c4bfe573ccc910c5e2bd07&v=2.9.48&r=stable&ec=1&o=30&fbp=fb.1.1638845347470.1202371439&it=1638845347337&coo=false&dpo=&eid=755a0186-decc-4489-9e38-48d7c2ddd552_1638845347305&exp=p0&rqm=GET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:07 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
expires
Tue, 07 Dec 2021 02:49:07 GMT
postback
s.update.hmstats.com/2/2.42.0/486951/APIaX9sIEPIZSXgQ/
0
145 B
XHR
General
Full URL
https://s.update.hmstats.com/2/2.42.0/486951/APIaX9sIEPIZSXgQ/postback?oz_pl=1&dm=1600x1200&dt=4869511559931891252000&ti=6c826cd7-c979-4ff8-b2a3-aed8e6d2cbbc&c1=14664189-tb&c2=tb&gt=DE&ui=1c9a7f65-b410-42e3-ada7-65b134ade33f&di=www.postfun.com&c3=msn-msn-home-tb&de=2&ci=486951&_x=1
Requested by
Host: s.update.hmstats.com
URL: https://s.update.hmstats.com/2/486951/analytics.js?dt=4869511559931891252000&ti=6c826cd7-c979-4ff8-b2a3-aed8e6d2cbbc&ui=1c9a7f65-b410-42e3-ada7-65b134ade33f&di=www.postfun.com&c1=14664189-tb&c2=tb&c3=msn-msn-home-tb&de=2&gt=DE&dm=1600x1200
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.243.93.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-243-93-43.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 07 Dec 2021 02:49:07 GMT
Timing-Allow-Origin
*
Content-Length
0
Vary
Origin
postback
s.update.hmstats.com/2/2.42.0/486951/APIaX9sIEPIZSXgQ/
0
145 B
XHR
General
Full URL
https://s.update.hmstats.com/2/2.42.0/486951/APIaX9sIEPIZSXgQ/postback?dm=1600x1200&dt=4869511559931891252000&ti=6c826cd7-c979-4ff8-b2a3-aed8e6d2cbbc&c1=14664189-tb&c2=tb&gt=DE&ui=1c9a7f65-b410-42e3-ada7-65b134ade33f&di=www.postfun.com&c3=msn-msn-home-tb&de=2&ci=486951&sid=APIaX9sIEPIZSXgQ&oz_sc=fb655d76fdab4c28476e9f62&oz_df=1638845347617&oz_l=370&cv=3
Requested by
Host: s.update.hmstats.com
URL: https://s.update.hmstats.com/2/2.42.0/main.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.243.93.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-243-93-43.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 07 Dec 2021 02:49:07 GMT
Timing-Allow-Origin
*
Content-Length
0
Vary
Origin
507904799972713
connect.facebook.net/signals/config/
305 KB
87 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/507904799972713?v=2.9.48&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
a2234e62f9f4f714bd6e6fc3e8b65aaeac70fa57b670274528e472c3f2dd35dc
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
x-xss-protection
0
pragma
public
x-fb-debug
7sKyb+ZF64z0HDkCj2S4ARW18FgEck7YcFF3zx3wMB3VygmV0EYfLnLDx5HoNly01aUihnzlBoV3DYqPXsZH2g==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 07 Dec 2021 02:49:07 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/
44 B
88 B
Image
General
Full URL
https://www.facebook.com/tr/?id=142192547407081&ev=PageView&dl=https%3A%2F%2Fwww.postfun.com%2Fbasketball%2Fthese-nba-players-are-working-9-5-jobs-since-retiring%2F%3Futm_source%3Dtb%26utm_medium%3Dmsn-msn-home-tb%26utm_content%3D3056256962%26utm_campaign%3D14664189-tb%26utm_cpc%3D-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ%3D%26tblci%3DGiD6x_f6YEJcfZSyDZ%26chrome%3D1&rl=&if=false&ts=1638845347680&sw=1600&sh=1200&ud[external_id]=2d69fa0fe3f07cfe5f99e45bbf655a0a40623cc715c4bfe573ccc910c5e2bd07&v=2.9.48&r=stable&ec=0&o=30&fbp=fb.1.1638845347470.1202371439&it=1638845347337&coo=false&dpo=&eid=498228e7-6bc6-4a9d-8202-3c370e7260e8_1638845347307&exp=p0&rqm=GET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:07 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
expires
Tue, 07 Dec 2021 02:49:07 GMT
/
www.facebook.com/tr/
44 B
88 B
Image
General
Full URL
https://www.facebook.com/tr/?id=353329068859326&ev=PageValue&dl=https%3A%2F%2Fwww.postfun.com%2Fbasketball%2Fthese-nba-players-are-working-9-5-jobs-since-retiring%2F%3Futm_source%3Dtb%26utm_medium%3Dmsn-msn-home-tb%26utm_content%3D3056256962%26utm_campaign%3D14664189-tb%26utm_cpc%3D-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ%3D%26tblci%3DGiD6x_f6YEJcfZSyDZ%26chrome%3D1&rl=&if=false&ts=1638845347681&cd[currency]=USD&cd[page]=1&cd[value]=0&cd[total_value]=0&sw=1600&sh=1200&ud[external_id]=2d69fa0fe3f07cfe5f99e45bbf655a0a40623cc715c4bfe573ccc910c5e2bd07&v=2.9.48&r=stable&ec=4&o=30&fbp=fb.1.1638845347470.1202371439&it=1638845347337&coo=false&dpo=&eid=f3a04058-668b-494d-b42a-1081c494fd06_1638845347308&exp=p0&rqm=GET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:07 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
expires
Tue, 07 Dec 2021 02:49:07 GMT
/
www.facebook.com/tr/
44 B
88 B
Image
General
Full URL
https://www.facebook.com/tr/?id=756416304915569&ev=PageValue&dl=https%3A%2F%2Fwww.postfun.com%2Fbasketball%2Fthese-nba-players-are-working-9-5-jobs-since-retiring%2F%3Futm_source%3Dtb%26utm_medium%3Dmsn-msn-home-tb%26utm_content%3D3056256962%26utm_campaign%3D14664189-tb%26utm_cpc%3D-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ%3D%26tblci%3DGiD6x_f6YEJcfZSyDZ%26chrome%3D1&rl=&if=false&ts=1638845347682&cd[currency]=USD&cd[page]=1&cd[value]=0&cd[total_value]=0&sw=1600&sh=1200&ud[external_id]=2d69fa0fe3f07cfe5f99e45bbf655a0a40623cc715c4bfe573ccc910c5e2bd07&v=2.9.48&r=stable&ec=2&o=30&fbp=fb.1.1638845347470.1202371439&it=1638845347337&coo=false&dpo=&eid=f3a04058-668b-494d-b42a-1081c494fd06_1638845347308&exp=p0&rqm=GET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:07 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
expires
Tue, 07 Dec 2021 02:49:07 GMT
/
www.facebook.com/tr/
44 B
88 B
Image
General
Full URL
https://www.facebook.com/tr/?id=142192547407081&ev=PageValue&dl=https%3A%2F%2Fwww.postfun.com%2Fbasketball%2Fthese-nba-players-are-working-9-5-jobs-since-retiring%2F%3Futm_source%3Dtb%26utm_medium%3Dmsn-msn-home-tb%26utm_content%3D3056256962%26utm_campaign%3D14664189-tb%26utm_cpc%3D-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ%3D%26tblci%3DGiD6x_f6YEJcfZSyDZ%26chrome%3D1&rl=&if=false&ts=1638845347683&cd[currency]=USD&cd[page]=1&cd[value]=0&cd[total_value]=0&sw=1600&sh=1200&ud[external_id]=2d69fa0fe3f07cfe5f99e45bbf655a0a40623cc715c4bfe573ccc910c5e2bd07&v=2.9.48&r=stable&ec=1&o=30&fbp=fb.1.1638845347470.1202371439&it=1638845347337&coo=false&dpo=&eid=f3a04058-668b-494d-b42a-1081c494fd06_1638845347308&exp=p0&rqm=GET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:07 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
expires
Tue, 07 Dec 2021 02:49:07 GMT
fb019e54-4d5b-4e62-830b-6b4f4f0489e5
https://www.postfun.com/ Frame 5769
185 B
0
Other
General
Full URL
blob:https://www.postfun.com/fb019e54-4d5b-4e62-830b-6b4f4f0489e5
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
848fe19ed492948709b881f504ce2eb6274baa694606ca88eb9b2990a2460caf

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Length
185
Content-Type
application/javascript
252336382657754
connect.facebook.net/signals/config/
305 KB
87 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/252336382657754?v=2.9.48&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
869234019eb34d15b2dbb218719491fefae65f17cf1103eb6355da24783f6dc7
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
x-xss-protection
0
pragma
public
x-fb-debug
WtxQWcjc8j0WlzUzZ+5A+CKBM8bS4NVqA6hpwt3wX/hPYeyaK4YN0t+kQyjlQfX2AjAUeifkR/iNjytiA3W7lQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 07 Dec 2021 02:49:07 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/
44 B
88 B
Image
General
Full URL
https://www.facebook.com/tr/?id=507904799972713&ev=PageView&dl=https%3A%2F%2Fwww.postfun.com%2Fbasketball%2Fthese-nba-players-are-working-9-5-jobs-since-retiring%2F%3Futm_source%3Dtb%26utm_medium%3Dmsn-msn-home-tb%26utm_content%3D3056256962%26utm_campaign%3D14664189-tb%26utm_cpc%3D-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ%3D%26tblci%3DGiD6x_f6YEJcfZSyDZ%26chrome%3D1&rl=&if=false&ts=1638845347764&sw=1600&sh=1200&ud[external_id]=2d69fa0fe3f07cfe5f99e45bbf655a0a40623cc715c4bfe573ccc910c5e2bd07&v=2.9.48&r=stable&ec=0&o=30&fbp=fb.1.1638845347470.1202371439&it=1638845347337&coo=false&dpo=&eid=59efa5b7-4bb1-4cd8-86c9-4bca29d431dc_1638845347311&exp=p0&rqm=GET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:07 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
expires
Tue, 07 Dec 2021 02:49:07 GMT
/
www.facebook.com/tr/
44 B
88 B
Image
General
Full URL
https://www.facebook.com/tr/?id=353329068859326&ev=PageValue&dl=https%3A%2F%2Fwww.postfun.com%2Fbasketball%2Fthese-nba-players-are-working-9-5-jobs-since-retiring%2F%3Futm_source%3Dtb%26utm_medium%3Dmsn-msn-home-tb%26utm_content%3D3056256962%26utm_campaign%3D14664189-tb%26utm_cpc%3D-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ%3D%26tblci%3DGiD6x_f6YEJcfZSyDZ%26chrome%3D1&rl=&if=false&ts=1638845347764&cd[currency]=USD&cd[page]=1&cd[value]=0&cd[total_value]=0&sw=1600&sh=1200&ud[external_id]=2d69fa0fe3f07cfe5f99e45bbf655a0a40623cc715c4bfe573ccc910c5e2bd07&v=2.9.48&r=stable&ec=5&o=30&fbp=fb.1.1638845347470.1202371439&it=1638845347337&coo=false&dpo=&eid=bb458e57-c93b-4225-a569-1951c877ee86_1638845347312&exp=p0&rqm=GET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:07 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
expires
Tue, 07 Dec 2021 02:49:07 GMT
/
www.facebook.com/tr/
44 B
88 B
Image
General
Full URL
https://www.facebook.com/tr/?id=756416304915569&ev=PageValue&dl=https%3A%2F%2Fwww.postfun.com%2Fbasketball%2Fthese-nba-players-are-working-9-5-jobs-since-retiring%2F%3Futm_source%3Dtb%26utm_medium%3Dmsn-msn-home-tb%26utm_content%3D3056256962%26utm_campaign%3D14664189-tb%26utm_cpc%3D-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ%3D%26tblci%3DGiD6x_f6YEJcfZSyDZ%26chrome%3D1&rl=&if=false&ts=1638845347765&cd[currency]=USD&cd[page]=1&cd[value]=0&cd[total_value]=0&sw=1600&sh=1200&ud[external_id]=2d69fa0fe3f07cfe5f99e45bbf655a0a40623cc715c4bfe573ccc910c5e2bd07&v=2.9.48&r=stable&ec=3&o=30&fbp=fb.1.1638845347470.1202371439&it=1638845347337&coo=false&dpo=&eid=bb458e57-c93b-4225-a569-1951c877ee86_1638845347312&exp=p0&rqm=GET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:07 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
expires
Tue, 07 Dec 2021 02:49:07 GMT
/
www.facebook.com/tr/
44 B
88 B
Image
General
Full URL
https://www.facebook.com/tr/?id=142192547407081&ev=PageValue&dl=https%3A%2F%2Fwww.postfun.com%2Fbasketball%2Fthese-nba-players-are-working-9-5-jobs-since-retiring%2F%3Futm_source%3Dtb%26utm_medium%3Dmsn-msn-home-tb%26utm_content%3D3056256962%26utm_campaign%3D14664189-tb%26utm_cpc%3D-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ%3D%26tblci%3DGiD6x_f6YEJcfZSyDZ%26chrome%3D1&rl=&if=false&ts=1638845347765&cd[currency]=USD&cd[page]=1&cd[value]=0&cd[total_value]=0&sw=1600&sh=1200&ud[external_id]=2d69fa0fe3f07cfe5f99e45bbf655a0a40623cc715c4bfe573ccc910c5e2bd07&v=2.9.48&r=stable&ec=2&o=30&fbp=fb.1.1638845347470.1202371439&it=1638845347337&coo=false&dpo=&eid=bb458e57-c93b-4225-a569-1951c877ee86_1638845347312&exp=p0&rqm=GET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:07 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
expires
Tue, 07 Dec 2021 02:49:07 GMT
/
www.facebook.com/tr/
44 B
88 B
Image
General
Full URL
https://www.facebook.com/tr/?id=507904799972713&ev=PageValue&dl=https%3A%2F%2Fwww.postfun.com%2Fbasketball%2Fthese-nba-players-are-working-9-5-jobs-since-retiring%2F%3Futm_source%3Dtb%26utm_medium%3Dmsn-msn-home-tb%26utm_content%3D3056256962%26utm_campaign%3D14664189-tb%26utm_cpc%3D-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ%3D%26tblci%3DGiD6x_f6YEJcfZSyDZ%26chrome%3D1&rl=&if=false&ts=1638845347766&cd[currency]=USD&cd[page]=1&cd[value]=0&cd[total_value]=0&sw=1600&sh=1200&ud[external_id]=2d69fa0fe3f07cfe5f99e45bbf655a0a40623cc715c4bfe573ccc910c5e2bd07&v=2.9.48&r=stable&ec=1&o=30&fbp=fb.1.1638845347470.1202371439&it=1638845347337&coo=false&dpo=&eid=bb458e57-c93b-4225-a569-1951c877ee86_1638845347312&exp=p0&rqm=GET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:07 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
expires
Tue, 07 Dec 2021 02:49:07 GMT
postback
s.update.hmstats.com/2/2.42.0/486951/APIaX9sIEPIZSXgQ/
0
145 B
XHR
General
Full URL
https://s.update.hmstats.com/2/2.42.0/486951/APIaX9sIEPIZSXgQ/postback?dm=1600x1200&dt=4869511559931891252000&ti=6c826cd7-c979-4ff8-b2a3-aed8e6d2cbbc&c1=14664189-tb&c2=tb&gt=DE&ui=1c9a7f65-b410-42e3-ada7-65b134ade33f&di=www.postfun.com&c3=msn-msn-home-tb&de=2&ci=486951&sid=APIaX9sIEPIZSXgQ&oz_sc=fb655d76fdab4c28476e9f62&oz_df=1638845347801&oz_l=15262&cv=3
Requested by
Host: s.update.hmstats.com
URL: https://s.update.hmstats.com/2/2.42.0/main.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.243.93.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-243-93-43.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 07 Dec 2021 02:49:07 GMT
Timing-Allow-Origin
*
Content-Length
0
Vary
Origin
haloid
aufp.io/api/v1/
6 KB
3 KB
Script
General
Full URL
https://aufp.io/api/v1/haloid
Requested by
Host: a.ad.gt
URL: https://a.ad.gt/api/v1/u/matches/354?url=https%3A%2F%2Fwww.postfun.com%2Fbasketball%2Fthese-nba-players-are-working-9-5-jobs-since-retiring%2F%3Futm_source%3Dtb%26utm_medium%3Dmsn-msn-home-tb%26utm_content%3D3056256962%26utm_campaign%3D14664189-tb%26utm_cpc%3D-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ%3D%26tblci%3DGiD6x_f6YEJcfZSyDZ%26chrome%3D1&ref=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.187.25.111 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-187-25-111.us-west-2.compute.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
85e50082d7ce113bfa87dbade18dbf747d1bacfcffdbd628296dcffa98a08f94

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:08 GMT
content-encoding
gzip
last-modified
Tue, 07 Dec 2021 01:54:08 GMT
server
nginx/1.18.0
etag
W/"1638842048.0-6132-2958560116"
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*, *
access-control-expose-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control
public, max-age=43200
origin-trial
A/KTxPuSXtwcggydvUxw5B4dXspsb2iweedc7KDi2xv9M89MtnOpULTs7DQJVHBxGDV5wj5a3LW9S4ev3WfQkwIAAAB+eyJvcmlnaW4iOiJodHRwczovL2hhbG9mbG9jLmNvbTo0NDMiLCJmZWF0dXJlIjoiSW50ZXJlc3RDb2hvcnRBUEkiLCJleHBpcnkiOjE2MjYyMjA3OTksImlzU3ViZG9tYWluIjp0cnVlLCJpc1RoaXJkUGFydHkiOnRydWV9
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
expires
Tue, 07 Dec 2021 14:49:08 GMT
354
p.ad.gt/api/v1/p/
25 KB
8 KB
Script
General
Full URL
https://p.ad.gt/api/v1/p/354
Requested by
Host: a.ad.gt
URL: https://a.ad.gt/api/v1/u/matches/354?url=https%3A%2F%2Fwww.postfun.com%2Fbasketball%2Fthese-nba-players-are-working-9-5-jobs-since-retiring%2F%3Futm_source%3Dtb%26utm_medium%3Dmsn-msn-home-tb%26utm_content%3D3056256962%26utm_campaign%3D14664189-tb%26utm_cpc%3D-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ%3D%26tblci%3DGiD6x_f6YEJcfZSyDZ%26chrome%3D1&ref=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.187.25.111 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-187-25-111.us-west-2.compute.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
587e4115909190b558d6542a6a6ebc8faeb19edd3e21b732b38c9aec3d36f185

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:08 GMT
content-encoding
gzip
server
nginx/1.18.0
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
match
ids.ad.gt/api/v1/
Redirect Chain
  • https://secure.adnxs.com/getuid?https://ids.ad.gt/api/v1/match?id=a1fe1406-4ec8-4c8c-a289-1f79043d6f17&adnxs_id=$UID
  • https://ids.ad.gt/api/v1/match?id=a1fe1406-4ec8-4c8c-a289-1f79043d6f17&adnxs_id=4946990725677477747
43 B
565 B
Image
General
Full URL
https://ids.ad.gt/api/v1/match?id=a1fe1406-4ec8-4c8c-a289-1f79043d6f17&adnxs_id=4946990725677477747
Protocol
H2
Server
34.211.237.159 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-211-237-159.us-west-2.compute.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:08 GMT
cache-control
public, max-age=43200
server
nginx/1.18.0
content-type
image/gif
expires
Tue, 07 Dec 2021 14:49:08 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 07 Dec 2021 02:49:07 GMT
X-Proxy-Origin
193.27.14.24; 193.27.14.24; 729.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
6e05f7ad-dc59-47dc-8e10-dc20e69ee3c5
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://ids.ad.gt/api/v1/match?id=a1fe1406-4ec8-4c8c-a289-1f79043d6f17&adnxs_id=4946990725677477747
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
t_match
ids.ad.gt/api/v1/
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=8gkxb6n&ttd_tpi=1&gpdr=0&ttd_puid=a1fe1406-4ec8-4c8c-a289-1f79043d6f17
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=8gkxb6n&ttd_tpi=1&gpdr=0&ttd_puid=a1fe1406-4ec8-4c8c-a289-1f79043d6f17
  • https://ids.ad.gt/api/v1/t_match?tdid=85f4d67c-3ab3-450c-b420-539570656946&id=a1fe1406-4ec8-4c8c-a289-1f79043d6f17
43 B
570 B
Image
General
Full URL
https://ids.ad.gt/api/v1/t_match?tdid=85f4d67c-3ab3-450c-b420-539570656946&id=a1fe1406-4ec8-4c8c-a289-1f79043d6f17
Protocol
H2
Server
34.211.237.159 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-211-237-159.us-west-2.compute.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:08 GMT
cache-control
public, max-age=43200
server
nginx/1.18.0
content-type
image/gif
expires
Tue, 07 Dec 2021 14:49:08 GMT

Redirect headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:07 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://ids.ad.gt/api/v1/t_match?tdid=85f4d67c-3ab3-450c-b420-539570656946&id=a1fe1406-4ec8-4c8c-a289-1f79043d6f17
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
259
pbm_match
ids.ad.gt/api/v1/
Redirect Chain
  • https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3Da1fe1406-4ec8-4c8c-a289-1f79043d6f17
  • https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3Da1fe1406-4ec8-4c8c-a289-1f79043d6f17
  • https://ids.ad.gt/api/v1/pbm_match?pbm=26CFC5F6-FC26-45F5-81AD-CC3EBF7B08FE&id=a1fe1406-4ec8-4c8c-a289-1f79043d6f17
43 B
572 B
Image
General
Full URL
https://ids.ad.gt/api/v1/pbm_match?pbm=26CFC5F6-FC26-45F5-81AD-CC3EBF7B08FE&id=a1fe1406-4ec8-4c8c-a289-1f79043d6f17
Protocol
H2
Server
34.211.237.159 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-211-237-159.us-west-2.compute.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:08 GMT
cache-control
public, max-age=43200
server
nginx/1.18.0
content-type
image/gif
expires
Tue, 07 Dec 2021 14:49:08 GMT

Redirect headers

location
https://ids.ad.gt/api/v1/pbm_match?pbm=26CFC5F6-FC26-45F5-81AD-CC3EBF7B08FE&id=a1fe1406-4ec8-4c8c-a289-1f79043d6f17
date
Tue, 07 Dec 2021 02:49:07 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
g_match
ids.ad.gt/api/v1/
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_cm&google_sc&google_ula=450542624&id=a1fe1406-4ec8-4c8c-a289-1f79043d6f17
  • https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_cm=&google_sc=&google_ula=450542624&id=a1fe1406-4ec8-4c8c-a289-1f79043d6f17&google_tc=
  • https://ids.ad.gt/api/v1/g_match?id=a1fe1406-4ec8-4c8c-a289-1f79043d6f17&google_gid=CAESEFdRLy1PsUHQyohjGGDyLf0&google_cver=1&google_ula=450542624,0
43 B
571 B
Image
General
Full URL
https://ids.ad.gt/api/v1/g_match?id=a1fe1406-4ec8-4c8c-a289-1f79043d6f17&google_gid=CAESEFdRLy1PsUHQyohjGGDyLf0&google_cver=1&google_ula=450542624,0
Protocol
H2
Server
34.211.237.159 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-211-237-159.us-west-2.compute.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:08 GMT
cache-control
public, max-age=43200
server
nginx/1.18.0
content-type
image/gif
expires
Tue, 07 Dec 2021 14:49:08 GMT

Redirect headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:07 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ids.ad.gt/api/v1/g_match?id=a1fe1406-4ec8-4c8c-a289-1f79043d6f17&google_gid=CAESEFdRLy1PsUHQyohjGGDyLf0&google_cver=1&google_ula=450542624,0
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
357
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/
Redirect Chain
  • https://ids.ad.gt/api/v1/g_hosted?id=a1fe1406-4ec8-4c8c-a289-1f79043d6f17
  • https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=YTFmZTE0MDYtNGVjOC00YzhjLWEyODktMWY3OTA0M2Q2ZjE3
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=YTFmZTE0MDYtNGVjOC00YzhjLWEyODktMWY3OTA0M2Q2ZjE3
Protocol
H3
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:08 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=YTFmZTE0MDYtNGVjOC00YzhjLWEyODktMWY3OTA0M2Q2ZjE3
date
Tue, 07 Dec 2021 02:49:08 GMT
server
nginx/1.18.0
content-length
473
content-type
text/html; charset=utf-8
mediamath_match
ids.ad.gt/api/v1/
Redirect Chain
  • https://sync.mathtag.com/sync/img?redir=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fmediamath_match%3Fuser_id%3D%5BMM_UUID%5D%26id%3Da1fe1406-4ec8-4c8c-a289-1f79043d6f17
  • https://ids.ad.gt/api/v1/mediamath_match?user_id=20ed61ae-cba3-4900-bb52-7cc570c2c565&id=a1fe1406-4ec8-4c8c-a289-1f79043d6f17
43 B
482 B
Image
General
Full URL
https://ids.ad.gt/api/v1/mediamath_match?user_id=20ed61ae-cba3-4900-bb52-7cc570c2c565&id=a1fe1406-4ec8-4c8c-a289-1f79043d6f17
Protocol
H2
Server
34.211.237.159 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-211-237-159.us-west-2.compute.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:08 GMT
cache-control
public, max-age=43200
server
nginx/1.18.0
content-type
image/gif
expires
Tue, 07 Dec 2021 14:49:08 GMT

Redirect headers

Date
Tue, 07 Dec 2021 02:49:07 GMT
Server
MT3 4103 f8fad19 master cdg-pixel-x30 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://ids.ad.gt/api/v1/mediamath_match?user_id=20ed61ae-cba3-4900-bb52-7cc570c2c565&id=a1fe1406-4ec8-4c8c-a289-1f79043d6f17
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Tue, 07 Dec 2021 02:49:06 GMT
unruly
ids.ad.gt/api/v1/
Redirect Chain
  • https://sync.1rx.io/usersync/audigent/0?dspret=1&redir=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Funruly%3Fid%3Da1fe1406-4ec8-4c8c-a289-1f79043d6f17%26unruly_id%3D%5BRX_UUID%5D
  • https://sync.1rx.io/usersync/audigent/0?zcc=1&dspret=1&redir=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Funruly%3Fid%3Da1fe1406-4ec8-4c8c-a289-1f79043d6f17%26unruly_id%3D%5BRX_UUID%5D&cb=1638845347894
  • https://sync.targeting.unrulymedia.com/csync/RX-043d6d66-9e7a-4f06-b461-e21e0c63d7bb-003?redir=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Funruly%3Fid%3Da1fe1406-4ec8-4c8c-a289-1f79043d6f17%26unruly_id%3D...
  • https://ids.ad.gt/api/v1/unruly?id=a1fe1406-4ec8-4c8c-a289-1f79043d6f17&unruly_id=RX-043d6d66-9e7a-4f06-b461-e21e0c63d7bb-003
43 B
489 B
Image
General
Full URL
https://ids.ad.gt/api/v1/unruly?id=a1fe1406-4ec8-4c8c-a289-1f79043d6f17&unruly_id=RX-043d6d66-9e7a-4f06-b461-e21e0c63d7bb-003
Protocol
H2
Server
34.211.237.159 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-211-237-159.us-west-2.compute.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:08 GMT
cache-control
public, max-age=43200
server
nginx/1.18.0
content-type
image/gif
expires
Tue, 07 Dec 2021 14:49:08 GMT

Redirect headers

location
https://ids.ad.gt/api/v1/unruly?id=a1fe1406-4ec8-4c8c-a289-1f79043d6f17&unruly_id=RX-043d6d66-9e7a-4f06-b461-e21e0c63d7bb-003
date
Tue, 07 Dec 2021 02:49:07 GMT
server
Tengine
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag
RX043d6d669e7a4f06b461e21e0c63d7bb003
content-type
text/html
cm
trc.taboola.com/sg/audigent/1/
43 B
173 B
Image
General
Full URL
https://trc.taboola.com/sg/audigent/1/cm?redirect=http%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Ftaboola%3Fpartner_uid%3D%3CTUID%3E%3Fid%3Da1fe1406-4ec8-4c8c-a289-1f79043d6f17
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
0d9762a1a60deef8aa093c473ad27c38eed77184d6940e7df06d89d77cbd3e94

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-vcl-time-ms
8
pragma
no-cache
date
Tue, 07 Dec 2021 02:49:07 GMT
via
1.1 varnish
server
nginx
x-timer
S1638845348.859328,VS0,VE8
x-served-by
cache-hhn4077-HHN
x-cache
MISS
cache-control
no-cache, no-store
accept-ranges
bytes
x-cache-hits
0
2861483040748117
connect.facebook.net/signals/config/
305 KB
87 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/2861483040748117?v=2.9.48&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
0924e6ae85bbf093056ea4960d428569c4228385e29cb0bbda7028439050561e
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
x-xss-protection
0
pragma
public
x-fb-debug
22NZKgpg3UUouZgTIoqtrCvbJOc0BcMmPZ1G9ua1IoPWxyP5sHgcMI/2rJ7pkCDmNgCHc4WSDYQTsajxnrXNmA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 07 Dec 2021 02:49:07 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/
44 B
88 B
Image
General
Full URL
https://www.facebook.com/tr/?id=252336382657754&ev=PageView&dl=https%3A%2F%2Fwww.postfun.com%2Fbasketball%2Fthese-nba-players-are-working-9-5-jobs-since-retiring%2F%3Futm_source%3Dtb%26utm_medium%3Dmsn-msn-home-tb%26utm_content%3D3056256962%26utm_campaign%3D14664189-tb%26utm_cpc%3D-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ%3D%26tblci%3DGiD6x_f6YEJcfZSyDZ%26chrome%3D1&rl=&if=false&ts=1638845347852&sw=1600&sh=1200&ud[external_id]=2d69fa0fe3f07cfe5f99e45bbf655a0a40623cc715c4bfe573ccc910c5e2bd07&v=2.9.48&r=stable&ec=0&o=30&fbp=fb.1.1638845347470.1202371439&it=1638845347337&coo=false&dpo=&eid=5574137d-44c0-4a01-9927-ffe5610a411b_1638845347313&exp=p0&rqm=GET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:07 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
expires
Tue, 07 Dec 2021 02:49:07 GMT
truncated
/ Frame 102D
13 B
13 B
Document
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628

Request headers

Upgrade-Insecure-Requests
1
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
text/html;charset=utf-8
/
www.facebook.com/tr/
44 B
88 B
Image
General
Full URL
https://www.facebook.com/tr/?id=2861483040748117&ev=PageView&dl=https%3A%2F%2Fwww.postfun.com%2Fbasketball%2Fthese-nba-players-are-working-9-5-jobs-since-retiring%2F%3Futm_source%3Dtb%26utm_medium%3Dmsn-msn-home-tb%26utm_content%3D3056256962%26utm_campaign%3D14664189-tb%26utm_cpc%3D-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ%3D%26tblci%3DGiD6x_f6YEJcfZSyDZ%26chrome%3D1&rl=&if=false&ts=1638845347937&sw=1600&sh=1200&ud[external_id]=2d69fa0fe3f07cfe5f99e45bbf655a0a40623cc715c4bfe573ccc910c5e2bd07&v=2.9.48&r=stable&ec=0&o=30&fbp=fb.1.1638845347470.1202371439&it=1638845347337&coo=false&dpo=&eid=fbff88f3-e681-481d-a670-bd4fdb011c23_1638845347315&exp=p0&rqm=GET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:07 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
expires
Tue, 07 Dec 2021 02:49:07 GMT
postback
s.update.hmstats.com/2/2.42.0/486951/APIaX9sIEPIZSXgQ/
0
145 B
XHR
General
Full URL
https://s.update.hmstats.com/2/2.42.0/486951/APIaX9sIEPIZSXgQ/postback?dm=1600x1200&dt=4869511559931891252000&ti=6c826cd7-c979-4ff8-b2a3-aed8e6d2cbbc&c1=14664189-tb&c2=tb&gt=DE&ui=1c9a7f65-b410-42e3-ada7-65b134ade33f&di=www.postfun.com&c3=msn-msn-home-tb&de=2&ci=486951&sid=APIaX9sIEPIZSXgQ&oz_sc=fb655d76fdab4c28476e9f62&oz_df=1638845347955&oz_l=226&cv=3
Requested by
Host: s.update.hmstats.com
URL: https://s.update.hmstats.com/2/2.42.0/main.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.243.93.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-243-93-43.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 07 Dec 2021 02:49:07 GMT
Timing-Allow-Origin
*
Content-Length
0
Vary
Origin
/
www.facebook.com/tr/ Frame C34B
0
15 B
Document
General
Full URL
https://www.facebook.com/tr/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
Origin
https://www.postfun.com
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/

Response headers

content-type
text/plain
access-control-allow-origin
https://www.postfun.com
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
content-length
0
server
proxygen-bolt
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
date
Tue, 07 Dec 2021 02:49:07 GMT
/
www.facebook.com/tr/ Frame DB90
0
15 B
Document
General
Full URL
https://www.facebook.com/tr/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
Origin
https://www.postfun.com
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/

Response headers

content-type
text/plain
access-control-allow-origin
https://www.postfun.com
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
content-length
0
server
proxygen-bolt
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
date
Tue, 07 Dec 2021 02:49:08 GMT
postback
s.update.hmstats.com/2/2.42.0/486951/APIaX9sIEPIZSXgQ/
0
145 B
XHR
General
Full URL
https://s.update.hmstats.com/2/2.42.0/486951/APIaX9sIEPIZSXgQ/postback?dm=1600x1200&dt=4869511559931891252000&ti=6c826cd7-c979-4ff8-b2a3-aed8e6d2cbbc&c1=14664189-tb&c2=tb&gt=DE&ui=1c9a7f65-b410-42e3-ada7-65b134ade33f&di=www.postfun.com&c3=msn-msn-home-tb&de=2&ci=486951&sid=APIaX9sIEPIZSXgQ&oz_sc=fb655d76fdab4c28476e9f62&oz_df=1638845348110&oz_l=1037&cv=3
Requested by
Host: s.update.hmstats.com
URL: https://s.update.hmstats.com/2/2.42.0/main.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.243.93.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-243-93-43.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 07 Dec 2021 02:49:07 GMT
Timing-Allow-Origin
*
Content-Length
0
Vary
Origin
8cf53b78-ef75-4c8d-924a-12805dc3717c
https://www.postfun.com/
773 B
0
Other
General
Full URL
blob:https://www.postfun.com/8cf53b78-ef75-4c8d-924a-12805dc3717c
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1ad142d89bfb17e68387ca8ecefb3850d8459d676c8f851aab1a2d67d9ab7b0d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Length
773
/
www.facebook.com/tr/ Frame 6C6D
0
15 B
Document
General
Full URL
https://www.facebook.com/tr/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
Origin
https://www.postfun.com
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/

Response headers

content-type
text/plain
access-control-allow-origin
https://www.postfun.com
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
content-length
0
server
proxygen-bolt
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
date
Tue, 07 Dec 2021 02:49:08 GMT
/
www.facebook.com/tr/ Frame 7ABA
0
15 B
Document
General
Full URL
https://www.facebook.com/tr/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
Origin
https://www.postfun.com
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/

Response headers

content-type
text/plain
access-control-allow-origin
https://www.postfun.com
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
content-length
0
server
proxygen-bolt
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
date
Tue, 07 Dec 2021 02:49:08 GMT
postback
s.update.hmstats.com/2/2.42.0/486951/APIaX9sIEPIZSXgQ/
0
145 B
XHR
General
Full URL
https://s.update.hmstats.com/2/2.42.0/486951/APIaX9sIEPIZSXgQ/postback?dm=1600x1200&dt=4869511559931891252000&ti=6c826cd7-c979-4ff8-b2a3-aed8e6d2cbbc&c1=14664189-tb&c2=tb&gt=DE&ui=1c9a7f65-b410-42e3-ada7-65b134ade33f&di=www.postfun.com&c3=msn-msn-home-tb&de=2&ci=486951&sid=APIaX9sIEPIZSXgQ&oz_sc=fb655d76fdab4c28476e9f62&oz_df=1638845348261&oz_l=6821&cv=3
Requested by
Host: s.update.hmstats.com
URL: https://s.update.hmstats.com/2/2.42.0/main.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.243.93.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-243-93-43.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 07 Dec 2021 02:49:08 GMT
Timing-Allow-Origin
*
Content-Length
0
Vary
Origin
/
www.facebook.com/tr/ Frame 8618
0
15 B
Document
General
Full URL
https://www.facebook.com/tr/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
Origin
https://www.postfun.com
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/

Response headers

content-type
text/plain
access-control-allow-origin
https://www.postfun.com
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
content-length
0
server
proxygen-bolt
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
date
Tue, 07 Dec 2021 02:49:08 GMT
halo_match
ids.ad.gt/api/v1/
43 B
651 B
Image
General
Full URL
https://ids.ad.gt/api/v1/halo_match?id=a1fe1406-4ec8-4c8c-a289-1f79043d6f17&halo_id=0200kuhica07jv2yg08xizqr0bwpa1w0evvljv1k7cm961o8b5po0ntek210qskvk40trr7270wqxik90zq3u2c12pa5j31k0gxf118nmsj90fzd0bt1elzfjf1hl5r1i1kkc2jl
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.211.237.159 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-211-237-159.us-west-2.compute.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:08 GMT
cache-control
public, max-age=43200
server
nginx/1.18.0
content-type
image/gif
expires
Tue, 07 Dec 2021 14:49:08 GMT
getpixels
pixels.ad.gt/api/v1/
0
344 B
Script
General
Full URL
https://pixels.ad.gt/api/v1/getpixels?tagger_id=68bac34bd88fa62e81174dd648da81f9&url=https%3A%2F%2Fwww.postfun.com%2Fbasketball%2Fthese-nba-players-are-working-9-5-jobs-since-retiring%2F%3Futm_source%3Dtb%26utm_medium%3Dmsn-msn-home-tb%26utm_content%3D3056256962%26utm_campaign%3D14664189-tb%26utm_cpc%3D-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ%3D%26tblci%3DGiD6x_f6YEJcfZSyDZ%26chrome%3D1&code=%27none%27
Requested by
Host: p.ad.gt
URL: https://p.ad.gt/api/v1/p/354
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.89.213.37 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-89-213-37.us-west-2.compute.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

access-control-allow-origin
*
date
Tue, 07 Dec 2021 02:49:08 GMT
server
nginx/1.18.0
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-allow-methods
GET, POST, OPTIONS
access-control-expose-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
1853083501571805
connect.facebook.net/signals/config/
308 KB
89 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/1853083501571805?v=2.9.48&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
0d358ffaf0d76ff2acc41f17cb874a7a03fa6fa502936b48c4de3eab79752d32
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
90731
x-xss-protection
0
pragma
public
x-fb-debug
wfZPgxPmTc39+U1vnn3jbHOMEJndXRNdIvFmYlPfdgRUsdFR8yAegDg6RrqhBkbUmDKxDWW4IeA+9hSObDF6+g==
x-frame-options
DENY
date
Tue, 07 Dec 2021 02:49:08 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
ecommerce.js
www.google-analytics.com/plugins/ua/
1 KB
763 B
Script
General
Full URL
https://www.google-analytics.com/plugins/ua/ecommerce.js
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8e1b84265e633c043720dd0921476c16bc9f75e393e855c9116ca7c3a847b5c7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:30:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1139
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
738
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Tue, 07 Dec 2021 03:30:09 GMT
ec.js
www.google-analytics.com/plugins/ua/
3 KB
3 KB
Script
General
Full URL
https://www.google-analytics.com/plugins/ua/ec.js
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:40:49 GMT
x-content-type-options
nosniff
age
499
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2779
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Tue, 07 Dec 2021 03:40:49 GMT
cm
u.openx.net/w/1.0/
43 B
131 B
Image
General
Full URL
https://u.openx.net/w/1.0/cm?id=998eaf06-9905-4eae-9e26-9fac75960c53&r=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fopenx%3Fopenx_id%3D%7BOPENX_ID%7D%26id%3D0200kuhica07jv2yg08xizqr0bwpa1w0evvljv1k7cm961o8b5po0ntek210qskvk40trr7270wqxik90zq3u2c12pa5j31k0gxf118nmsj90fzd0bt1elzfjf1hl5r1i1kkc2jl%26auid%3Da1fe1406-4ec8-4c8c-a289-1f79043d6f17
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.221.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:08 GMT
content-encoding
gzip
server
OXGW/16.221.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
via
1.1 google
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
56
expires
Mon, 26 Jul 1997 05:00:00 GMT
postback
s.update.hmstats.com/2/2.42.0/486951/APIaX9sIEPIZSXgQ/
0
145 B
XHR
General
Full URL
https://s.update.hmstats.com/2/2.42.0/486951/APIaX9sIEPIZSXgQ/postback?dm=1600x1200&dt=4869511559931891252000&ti=6c826cd7-c979-4ff8-b2a3-aed8e6d2cbbc&c1=14664189-tb&c2=tb&gt=DE&ui=1c9a7f65-b410-42e3-ada7-65b134ade33f&di=www.postfun.com&c3=msn-msn-home-tb&de=2&ci=486951&sid=APIaX9sIEPIZSXgQ&oz_sc=fb655d76fdab4c28476e9f62&oz_df=1638845348418&oz_l=4098&cv=3
Requested by
Host: s.update.hmstats.com
URL: https://s.update.hmstats.com/2/2.42.0/main.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.243.93.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-243-93-43.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 07 Dec 2021 02:49:08 GMT
Timing-Allow-Origin
*
Content-Length
0
Vary
Origin
/
www.facebook.com/tr/
44 B
88 B
Image
General
Full URL
https://www.facebook.com/tr/?id=1853083501571805&ev=PageView&dl=https%3A%2F%2Fwww.postfun.com%2Fbasketball%2Fthese-nba-players-are-working-9-5-jobs-since-retiring%2F%3Futm_source%3Dtb%26utm_medium%3Dmsn-msn-home-tb%26utm_content%3D3056256962%26utm_campaign%3D14664189-tb%26utm_cpc%3D-XYxzLpPIsU0_WVigimiSQkZJxJhFXITDvtGKVw0zVQ%3D%26tblci%3DGiD6x_f6YEJcfZSyDZ%26chrome%3D1&rl=&if=false&ts=1638845348437&cd[partner_id]=354&cd[tagger_id]=68bac34bd88fa62e81174dd648da81f9&sw=1600&sh=1200&v=2.9.48&r=stable&ec=0&o=30&fbp=fb.1.1638845347470.1202371439&it=1638845347337&coo=false&dpo=&tm=1&exp=p0&rqm=GET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:08 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
expires
Tue, 07 Dec 2021 02:49:08 GMT
/
www.facebook.com/tr/ Frame 1021
0
15 B
Document
General
Full URL
https://www.facebook.com/tr/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
Origin
https://www.postfun.com
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/

Response headers

content-type
text/plain
access-control-allow-origin
https://www.postfun.com
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
content-length
0
server
proxygen-bolt
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
date
Tue, 07 Dec 2021 02:49:08 GMT
postback
s.update.hmstats.com/2/2.42.0/486951/APIaX9sIEPIZSXgQ/
0
145 B
XHR
General
Full URL
https://s.update.hmstats.com/2/2.42.0/486951/APIaX9sIEPIZSXgQ/postback?dm=1600x1200&dt=4869511559931891252000&ti=6c826cd7-c979-4ff8-b2a3-aed8e6d2cbbc&c1=14664189-tb&c2=tb&gt=DE&ui=1c9a7f65-b410-42e3-ada7-65b134ade33f&di=www.postfun.com&c3=msn-msn-home-tb&de=2&ci=486951&sid=APIaX9sIEPIZSXgQ&oz_sc=fb655d76fdab4c28476e9f62&oz_df=1638845348578&oz_l=3206&cv=3
Requested by
Host: s.update.hmstats.com
URL: https://s.update.hmstats.com/2/2.42.0/main.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.243.93.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-243-93-43.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 07 Dec 2021 02:49:08 GMT
Timing-Allow-Origin
*
Content-Length
0
Vary
Origin
/
www.facebook.com/tr/ Frame 81F6
0
15 B
Document
General
Full URL
https://www.facebook.com/tr/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
Origin
https://www.postfun.com
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/

Response headers

content-type
text/plain
access-control-allow-origin
https://www.postfun.com
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
content-length
0
server
proxygen-bolt
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
date
Tue, 07 Dec 2021 02:49:08 GMT
pd
eu-u.openx.net/w/1.0/ Frame 5C62
668 B
728 B
Document
General
Full URL
https://eu-u.openx.net/w/1.0/pd?plm=6&ph=f60de073-c819-4b11-822a-b93701a28c65&gdpr=0
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/BV/prebid.js?ver=1638818615
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.221.0 /
Resource Hash
9875b9cc0672adaee70f87b3aa98dc40deb2ac1684fb6ce721131858dbe3c482

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/

Response headers

vary
Accept, Accept-Encoding
server
OXGW/16.221.0
p3p
CP="CUR ADM OUR NOR STA NID"
date
Tue, 07 Dec 2021 02:49:10 GMT
content-type
text/html
content-length
417
content-encoding
gzip
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
bsync
visitor.omnitagjs.com/visitor/ Frame 5E85
Redirect Chain
  • https://sync.spotim.market/csync?redir=https://visitor.omnitagjs.com/visitor/bsync?uid={uid}&name=PrebidServer&gdpr_consent_string={gdpr_consent}&gdpr={gdpr}&us_privacy={us_privacy}
  • https://visitor.omnitagjs.com/visitor/bsync?uid=a2f4646f0e2874d3
0
158 B
Document
General
Full URL
https://visitor.omnitagjs.com/visitor/bsync?uid=a2f4646f0e2874d3
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/BV/prebid.js?ver=1638818615
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.255.84.153 Paris, France, ASN200271 (IGUANE-, FR),
Reverse DNS
Software
ayl-lb-fra02 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
expires
0
pragma
no-cache
vary
Accept-Encoding
x-content-type-options
nosniff
date
Tue, 07 Dec 2021 02:49:11 GMT
content-length
0
x-envoy-upstream-service-time
0
server
ayl-lb-fra02

Redirect headers

Server
VertaMedia 1.0
Date
Tue, 07 Dec 2021 02:49:11 GMT
Content-Length
0
Etag
a2f4646f0e2874d3
Location
https://visitor.omnitagjs.com/visitor/bsync?uid=a2f4646f0e2874d3
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame D65E
14 KB
5 KB
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/BV/prebid.js?ver=1638818615
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/

Response headers

last-modified
Tue, 15 Jun 2021 06:08:03 GMT
etag
"1300708-3945-5c4c7cc02bd56"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5054
content-type
text/html; charset=UTF-8
cache-control
max-age=88475
expires
Wed, 08 Dec 2021 03:23:45 GMT
date
Tue, 07 Dec 2021 02:49:10 GMT
vary
Accept-Encoding
sync
eb2.3lift.com/ Frame 3CF8
Redirect Chain
  • https://eb2.3lift.com/sync?
  • https://eb2.3lift.com/sync?&ld=1
1 KB
1 KB
Document
General
Full URL
https://eb2.3lift.com/sync?&ld=1
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/BV/prebid.js?ver=1638818615
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
723d96e56379246e99aede7ade615f114e9cf2a95c105df46af8935e650146c1

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/

Response headers

date
Tue, 07 Dec 2021 02:49:10 GMT
content-type
text/html; charset=utf-8
content-length
463
content-encoding
gzip
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control
no-cache, no-store, must-revalidate

Redirect headers

date
Tue, 07 Dec 2021 02:49:10 GMT
content-length
0
location
/sync?&ld=1
cache-control
no-cache, no-store, must-revalidate
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
csync
sync.spotim.market/ Frame 9297
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.spotim.market%2Fcsync%3Ft%3Da%26ep%3D323548%26extuid%3D%24UID
  • https://sync.spotim.market/csync?t=a&ep=323548&extuid=4946990725677477747
0
386 B
Document
General
Full URL
https://sync.spotim.market/csync?t=a&ep=323548&extuid=4946990725677477747
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/BV/prebid.js?ver=1638818615
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center ColoCALL, UA),
Reverse DNS
0-72.cc86365-03-tmp.cc.colocall.com
Software
VertaMedia 1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/

Response headers

Server
VertaMedia 1.0
Date
Tue, 07 Dec 2021 02:49:11 GMT
Content-Length
0
Etag
a2f4646f0e2874d3

Redirect headers

Server
nginx/1.17.9
Date
Tue, 07 Dec 2021 02:49:10 GMT
Content-Type
text/html; charset=utf-8
Content-Length
0
Connection
keep-alive
Cache-Control
no-store, no-cache, private
Pragma
no-cache
Expires
Sat, 15 Nov 2008 16:00:00 GMT
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection
0
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
*
Location
https://sync.spotim.market/csync?t=a&ep=323548&extuid=4946990725677477747
AN-X-Request-Uuid
91809824-7eb3-43f6-b6c8-7c1f1416177c
X-Proxy-Origin
193.27.14.24; 193.27.14.24; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
beacon
ap.lijit.com/ Frame 8E6D
0
0
Document
General
Full URL
https://ap.lijit.com/beacon?informer=13416134
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/BV/prebid.js?ver=1638818615
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.251.249.13 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
nginx / raptor
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/

Response headers

Server
nginx
Date
Tue, 07 Dec 2021 02:49:10 GMT
Expires
Fri, 20 Mar 2009 00:00:00 GMT
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma
no-cache
P3P
CP="CUR ADM OUR NOR STA NID"
X-Powered-By
raptor
X-Sovrn-Pod
ad_ap2ams1
136
match.deepintent.com/usersync/ Frame 2759
0
44 B
Document
General
Full URL
https://match.deepintent.com/usersync/136?id=unk&gdpr={gdpr}&gdpr_consent={gdpr_consent}&us_privacy={us_privacy}&redir=https%3A%2F%2Fsync.spotim.market%2Fcsync%3Ft%3Da%26ep%3D462323%26extuid%3D
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/BV/prebid.js?ver=1638818615
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
169.197.150.7 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
g.deepintent.com
Software
a /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/

Response headers

content-length
0
date
Tue, 07 Dec 2021 02:49:10 GMT
server
a
usermatchredir
ssum-sec.casalemedia.com/ Frame 86C5
43 B
315 B
Document
General
Full URL
https://ssum-sec.casalemedia.com/usermatchredir?s=%20190532&cb=https%3A%2F%2Fsync.spotim.market%2Fcsync%3Ft%3Da%26ep%3D323546%26extuid%3D
Requested by
Host: www.postfun.com
URL: https://www.postfun.com/wp-content/plugins/outrigger/scripts/vendor/BV/prebid.js?ver=1638818615
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.21.141.232 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-21-141-232.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/

Response headers

Server
Apache
Content-Type
image/gif
Vary
Is-Traffic-Usersync
Content-Length
43
Expires
Tue, 07 Dec 2021 02:49:10 GMT
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Date
Tue, 07 Dec 2021 02:49:10 GMT
Connection
keep-alive
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://p.rfihub.com/cm?pub=35683&in=1
  • https://sync.go.sonobi.com/us.gif?nw=zt&nuid=5134455419715221554
49 B
513 B
Image
General
Full URL
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=5134455419715221554
Protocol
HTTP/1.1
Server
178.162.133.149 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
ams-1-sync.go.sonobi.com
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 07 Dec 2021 02:49:10 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
xcp-ams-1-7-129
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
image/gif
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=5134455419715221554
Date
Tue, 07 Dec 2021 02:49:10 GMT
Server
Jetty(9.3.29.v20201019)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
csync
sync.spotim.market/
Redirect Chain
  • https://prebidtest.zemanta.com/usersync/prebidtest?gdpr={gdpr}&gdpr_consent={gdpr_consent}&us_privacy={us_privacy}&cb=https%3A%2F%2Fsync.spotim.market%2Fcsync%3Ft%3Da%26ep%3D509691%26extuid%3D%24%7...
  • https://sync.spotim.market/csync?t=a&ep=509691&extuid=${UID}&gdpr={gdpr}&gdpr_consent={gdpr_consent}&us_privacy={us_privacy}
0
373 B
Image
General
Full URL
https://sync.spotim.market/csync?t=a&ep=509691&extuid=${UID}&gdpr={gdpr}&gdpr_consent={gdpr_consent}&us_privacy={us_privacy}
Protocol
HTTP/1.1
Server
62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center ColoCALL, UA),
Reverse DNS
0-72.cc86365-03-tmp.cc.colocall.com
Software
VertaMedia 1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 07 Dec 2021 02:49:11 GMT
Server
VertaMedia 1.0
Etag
a2f4646f0e2874d3
Content-Length
0

Redirect headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:10 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
text/html; charset=utf-8
location
https://sync.spotim.market/csync?t=a&ep=509691&extuid=${UID}&gdpr={gdpr}&gdpr_consent={gdpr_consent}&us_privacy={us_privacy}
cache-control
no-cache, no-store, must-revalidate
cf-ray
6b9a706feb280e06-MXP
expires
Thu, 01 Dec 1994 16:00:00 GMT
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=sonobi&gdpr=0&gdpr_consent=
  • https://x.bidswitch.net/ul_cb/sync?ssp=sonobi&gdpr=0&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=sonobi&bsw_param=1f8476eb-12db-48e8-8a7b-70f627cd680e&google_hm=MWY4NDc2ZWItMTJkYi00OGU4LThhN2ItNzBmNjI3Y2Q2ODBl
  • https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEPtkqLPng8vOthjvz1K9BMo&google_cver=1&ssp=sonobi&bsw_param=1f8476eb-12db-48e8-8a7b-70f627cd680e
  • https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=1f8476eb-12db-48e8-8a7b-70f627cd680e
49 B
509 B
Image
General
Full URL
https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=1f8476eb-12db-48e8-8a7b-70f627cd680e
Protocol
HTTP/1.1
Server
178.162.133.149 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
ams-1-sync.go.sonobi.com
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 07 Dec 2021 02:49:10 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
xcp-ams-1-7-9
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
image/gif
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location
//sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=1f8476eb-12db-48e8-8a7b-70f627cd680e
Date
Tue, 07 Dec 2021 02:49:10 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID]
  • https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=20ed61ae-cba3-4900-bb52-7cc570c2c565
49 B
509 B
Image
General
Full URL
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=20ed61ae-cba3-4900-bb52-7cc570c2c565
Protocol
HTTP/1.1
Server
178.162.133.149 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
ams-1-sync.go.sonobi.com
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 07 Dec 2021 02:49:10 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
xcp-ams-1-7-9
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
image/gif
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date
Tue, 07 Dec 2021 02:49:10 GMT
Server
MT3 4103 f8fad19 master cdg-pixel-x13 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=20ed61ae-cba3-4900-bb52-7cc570c2c565
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Tue, 07 Dec 2021 02:49:09 GMT
usg.gif
sync.go.sonobi.com/
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=Mzg0MzljZmUtNzNjZC00Zjg5LTkwMWEtNDJmZDRiOWFiMTQx
  • https://sync.go.sonobi.com/usg.gif?google_gid=CAESEKXTHna6n5ZGaNHJf2bSNXU&google_cver=1
49 B
509 B
Image
General
Full URL
https://sync.go.sonobi.com/usg.gif?google_gid=CAESEKXTHna6n5ZGaNHJf2bSNXU&google_cver=1
Protocol
HTTP/1.1
Server
178.162.133.149 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
ams-1-sync.go.sonobi.com
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 07 Dec 2021 02:49:10 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
xcp-ams-1-7-9
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
image/gif
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:10 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://sync.go.sonobi.com/usg.gif?google_gid=CAESEKXTHna6n5ZGaNHJf2bSNXU&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
288
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
csync
sync.spotim.market/
Redirect Chain
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.spotim.market%2Fcsync%3Ft%3Da%26ep%3D323551%26extuid%3D%24UID
  • https://sync.spotim.market/csync?t=a&ep=323551&extuid=4d4d8792758de91c53e79d87
0
391 B
Image
General
Full URL
https://sync.spotim.market/csync?t=a&ep=323551&extuid=4d4d8792758de91c53e79d87
Protocol
HTTP/1.1
Server
62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center ColoCALL, UA),
Reverse DNS
0-72.cc86365-03-tmp.cc.colocall.com
Software
VertaMedia 1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 07 Dec 2021 02:49:11 GMT
Server
VertaMedia 1.0
Etag
a2f4646f0e2874d3
Content-Length
0

Redirect headers

Date
Tue, 07 Dec 2021 02:49:10 GMT
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Location
https://sync.spotim.market/csync?t=a&ep=323551&extuid=4d4d8792758de91c53e79d87
Access-Control-Allow-Credentials
true
Connection
close
X-Sovrn-Pod
ad_ap2ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
rtset
bh.contextweb.com/bh/
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=38439cfe-73cd-4f89-901a-42fd4b9ab141&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25
  • https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=N3NaNUJZblRpdlo3bFpPMElDSmw4UQ&gdpr=&gdpr_consent=
  • https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEFwaXDwenFOJUNshwEyo-Ws&google_cver=1
49 B
332 B
Image
General
Full URL
https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEFwaXDwenFOJUNshwEyo-Ws&google_cver=1
Protocol
H2
Server
198.148.27.139 New York, United States, ASN19189 (PULSEPOINT, US),
Reverse DNS
Software
Jetty(9.4.14.v20181114) /
Resource Hash
d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15768000
server
Jetty(9.4.14.v20181114)
content-language
de-DE
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control
private, max-age=0, no-cache, no-store
content-type
image/gif;charset=iso-8859-1
cw-server
bh-deployment-5f8c54984-xzh7z
expires
-1

Redirect headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:10 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEFwaXDwenFOJUNshwEyo-Ws&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
334
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
csync
sync.adtelligent.com/
Redirect Chain
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=117&redir=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D309017%26extuid%3D%7BuserId%7D
  • https://sync.adtelligent.com/csync?t=a&ep=309017&extuid=no-consent
0
381 B
Image
General
Full URL
https://sync.adtelligent.com/csync?t=a&ep=309017&extuid=no-consent
Protocol
HTTP/1.1
Server
62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center ColoCALL, UA),
Reverse DNS
0-72.cc86365-03-tmp.cc.colocall.com
Software
VertaMedia 1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 07 Dec 2021 02:49:11 GMT
Server
VertaMedia 1.0
Etag
a2f4646f0e2874d3
Content-Length
0

Redirect headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:09 GMT
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location
https://sync.adtelligent.com/csync?t=a&ep=309017&extuid=no-consent
cache-control
max-age=0,no-cache,no-store
content-length
0
expires
Tue, 11 Oct 1977 12:34:56 GMT
prebid
rtb.openx.net/sync/
43 B
351 B
Image
General
Full URL
https://rtb.openx.net/sync/prebid?gdpr={gdpr}&gdpr_consent={gdpr_consent}&r=https%3A%2F%2Fsync.spotim.market%2Fcsync%3Ft%3Da%26ep%3D482928%26extuid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
211.253.186.35.bc.googleusercontent.com
Software
Cowboy /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:10 GMT
via
1.1 google
server
Cowboy
vary
Origin
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
null
access-control-expose-headers
cache-control
private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials
true
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
x-request-id
ucv942b2ptr99ufemo676p4r838rqqdi
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=15a74ec6ff&gdpr=0&gdpr_consent=
  • https://sync.go.sonobi.com/us.gif?nw=td&nuid=85f4d67c-3ab3-450c-b420-539570656946&pubid=15a74ec6ff
49 B
509 B
Image
General
Full URL
https://sync.go.sonobi.com/us.gif?nw=td&nuid=85f4d67c-3ab3-450c-b420-539570656946&pubid=15a74ec6ff
Protocol
HTTP/1.1
Server
178.162.133.149 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
ams-1-sync.go.sonobi.com
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.postfun.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 07 Dec 2021 02:49:10 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
xcp-ams-1-7-9
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
image/gif
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:10 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://sync.go.sonobi.com/us.gif?nw=td&nuid=85f4d67c-3ab3-450c-b420-539570656946&pubid=15a74ec6ff
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
227
sd
eu-u.openx.net/w/1.0/ Frame 5C62
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
  • https://eu-u.openx.net/w/1.0/sd?id=536872786&val=20ed61ae-cba3-4900-bb52-7cc570c2c565
43 B
61 B
Image
General
Full URL
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=20ed61ae-cba3-4900-bb52-7cc570c2c565
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=f60de073-c819-4b11-822a-b93701a28c65&gdpr=0
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.221.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:10 GMT
via
1.1 google
server
OXGW/16.221.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date
Tue, 07 Dec 2021 02:49:10 GMT
Server
MT3 4103 f8fad19 master cdg-pixel-x28 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=20ed61ae-cba3-4900-bb52-7cc570c2c565
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Tue, 07 Dec 2021 02:49:09 GMT
sd
us-u.openx.net/w/1.0/ Frame 5C62
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=OCIscG1xLCMjJikgOnVgdmsjdHQjI3gtPSM_r3Bd
43 B
106 B
Image
General
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=OCIscG1xLCMjJikgOnVgdmsjdHQjI3gtPSM_r3Bd
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=f60de073-c819-4b11-822a-b93701a28c65&gdpr=0
Protocol
H2
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.221.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:10 GMT
via
1.1 google
server
OXGW/16.221.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:10 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=OCIscG1xLCMjJikgOnVgdmsjdHQjI3gtPSM_r3Bd
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
sd
eu-u.openx.net/w/1.0/ Frame 5C62
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=22
  • https://c1.adform.net/serving/cookie/match?CC=1&party=22
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=8231746660794167020
43 B
61 B
Image
General
Full URL
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=8231746660794167020
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=f60de073-c819-4b11-822a-b93701a28c65&gdpr=0
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.221.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:10 GMT
via
1.1 google
server
OXGW/16.221.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:10 GMT
server
nginx
location
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=8231746660794167020
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
openx
match.adsrvr.org/track/cmf/ Frame 5C62
70 B
264 B
Image
General
Full URL
https://match.adsrvr.org/track/cmf/openx?oxid=6741e24d-25a5-70c3-d285-6ba5f83b80f1&gdpr=0
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=f60de073-c819-4b11-822a-b93701a28c65&gdpr=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:10 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pixel
cm.g.doubleclick.net/ Frame 5C62
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NGIyZTMxODctZWNkMi0yZTY3LWM3NjUtMzExYzMyZDk0ZTkx
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=f60de073-c819-4b11-822a-b93701a28c65&gdpr=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:10 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame 5C62
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPYl2A3JtYRHrzUxYVlZX7I&google_cver=1
43 B
114 B
Image
General
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPYl2A3JtYRHrzUxYVlZX7I&google_cver=1
Requested by
Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=f60de073-c819-4b11-822a-b93701a28c65&gdpr=0
Protocol
H2
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.221.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eu-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:10 GMT
via
1.1 google
server
OXGW/16.221.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:10 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEPYl2A3JtYRHrzUxYVlZX7I&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
PugMaster
image6.pubmatic.com/AdServer/ Frame D65E
5 KB
6 KB
Script
General
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=97277277&p=156813&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.47.127.19 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
/
Resource Hash
4969fd737773f4ea35432a238a098a4145206b26aea3480033da952ee3eab80b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:09 GMT
content-type
text/html; charset=UTF-8
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
generic
match.adsrvr.org/track/cmf/ Frame 3CF8
70 B
264 B
Image
General
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:10 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
xuid
eb2.3lift.com/ Frame 3CF8
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=1&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=5989&xuid=CAESELrjo6oLE41z6WtsE1UjNOg&dongle=c627&gdpr=1&gdpr_consent=&google_cver=1
37 B
352 B
Image
General
Full URL
https://eb2.3lift.com/xuid?mid=5989&xuid=CAESELrjo6oLE41z6WtsE1UjNOg&dongle=c627&gdpr=1&gdpr_consent=&google_cver=1
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H2
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:10 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:10 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://eb2.3lift.com/xuid?mid=5989&xuid=CAESELrjo6oLE41z6WtsE1UjNOg&dongle=c627&gdpr=1&gdpr_consent=&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
332
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 3CF8
Redirect Chain
  • https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=1&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTA1NTU4OTU2MTk0MjU5MDk3MjI%3D
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTA1NTU4OTU2MTk0MjU5MDk3MjI%3D
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H3
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:10 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MTA1NTU4OTU2MTk0MjU5MDk3MjI%3D
date
Tue, 07 Dec 2021 02:49:10 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
setuid
px.ads.linkedin.com/ Frame 3CF8
0
812 B
Image
General
Full URL
https://px.ads.linkedin.com/setuid?partner=tripleliftdbredirect&tlUid=10555895619425909722&dbredirect=true&gdpr=1&consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:119:50e7:101::9002:e05 San Francisco, United States, ASN14413 (LINKEDIN, US),
Reverse DNS
Software
Play /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:10 GMT
nel
{"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
server
Play
linkedin-action
1
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric
prod-lor1
x-li-proto
http/2
x-li-pop
prod-lor1
content-length
0
x-li-uuid
JFAe4SlZvhZwMAsb5ioAAA==
xuid
eb2.3lift.com/ Frame 3CF8
Redirect Chain
  • https://pr-bh.ybp.yahoo.com/sync/triplelift/10555895619425909722?gdpr=1&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=2662&xuid=y-5PiWpWZE2oQrC_M_mMu0m2Cn6KzPlU4pphFr2idSOg--~A&dongle=0883
37 B
352 B
Image
General
Full URL
https://eb2.3lift.com/xuid?mid=2662&xuid=y-5PiWpWZE2oQrC_M_mMu0m2Cn6KzPlU4pphFr2idSOg--~A&dongle=0883
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H2
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:10 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

date
Tue, 07 Dec 2021 02:49:10 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://eb2.3lift.com/xuid?mid=2662&xuid=y-5PiWpWZE2oQrC_M_mMu0m2Cn6KzPlU4pphFr2idSOg--~A&dongle=0883
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
sync
x.bidswitch.net/ Frame 3CF8
43 B
220 B
Image
General
Full URL
https://x.bidswitch.net/sync?ssp=triplelift&user_id=10555895619425909722&gdpr=1&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.194.4.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-194-4-47.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 07 Dec 2021 02:49:10 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
c.gif
c.bing.com/ Frame 3CF8
42 B
594 B
Image
General
Full URL
https://c.bing.com/c.gif?xid=10555895619425909722&Red3=TLMS_pd
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:09 GMT
etag
"f95a3e4769d2d71:0"
last-modified
Fri, 05 Nov 2021 17:19:23 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 9D8EB03C7A9645ECAA4CF393D320BED7 Ref B: FRAEDGE1209 Ref C: 2021-12-07T02:49:10Z
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-type
image/gif
content-length
42
iu3
s.amazon-adsystem.com/ Frame 3CF8
Redirect Chain
  • https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=10555895619425909722
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=10555895619425909722&dcc=t
0
0
Image
General
Full URL
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=10555895619425909722&dcc=t
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
HTTP/1.1
Server
52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Redirect headers

Pragma
no-cache
Date
Tue, 07 Dec 2021 02:49:10 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
KNYNKFHS6K4YCCD5HQVC
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=10555895619425909722&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
xuid
eb2.3lift.com/ Frame 3CF8
Redirect Chain
  • https://b1sync.zemanta.com/usersync/triplelift?gdpr=1&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
37 B
139 B
Image
General
Full URL
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H2
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:10 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif

Redirect headers

Location
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Pragma
no-cache
Date
Tue, 07 Dec 2021 02:49:10 GMT
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Content-Length
95
Content-Type
text/html; charset=utf-8
xuid
eb2.3lift.com/ Frame 3CF8
Redirect Chain
  • https://ad.turn.com/r/cs?pid=49&gdpr=1&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=4771&xuid=7541914379559443183&dongle=d407
37 B
352 B
Image
General
Full URL
https://eb2.3lift.com/xuid?mid=4771&xuid=7541914379559443183&dongle=d407
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol
H2
Server
76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:10 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location
https://eb2.3lift.com/xuid?mid=4771&xuid=7541914379559443183&dongle=d407
pragma
no-cache
date
Tue, 07 Dec 2021 02:49:10 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
match
c1.adform.net/serving/cookie/ Frame 63B9
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=14&cid=26CFC5F6-FC26-45F5-81AD-CC3EBF7B08FE
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=26CFC5F6-FC26-45F5-81AD-CC3EBF7B08FE
35 B
468 B
Document
General
Full URL
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=26CFC5F6-FC26-45F5-81AD-CC3EBF7B08FE
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.29 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Tue, 07 Dec 2021 02:49:10 GMT
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate, no-transform
pragma
no-cache
expires
-1
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
strict-transport-security
max-age=31536000; includeSubDomains

Redirect headers

server
nginx
date
Tue, 07 Dec 2021 02:49:10 GMT
content-length
0
location
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=26CFC5F6-FC26-45F5-81AD-CC3EBF7B08FE
cache-control
no-cache, no-store, must-revalidate, no-transform
pragma
no-cache
expires
-1
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
strict-transport-security
max-age=31536000; includeSubDomains
Pug
image2.pubmatic.com/AdServer/ Frame 5559
Redirect Chain
  • https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
  • https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=4815254603872434894
42 B
210 B
Document
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=4815254603872434894
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Tue, 07 Dec 2021 02:49:10 GMT
content-type
image/gif; charset=utf-8
content-length
42
x-lat
lhrpug011:0:438
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=4815254603872434894
content-length
0
p3p
CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV
usersync.aspx
dis.criteo.com/dis/ Frame D3E9
43 B
334 B
Document
General
Full URL
https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.151 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

date
Tue, 07 Dec 2021 02:49:09 GMT
content-type
image/gif
server
Kestrel
cache-control
no-cache
pragma
no-cache
expires
Tue, 07 Dec 2021 00:00:00 GMT
x-errorlevel
0
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
277510
Pug
simage2.pubmatic.com/AdServer/ Frame 0331
Redirect Chain
  • https://dsp.adfarm1.adition.com/cookie/?ssp=9
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7038787181459601555
42 B
211 B
Document
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7038787181459601555
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Tue, 07 Dec 2021 02:49:10 GMT
content-type
image/gif; charset=utf-8
content-length
42
x-lat
lhrpug009:0:428
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

Server
nginx
Date
Tue, 07 Dec 2021 02:49:10 GMT
Transfer-Encoding
chunked
Connection
keep-alive
p3p
policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7038787181459601555
Pug
simage2.pubmatic.com/AdServer/ Frame E209
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%...
  • https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Ya7LpgAKBVP5vgAz&gdpr=0&gdpr_consent=&_test=Ya7LpgAKBVP5vgAz
1 B
236 B
Document
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Ya7LpgAKBVP5vgAz&gdpr=0&gdpr_consent=&_test=Ya7LpgAKBVP5vgAz
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Tue, 07 Dec 2021 02:49:10 GMT
content-type
text/html; charset=utf-8
content-length
1
x-lat
lhrpug004:0:477
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

server
Varnish
retry-after
0
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Ya7LpgAKBVP5vgAz&gdpr=0&gdpr_consent=&_test=Ya7LpgAKBVP5vgAz
accept-ranges
bytes
date
Tue, 07 Dec 2021 02:49:10 GMT
via
1.1 varnish
x-served-by
cache-hhn4059-HHN
x-cache
HIT
x-cache-hits
0
x-timer
S1638845351.629319,VS0,VE0
cache-control
no-cache
pragma
no-cache
content-length
0
redir
rtb-csync.smartadserver.com/ Frame 777B
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1
  • https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFyVmdVN0RYWmNBQUgyc2pIc0RGUQ&bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sy...
  • https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
  • https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AArVgU7DXZcAAH2sjHsDFQ&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Cpm%26bee_sync_curre...
43 B
163 B
Document
General
Full URL
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AArVgU7DXZcAAH2sjHsDFQ&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Cpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2%26userid%3DSMART_USER_ID
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.114 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

date
Tue, 07 Dec 2021 02:49:10 GMT
content-type
image/gif
transfer-encoding
chunked

Redirect headers

Date
Tue, 07 Dec 2021 02:49:10 GMT
location
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AArVgU7DXZcAAH2sjHsDFQ&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Cpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2%26userid%3DSMART_USER_ID
Server
nginx
strict-transport-security
max-age=2592000; includeSubDomains
Content-Length
0
Connection
keep-alive
Pug
simage2.pubmatic.com/AdServer/ Frame 8CD9
Redirect Chain
  • https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=8231100746
  • https://sync.1rx.io/usersync/tradedesk/85f4d67c-3ab3-450c-b420-539570656946
  • https://sync.targeting.unrulymedia.com/csync/RX-043d6d66-9e7a-4f06-b461-e21e0c63d7bb-003?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-043d6d66-9e7a-4f06-b461-e21e0c63d7bb-003
42 B
228 B
Document
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-043d6d66-9e7a-4f06-b461-e21e0c63d7bb-003
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Tue, 07 Dec 2021 02:49:10 GMT
content-type
image/gif; charset=utf-8
content-length
42
x-lat
lhrpug006:0:452
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

server
Tengine
date
Tue, 07 Dec 2021 02:49:10 GMT
content-type
text/html
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-043d6d66-9e7a-4f06-b461-e21e0c63d7bb-003
etag
RX043d6d669e7a4f06b461e21e0c63d7bb003
Pug
simage2.pubmatic.com/AdServer/ Frame B9DB
Redirect Chain
  • https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={device_id}&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
0
88 B
Document
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Tue, 07 Dec 2021 02:49:10 GMT
content-type
text/html; charset=utf-8
x-lat
lhrpug008:2:271
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private
content-encoding
gzip

Redirect headers

location
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
content-length
0
date
Tue, 07 Dec 2021 02:49:10 GMT
server
_
Pug
simage2.pubmatic.com/AdServer/ Frame DF56
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=11
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=X21iblsnQN18-TWJYWmbZcEbDhg
42 B
219 B
Document
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=X21iblsnQN18-TWJYWmbZcEbDhg
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Tue, 07 Dec 2021 02:49:10 GMT
content-type
image/gif; charset=utf-8
content-length
42
x-lat
lhrpug017:0:399
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

Content-Type
text/html; charset=utf-8
Date
Tue, 07 Dec 2021 02:49:10 GMT
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=X21iblsnQN18-TWJYWmbZcEbDhg
Content-Length
159
Connection
keep-alive
Pug
image2.pubmatic.com/AdServer/ Frame E278
Redirect Chain
  • https://green.erne.co/pubmatic/cm?
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=3NHaNOmpjkOoVSql0xQMX8Jp
42 B
217 B
Document
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=3NHaNOmpjkOoVSql0xQMX8Jp
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Tue, 07 Dec 2021 02:49:10 GMT
content-type
image/gif; charset=utf-8
content-length
42
x-lat
lhrpug018:0:376
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

server
openresty
date
Tue, 07 Dec 2021 02:49:10 GMT
content-length
0
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=3NHaNOmpjkOoVSql0xQMX8Jp
strict-transport-security
max-age=0; includeSubDomains;
bridge
cm.adgrx.com/ Frame E2F9
43 B
408 B
Document
General
Full URL
https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
72.251.241.196 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
Cowboy /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

Date
Tue, 07 Dec 2021 02:49:10 GMT
Content-Type
image/gif
Content-Length
43
Connection
keep-alive
server
Cowboy
X-RealServer-NX
ams-delivery-5
Cache-Control
no-cache, no-store, must-revalidate, proxy-revalidate
Pragma
no-cache
Expires
Thu, 23 Sep 2004 17:42:04 GMT
P3P
CP="NOI OTC OTP OUR NOR"
Access-Control-Allow-Origin
*
dpe
ad4m.at/ad/ Frame DAEB
15 B
915 B
Document
General
Full URL
https://ad4m.at/ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c6420ab9ec6ebff1cd61333dade6ba9ac879d3617a59334148672dee6af12fec
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

date
Tue, 07 Dec 2021 02:49:10 GMT
content-type
text/plain; charset=utf-8
content-length
15
report-to
{"endpoints":[{"url":"https://as.ad4m.at/ad/vre"}],"group":"report-endpoint","max_age":86400}
nel
{"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0"}
expires
0
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy
block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox
feature-policy
geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
referrer-policy
same-origin
pragma
no-cache
surrogate-control
no-store
via
1.1 google
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6b9a7070fbb0f933-MXP
cookiesync
core.iprom.net/ Frame C1E2
43 B
279 B
Document
General
Full URL
https://core.iprom.net/cookiesync
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.5.165.20 , Slovenia, ASN44968 (IPROM-AS, SI),
Reverse DNS
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

Vary
Accept-Encoding
X-adserver-worker
erebus-f830fa26bb47@version_1.362v2
Connection
close
X-server-arch
v2
Content-Type
image/gif
Content-Length
43
X-core-time
0ms
Date
Tue, 07 Dec 2021 02:49:10 GMT
rtb-h
match.taboola.com/sg/pubmatic-ssp-network/1/ Frame 16AA
Redirect Chain
  • https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID
  • https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=23284b73-ea0c-4930-986b-5e58c1bc909b-tuct8a85126&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdSe...
0
53 B
Document
General
Full URL
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=23284b73-ea0c-4930-986b-5e58c1bc909b-tuct8a85126&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
accept-ranges
bytes
date
Tue, 07 Dec 2021 02:49:10 GMT
via
1.1 varnish
x-served-by
cache-hhn4077-HHN
x-cache
MISS
x-cache-hits
0
x-timer
S1638845351.523923,VS0,VE8
content-length
0

Redirect headers

server
nginx
location
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=23284b73-ea0c-4930-986b-5e58c1bc909b-tuct8a85126&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
accept-ranges
bytes
date
Tue, 07 Dec 2021 02:49:10 GMT
via
1.1 varnish
x-served-by
cache-hhn4077-HHN
x-cache
MISS
x-cache-hits
0
x-timer
S1638845351.505749,VS0,VE9
x-vcl-time-ms
9
content-length
0
csync
sync.adtelligent.com/ Frame D92A
0
407 B
Document
General
Full URL
https://sync.adtelligent.com/csync?t=a&ep=281178&extuid=26CFC5F6-FC26-45F5-81AD-CC3EBF7B08FE
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center ColoCALL, UA),
Reverse DNS
0-72.cc86365-03-tmp.cc.colocall.com
Software
VertaMedia 1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

Server
VertaMedia 1.0
Date
Tue, 07 Dec 2021 02:49:11 GMT
Content-Length
0
Etag
1a93dbbefc8b22f1
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame D65E
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=Js_F9vwmRfWBrcw-v3sI_g%3D%3D
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
14 KB
14 KB
Image
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol
H2
Server
2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:10 GMT
content-encoding
gzip
last-modified
Tue, 15 Jun 2021 06:08:03 GMT
server
Apache/2.2.15 (CentOS)
etag
"1300708-3945-5c4c7cc02bd56"
vary
Accept-Encoding
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
max-age=88475
accept-ranges
bytes
content-type
text/html; charset=UTF-8
content-length
5054
expires
Wed, 08 Dec 2021 03:23:45 GMT

Redirect headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:10 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
272
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
SPug
image4.pubmatic.com/AdServer/ Frame D65E
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=20ed61ae-cba3-4900-bb52-7cc570c2c565
0
260 B
Image
General
Full URL
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=20ed61ae-cba3-4900-bb52-7cc570c2c565
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol
H2
Server
198.47.127.20 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:10 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date
Tue, 07 Dec 2021 02:49:10 GMT
Server
MT3 4103 f8fad19 master cdg-pixel-x28 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=20ed61ae-cba3-4900-bb52-7cc570c2c565
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Tue, 07 Dec 2021 02:49:09 GMT
mw
mwzeom.zeotap.com/ Frame D65E
Redirect Chain
  • https://pixel.onaudience.com/?partner=214&mapped=26CFC5F6-FC26-45F5-81AD-CC3EBF7B08FE
  • https://sync.crwdcntrl.net/map/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D
  • https://sync.crwdcntrl.net/map/ct=y/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D
  • https://pixel.onaudience.com/?partner=104&icm&cver&mapped=2d801dbde08aa8e01942fe6cba78b9b0
  • https://spl.zeotap.com/?zdid=1332&zcluid=efa6c9c55b2df06f
  • https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=ac88f6f5-2ef1-4089-5ba3-99f87c92b4f8&reqId=a8e4d257-4f93-44e8-6bb7-0f3a240e135f&zclui...
  • https://mwzeom.zeotap.com/mw?google_gid=CAESEMYD8fQSJP4EDvnOYwOiJWQ&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=ac88f6f5-2ef1-4089-5ba3-99f87c92b4f8&reqId=a8e4d257-4f93-44e8-6bb7-0f3...
95 B
164 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?google_gid=CAESEMYD8fQSJP4EDvnOYwOiJWQ&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=ac88f6f5-2ef1-4089-5ba3-99f87c92b4f8&reqId=a8e4d257-4f93-44e8-6bb7-0f3a240e135f&zcluid=efa6c9c55b2df06f&zdid=1332
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol
H2
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:10 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://ads.pubmatic.com
access-control-allow-credentials
true
cf-ray
6b9a7072c8add600-MXP
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:10 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://mwzeom.zeotap.com/mw?google_gid=CAESEMYD8fQSJP4EDvnOYwOiJWQ&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=ac88f6f5-2ef1-4089-5ba3-99f87c92b4f8&reqId=a8e4d257-4f93-44e8-6bb7-0f3a240e135f&zcluid=efa6c9c55b2df06f&zdid=1332
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
469
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame D65E
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=MjZDRkM1RjYtRkMyNi00NUY1LTgxQUQtQ0MzRUJGN0IwOEZF&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
42 B
110 B
Image
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol
H2
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:10 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug016:0:329
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:10 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame D65E
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESED7VVhxhvUk-mIY1Hcmpvyw&google_cver=1
42 B
283 B
Image
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESED7VVhxhvUk-mIY1Hcmpvyw&google_cver=1
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol
H2
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:10 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug010:0:442
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:10 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESED7VVhxhvUk-mIY1Hcmpvyw&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
379
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubmatic
um.simpli.fi/ Frame D65E
43 B
618 B
Image
General
Full URL
https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
169.50.137.182 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
b6.89.32a9.ip4.static.sl-reverse.com
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:10 GMT
x-content-type-options
nosniff
last-modified
Mon, 28 Sep 1970 06:00:00 GMT
server
nginx
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
43
expires
Mon, 06 Dec 2021 02:49:10 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame D65E
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:20ed61ae-cba3-4900-bb52-7cc570c2c565&gdpr=0&gdpr_consent=
42 B
337 B
Image
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:20ed61ae-cba3-4900-bb52-7cc570c2c565&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol
H2
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:10 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug020:0:351
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date
Tue, 07 Dec 2021 02:49:10 GMT
Server
MT3 4103 f8fad19 master cdg-pixel-x31 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:20ed61ae-cba3-4900-bb52-7cc570c2c565&gdpr=0&gdpr_consent=
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Tue, 07 Dec 2021 02:49:09 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame D65E
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=85f4d67c-3ab3-450c-b420-539570656946
42 B
295 B
Image
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=85f4d67c-3ab3-450c-b420-539570656946
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol
H2
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:10 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug013:0:416
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:10 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=85f4d67c-3ab3-450c-b420-539570656946
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
313
Pug
simage2.pubmatic.com/AdServer/ Frame D65E
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=3820115528378156269
42 B
234 B
Image
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=3820115528378156269
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol
H2
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:10 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug007:0:475
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:10 GMT
server
nginx
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=3820115528378156269
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
Pug
image2.pubmatic.com/AdServer/ Frame D65E
Redirect Chain
  • https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=4946990725677477747&gdpr=0&gdpr_consent=
42 B
210 B
Image
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=4946990725677477747&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol
H2
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:10 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug022:0:427
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma
no-cache
Date
Tue, 07 Dec 2021 02:49:10 GMT
X-Proxy-Origin
193.27.14.24; 193.27.14.24; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
5e7e34b0-ee06-4ba3-bf49-3a7056e90462
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=4946990725677477747&gdpr=0&gdpr_consent=
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame D65E
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=7v4M-butDKr1-gmp7KlA_73_VP31_1ik6__u4-Tm
42 B
486 B
Image
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=7v4M-butDKr1-gmp7KlA_73_VP31_1ik6__u4-Tm
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol
H2
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:10 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug015:0:389
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:10 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=7v4M-butDKr1-gmp7KlA_73_VP31_1ik6__u4-Tm
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
SPug
image4.pubmatic.com/AdServer/ Frame D65E
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=26CFC5F6-FC26-45F5-81AD-CC3EBF7B08FE&redir=true&gdpr=0&gdpr_consent=
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=26CFC5F6-FC26-45F5-81AD-CC3EBF7B08FE&redir=true&gdpr=0&gdpr_consent=&verify=true
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-5NIitN5E2uXj3DYhtlQ1hzSzOHUTZNU-~A&gdpr=0&gdpr_consent=
0
128 B
Image
General
Full URL
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-5NIitN5E2uXj3DYhtlQ1hzSzOHUTZNU-~A&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol
H2
Server
198.47.127.20 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:09 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-5NIitN5E2uXj3DYhtlQ1hzSzOHUTZNU-~A&gdpr=0&gdpr_consent=
date
Tue, 07 Dec 2021 02:49:10 GMT
server
ATS/9.1.0.33
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
26CFC5F6-FC26-45F5-81AD-CC3EBF7B08FE
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame D65E
43 B
868 B
Image
General
Full URL
https://pr-bh.ybp.yahoo.com/sync/pubmatic/26CFC5F6-FC26-45F5-81AD-CC3EBF7B08FE?gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:d29:3605:60e0:c53a:cd30:7167 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:10 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
sync
odr.mookie1.com/t/v2/ Frame D65E
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
  • https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=1f8476eb-12db-48e8-8a7b-70f627cd680e&ssp=pubmatic&gdpr=0&gdpr_consent=
43 B
324 B
Image
General
Full URL
https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=1f8476eb-12db-48e8-8a7b-70f627cd680e&ssp=pubmatic&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol
H2
Server
34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
61.67.98.34.bc.googleusercontent.com
Software
Apache /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:10 GMT
via
1.1 google
server
Apache
p3p
CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif;charset=UTF-8
alt-svc
clear
content-length
43
x-application-context
application
expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
//odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=1f8476eb-12db-48e8-8a7b-70f627cd680e&ssp=pubmatic&gdpr=0&gdpr_consent=
Date
Tue, 07 Dec 2021 02:49:10 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
Pug
simage2.pubmatic.com/AdServer/ Frame D65E
Redirect Chain
  • https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=7974259943787010799&gdpr=0&gdpr_consent=&us_privacy=
1 B
186 B
Image
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=7974259943787010799&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol
H2
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:10 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug019:0:508
server
nginx
content-type
text/html; charset=utf-8
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=7974259943787010799&gdpr=0&gdpr_consent=&us_privacy=
pragma
no-cache
date
Tue, 07 Dec 2021 02:49:10 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
current
pubmatic-match.dotomi.com/match/bounce/ Frame D65E
0
104 B
Image
General
Full URL
https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=26CFC5F6-FC26-45F5-81AD-CC3EBF7B08FE&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:20::2040 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:10 GMT
cache-control
no-cache, private, max-age=0, no-store
server
nginx
expires
0
Pug
image2.pubmatic.com/AdServer/ Frame D65E
Redirect Chain
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=no-consent&gdpr=1&gdpr_consent=
42 B
203 B
Image
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=no-consent&gdpr=1&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol
H2
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:10 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug021:0:310
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:09 GMT
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=no-consent&gdpr=1&gdpr_consent=
cache-control
max-age=0,no-cache,no-store
content-length
0
expires
Tue, 11 Oct 1977 12:34:56 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame D65E
Redirect Chain
  • https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:ef653911-274c-4af5-8b07-b5b8dfca5dde&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
42 B
110 B
Image
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:ef653911-274c-4af5-8b07-b5b8dfca5dde&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol
H2
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:10 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug012:0:329
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:ef653911-274c-4af5-8b07-b5b8dfca5dde&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Date
Tue, 07 Dec 2021 02:49:10 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=3000
Content-Length
0
P3P
policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"
Pug
simage2.pubmatic.com/AdServer/ Frame D65E
Redirect Chain
  • https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
  • https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=4946990725677477747
42 B
111 B
Image
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=4946990725677477747
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol
H2
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:49:10 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug017:0:368
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma
no-cache
Date
Tue, 07 Dec 2021 02:49:10 GMT
X-Proxy-Origin
193.27.14.24; 193.27.14.24; 729.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
f2e9f43b-cc54-4847-9eee-56c38ea172d6
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=4946990725677477747
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
d1ba4609
rtb.gumgum.com/getuid/ Frame D65E
35 B
238 B
Image
General
Full URL
https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.194.104.251 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-104-251.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 07 Dec 2021 02:49:10 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0
SPug
simage4.pubmatic.com/AdServer/ Frame D65E
0
260 B
Script
General
Full URL
https://simage4.pubmatic.com/AdServer/SPug?partnerID=156813&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156813&userIdMacro=PM_UID&predirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D281178%26extuid%3DPM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.81 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 02:35:26 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
postback
s.update.hmstats.com/2/2.42.0/486951/APIaX9sIEPIZSXgQ/
0
145 B
XHR
General
Full URL
https://s.update.hmstats.com/2/2.42.0/486951/APIaX9sIEPIZSXgQ/postback?dm=1600x1200&dt=4869511559931891252000&ti=6c826cd7-c979-4ff8-b2a3-aed8e6d2cbbc&c1=14664189-tb&c2=tb&gt=DE&ui=1c9a7f65-b410-42e3-ada7-65b134ade33f&di=www.postfun.com&c3=msn-msn-home-tb&de=2&ci=486951&sid=APIaX9sIEPIZSXgQ&oz_sc=fb655d76fdab4c28476e9f62&oz_df=1638845352883&oz_l=106&cv=3
Requested by
Host: s.update.hmstats.com
URL: https://s.update.hmstats.com/2/2.42.0/main.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.243.93.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-243-93-43.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.postfun.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 07 Dec 2021 02:49:12 GMT
Timing-Allow-Origin
*
Content-Length
0
Vary
Origin

Verdicts & Comments Add Verdict or Comment

83 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler object| _WF number| _swclk_ number| _swsts_ object| PushlySDK undefined| taboolaID function| extractId number| timeoouttgid object| _taboola string| actCode string| apiKey string| partnerName object| googletag object| ggeac object| google_js_reporting_queue object| infinite_info object| wp function| hm_scroll function| hm_scrollTo function| hm_scrollBy undefined| hm_scrollByLines undefined| hm_scrollByPages function| scrollByLines function| scrollByPages function| __tcfapi function| __uspapi object| midWidthBlacklist object| pbjs function| trySendSessionMessage string| GoogleAnalyticsObject function| ga function| pbjsChunk object| _pbjsGlobals object| mnet undefined| google_measure_js_timing object| apstag function| udm_ object| _comscore object| COMSCORE function| quantserve function| __qc object| _qevents object| ezt object| _qoptions function| qtrack object| google_tag_data object| gaplugins object| gaGlobal object| gaData boolean| apstagLOADED object| regeneratorRuntime function| __tcfapiui object| dotq function| fbq function| _fbq object| FB boolean| ozoki_sv object| $$$ string| saved_tc string| saved_sc string| ________ok object| auvars function| miCallback object| au function| docReady object| autag

132 Cookies

Domain/Path Name / Value
.3lift.com/sync Name: sync
Value: CgoIgQIQgoSultkvCgoI4gEQgoSultkvCgoI5gEQgoSultkvCgoIhwIQgoSultkvCgkICRCChK6W2S8KCQg6EIKErpbZLwoJCAsQgoSultkvCgoIjAIQgoSultkvCgoIzgEQgoSultkvCgkIXxCChK6W2S8=
www.postfun.com/ Name: akaas_csplit
Value: 2147483647~rv=77~id=4eb73d3f752cd6dbc35e403dd7f542c0
www.postfun.com/ Name: akaclientip
Value: 193.27.14.24
.postfun.com/ Name: _pnvl
Value: false
.postfun.com/ Name: pushly.user_puuid
Value: nA6KGlfN5qJZnEOFNyOVY0QxvkrEjnLO
.postfun.com/ Name: _pndnt
Value:
.postfun.com/ Name: _ga
Value: GA1.2.557766180.1638845346
.postfun.com/ Name: _gid
Value: GA1.2.964288077.1638845346
.postfun.com/ Name: _pnfcps
Value: 86400
.postfun.com/ Name: _pnpcs
Value: 1|Wed, 08 Dec 2021 02:49:06 GMT
.postfun.com/ Name: _pnlspid
Value: 11752
.postfun.com/ Name: _pnss
Value: dismissed
.postfun.com/ Name: _pnpdm
Value: true
.postfun.com/ Name: _gat
Value: 1
.go.sonobi.com/ Name: __uis
Value: 38439cfe-73cd-4f89-901a-42fd4b9ab141
.go.sonobi.com/ Name: _usd_postfun.com
Value: 51575eda-a153-4300-9f7d-4f3615c53a3d
.go.sonobi.com/ Name: __uir_td
Value: 1
.go.sonobi.com/ Name: __uir_bw
Value: 1
.go.sonobi.com/ Name: __uir_mm
Value: 1
.go.sonobi.com/ Name: __uir_pp
Value: 1
.go.sonobi.com/ Name: __uir_zt
Value: 1
.go.sonobi.com/ Name: __uir_eb
Value: 1
.go.sonobi.com/ Name: HAPLB5A
Value: s56128|Ya7Lp
.lijit.com/ Name: ljtrtb
Value: eJyrrgUAAXUA%2BQ%3D%3D
.lijit.com/ Name: ljt_reader
Value: 4d4d8792758de91c53e79d87
.adnxs.com/ Name: icu
Value: ChgI3ZVIEAoYASABKAEwope7jQY4AUABSAEQope7jQYYAA..
.adnxs.com/ Name: uuid2
Value: 4946990725677477747
.openx.net/ Name: i
Value: b4eddd14-8c22-4f34-8853-a34d9c1cb30c|1638845346
.postfun.com/ Name: _fbp
Value: fb.1.1638845347470.1202371439
.facebook.com/ Name: sb
Value: o8uuYRZxISplGEohzJ0T2lMj
.facebook.com/ Name: fr
Value: 0DSiVZNgMcRg8Djqg..Bhrsuj.US.AAA.0.0.Bhrsuj.AWVOK0evBV8
.ad.gt/ Name: au_id
Value: a1fe1406-4ec8-4c8c-a289-1f79043d6f17
.ad.gt/ Name: au_idmatch
Value: {"apn": "2021-12-07", "ttd": "2021-12-07", "pub": "2021-12-07", "adx": "2021-12-07", "halo": "2021-12-07", "goo": "2021-12-07", "mediamath": "2021-12-07", "unruly": "2021-12-07", "taboola": "2021-12-07"}
.mathtag.com/ Name: uuid
Value: 20ed61ae-cba3-4900-bb52-7cc570c2c565
.doubleclick.net/ Name: IDE
Value: AHWqTUlRisF6X6jk5_KIUourCeq5cIcimsupqxF9sOFXjcRwNDBQLtGu9u3ROEreLH8
.pubmatic.com/ Name: KADUSERCOOKIE
Value: 26CFC5F6-FC26-45F5-81AD-CC3EBF7B08FE
.adsrvr.org/ Name: TDID
Value: 85f4d67c-3ab3-450c-b420-539570656946
.targeting.unrulymedia.com/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-043d6d66-9e7a-4f06-b461-e21e0c63d7bb-003%22%7D
.ad.gt/ Name: last_seeng_hosted
Value: 1638845348290
.ad.gt/ Name: g_hosted
Value:
.ad.gt/ Name: last_seenunruly
Value: 1638845348303
.ad.gt/ Name: unruly_id
Value: RX-043d6d66-9e7a-4f06-b461-e21e0c63d7bb-003
.ad.gt/ Name: last_seentd
Value: 1638845348303
.ad.gt/ Name: tdid
Value: 85f4d67c-3ab3-450c-b420-539570656946
.ad.gt/ Name: first_seentd
Value: 1638845348303
.ad.gt/ Name: last_seenadnxs
Value: 1638845348305
.ad.gt/ Name: adnxs_id
Value: 4946990725677477747
.ad.gt/ Name: first_seenadnxs
Value: 1638845348305
.ad.gt/ Name: last_seenpbm
Value: 1638845348307
.ad.gt/ Name: pbm
Value: 26CFC5F6-FC26-45F5-81AD-CC3EBF7B08FE
.ad.gt/ Name: first_seenpbm
Value: 1638845348307
.ad.gt/ Name: last_seenadx
Value: 1638845348307
.ad.gt/ Name: google_gid
Value: CAESEFdRLy1PsUHQyohjGGDyLf0
.ad.gt/ Name: first_seenadx
Value: 1638845348307
.ad.gt/ Name: last_seenmediamath
Value: 1638845348309
.ad.gt/ Name: user_id
Value: 20ed61ae-cba3-4900-bb52-7cc570c2c565
.ad.gt/ Name: last_seenhaloid
Value: 1638845348500
.ad.gt/ Name: halo_id
Value: 0200kuhica07jv2yg08xizqr0bwpa1w0evvljv1k7cm961o8b5po0ntek210qskvk40trr7270wqxik90zq3u2c12pa5j31k0gxf118nmsj90fzd0bt1elzfjf1hl5r1i1kkc2jl
.ad.gt/ Name: first_seenhaloid
Value: 1638845348500
.openx.net/ Name: pd
Value: v2|1638845350|gekin0vNiygu
.quantserve.com/ Name: mc
Value: 61aecba6-5d54f-ce09a-05830
.3lift.com/ Name: tluid
Value: 10555895619425909722
.ads.pubmatic.com/ Name: KCCH
Value: YES
.bidswitch.net/ Name: tuuid
Value: 1f8476eb-12db-48e8-8a7b-70f627cd680e
.bidswitch.net/ Name: c
Value: 1638845350
.bidswitch.net/ Name: tuuid_lu
Value: 1638845350
.pubmatic.com/ Name: chkChromeAb67Sec
Value: 1
.pubmatic.com/ Name: pi
Value: 156813:3
.pubmatic.com/ Name: DPSync3
Value: 1640044800%3A197_219_201%7C1638921600%3A174
.pubmatic.com/ Name: SyncRTB3
Value: 1640131200%3A35%7C1639699200%3A63%7C1641427200%3A203%7C1640044800%3A54_99_230_204_220_81_234_233_222_7_161_56_165_21_3_71_166_238_13_55_189_8_22_88%7C1639440000%3A15_223_2
.bing.com/ Name: MUID
Value: 2BCC5A3A3A5F64B61ADE4B3C3B8D65DA
.quantserve.com/ Name: d
Value: EI4BEQHzJPijCJiTAA
.turn.com/ Name: uid
Value: 7974259943787010799
.taboola.com/ Name: t_gid
Value: 23284b73-ea0c-4930-986b-5e58c1bc909b-tuct8a85126
.adfarm1.adition.com/ Name: UserID1
Value: 7038787181459601555
.pubmatic.com/ Name: KRTBCOOKIE_153
Value: 1923-7v4M-butDKr1-gmp7KlA_73_VP31_1ik6__u4-Tm&KRTB&19420-7v4M-butDKr1-gmp7KlA_73_VP31_1ik6__u4-Tm&KRTB&22979-7v4M-butDKr1-gmp7KlA_73_VP31_1ik6__u4-Tm
.pubmatic.com/ Name: PugT
Value: 1638845350
.pubmatic.com/ Name: PUBMDCID
Value: 3
.rfihub.com/ Name: rud
Value: H4sIAAAAAAAAAOMSNjU0NjExNTUxtDQ3NDUyMgQyhfgMdd1NwoPTg73DA93LU6R4Dc2MLSxMTI1NDUyNzAGzCikeNAAAAA
.rfihub.com/ Name: eud
Value: H4sIAAAAAAAAAFslymtoZmxhYWJqbGpgamQOABmn3noQAAAA
.rfihub.com/ Name: ruds
Value: H4sIAAAAAAAAAOMSNjU0NjExNTUxtDQ3NDUyMgQyhfgMdd1NwoPTg73DA93LUwCNphZVJQAAAA
.adsrvr.org/ Name: TDCPM
Value: CAEYASABKAIyCwjWwruG3M2cOhAFOAFaC2FkY29uZHVjdG9yYAI.
.pubmatic.com/ Name: KRTBCOOKIE_80
Value: 22987-CAESED7VVhxhvUk-mIY1Hcmpvyw&KRTB&16514-CAESED7VVhxhvUk-mIY1Hcmpvyw&KRTB&23025-CAESED7VVhxhvUk-mIY1Hcmpvyw
.pubmatic.com/ Name: KRTBCOOKIE_57
Value: 22776-4946990725677477747
.pubmatic.com/ Name: KRTBCOOKIE_188
Value: 3189-no-consent
.1rx.io/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-043d6d66-9e7a-4f06-b461-e21e0c63d7bb-003%22%2C%22nxtrdr%22%3Afalse%7D
.adform.net/ Name: C
Value: 1
.onaudience.com/ Name: cookie
Value: efa6c9c55b2df06f
.onaudience.com/ Name: done_redirects104
Value: 1
.erne.co/ Name: u
Value: 3NHaNOmpjkOoVSql0xQMX8Jp
.pubmatic.com/ Name: KRTBCOOKIE_1101
Value: 23040-7038787181459601555
.pubmatic.com/ Name: KRTBCOOKIE_27
Value: 16735-uid:20ed61ae-cba3-4900-bb52-7cc570c2c565&KRTB&16736-uid:20ed61ae-cba3-4900-bb52-7cc570c2c565&KRTB&23019-uid:20ed61ae-cba3-4900-bb52-7cc570c2c565&KRTB&23114-uid:20ed61ae-cba3-4900-bb52-7cc570c2c565
.pubmatic.com/ Name: KRTBCOOKIE_22
Value: 14911-7974259943787010799
.pubmatic.com/ Name: KRTBCOOKIE_377
Value: 6810-85f4d67c-3ab3-450c-b420-539570656946&KRTB&22918-85f4d67c-3ab3-450c-b420-539570656946&KRTB&23031-85f4d67c-3ab3-450c-b420-539570656946
.analytics.yahoo.com/ Name: IDSYNC
Value: 18z8~21y2
.yahoo.com/ Name: A3
Value: d=AQABBKbLrmECEM1vvcVRodbHBa7JIiyJcCoFEgEBAQEdsGG4YQAAAAAA_eMAAA&S=AQAAArP7F6hlugtKTp0wrtnEC2A
.de17a.com/ Name: guid2
Value: 1.4815254603872434894
.pubmatic.com/ Name: KRTBCOOKIE_409
Value: 22966-3NHaNOmpjkOoVSql0xQMX8Jp
.simpli.fi/ Name: suid
Value: 799E23D1B2FC4EE99777FACCBAFF4502
.adform.net/ Name: uid
Value: 8231746660794167020
.pubmatic.com/ Name: SPugT
Value: 1638845349
.pubmatic.com/ Name: KRTBCOOKIE_594
Value: 17107-RX-043d6d66-9e7a-4f06-b461-e21e0c63d7bb-003
ads.playground.xyz/ Name: connect.sid
Value: s%3A45c-mPAjISdgTUoaCMSIfMfy37WutM3N.jl3hTp0opl5Dnedq0BibYuARXGwUhiJVtB%2BrxfEMAHw
.pubmatic.com/ Name: KRTBCOOKIE_391
Value: 22924-3820115528378156269&KRTB&23263-3820115528378156269
.pubmatic.com/ Name: KRTBCOOKIE_336
Value: 5844-4815254603872434894
.adsby.bidtheatre.com/ Name: __kuid
Value: ef653911-274c-4af5-8b07-b5b8dfca5dde.408059350
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~Ya7LpgAKBVP5vgAz
.pubmatic.com/ Name: KRTBCOOKIE_218
Value: 4056-Ya7LpgAKBVP5vgAz&KRTB&22978-Ya7LpgAKBVP5vgAz&KRTB&23194-Ya7LpgAKBVP5vgAz&KRTB&23209-Ya7LpgAKBVP5vgAz
.bidr.io/ Name: bito
Value: AArVgU7DXZcAAH2sjHsDFQ
.bidr.io/ Name: bitoIsSecure
Value: ok
.crwdcntrl.net/ Name: _cc_dc
Value: 1
.crwdcntrl.net/ Name: _cc_id
Value: 2d801dbde08aa8e01942fe6cba78b9b0
.crwdcntrl.net/ Name: _cc_cc
Value: "ACZ4XmNQMEqxMDBMSUpJNbBITLRINTC0NDFKSzVLTko0t0iyTDJgAILEdaeXgWgoAABwtAvp"
.crwdcntrl.net/ Name: _cc_aud
Value: "ABR4XmNgYGBIXHd6GZCCAgAe3AKB"
bh.contextweb.com/ Name: INGRESSCOOKIE
Value: 3dfa5e277e71cf84
.onaudience.com/ Name: done_redirects219
Value: 1
.zeotap.com/ Name: zc
Value: ac88f6f5-2ef1-4089-5ba3-99f87c92b4f8
.zeotap.com/ Name: zsc
Value: %ED%91%0D%81%0D%27%93%89%AB%B2%E6%EF%93I%98%ACD%E4m%E9%03%1F%ABrs%E1%A8a%B2%02y%88v%17%B7%CA%89j%8C%04%A5%B9j%17h%A8hu%91SZ%A2%06y%8C%19%12x%14I%C4%EF%DC%DC%C3f%E4W%18%03J%3F%FB%DD%E8%19%FD%22%83-%09%1E%CE
sync.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-5f6d626e-5b27-40dd-7cf9-358961699b65.TnltQ%2BpUutf2H%2BezOxdE68YQFuooeVvLy9%2B9DHYWMFo
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3A0-5f6d626e-5b27-40dd-7cf9-358961699b65%24ip%24193.27.14.24.H0b%2BMUawpHn7hshDDIQalgLX6Ht48tOnqR7YYaZd6A8
.ads.linkedin.com/ Name: lang
Value: v=2&lang=en-us
.linkedin.com/ Name: bcookie
Value: "v=2&7eb9476a-65e5-4771-8e08-6d9e570d5474"
.linkedin.com/ Name: li_gc
Value: MTswOzE2Mzg4NDUzNTA7MjswMjGubzL0QD91GbtLqo8W//LaO9Jo7j3RTkHeK0guGuKIhQ==
.linkedin.com/ Name: lidc
Value: "b=OGST04:s=O:r=O:a=O:p=O:g=2510:u=1:x=1:i=1638845350:t=1638931750:v=2:sig=AQHJ3BjNQlPjEtE7n7ErNnx-LND9WQ1_"
.pubmatic.com/ Name: KRTBCOOKIE_860
Value: 16335-X21iblsnQN18-TWJYWmbZcEbDhg
.spotim.market/ Name: vmuid
Value: a2f4646f0e2874d3
.adtelligent.com/ Name: a281178
Value: 26CFC5F6-FC26-45F5-81AD-CC3EBF7B08FE
.adtelligent.com/ Name: vmuid
Value: a2f4646f0e2874d3
.adtelligent.com/ Name: a309017
Value: no-consent
.spotim.market/ Name: a323548
Value: 4946990725677477747
.spotim.market/ Name: a323551
Value: 4d4d8792758de91c53e79d87
.spotim.market/ Name: a509691
Value: ${UID}

4 Console Messages

Source Level URL
Text
other error URL: chrome-error://chromewebdata/
Message:
Refused to display 'https://www.facebook.com/' in a frame because it set 'X-Frame-Options' to 'deny'.
worker error URL: blob:https://www.postfun.com/fb019e54-4d5b-4e62-830b-6b4f4f0489e5
Message:
Mixed Content: The page at 'blob:https://www.postfun.com/fb019e54-4d5b-4e62-830b-6b4f4f0489e5' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'chrome-extension://eppiocemhmnlbhjplcgkofciiegomcon/content/safecheck-notification/notification-iframe/index.html'. This request has been blocked; the content must be served over HTTPS.
worker error URL: blob:https://www.postfun.com/fb019e54-4d5b-4e62-830b-6b4f4f0489e5
Message:
Mixed Content: The page at 'blob:https://www.postfun.com/fb019e54-4d5b-4e62-830b-6b4f4f0489e5' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'chrome-extension://cplklnmnlbnpmjogncfgfijoopmnlemp/skin/logo24.png'. This request has been blocked; the content must be served over HTTPS.
network error URL: https://ad4m.at/ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID
Message:
Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.ad.gt
ad.turn.com
ad4m.at
ads.playground.xyz
ads.pubmatic.com
ap.lijit.com
apex.go.sonobi.com
audit-tcfv2.quantcast.mgr.consensu.org
aufp.io
b1sync.zemanta.com
bh.contextweb.com
c.amazon-adsystem.com
c.bing.com
c1.adform.net
cdn.p-n.io
cdn.taboola.com
cm.adgrx.com
cm.g.doubleclick.net
connect.facebook.net
core.iprom.net
csync.loopme.me
d5p.de17a.com
dis.criteo.com
dsp.adfarm1.adition.com
eb2.3lift.com
eu-u.openx.net
exchange.postrelease.com
ghb.spotim.market
green.erne.co
hive-d.openx.net
hivemedia-images.s3.us-east-1.amazonaws.com
htlb.casalemedia.com
ib.adnxs.com
ids.ad.gt
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
k.p-n.io
match.adsby.bidtheatre.com
match.adsrvr.org
match.deepintent.com
match.prod.bidr.io
match.taboola.com
mwzeom.zeotap.com
odr.mookie1.com
p.ad.gt
p.rfihub.com
pixel-sync.sitescout.com
pixel.onaudience.com
pixel.quantserve.com
pixels.ad.gt
pr-bh.ybp.yahoo.com
prebidtest.zemanta.com
pubmatic-match.dotomi.com
px.ads.linkedin.com
quantcast.mgr.consensu.org
rtb-csync.smartadserver.com
rtb.gumgum.com
rtb.openx.net
rules.quantcount.com
s.amazon-adsystem.com
s.update.hmstats.com
sb.scorecardresearch.com
secure.adnxs.com
secure.quantserve.com
securepubads.g.doubleclick.net
simage2.pubmatic.com
simage4.pubmatic.com
spl.zeotap.com
ssum-sec.casalemedia.com
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.1rx.io
sync.adtelligent.com
sync.crwdcntrl.net
sync.go.sonobi.com
sync.mathtag.com
sync.spotim.market
sync.srv.stackadapt.com
sync.targeting.unrulymedia.com
test.quantcast.mgr.consensu.org
tlx.3lift.com
trc.taboola.com
u.openx.net
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
visitor.omnitagjs.com
www.facebook.com
www.google-analytics.com
www.postfun.com
x.bidswitch.net
104.92.81.94
13.32.29.201
13.35.253.10
13.35.253.75
142.250.181.226
142.250.184.226
151.101.193.44
151.101.194.49
159.65.196.12
169.197.150.7
169.50.137.182
178.162.133.149
178.162.133.150
178.250.2.151
18.156.0.31
18.194.4.47
18.197.121.240
18.66.248.14
185.255.84.153
185.29.134.248
185.33.221.13
185.33.221.87
185.64.190.80
185.64.190.81
185.86.139.114
188.165.4.142
193.0.160.129
195.5.165.20
198.148.27.139
198.47.127.19
198.47.127.20
2.18.233.180
2.21.111.28
2.21.141.232
2001:678:cb4:bbbb::11
213.155.156.169
213.19.147.44
23.88.75.189
2600:9000:211e:1c00:9:46dc:4700:93a1
2600:9000:211e:8c00:3:a4cd:8380:93a1
2600:9000:2315:4800:6:44e3:f8c0:93a1
2606:4700:10::6816:1857
2606:4700:10::6816:72d
2606:4700:20::681a:ad1
2620:116:800d:21:f916:5049:f87f:108e
2620:119:50e7:101::9002:e05
2620:1ec:c11::200
2a00:1450:4001:80e::200e
2a00:1450:400c:c0a::9b
2a02:fa8:8806:20::2040
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a05:d018:d29:3605:60e0:c53a:cd30:7167
2a0c:5c81:5142::2
34.102.253.54
34.197.208.127
34.211.237.159
34.243.93.43
34.98.64.218
34.98.67.61
35.186.253.211
35.244.159.8
35.71.131.137
37.157.4.29
44.238.136.108
51.210.112.236
52.19.22.209
52.200.181.105
52.215.68.151
52.217.85.16
52.28.162.206
52.46.130.91
52.89.213.37
54.187.25.111
54.194.104.251
62.149.0.72
64.74.236.63
66.155.71.25
72.251.241.196
72.251.249.13
76.223.111.18
85.114.159.93
02355aa57f07068f48ce739f70f73bd9264ed16f066e946b3eca256d814356ff
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
084f6476011a1c250d41279bc05a27a78c804a91bd11610eb2be4bb1b5a73c18
0924e6ae85bbf093056ea4960d428569c4228385e29cb0bbda7028439050561e
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0d358ffaf0d76ff2acc41f17cb874a7a03fa6fa502936b48c4de3eab79752d32
0d9762a1a60deef8aa093c473ad27c38eed77184d6940e7df06d89d77cbd3e94
0eafa55998d0d61f477653cb15168105c06763c74aaebe8ff7e55da98457f030
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
1a2401c0f0f0989b66fea7819705936c7409ab0686efdc90c47f90584af8c63d
1ad142d89bfb17e68387ca8ecefb3850d8459d676c8f851aab1a2d67d9ab7b0d
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba
2a21d440ddb36b335b7c29c1356276d61c86d5c5f2f42c1c349fbe285008776b
2d0f6b590917e7d27ddeb026b280d62dde9d03bb92f47f56342fc5f68f0c24eb
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
3112fccfa0c39fb02ce507b3f6ce23b9a465f852a49a32f8c664a802e1444688
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
384030f05a2241cb62e91acb3eb557b1dc64bccb7a1bf43011ef572b19b5c4d9
3b850fd9301b5a95c9c7ead67c57622e1a06680f69bf8d2f5ce57983011da3b1
3d022bdc2470de1ee83e2693341ae618f6fc08a90edbe3290e5c870faeefec4f
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
41e365250a82e0e0ee15c8661ca0efb65228a061f31c8ae3884127d0efa0d369
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
487fce51fd801415c362f3f9f2df43c445a4b9ba38f9b6d49dfc898dc85ede94
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4969fd737773f4ea35432a238a098a4145206b26aea3480033da952ee3eab80b
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
501b84d7db37a158e0313efd545c334fc75d82750e1248fa383321c67728b1ce
537af3e7035e7f334c4414cf45d25f378f279843c35eeb375675639f24202ee8
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5867c4e1ca42a3ae09b2f294bda3d6d8493d9dd2d1560ae7289ca58b6bb13e4e
587e4115909190b558d6542a6a6ebc8faeb19edd3e21b732b38c9aec3d36f185
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5d8d13c958e7f08ce7c2be4315fe352515b00c28047ff52c5205199a9a37581e
5f6f0b1a73b3923455ddd8d7fe81135732102ea9b0b2489252071dc8acba2708
690d7ec1b7cadb8c57efcc5ca4d8062e2826ad74304a2cf1c8210821866f7571
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
71579509feaec66395bc8bed449847a80a8eeeb006aa59d93fb2dbd44bbcb3fb
723d96e56379246e99aede7ade615f114e9cf2a95c105df46af8935e650146c1
724ffca6332d70f4cbb540b05753e0e5d59a9b25a0eefd2e46fbf841ad41889b
72974cf5c2f0384df6f0b6810376dee8106ab9bb157d8a3c441c6ba418c904da
732be07cfd0af57869ce60bc525acf0b5dbd06a47345945b41f551bcac33a432
75ad566950298a23b6ce73ed61b4597ae66a72daf102daa806efd58c18fa7c3d
7a2b44d696ca571e00b0db7d7a110984b48af49a176bd95ddddae23cdfe1ca65
7f59166cede1b29d613c38e7da6dcd9227fdb898893f6508356e2ca5ad7b7293
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8352a0484081022114518db98c4f7bd828fff01a3bba53b1e9fe55e31602413e
848fe19ed492948709b881f504ce2eb6274baa694606ca88eb9b2990a2460caf
85e50082d7ce113bfa87dbade18dbf747d1bacfcffdbd628296dcffa98a08f94
869234019eb34d15b2dbb218719491fefae65f17cf1103eb6355da24783f6dc7
89082227eb43e2295815f3f62d29cdc5f806cfef98416d0b88539131f79b5af5
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e1b84265e633c043720dd0921476c16bc9f75e393e855c9116ca7c3a847b5c7
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
947dd8624842a892adc7ecc70ec3270e5792bb3cc509dd1ff5720f2f8fe66419
9537144bb39250368e21895ffb3a0e5c0f976a68b191729a73f247bb0608f2a3
9875b9cc0672adaee70f87b3aa98dc40deb2ac1684fb6ce721131858dbe3c482
98853c314da19dd937694bcabe140f6549fe2bd27e641bcfbb534a9c804ff487
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9aaa0167f4abb8eb86f2182c46287c6bddc68d7538f0bfa9e71287db2c700a60
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a2234e62f9f4f714bd6e6fc3e8b65aaeac70fa57b670274528e472c3f2dd35dc
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
afb3501c74391644e2029381ab1df63c381d66334e33d74f5c7859236768604f
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b209eb175909bbe172d0e6f9762eabcf99f07ecab1ecc7da56ae44e25a650ce9
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
b4dc13dc644c41fff30da814b78b35bd07d270a01e3fcbf58fbe484b94ea975b
b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628
b985af57dc59fdf0a9743d410836168fdbceaa641b51d4e427f9edff6cc62625
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb6d1fca9040272fd9341da48df6827bbea229b08574eadc105dc55fb5c2fc9f
c32b66dae6aaac220d224bd147ce2e70a205a34bc53b62ca4f9eb0d7754ccfa4
c507ad3b9d297645f447934d8eb6e29712a6fc759daab791de19be72af08ed6b
c6420ab9ec6ebff1cd61333dade6ba9ac879d3617a59334148672dee6af12fec
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf5926114e876f2c89a01dff181af963f57e14fe1df703045d8c024400466007
d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32
d261bc09d55ca6390f043aa5a196a8c4d49d38bb48792e007e539a9b67a86bbb
d278491b1de51ad826d16be5ab27b1746999c02d45200f107218427e34eed798
d74430c6c02b1f752d521694f0e346b93b9eddd6cf39f53015abe27fbecf301f
ddbc1a158d7d13b63c0fda8fd2ece421016468e9e88914d2b81d3e8929c19df1
de2b4eba3c242546aae7f2ff97cd39bcb010dcf1847ec4bec38876d29e838b9c
de80309d98405d566c6fb1912811b24c8ad3a8380f6819d26a6c1eac5cd99185
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9bbac6ecbcbd46820ae9165f18bb5ad8e58a243850e838d0680bb50e0b7b229
ea3b8c6d48b3b39628750c41d1dbb2dfafdd65fbf1c12e1a7fa79126702bda72
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f8ee0d666b3091eb93def38dd12b8f2a7009d640e6b0cf389cc35a2c4a425b09
fd0b79a723b6dbed0292bd8c0cb7c57ee81100a3f2f7b5c606210b85f8e5a567