Submitted URL: http://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Effective URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Submission Tags: falconsandbox
Submission: On January 27 via api from US — Scanned from CA

Summary

This website contacted 137 IPs in 11 countries across 147 domains to perform 582 HTTP transactions. The main IP is 144.217.183.17, located in Beauharnois, Canada and belongs to OVH, FR. The main domain is dl-file.com.
TLS certificate: Issued by R3 on November 2nd 2021. Valid for: 3 months.
This is the only time dl-file.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 26 144.217.183.17 16276 (OVH)
1 2607:f8b0:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
5 2607:f8b0:400... 15169 (GOOGLE)
1 2620:100:a001::4 19750 (AS-CRITEO)
17 195.181.168.47 60068 (CDN77 ^_^)
2 2607:f8b0:400... 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
1 46.105.201.240 16276 (OVH)
1 192.99.13.63 16276 (OVH)
3 158.69.139.230 16276 (OVH)
1 13.225.63.125 16509 (AMAZON-02)
3 3.140.12.176 16509 (AMAZON-02)
1 104.18.28.199 13335 (CLOUDFLAR...)
5 54.230.162.121 16509 (AMAZON-02)
1 45.55.96.63 14061 (DIGITALOC...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
3 8 184.85.195.135 16625 (AKAMAI-AS)
2 2 146.59.148.16 16276 (OVH)
1 54.230.162.14 16509 (AMAZON-02)
1 67.202.105.33 32748 (STEADFAST)
8 142.250.65.162 15169 (GOOGLE)
4 104.106.245.174 16625 (AKAMAI-AS)
1 67.202.105.32 32748 (STEADFAST)
1 13.226.31.29 16509 (AMAZON-02)
3 2a02:6ea0:ca0... 60068 (CDN77 ^_^)
2 87.230.98.74 61157 (PLUSSERVE...)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
9 54.192.160.42 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
3 2606:4700:10:... 13335 (CLOUDFLAR...)
1 104.18.15.222 13335 (CLOUDFLAR...)
1 2 13.225.214.37 16509 (AMAZON-02)
9 10 68.67.179.113 29990 (ASN-APPNEX)
9 10 107.178.246.49 15169 (GOOGLE)
13 14 15.197.193.217 16509 (AMAZON-02)
2 2 52.45.242.235 14618 (AMAZON-AES)
4 54.211.161.228 14618 (AMAZON-AES)
4 7 52.55.144.0 14618 (AMAZON-AES)
26 55 142.251.32.98 15169 (GOOGLE)
2 17 2606:4700:10:... 13335 (CLOUDFLAR...)
12 16 68.67.161.208 29990 (ASN-APPNEX)
2 2 67.202.105.21 32748 (STEADFAST)
3 6 35.190.60.146 15169 (GOOGLE)
1 54.230.162.76 16509 (AMAZON-02)
5 3.129.242.122 16509 (AMAZON-02)
2 2 52.0.156.250 14618 (AMAZON-AES)
1 3 34.233.103.61 14618 (AMAZON-AES)
1 23.5.229.102 16625 (AKAMAI-AS)
1 22 52.20.97.150 14618 (AMAZON-AES)
1 130.211.23.194 15169 (GOOGLE)
5 10 216.52.2.48 29791 (VOXEL-DOT...)
3 6 2620:100:a001::c 19750 (AS-CRITEO)
1 35.241.9.51 15169 (GOOGLE)
1 104.19.150.54 13335 (CLOUDFLAR...)
3 26 199.244.48.95 36007 (KAMATERA)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
8 34.107.254.252 15169 (GOOGLE)
5 178.250.2.146 44788 (ASN-CRITE...)
4 6 13.226.31.74 16509 (AMAZON-02)
4 4 75.126.248.142 36351 (SOFTLAYER)
5 5 35.172.159.73 14618 (AMAZON-AES)
15 16 35.211.178.172 19527 (GOOGLE-2)
1 15.235.11.24 16276 (OVH)
1 13.226.31.11 16509 (AMAZON-02)
1 1 104.16.108.154 13335 (CLOUDFLAR...)
3 3 18.233.161.105 14618 (AMAZON-AES)
4 4 35.165.247.237 16509 (AMAZON-02)
1 40.71.11.141 8075 (MICROSOFT...)
1 1 64.58.232.179 13649 (ASN-VINS)
1 64.58.232.177 13649 (ASN-VINS)
2 3 156.154.202.36 19907 (NEUSTAR-AS6)
3 3 2a05:d018:24:... 16509 (AMAZON-02)
12 12 74.121.140.14 30419 (MEDIAMATH...)
4 4 207.198.113.176 13768 (COGECO-PEER1)
5 6 8.43.72.98 26667 (RUBICONPR...)
8 8 151.101.2.49 54113 (FASTLY)
1 1 2620:112:f002... 6336 (TURN-US-ASN)
1 2600:1f18:444... 14618 (AMAZON-AES)
2 3 104.18.100.194 13335 (CLOUDFLAR...)
14 18 13.226.31.35 16509 (AMAZON-02)
10 2607:f8b0:400... 15169 (GOOGLE)
5 23.54.68.197 16625 (AKAMAI-AS)
4 4 192.35.249.120 11742 (SPOTX-IAD)
5 6 35.244.159.8 15169 (GOOGLE)
1 2a06:8640:852... 55081 (24SHELLS)
16 104.238.215.60 36007 (KAMATERA)
2 3 2620:116:800b... 14618 (AMAZON-AES)
1 1 3.237.58.105 14618 (AMAZON-AES)
1 1 23.88.75.188 24940 (HETZNER-AS)
6 34 23.54.68.240 16625 (AKAMAI-AS)
5 12 35.71.139.29 16509 (AMAZON-02)
10 18 162.248.18.11 62713 (AS-PUBMATIC)
2 2 45.35.192.162 40676 (AS40676)
15 22 104.36.115.109 62713 (AS-PUBMATIC)
1 6 8.43.72.97 26667 (RUBICONPR...)
5 2607:f8b0:400... 15169 (GOOGLE)
2 63.251.28.218 13789 (INTERNAP-...)
2 104.36.115.111 62713 (AS-PUBMATIC)
1 2 104.36.115.113 62713 (AS-PUBMATIC)
2 2 185.184.8.65 204995 (RTB-HOUSE...)
8 23.227.139.243 55081 (24SHELLS)
1 4 172.98.26.126 399668 (E-PLANNING-)
3 2600:9000:21d... 16509 (AMAZON-02)
1 2 37.157.4.25 198622 (ADFORM)
5 7 185.167.164.51 198622 (ADFORM)
5 5 54.236.200.174 14618 (AMAZON-AES)
2 2 193.122.130.38 31898 (ORACLE-BM...)
3 8 104.36.113.17 62713 (AS-PUBMATIC)
2 2 74.119.119.150 19750 (AS-CRITEO)
1 38.91.45.7 398989 (DEEPINTENT)
3 3 173.231.178.115 29791 (VOXEL-DOT...)
5 5 199.127.204.142 26120 (RHYTHMONE)
3 4 199.127.204.147 26120 (RHYTHMONE)
2 2 3.228.133.61 14618 (AMAZON-AES)
1 1 34.102.253.54 15169 (GOOGLE)
3 34.205.181.35 14618 (AMAZON-AES)
3 4 54.175.36.162 14618 (AMAZON-AES)
1 2 2606:4700::68... 13335 (CLOUDFLAR...)
3 3 34.236.79.15 14618 (AMAZON-AES)
2 2 178.62.202.251 14061 (DIGITALOC...)
1 1 104.45.178.220 8075 (MICROSOFT...)
1 1 69.90.254.78 13768 (COGECO-PEER1)
3 3 38.27.122.101 174 (COGENT-174)
3 3 104.107.15.75 16625 (AKAMAI-AS)
2 2 107.178.254.65 15169 (GOOGLE)
1 1 34.98.67.3 15169 (GOOGLE)
2 104.36.115.114 62713 (AS-PUBMATIC)
3 4 2620:112:f002... 6336 (TURN-US-ASN)
2 5 2600:1f18:4e9... 14618 (AMAZON-AES)
7 10 52.45.33.138 14618 (AMAZON-AES)
1 1 3.227.93.166 14618 (AMAZON-AES)
4 4 2606:ae80:147... 25751 (VALUECLICK)
3 3.208.70.15 14618 (AMAZON-AES)
1 1 204.62.13.72 46636 (NATCOWEB)
1 2 204.2.255.233 2914 (NTT-COMMU...)
1 13 18.196.233.14 16509 (AMAZON-02)
1 1 216.152.140.210 13768 (COGECO-PEER1)
1 2 34.229.3.43 14618 (AMAZON-AES)
6 172.98.26.125 399668 (E-PLANNING-)
2 2 35.186.253.211 15169 (GOOGLE)
3 6 34.192.120.237 14618 (AMAZON-AES)
2 172.98.26.122 399668 (E-PLANNING-)
2 3 168.119.79.223 24940 (HETZNER-AS)
2 9 69.166.1.10 27630 (AS-XFERNET)
2 2 54.234.88.163 14618 (AMAZON-AES)
1 3 23.57.136.222 16625 (AKAMAI-AS)
1 205.234.175.175 30081 (CACHENETW...)
1 3 51.222.39.187 16276 (OVH)
5 2607:f8b0:400... 15169 (GOOGLE)
29 2607:f8b0:400... 15169 (GOOGLE)
4 2607:f8b0:400... 15169 (GOOGLE)
3 12 188.132.147.228 42910 (PREMIERDC...)
1 2a04:4e42:200... 54113 (FASTLY)
1 2600:1f16:e61... 16509 (AMAZON-02)
1 1 85.114.159.93 24961 (MYLOC-AS ...)
2 2 35.201.81.244 15169 (GOOGLE)
2 2 185.86.137.131 201081 (SMARTADSE...)
1 1 76.13.32.147 26101 (YAHOO-BF1)
1 1 35.190.90.30 15169 (GOOGLE)
2 5 209.54.177.54 16509 (AMAZON-02)
9 2606:4700:10:... 13335 (CLOUDFLAR...)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
15 2607:f8b0:400... 15169 (GOOGLE)
2 104.94.205.31 16625 (AKAMAI-AS)
2 52.23.146.219 14618 (AMAZON-AES)
2 3.224.175.57 14618 (AMAZON-AES)
1 212.129.3.112 12876 (Online SAS)
2 2 96.46.186.58 7979 (SERVERS-COM)
2 3 141.95.34.105 16276 (OVH)
2 3 2600:9000:21e... 16509 (AMAZON-02)
1 1 52.3.54.123 14618 (AMAZON-AES)
1 2001:4998:14:... 14777 (YAHOO)
2 2 51.178.20.140 16276 (OVH)
1 1 192.132.33.46 18568 (BIDTELLECT)
1 1 199.38.167.129 54312 (ROCKETFUEL)
2 2 198.148.27.139 19189 (PULSEPOINT)
19 2607:f8b0:400... 15169 (GOOGLE)
1 1 194.213.62.37 13036 (TMOBILE-)
6 2607:f8b0:400... 15169 (GOOGLE)
3 2607:f8b0:400... 15169 (GOOGLE)
1 2 23.200.197.46 16625 (AKAMAI-AS)
5 5 52.201.141.91 14618 (AMAZON-AES)
6 142.251.40.194 15169 (GOOGLE)
1 1 34.102.163.6 15169 (GOOGLE)
2 2 2620:1ec:21::14 8068 (MICROSOFT...)
1 1 13.225.214.96 16509 (AMAZON-02)
1 2620:1ec:c11:... 8068 (MICROSOFT...)
4 4 64.202.112.159 23352 (SERVERCEN...)
1 8.28.7.84 62713 (AS-PUBMATIC)
1 1 44.194.225.67 14618 (AMAZON-AES)
1 1 35.186.193.173 15169 (GOOGLE)
1 1 204.2.255.224 2914 (NTT-COMMU...)
3 3 2606:4700:303... 13335 (CLOUDFLAR...)
1 1 54.71.47.92 16509 (AMAZON-02)
1 2 52.45.237.203 14618 (AMAZON-AES)
1 1 37.252.173.213 29990 (ASN-APPNEX)
1 1 34.206.33.80 14618 (AMAZON-AES)
2 2 72.251.244.141 29791 (VOXEL-DOT...)
1 75.2.13.80 ()
3 142.250.72.98 ()
582 137
Apex Domain
Subdomains
Transfer
75 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 184
cm.g.doubleclick.net — Cisco Umbrella Rank: 197
googleads.g.doubleclick.net — Cisco Umbrella Rank: 46
googleads4.g.doubleclick.net — Cisco Umbrella Rank: 274
263 KB
60 pubmatic.com
ads.pubmatic.com — Cisco Umbrella Rank: 473
image8.pubmatic.com — Cisco Umbrella Rank: 609
simage2.pubmatic.com — Cisco Umbrella Rank: 552
hbopenbid.pubmatic.com — Cisco Umbrella Rank: 459
image6.pubmatic.com — Cisco Umbrella Rank: 595
image2.pubmatic.com — Cisco Umbrella Rank: 1032
image4.pubmatic.com — Cisco Umbrella Rank: 848
simage4.pubmatic.com — Cisco Umbrella Rank: 1179
56 KB
51 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 100
ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
tpc.googlesyndication.com — Cisco Umbrella Rank: 124
ade.googlesyndication.com
269 KB
42 primis.tech
live.primis.tech — Cisco Umbrella Rank: 3190
video.primis.tech — Cisco Umbrella Rank: 6710
3 MB
34 casalemedia.com
ssum-sec.casalemedia.com — Cisco Umbrella Rank: 520
ssum.casalemedia.com — Cisco Umbrella Rank: 1337
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 590
dsum.casalemedia.com — Cisco Umbrella Rank: 1272
htlb.casalemedia.com — Cisco Umbrella Rank: 461
42 KB
27 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 404
ib.adnxs.com — Cisco Umbrella Rank: 241
adscale-emea.adnxs.com — Cisco Umbrella Rank: 19094
25 KB
27 crwdcntrl.net
tags.crwdcntrl.net — Cisco Umbrella Rank: 2221
bcp.crwdcntrl.net — Cisco Umbrella Rank: 673
sync.crwdcntrl.net — Cisco Umbrella Rank: 719
105 KB
26 dl-file.com
dl-file.com
2 MB
24 intentiq.com
api.intentiq.com — Cisco Umbrella Rank: 2199
sync.intentiq.com — Cisco Umbrella Rank: 1542
26 KB
19 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 255
2 MB
17 yahoo.com
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 470
ups.analytics.yahoo.com — Cisco Umbrella Rank: 283
cms.analytics.yahoo.com — Cisco Umbrella Rank: 1023
ads.yahoo.com — Cisco Umbrella Rank: 913
9 KB
17 zeotap.com
spl.zeotap.com — Cisco Umbrella Rank: 1427
mwzeom.zeotap.com — Cisco Umbrella Rank: 1680
5 KB
16 adscale.de
js.adscale.de — Cisco Umbrella Rank: 7427
ih.adscale.de — Cisco Umbrella Rank: 3772
17 KB
16 bidswitch.net
x.bidswitch.net — Cisco Umbrella Rank: 287
7 KB
15 rubiconproject.com
token.rubiconproject.com — Cisco Umbrella Rank: 689
pixel.rubiconproject.com — Cisco Umbrella Rank: 312
secure-assets.rubiconproject.com — Cisco Umbrella Rank: 1095
eus.rubiconproject.com — Cisco Umbrella Rank: 541
pixel-us-east.rubiconproject.com — Cisco Umbrella Rank: 1135
19 KB
15 network-n.com
kumo.network-n.com — Cisco Umbrella Rank: 50569
138 KB
14 admatic.com.tr
cdn.admatic.com.tr — Cisco Umbrella Rank: 9839
ads3.admatic.com.tr — Cisco Umbrella Rank: 10680
ads4.admatic.com.tr — Cisco Umbrella Rank: 20051
23 KB
14 3lift.com
eb2.3lift.com — Cisco Umbrella Rank: 389
tlx.3lift.com — Cisco Umbrella Rank: 600
6 KB
14 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 329
8 KB
14 amazon-adsystem.com
c.amazon-adsystem.com — Cisco Umbrella Rank: 281
s.amazon-adsystem.com — Cisco Umbrella Rank: 284
91 KB
13 e-planning.net
ads.us.e-planning.net — Cisco Umbrella Rank: 3752
u-iad04.e-planning.net — Cisco Umbrella Rank: 9015
s.e-planning.net — Cisco Umbrella Rank: 6371
i.e-planning.net — Cisco Umbrella Rank: 6375
sync.e-planning.net — Cisco Umbrella Rank: 5261
4 KB
13 criteo.com
gum.criteo.com — Cisco Umbrella Rank: 369
mug.criteo.com — Cisco Umbrella Rank: 2864
dis.criteo.com — Cisco Umbrella Rank: 691
10 KB
12 mathtag.com
sync.mathtag.com — Cisco Umbrella Rank: 421
7 KB
12 sharethis.com
pd.sharethis.com — Cisco Umbrella Rank: 11225
t.sharethis.com — Cisco Umbrella Rank: 6220
sync.sharethis.com — Cisco Umbrella Rank: 2988
17 KB
10 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 47
imasdk.googleapis.com — Cisco Umbrella Rank: 418
908 KB
10 lijit.com
ap.lijit.com — Cisco Umbrella Rank: 690
ce.lijit.com — Cisco Umbrella Rank: 816
7 KB
10 tapad.com
pixel.tapad.com — Cisco Umbrella Rank: 419
5 KB
10 google.com
www.google.com — Cisco Umbrella Rank: 13
adservice.google.com — Cisco Umbrella Rank: 80
2 KB
9 quantumdex.io
sync.quantumdex.io — Cisco Umbrella Rank: 3579
2 KB
9 sonobi.com
sync.go.sonobi.com — Cisco Umbrella Rank: 1044
9 KB
9 adform.net
cm.adform.net — Cisco Umbrella Rank: 1786
c1.adform.net — Cisco Umbrella Rank: 608
dmp.adform.net — Cisco Umbrella Rank: 2434
track.adform.net — Cisco Umbrella Rank: 3933
4 KB
9 adtarget.com.tr
s.console.adtarget.com.tr — Cisco Umbrella Rank: 6241
sync.console.adtarget.com.tr — Cisco Umbrella Rank: 6623
4 KB
9 permutive.com
cdn.permutive.com — Cisco Umbrella Rank: 2476
api.permutive.com — Cisco Umbrella Rank: 2062
4 KB
8 openx.net
u.openx.net — Cisco Umbrella Rank: 710
rtb.openx.net — Cisco Umbrella Rank: 1548
us-u.openx.net — Cisco Umbrella Rank: 359
1 KB
8 everesttech.net
sync-tm.everesttech.net — Cisco Umbrella Rank: 560
2 KB
8 bluekai.com
tags.bluekai.com — Cisco Umbrella Rank: 466
stags.bluekai.com — Cisco Umbrella Rank: 510
5 KB
7 advertising.com
ads.adaptv.advertising.com — Cisco Umbrella Rank: 1127
pixel.advertising.com — Cisco Umbrella Rank: 327
2 KB
7 eyeota.net
ps.eyeota.net — Cisco Umbrella Rank: 916
4 KB
6 audrte.com
a.audrte.com — Cisco Umbrella Rank: 3719
5 KB
6 liadm.com
i.liadm.com — Cisco Umbrella Rank: 512
i6.liadm.com — Cisco Umbrella Rank: 1514
3 KB
6 rlcdn.com
idsync.rlcdn.com — Cisco Umbrella Rank: 316
id.rlcdn.com — Cisco Umbrella Rank: 738
1 KB
6 krxd.net
usermatch.krxd.net — Cisco Umbrella Rank: 1214
beacon.krxd.net — Cisco Umbrella Rank: 408
2 KB
6 gstatic.com
www.gstatic.com
fonts.gstatic.com
217 KB
5 1rx.io
sync.1rx.io — Cisco Umbrella Rank: 528
3 KB
5 bidr.io
match.prod.bidr.io — Cisco Umbrella Rank: 524
2 KB
5 turn.com
d.turn.com — Cisco Umbrella Rank: 880
ad.turn.com — Cisco Umbrella Rank: 770
r.turn.com — Cisco Umbrella Rank: 3243
2 KB
5 sitescout.com
pixel-sync.sitescout.com — Cisco Umbrella Rank: 626
pixel.sitescout.com — Cisco Umbrella Rank: 3536
3 KB
5 consensu.org
cdn.consentmanager.mgr.consensu.org — Cisco Umbrella Rank: 16154
consentmanager.mgr.consensu.org — Cisco Umbrella Rank: 14785
83 KB
5 s-onetag.com
get.s-onetag.com — Cisco Umbrella Rank: 3723
onetag-geo.s-onetag.com — Cisco Umbrella Rank: 4374
onetag-geo-grouping.s-onetag.com — Cisco Umbrella Rank: 21950
data-beacons.s-onetag.com — Cisco Umbrella Rank: 12287
connect-metrics-collector.s-onetag.com
14 KB
4 zemanta.com
b1sync.zemanta.com — Cisco Umbrella Rank: 588
3 KB
4 dotomi.com
pubmatic-match.dotomi.com — Cisco Umbrella Rank: 3523
casale-match.dotomi.com — Cisco Umbrella Rank: 2733
1 KB
4 cognitivlabs.com
beacon.lynx.cognitivlabs.com — Cisco Umbrella Rank: 1483
1 KB
4 unrulymedia.com
sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 905
usermatch.targeting.unrulymedia.com — Cisco Umbrella Rank: 3707
2 KB
4 spotxchange.com
sync.search.spotxchange.com — Cisco Umbrella Rank: 483
3 KB
4 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 205
4 KB
4 simpli.fi
um.simpli.fi — Cisco Umbrella Rank: 745
2 KB
4 exelator.com
loadus.exelator.com — Cisco Umbrella Rank: 1333
loadm.exelator.com — Cisco Umbrella Rank: 1077
3 KB
3 clickcertain.com
a.clickcertain.com — Cisco Umbrella Rank: 3750
2 KB
3 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 165
113 KB
3 smaato.net
s.ad.smaato.net — Cisco Umbrella Rank: 707
1 KB
3 id5-sync.com
id5-sync.com — Cisco Umbrella Rank: 596
4 KB
3 onetag-sys.com
onetag-sys.com — Cisco Umbrella Rank: 1056
2 KB
3 richaudience.com
sync.richaudience.com — Cisco Umbrella Rank: 2070
673 B
3 mxptint.net
pmp.mxptint.net — Cisco Umbrella Rank: 5335
aep.mxptint.net — Cisco Umbrella Rank: 6128
2 KB
3 adentifi.com
rtb.adentifi.com — Cisco Umbrella Rank: 1228
264 B
3 owneriq.net
px.owneriq.net — Cisco Umbrella Rank: 990
2 KB
3 bnmla.com
match.bnmla.com — Cisco Umbrella Rank: 1587
2 KB
3 w55c.net
pm.w55c.net — Cisco Umbrella Rank: 876
2 KB
3 gumgum.com
rtb.gumgum.com — Cisco Umbrella Rank: 1288
625 B
3 adgrx.com
cm.adgrx.com — Cisco Umbrella Rank: 1634
2 KB
3 quantserve.com
pixel.quantserve.com — Cisco Umbrella Rank: 424
1 KB
3 adsymptotic.com
p.adsymptotic.com — Cisco Umbrella Rank: 642
696 B
3 tidaltv.com
sync.tidaltv.com — Cisco Umbrella Rank: 1197
1022 B
3 agkn.com
aa.agkn.com — Cisco Umbrella Rank: 442
2 KB
3 ml314.com
ml314.com — Cisco Umbrella Rank: 1557
1 KB
3 33across.com
cdn-tc.33across.com — Cisco Umbrella Rank: 12808
dp2.33across.com — Cisco Umbrella Rank: 8731
dp1.33across.com — Cisco Umbrella Rank: 4758
2 KB
3 pbstck.com
boot.pbstck.com — Cisco Umbrella Rank: 9083
cdn.pbstck.com — Cisco Umbrella Rank: 10234
91 KB
3 tynt.com
cdn.tynt.com — Cisco Umbrella Rank: 7672
ic.tynt.com — Cisco Umbrella Rank: 5045
de.tynt.com — Cisco Umbrella Rank: 1328
7 KB
3 dtscout.com
e.dtscout.com — Cisco Umbrella Rank: 14202
t.dtscout.com — Cisco Umbrella Rank: 11585
11 KB
2 m6r.eu
tracking.m6r.eu — Cisco Umbrella Rank: 12770
1 KB
2 eqads.com
um2.eqads.com — Cisco Umbrella Rank: 3893
563 B
2 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 546
1005 B
2 indexww.com
js-sec.indexww.com — Cisco Umbrella Rank: 636
2 KB
2 teads.tv
sync.teads.tv — Cisco Umbrella Rank: 868
638 B
2 contextweb.com
bh.contextweb.com — Cisco Umbrella Rank: 577
1 KB
2 dyntrk.com
gu.dyntrk.com — Cisco Umbrella Rank: 1261
1 KB
2 betweendigital.com
ads.betweendigital.com — Cisco Umbrella Rank: 1818
1 KB
2 smartadserver.com
sync.smartadserver.com — Cisco Umbrella Rank: 3337
1 KB
2 weborama.fr
idsync.frontend.weborama.fr — Cisco Umbrella Rank: 27256
674 B
2 emxdgt.com
cs.emxdgt.com — Cisco Umbrella Rank: 908
615 B
2 pippio.com
pippio.com — Cisco Umbrella Rank: 797
848 B
2 bidtheatre.com
match.adsby.bidtheatre.com — Cisco Umbrella Rank: 2987
1 KB
2 tribalfusion.com
a.tribalfusion.com — Cisco Umbrella Rank: 808
s.tribalfusion.com — Cisco Umbrella Rank: 2305
1 KB
2 stackadapt.com
sync.srv.stackadapt.com — Cisco Umbrella Rank: 973
906 B
2 technoratimedia.com
sync.technoratimedia.com — Cisco Umbrella Rank: 1292
1 KB
2 creativecdn.com
creativecdn.com — Cisco Umbrella Rank: 698
721 B
2 stickyadstv.com
ads.stickyadstv.com — Cisco Umbrella Rank: 677
1 KB
2 resetdigital.co
sync.resetdigital.co — Cisco Umbrella Rank: 2805
970 B
2 mookie1.com
ib.mookie1.com — Cisco Umbrella Rank: 1910
odr.mookie1.com — Cisco Umbrella Rank: 890
2 KB
2 avct.cloud
ads.avct.cloud — Cisco Umbrella Rank: 3163
896 B
2 4dex.io
script.4dex.io — Cisco Umbrella Rank: 2366
23 KB
2 affec.tv
map.go.affec.tv — Cisco Umbrella Rank: 5591
1 KB
2 btloader.com
btloader.com — Cisco Umbrella Rank: 1249
api.btloader.com — Cisco Umbrella Rank: 1475
8 KB
2 onaudience.com
pixel.onaudience.com — Cisco Umbrella Rank: 1510
719 B
2 histats.com
s10.histats.com — Cisco Umbrella Rank: 14234
s4.histats.com — Cisco Umbrella Rank: 12293
5 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 42
20 KB
1 survata.com
px.surveywall-api.survata.com — Cisco Umbrella Rank: 3204
783 B
1 brand-display.com
dmp.brand-display.com — Cisco Umbrella Rank: 1929
355 B
1 ctnsnet.com
ius.ctnsnet.com — Cisco Umbrella Rank: 6529
561 B
1 fksnk.com
fksnk.com — Cisco Umbrella Rank: 4594
621 B
1 bing.com
c.bing.com — Cisco Umbrella Rank: 273
667 B
1 smadex.com
cm.smadex.com — Cisco Umbrella Rank: 3785
531 B
1 mrtnsvr.com
ad.mrtnsvr.com — Cisco Umbrella Rank: 2371
248 B
1 ibillboard.com
bbnaut.ibillboard.com — Cisco Umbrella Rank: 20532
550 B
1 rfihub.com
p.rfihub.com — Cisco Umbrella Rank: 702
753 B
1 bttrack.com
bttrack.com — Cisco Umbrella Rank: 746
671 B
1 sharethrough.com
match.sharethrough.com — Cisco Umbrella Rank: 637
240 B
1 cookieless-data.com
js.cookieless-data.com — Cisco Umbrella Rank: 5866
535 B
1 ad4m.at
ad4m.at — Cisco Umbrella Rank: 1809
1 adition.com
dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1751
596 B
1 fwmrm.net
dmp.v.fwmrm.net — Cisco Umbrella Rank: 11738
411 B
1 taboola.com
trc.taboola.com — Cisco Umbrella Rank: 570
164 B
1 admixer.net
inv-nets.admixer.net — Cisco Umbrella Rank: 2627
584 B
1 ipredictive.com
sync.ipredictive.com — Cisco Umbrella Rank: 1187
522 B
1 linksynergy.com
tags.rd.linksynergy.com — Cisco Umbrella Rank: 4739
357 B
1 acuityplatform.com
ums.acuityplatform.com — Cisco Umbrella Rank: 1208
674 B
1 inmobi.com
mweb.ck.inmobi.com — Cisco Umbrella Rank: 4383
348 B
1 playground.xyz
ads.playground.xyz — Cisco Umbrella Rank: 4285
466 B
1 deepintent.com
match.deepintent.com — Cisco Umbrella Rank: 921
222 B
1 loopme.me
csync.loopme.me — Cisco Umbrella Rank: 1175
243 B
1 adstanding.com
rtb.adstanding.com — Cisco Umbrella Rank: 7285
357 B
1 ib-ibi.com
global.ib-ibi.com — Cisco Umbrella Rank: 1497
512 B
1 cintnetworks.com
c.cintnetworks.com — Cisco Umbrella Rank: 9279
565 B
1 avocet.io
ads.avocet.io — Cisco Umbrella Rank: 5240
204 B
1 truoptik.com
dmp.truoptik.com — Cisco Umbrella Rank: 2030
622 B
1 userreport.com
audex.userreport.com — Cisco Umbrella Rank: 4004
433 B
1 rqtrk.eu
wt.rqtrk.eu — Cisco Umbrella Rank: 10474
351 B
1 prmutv.co
00917082-71e9-498e-8343-00c3df06b798.prmutv.co — Cisco Umbrella Rank: 100469
316 B
1 bkrtx.com
tags.bkrtx.com — Cisco Umbrella Rank: 3720
16 KB
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 440
1 KB
1 permutive.app
00917082-71e9-498e-8343-00c3df06b798.edge.permutive.app — Cisco Umbrella Rank: 56901
146 KB
1 videoplayerhub.com
network-n-com.videoplayerhub.com — Cisco Umbrella Rank: 58843
531 B
1 dtssrv.com
a.dtssrv.com — Cisco Umbrella Rank: 24712
655 B
1 dtscdn.com
t.dtscdn.com — Cisco Umbrella Rank: 12939
406 B
1 criteo.net
static.criteo.net — Cisco Umbrella Rank: 645
40 KB
1 bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 680
6 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 78
36 KB
582 147
Domain Requested by
55 cm.g.doubleclick.net 26 redirects bcp.crwdcntrl.net
spl.zeotap.com
ads.us.e-planning.net
googleads.g.doubleclick.net
eb2.3lift.com
ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
29 pagead2.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
srcdoc
ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
googleads.g.doubleclick.net
www.googletagservices.com
26 live.primis.tech 3 redirects kumo.network-n.com
live.primis.tech
ads.pubmatic.com
26 dl-file.com 1 redirects dl-file.com
22 dsum-sec.casalemedia.com 3 redirects ssum.casalemedia.com
ssum-sec.casalemedia.com
googleads.g.doubleclick.net
um2.eqads.com
22 simage2.pubmatic.com 15 redirects ads.pubmatic.com
19 s0.2mdn.net imasdk.googleapis.com
dl-file.com
s0.2mdn.net
ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
18 image8.pubmatic.com 10 redirects ads.pubmatic.com
18 sync.intentiq.com 14 redirects ads.pubmatic.com
16 video.primis.tech live.primis.tech
16 x.bidswitch.net 15 redirects
16 ib.adnxs.com 12 redirects 00917082-71e9-498e-8343-00c3df06b798.edge.permutive.app
spl.zeotap.com
googleads.g.doubleclick.net
15 tpc.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
15 mwzeom.zeotap.com 1 redirects dl-file.com
spl.zeotap.com
15 kumo.network-n.com dl-file.com
kumo.network-n.com
14 match.adsrvr.org 13 redirects live.primis.tech
13 ih.adscale.de 1 redirects js.adscale.de
ih.adscale.de
12 eb2.3lift.com 5 redirects live.primis.tech
eb2.3lift.com
12 sync.mathtag.com 12 redirects
12 sync.crwdcntrl.net bcp.crwdcntrl.net
10 ups.analytics.yahoo.com 7 redirects
10 bcp.crwdcntrl.net 1 redirects tags.crwdcntrl.net
bcp.crwdcntrl.net
10 pixel.tapad.com 9 redirects sync.go.sonobi.com
10 secure.adnxs.com 9 redirects dl-file.com
9 sync.quantumdex.io ads.us.e-planning.net
sync.quantumdex.io
ssum-sec.casalemedia.com
9 ads3.admatic.com.tr cdn.admatic.com.tr
s.console.adtarget.com.tr
9 sync.go.sonobi.com 2 redirects sync.quantumdex.io
sync.go.sonobi.com
9 c.amazon-adsystem.com kumo.network-n.com
c.amazon-adsystem.com
live.primis.tech
8 image2.pubmatic.com 3 redirects ads.pubmatic.com
8 sync.console.adtarget.com.tr s.console.adtarget.com.tr
ads.us.e-planning.net
js.adscale.de
8 sync-tm.everesttech.net 8 redirects
8 api.permutive.com 00917082-71e9-498e-8343-00c3df06b798.edge.permutive.app
8 securepubads.g.doubleclick.net kumo.network-n.com
securepubads.g.doubleclick.net
imasdk.googleapis.com
7 ps.eyeota.net 4 redirects dl-file.com
s.console.adtarget.com.tr
6 googleads4.g.doubleclick.net dl-file.com
6 googleads.g.doubleclick.net ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
dl-file.com
6 a.audrte.com 3 redirects ads.us.e-planning.net
a.audrte.com
s.console.adtarget.com.tr
6 u-iad04.e-planning.net ads.us.e-planning.net
ssum.casalemedia.com
6 pixel.rubiconproject.com 1 redirects ads.us.e-planning.net
sync.go.sonobi.com
6 api.intentiq.com 4 redirects data-beacons.s-onetag.com
6 gum.criteo.com 3 redirects static.criteo.net
6 ap.lijit.com 3 redirects dl-file.com
6 tags.bluekai.com 2 redirects dl-file.com
bcp.crwdcntrl.net
spl.zeotap.com
5 pixel.advertising.com 5 redirects
5 imasdk.googleapis.com live.primis.tech
imasdk.googleapis.com
5 s.amazon-adsystem.com 2 redirects spl.zeotap.com
ssum.casalemedia.com
eb2.3lift.com
5 adservice.google.com securepubads.g.doubleclick.net
imasdk.googleapis.com
5 pr-bh.ybp.yahoo.com 2 redirects ads.pubmatic.com
ssum.casalemedia.com
ssum-sec.casalemedia.com
5 sync.1rx.io 5 redirects
5 match.prod.bidr.io 5 redirects
5 c1.adform.net 4 redirects ads.pubmatic.com
5 fonts.gstatic.com fonts.googleapis.com
5 ssum-sec.casalemedia.com 2 redirects ssum.casalemedia.com
sync.quantumdex.io
js-sec.indexww.com
5 ads.pubmatic.com live.primis.tech
s.console.adtarget.com.tr
ads.pubmatic.com
ads.us.e-planning.net
5 fonts.googleapis.com dl-file.com
live.primis.tech
s0.2mdn.net
5 token.rubiconproject.com 4 redirects bcp.crwdcntrl.net
5 i.liadm.com 5 redirects
5 mug.criteo.com
5 sync.sharethis.com dl-file.com
bcp.crwdcntrl.net
5 idsync.rlcdn.com 3 redirects dl-file.com
ads.pubmatic.com
5 tags.crwdcntrl.net e.dtscout.com
cdn-tc.33across.com
tags.crwdcntrl.net
s.e-planning.net
5 www.google.com dl-file.com
tpc.googlesyndication.com
ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
4 b1sync.zemanta.com 4 redirects
4 ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com securepubads.g.doubleclick.net
4 beacon.lynx.cognitivlabs.com 3 redirects ads.pubmatic.com
4 u.openx.net 4 redirects
4 sync.search.spotxchange.com 4 redirects
4 pixel-sync.sitescout.com 4 redirects
4 dpm.demdex.net 4 redirects
4 ce.lijit.com 2 redirects
4 um.simpli.fi 4 redirects
4 beacon.krxd.net dl-file.com
bcp.crwdcntrl.net
spl.zeotap.com
4 t.sharethis.com pd.sharethis.com
t.sharethis.com
3 ade.googlesyndication.com
3 a.clickcertain.com 3 redirects
3 ads4.admatic.com.tr 3 redirects
3 www.googletagservices.com ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
3 s.ad.smaato.net 2 redirects sync.quantumdex.io
3 id5-sync.com 2 redirects sync.go.sonobi.com
live.primis.tech
3 dsum.casalemedia.com ssum.casalemedia.com
ssum-sec.casalemedia.com
3 onetag-sys.com 1 redirects ads.us.e-planning.net
sync.quantumdex.io
3 sync.richaudience.com 2 redirects ads.us.e-planning.net
3 rtb.adentifi.com ads.pubmatic.com
ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
ssum-sec.casalemedia.com
3 ad.turn.com 3 redirects
3 px.owneriq.net 3 redirects
3 match.bnmla.com 3 redirects
3 pm.w55c.net 3 redirects
3 rtb.gumgum.com ads.pubmatic.com
3 sync.targeting.unrulymedia.com 3 redirects
3 cm.adgrx.com 3 redirects
3 js.adscale.de s.console.adtarget.com.tr
js.adscale.de
ih.adscale.de
3 pixel.quantserve.com 2 redirects
3 p.adsymptotic.com 2 redirects eb2.3lift.com
3 sync.tidaltv.com 3 redirects
3 aa.agkn.com 2 redirects bcp.crwdcntrl.net
3 ml314.com 1 redirects dl-file.com
bcp.crwdcntrl.net
3 cdn.consentmanager.mgr.consensu.org kumo.network-n.com
consentmanager.mgr.consensu.org
3 pd.sharethis.com e.dtscout.com
dl-file.com
t.sharethis.com
2 tracking.m6r.eu 2 redirects
2 um2.eqads.com 1 redirects ssum-sec.casalemedia.com
2 casale-match.dotomi.com 2 redirects
2 px.ads.linkedin.com 2 redirects
2 js-sec.indexww.com live.primis.tech
ssum-sec.casalemedia.com
2 sync.teads.tv 1 redirects googleads.g.doubleclick.net
2 us-u.openx.net 1 redirects googleads.g.doubleclick.net
2 bh.contextweb.com 2 redirects
2 gu.dyntrk.com 2 redirects
2 ads.betweendigital.com 2 redirects
2 sync.e-planning.net ads.us.e-planning.net
sync.quantumdex.io
2 tlx.3lift.com live.primis.tech
2 ads.adaptv.advertising.com live.primis.tech
2 htlb.casalemedia.com live.primis.tech
2 sync.smartadserver.com 2 redirects
2 idsync.frontend.weborama.fr 2 redirects
2 dmp.adform.net 1 redirects spl.zeotap.com
2 ssum.casalemedia.com 1 redirects ads.us.e-planning.net
2 eus.rubiconproject.com ads.us.e-planning.net
eus.rubiconproject.com
2 cs.emxdgt.com 2 redirects
2 s.e-planning.net ads.us.e-planning.net
2 rtb.openx.net 2 redirects
2 loadm.exelator.com 1 redirects bcp.crwdcntrl.net
2 pmp.mxptint.net 1 redirects ads.pubmatic.com
2 pubmatic-match.dotomi.com 2 redirects
2 image4.pubmatic.com ads.pubmatic.com
2 pippio.com 2 redirects
2 match.adsby.bidtheatre.com 2 redirects
2 sync.srv.stackadapt.com 2 redirects
2 dis.criteo.com 2 redirects
2 sync.technoratimedia.com 2 redirects
2 cdn.admatic.com.tr s.console.adtarget.com.tr
cdn.admatic.com.tr
2 ads.us.e-planning.net 1 redirects s.console.adtarget.com.tr
2 creativecdn.com 2 redirects
2 image6.pubmatic.com 1 redirects ads.pubmatic.com
2 hbopenbid.pubmatic.com live.primis.tech
2 ads.stickyadstv.com live.primis.tech
2 sync.resetdigital.co 2 redirects
2 ads.avct.cloud 2 redirects
2 script.4dex.io kumo.network-n.com
script.4dex.io
2 stags.bluekai.com 1 redirects tags.bkrtx.com
2 cdn.pbstck.com boot.pbstck.com
2 loadus.exelator.com 2 redirects
2 spl.zeotap.com 1 redirects ads.us.e-planning.net
2 usermatch.krxd.net 2 redirects
2 map.go.affec.tv 1 redirects dl-file.com
2 consentmanager.mgr.consensu.org kumo.network-n.com
2 pixel.onaudience.com 2 redirects
2 t.dtscout.com e.dtscout.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
1 connect-metrics-collector.s-onetag.com get.s-onetag.com
1 px.surveywall-api.survata.com 1 redirects
1 adscale-emea.adnxs.com 1 redirects
1 dmp.brand-display.com 1 redirects
1 aep.mxptint.net 1 redirects
1 ius.ctnsnet.com 1 redirects
1 fksnk.com 1 redirects
1 r.turn.com
1 track.adform.net 1 redirects
1 simage4.pubmatic.com ads.pubmatic.com
1 c.bing.com eb2.3lift.com
1 cm.smadex.com 1 redirects
1 ad.mrtnsvr.com 1 redirects
1 bbnaut.ibillboard.com 1 redirects
1 p.rfihub.com 1 redirects
1 bttrack.com 1 redirects
1 ads.yahoo.com ads.us.e-planning.net
1 id.rlcdn.com ads.us.e-planning.net
1 usermatch.targeting.unrulymedia.com sync.quantumdex.io
1 match.sharethrough.com 1 redirects
1 pixel-us-east.rubiconproject.com 1 redirects
1 js.cookieless-data.com s.e-planning.net
1 ad4m.at ssum.casalemedia.com
1 odr.mookie1.com 1 redirects
1 cms.analytics.yahoo.com 1 redirects
1 dsp.adfarm1.adition.com 1 redirects
1 dmp.v.fwmrm.net spl.zeotap.com
1 trc.taboola.com spl.zeotap.com
1 i.e-planning.net ads.us.e-planning.net
1 secure-assets.rubiconproject.com 1 redirects
1 pixel.sitescout.com 1 redirects
1 inv-nets.admixer.net 1 redirects
1 sync.ipredictive.com 1 redirects
1 tags.rd.linksynergy.com 1 redirects
1 ums.acuityplatform.com 1 redirects
1 mweb.ck.inmobi.com 1 redirects
1 s.tribalfusion.com ads.pubmatic.com
1 a.tribalfusion.com 1 redirects
1 ads.playground.xyz 1 redirects
1 match.deepintent.com ads.pubmatic.com
1 cm.adform.net s.console.adtarget.com.tr
1 csync.loopme.me 1 redirects
1 rtb.adstanding.com 1 redirects
1 s.console.adtarget.com.tr live.primis.tech
1 i6.liadm.com
1 d.turn.com 1 redirects
1 ib.mookie1.com bcp.crwdcntrl.net
1 global.ib-ibi.com 1 redirects
1 c.cintnetworks.com bcp.crwdcntrl.net
1 ads.avocet.io 1 redirects
1 dmp.truoptik.com 1 redirects
1 audex.userreport.com bcp.crwdcntrl.net
1 wt.rqtrk.eu bcp.crwdcntrl.net
1 cdn.permutive.com 00917082-71e9-498e-8343-00c3df06b798.edge.permutive.app
1 00917082-71e9-498e-8343-00c3df06b798.prmutv.co 00917082-71e9-498e-8343-00c3df06b798.edge.permutive.app
1 api.btloader.com dl-file.com
1 tags.bkrtx.com pd.sharethis.com
1 data-beacons.s-onetag.com get.s-onetag.com
1 dp1.33across.com 1 redirects
1 dp2.33across.com 1 redirects
1 cdn-tc.33across.com de.tynt.com
1 boot.pbstck.com kumo.network-n.com
1 cdn.jsdelivr.net kumo.network-n.com
1 00917082-71e9-498e-8343-00c3df06b798.edge.permutive.app kumo.network-n.com
1 btloader.com dl-file.com
1 network-n-com.videoplayerhub.com 1 redirects
1 onetag-geo-grouping.s-onetag.com get.s-onetag.com
1 de.tynt.com cdn.tynt.com
1 ic.tynt.com dl-file.com
1 onetag-geo.s-onetag.com get.s-onetag.com
1 a.dtssrv.com e.dtscout.com
1 t.dtscdn.com e.dtscout.com
1 cdn.tynt.com e.dtscout.com
1 get.s-onetag.com e.dtscout.com
1 e.dtscout.com s4.histats.com
1 s4.histats.com s10.histats.com
1 s10.histats.com dl-file.com
1 www.gstatic.com www.google.com
1 static.criteo.net dl-file.com
1 maxcdn.bootstrapcdn.com dl-file.com
1 www.googletagmanager.com dl-file.com
582 229
Subject Issuer Validity Valid
dl-file.com
R3
2021-11-02 -
2022-01-31
3 months crt.sh
*.google-analytics.com
GTS CA 1C3
2021-12-27 -
2022-03-21
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2021-03-01 -
2022-02-28
a year crt.sh
www.google.com
GTS CA 1C3
2021-12-27 -
2022-03-21
3 months crt.sh
*.criteo.net
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2021-12-01 -
2022-02-24
3 months crt.sh
kumo.network-n.com
R3
2022-01-12 -
2022-04-12
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2021-12-27 -
2022-03-21
3 months crt.sh
histats.com
R3
2022-01-21 -
2022-04-21
3 months crt.sh
*.dtscout.com
Sectigo RSA Domain Validation Secure Server CA
2021-10-28 -
2022-11-27
a year crt.sh
*.s-onetag.com
Amazon
2022-01-04 -
2023-02-01
a year crt.sh
sharethis.com
Amazon
2021-07-21 -
2022-08-19
a year crt.sh
*.tynt.com
Sectigo RSA Domain Validation Secure Server CA
2021-09-23 -
2022-09-30
a year crt.sh
*.crwdcntrl.net
Go Daddy Secure Certificate Authority - G2
2021-04-29 -
2022-05-31
a year crt.sh
*.dtscdn.com
Sectigo RSA Domain Validation Secure Server CA
2021-11-04 -
2022-12-04
a year crt.sh
odc-pixel-prod-01.oracle.com
DigiCert SHA2 Secure Server CA
2021-11-24 -
2022-04-26
5 months crt.sh
*.g.doubleclick.net
GTS CA 1C3
2021-12-27 -
2022-03-21
3 months crt.sh
cert1.a1.atm.aqfer.net
R3
2022-01-20 -
2022-04-20
3 months crt.sh
1376624012.rsc.cdn77.org
R3
2021-12-02 -
2022-03-02
3 months crt.sh
consentmanager.mgr.consensu.org
R3
2021-12-31 -
2022-03-31
3 months crt.sh
permutive.app
Cloudflare Inc ECC CA-3
2022-01-16 -
2022-04-16
3 months crt.sh
c.amazon-adsystem.com
Amazon
2021-07-06 -
2022-06-27
a year crt.sh
pbstck.com
Cloudflare Inc ECC CA-3
2021-08-04 -
2022-08-03
a year crt.sh
*.33across.com
Sectigo RSA Domain Validation Secure Server CA
2021-09-23 -
2022-09-30
a year crt.sh
*.bkrtx.com
DigiCert SHA2 Secure Server CA
2021-04-02 -
2022-04-07
a year crt.sh
api.btloader.com
GTS CA 1D4
2021-12-25 -
2022-03-25
3 months crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2021-12-01 -
2022-02-26
3 months crt.sh
*.prmutv.co
R3
2022-01-19 -
2022-04-19
3 months crt.sh
*.adnxs.com
GeoTrust ECC CA 2018
2021-03-05 -
2022-02-19
a year crt.sh
permutive.com
Cloudflare Inc ECC CA-3
2021-03-02 -
2022-03-01
a year crt.sh
primis.tech
Go Daddy Secure Certificate Authority - G2
2021-10-29 -
2022-06-18
8 months crt.sh
api.permutive.com
R3
2021-12-20 -
2022-03-20
3 months crt.sh
*.intentiq.com
Amazon
2021-04-04 -
2022-05-03
a year crt.sh
*.rqtrk.eu
RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1
2021-06-18 -
2022-06-18
a year crt.sh
*.userreport.com
Amazon
2022-01-19 -
2023-02-17
a year crt.sh
*.cintnetworks.com
DigiCert TLS RSA SHA256 2020 CA1
2021-10-04 -
2022-11-04
a year crt.sh
beacon.krxd.net
DigiCert TLS RSA SHA256 2020 CA1
2021-11-03 -
2022-11-02
a year crt.sh
*.ml314.com
Amazon
2021-12-17 -
2023-01-14
a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1
2021-03-30 -
2022-04-04
a year crt.sh
*.agkn.com
RapidSSL RSA CA 2018
2020-07-25 -
2022-09-18
2 years crt.sh
upload.video.google.com
GTS CA 1C3
2021-12-27 -
2022-03-21
3 months crt.sh
*.pubmatic.com
DigiCert SHA2 Secure Server CA
2021-03-30 -
2022-04-04
a year crt.sh
s.console.adtarget.com.tr
ZeroSSL ECC Domain Secure Site CA
2021-11-29 -
2022-02-27
3 months crt.sh
*.quantserve.com
DigiCert TLS RSA SHA256 2020 CA1
2021-09-22 -
2022-09-21
a year crt.sh
*.stickyadstv.com
DigiCert TLS RSA SHA256 2020 CA1
2022-01-12 -
2023-02-12
a year crt.sh
sync.console.adtarget.com.tr
R3
2021-11-28 -
2022-02-26
3 months crt.sh
ads.us.e-planning.net
R3
2021-12-17 -
2022-03-17
3 months crt.sh
*.adscale.de
Amazon
2021-08-08 -
2022-09-06
a year crt.sh
*.adform.net
DigiCert TLS RSA SHA256 2020 CA1
2021-05-28 -
2022-06-15
a year crt.sh
cdn.admatic.com.tr
R3
2022-01-06 -
2022-04-06
3 months crt.sh
track.adform.net
DigiCert TLS RSA SHA256 2020 CA1
2021-09-06 -
2022-10-07
a year crt.sh
*.deepintent.com
Go Daddy Secure Certificate Authority - G2
2020-04-09 -
2022-06-08
2 years crt.sh
*.gumgum.com
Amazon
2021-10-15 -
2022-11-12
a year crt.sh
beacon.lynx.cognitivlabs.com
Amazon
2021-04-28 -
2022-05-27
a year crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA
2022-01-18 -
2022-07-13
6 months crt.sh
adentifi.com
Amazon
2021-09-04 -
2022-10-03
a year crt.sh
*.audrte.com
Amazon
2021-01-26 -
2022-02-24
a year crt.sh
*.e-planning.net
R3
2021-12-30 -
2022-03-30
3 months crt.sh
san.casalemedia.com
GeoTrust RSA CA 2018
2021-12-12 -
2022-12-13
a year crt.sh
i.e-planning.net
Sectigo RSA Domain Validation Secure Server CA
2021-02-03 -
2022-03-06
a year crt.sh
*.onetag-sys.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-01-10 -
2023-01-03
a year crt.sh
*.google.com
GTS CA 1C3
2021-12-27 -
2022-03-21
3 months crt.sh
ads4.admatic.com.tr
R3
2022-01-04 -
2022-04-04
3 months crt.sh
*.taboola.com
DigiCert TLS RSA SHA256 2020 CA1
2021-11-28 -
2022-12-29
a year crt.sh
*.v.fwmrm.net
DigiCert TLS RSA SHA256 2020 CA1
2021-11-29 -
2022-12-30
a year crt.sh
tpc.googlesyndication.com
GTS CA 1C3
2021-12-27 -
2022-03-21
3 months crt.sh
*.v.ssp.yahoo.com
DigiCert SHA2 High Assurance Server CA
2021-10-19 -
2022-04-13
6 months crt.sh
*.3lift.com
Amazon
2021-06-12 -
2022-07-11
a year crt.sh
js.cookieless-data.com
R3
2021-12-08 -
2022-03-08
3 months crt.sh
s.ad.smaato.net
Amazon
2021-09-21 -
2022-10-20
a year crt.sh
*.targeting.unrulymedia.com
DigiCert SHA2 Secure Server CA
2020-05-04 -
2022-05-09
2 years crt.sh
*.go.sonobi.com
Go Daddy Secure Certificate Authority - G2
2021-12-08 -
2023-01-09
a year crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA
2021-02-25 -
2022-03-28
a year crt.sh
*.doubleclick.net
GTS CA 1C3
2021-12-27 -
2022-03-21
3 months crt.sh
*.id5-sync.com
R3
2021-12-20 -
2022-03-20
3 months crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020
2021-03-18 -
2022-04-19
a year crt.sh
www.bing.com
Microsoft RSA TLS CA 01
2021-12-22 -
2022-06-22
6 months crt.sh
s.amazon-adsystem.com
Amazon
2021-07-14 -
2022-06-27
a year crt.sh
um3.eqads.com
Amazon
2021-06-26 -
2022-07-25
a year crt.sh
*.exelator.com
DigiCert TLS RSA SHA256 2020 CA1
2021-06-02 -
2022-06-07
a year crt.sh
*.eyeota.net
R3
2022-01-04 -
2022-04-04
3 months crt.sh

This page contains 87 frames:

Primary Page: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Frame ID: E3B9FD0D25189F79D94E64280A6C586C
Requests: 141 HTTP requests in this frame

Frame: https://t.dtscout.com/idg/?su=4C301643279761416951F781EEC0871E
Frame ID: 57C07DC3C37FE428B8C3D7A59CCD04EF
Requests: 1 HTTP requests in this frame

Frame: https://t.sharethis.com/a/t_.htm?ver=1.825.22796&cid=c010&cls=C
Frame ID: D7BF10E9DEA26A37787ABF8BB8802473
Requests: 1 HTTP requests in this frame

Frame: https://t.sharethis.com/1.825.22796/a/CA/t_.js?cid=c010&cls=C
Frame ID: DAFCE1361D050CDAC0B666DD84334B52
Requests: 7 HTTP requests in this frame

Frame: https://cdn-tc.33across.com/lotame-sync.html
Frame ID: 84410A0A841A19E0E9949EAA45F3A86C
Requests: 3 HTTP requests in this frame

Frame: https://pd.sharethis.com/pd/test_oracle
Frame ID: 1811FFCFC8CB5798265DC02F8DEB606E
Requests: 2 HTTP requests in this frame

Frame: https://stags.bluekai.com/site/59574?ret=html&phint=id%3DZGoABWHydZEAAAAIMeZBAw%3D%3D&phint=__bk_k%3D&phint=__bk_l%3Dhttps%3A%2F%2Ft.sharethis.com%2Fa%2Ft_.htm%3Fver%3D1.825.22796%26cid%3Dc010%26cls%3DC&phint=__bk_v%3D3.1.10&limit=5&r=47982063
Frame ID: 561DFF88A17D6FAFB11D9DB68E201BE7
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=dl-file.com
Frame ID: 18AB2D43D890529FCA40BCC53263D80F
Requests: 2 HTTP requests in this frame

Frame: https://live.primis.tech/live/liveView.php?schain=1.0,1!network-n.com,pa_f06496e7,1&cbuster=1643279761715&subId=[SUBID_ENCODED]&pubUrl=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&s=109741&cbuster=1643279762&pubUrlAuto=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=&videoHelperParam=JTdCJTIycHJpbWlzX2N1c3RvbV90YXJnZXQlMjIlM0ElN0IlMjJ1cmwlMjIlM0ElMjIlMkZnNnprcGN6Z2hxZHIlMkZCYW5rc18yMDEyX0NoZXZ5MTMxMjE3LnJhciUyMiU3RCU3RA==
Frame ID: FC14F72F416B0FC71305867EF76BF8F3
Requests: 47 HTTP requests in this frame

Frame: https://tags.crwdcntrl.net/lt/shared/2/lt.iframe.html?c=3825
Frame ID: 35499B430749FFF7B4253E3172E68361
Requests: 1 HTTP requests in this frame

Frame: https://bcp.crwdcntrl.net/pixels?s=150%2C116%2C115%2C106%2C104%2C97%2C94%2C92%2C81%2C80%2C78%2C65%2C61%2C50%2C38%2C33%2C31%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Frame ID: 1DEC4156C57B48ECDCC054E51C226B5F
Requests: 24 HTTP requests in this frame

Frame: https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=15&eid=19&aw=468&ah=60&pagePos=1&vip=true&secure=1&sub_eid=15052&maxed=1&rnd=82651
Frame ID: 6630DD1B404EB7D66398C541C949E767
Requests: 1 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Roboto&display=swap
Frame ID: CDD83F6952618527B94BDB066BF17DB3
Requests: 9 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D0%26gdpr_consent%3D
Frame ID: 0AD5C3B6074752A88C801E57EA80385F
Requests: 22 HTTP requests in this frame

Frame: https://live.primis.tech/live/liveCS.php?source=external&csuuid=61f275927240c&pixel=&advId=94&advUuid=ecee3721-7f5c-11ec-b664-12d4f2240203
Frame ID: 5EB97A727453F5E81390B883029FBC60
Requests: 1 HTTP requests in this frame

Frame: https://live.primis.tech/live/liveCS.php?source=external&csuuid=61f275927240c&pixel=&advId=98&advUuid=ac5a11b0-0971-42c2-ad24-0fb13e7291d4
Frame ID: 404A848AE805C07D6C2E7684E190CCE0
Requests: 1 HTTP requests in this frame

Frame: https://s.console.adtarget.com.tr/sync.html?aid=556966
Frame ID: D0F54C9A46ADF182074459D49593B87F
Requests: 3 HTTP requests in this frame

Frame: https://sync.console.adtarget.com.tr/csync?t=a&ep=307080&extuid=ZugxgMfMSiDFdMdGSo7L&pi=admatic&tc=1
Frame ID: D1971D2502C36B89B550FDA01B25CEBE
Requests: 1 HTTP requests in this frame

Frame: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Frame ID: 80384E7A6AEFA2A8B5678DDAD798A7EB
Requests: 14 HTTP requests in this frame

Frame: https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
Frame ID: 2949AE9857FFB43E4D8A5F49AE1B853D
Requests: 5 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307406%26extuid%3D
Frame ID: D82B250C208CECBBB76B65563B3BFBAC
Requests: 1 HTTP requests in this frame

Frame: https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307457%26extuid%3D%24UID
Frame ID: E1898C465FC632FC545C5F10CAF8083B
Requests: 1 HTTP requests in this frame

Frame: https://cdn.admatic.com.tr/user
Frame ID: CBA8DD552AC6D53279EE161B263ADABA
Requests: 10 HTTP requests in this frame

Frame: https://sync.console.adtarget.com.tr/csync?t=a&ep=502624&extuid=${USER_ID}
Frame ID: 404D87D9E219F0EB42E17FC393F94197
Requests: 1 HTTP requests in this frame

Frame: https://sync.console.adtarget.com.tr/csync?t=a&ep=544989&extuid=${USER_ID}
Frame ID: 7ACEE582D049DD2DA4CDD50E58756C69
Requests: 1 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=B09EB3C0-DC2F-4842-9351-62624B73CF07
Frame ID: 3CCBDD3B0071FD0C7556574C8254764E
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YfJ1kgABr3rv_ABH&gdpr=0&gdpr_consent=
Frame ID: 75D4673E9C559AD2C66B63BBD5C18072
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:ae5661f2-7593-4600-a67e-b76a480711f0&gdpr=0&gdpr_consent=
Frame ID: E2C880BD6FFAFBA3EE08FC7A9244D7D1
Requests: 1 HTTP requests in this frame

Frame: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Frame ID: D7F6E9EFEAC73134AA5609099D3BBD06
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
Frame ID: 05D80AEADAAC34D95DE2FAD4C091F32E
Requests: 1 HTTP requests in this frame

Frame: https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
Frame ID: 72E5EA52D57C529D3F92A30BC6629252
Requests: 1 HTTP requests in this frame

Frame: https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=541745869&mi=10&csh=1725065545;1402230080;1709765917;1486637409;1072441116;1678944572;396218182&rnd=-1741579180&pcid=RX-34bda023-e7fb-4006-a037-75451037f05f-005
Frame ID: 8570DAB20E0B678F77661263E1AD3DCE
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
Frame ID: A401CCC1AA2A42E560B0211BA0618E28
Requests: 1 HTTP requests in this frame

Frame: https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=B09EB3C0-DC2F-4842-9351-62624B73CF07
Frame ID: C071B28743A5DD978C46400FAE958EF7
Requests: 1 HTTP requests in this frame

Frame: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Frame ID: 3223CFBD71A3AAA1F903CB46DC833E7A
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:3839d6e9-2d72-4fa4-b31f-02c90b6d8112&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Frame ID: 3126CE134E03C7A21C1637FB2B056D6E
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
Frame ID: A1472CC1B4365363D1E071C6BA37C4F1
Requests: 1 HTTP requests in this frame

Frame: https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=541745869&mi=10&csh=1725065545;1402230080;1709765917;1486637409;1072441116;1678944572;396218182&rnd=-770594566&pcid=RX-a90002de-8bb6-4b1f-b058-c4573ef93963-005
Frame ID: AE4D16BC868663A3011C275142046888
Requests: 1 HTTP requests in this frame

Frame: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Frame ID: ECD925B02D071720611430E60A130AC2
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:acc014df-3d8c-451a-8877-463a39727408&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Frame ID: C81434BF71B2E65844804549190A389A
Requests: 1 HTTP requests in this frame

Frame: https://live.primis.tech/live/liveCS.php?source=external&csuuid=61f275927240c&pixel=&advId=91&advUuid=B09EB3C0-DC2F-4842-9351-62624B73CF07&gdpr=0&gdpr_consent=
Frame ID: 5436A369861F2766B34431A3F5B43A9A
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Frame ID: DC18538A05DA5D4B2694A12E06C4B621
Requests: 11 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D6ee78b0b29ddbac9%26uid%3D
Frame ID: 20D6E1D757802EA2623B32F396EB9538
Requests: 1 HTTP requests in this frame

Frame: https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D6ee78b0b29ddbac9%26uid%3D
Frame ID: 68C61A736EE8548E42534CCF1EDCF68B
Requests: 10 HTTP requests in this frame

Frame: https://i.e-planning.net/esb/4/1/3fb8/2c3914c3ca0f7642/navegg_2022_01_br.html
Frame ID: 97421A2CE42038D22EF30183D1F752E9
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=5927d926323dc2c
Frame ID: 4B3B8715626AD5153C2085687EF2302C
Requests: 1 HTTP requests in this frame

Frame: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Frame ID: 5B2B0D5781677B939F0A35C1F4A6E7D8
Requests: 23 HTTP requests in this frame

Frame: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: C3C3E00D54D101BCCC3DD22E1A2F4C7C
Requests: 1 HTTP requests in this frame

Frame: https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
Frame ID: 071BA7FB53C982E42038AC6E071E9CC4
Requests: 2 HTTP requests in this frame

Frame: https://sync.quantumdex.io/usersync/e-planning
Frame ID: FF8967E0477248F324E126E8BAEBFDC6
Requests: 10 HTTP requests in this frame

Frame: https://sync.console.adtarget.com.tr/csync?t=a&ep=307442&extuid=AIvLaQZZ2AqDaJmF
Frame ID: 5A92505CA9F724FB32C18A4A299FE7CC
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: E960DC92151BE1126F239F422F9A84B6
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: EB14117DD41A200FBD33A1786C7983CA
Requests: 2 HTTP requests in this frame

Frame: https://usermatch.targeting.unrulymedia.com/pbsync?gdpr=${GDPR}&consent=${GDPR_CONSENT}&us_privacy=${US_PRIVACY}&rurl=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dunruly%26uid%3D%24UID
Frame ID: A02EB7D0ED464CFD3CB1F5B62D5B9404
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=2bb78272a859ca6
Frame ID: A4CED9352365A4C821819317DF94BE4B
Requests: 1 HTTP requests in this frame

Frame: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
Frame ID: 393270260EB684786EEC47891FA6CDA1
Requests: 10 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Frame ID: 8E918C2D77D683ECA55A5143EDBF8464
Requests: 10 HTTP requests in this frame

Frame: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Frame ID: BFE31A8DF02CB8B809D94D5DDE36E849
Requests: 11 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.496.0_en.html
Frame ID: 0665AE455EF4350D1C58C0B8B0E17001
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 8FA060E10A7C3D41C979867D729F3F3A
Requests: 1 HTTP requests in this frame

Frame: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 02E6611F2363EB74910350351F0E82A8
Requests: 16 HTTP requests in this frame

Frame: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 06BCE5A627DCA6A121BB73F17DDE6EA7
Requests: 16 HTTP requests in this frame

Frame: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 9EA95C1DDE288ECF3BC0E5C931C85596
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxDOyFUYqtv-lwEwAQ&v=APEucNXPqp6tA6JWnm2P2S0MkIL7uRBqYuf_170lSz3eknW78D_-HtZkYPjvI9kbaUVl-wf7gH7eDmA6jsTRhFY_mzZDqmfzgFSnfC07TZ43WoTiV6lUsKw
Frame ID: FD869FE94885B8552C0A2D62145DA294
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxDOyFUYwb2AmAEwAQ&v=APEucNXMYZOXTcdY7GWvxkNoiYlWJTEhnaWkWh1a2gepYKt99aMSBHpjZo42JyibToOpucuWSxiDkkcubmJ6OK_5eZq66ZznvqNNrnMOEjUcFXawgz4MrHQ
Frame ID: FB94E35AE4D25A0D17A52E7E7C2EB164
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxDOyFUYwb2AmAEwAQ&v=APEucNWTFHbiANL6APf_nVc0BitJ-_rkdgZ3JseZsUsmtLUJgMeOQh999ZvUc04E_JTN7YcS7xQwNUsilVfezBKdZiMkp6uLAxb67eXzsxyeR1-kznqCLyE
Frame ID: 6B0B5B0E5991A9A50926BCED5AE92B17
Requests: 5 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595
Frame ID: A5FDF5B1152133B66FAA09F77CDE9FF5
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 389AB6195D6F6E6B6EA7B129BFA1B4CF
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: 8FE5C87E6846BB06C9CE5CA8ED5A7107
Requests: 11 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/10923079013338997224/index.html
Frame ID: 60222B70E1645FFF8C4C4596892342D8
Requests: 7 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: AEF8D8A1E2E3F3095AEAB08A24175164
Requests: 9 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.496.0_en.html
Frame ID: 00A995B148A9E930A38D3C5F7D4EEF81
Requests: 2 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/10923079013338997224/index.html
Frame ID: 031E3946C372DACD3FC5F2D7FF636279
Requests: 7 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 14D99EEB9D7B1E2B9BA9BE3C312DB586
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/16862631110216872732/index.html
Frame ID: 5BF710A64746904FA51CE1CBF52866D0
Requests: 7 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: A0E88EC7778EEBF1BBB1774AF0D60591
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 12CB87E1FF733B75097EA44F53B6A69B
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 80BE47327186AAC5E2A95623F3182214
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 10626A729DCEE0814DE51B642D79EFFD
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 139D21852DC7AFD66B1D9A149DFEE58F
Requests: 3 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?gdpr=0&gdpr_consent=&d=https://dl-file.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Frame ID: E973F9A4CF2645883749CD72FC6CC88D
Requests: 9 HTTP requests in this frame

Frame: https://um2.eqads.com/um/cs&eq_cc=1
Frame ID: 05DD99E0EBE8904612D8875B2A461E30
Requests: 2 HTTP requests in this frame

Frame: https://bcp.crwdcntrl.net/5/c=15238/rand=872860876/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20s.console.adtarget.com.tr/rt=ifr
Frame ID: 00F559363BDFB55044435CAE3B678ADA
Requests: 7 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.496.0_en.html
Frame ID: BDC519B17C214368FA1FA63446115AED
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 58BFC5C130E537FC1B309ED725F15875
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.496.0_en.html
Frame ID: 2EFE47BA4C6136C2C20BE040FF00B6C2
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: A246831C219DF0D53A82BDD0803D667E
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Download Banks 2012 Chevy131217 rar

Page URL History Show full URLs

  1. http://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html HTTP 301
    https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)

Overall confidence: 100%
Detected patterns
  • 2mdn\.net

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net

Overall confidence: 100%
Detected patterns
  • /prebid\.js

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

582
Requests

67 %
HTTPS

22 %
IPv6

147
Domains

229
Subdomains

137
IPs

11
Countries

10296 kB
Transfer

17465 kB
Size

335
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html HTTP 301
    https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 45
  • https://pixel.onaudience.com/?partner=137085098&mapped=4C301643279761416951F781EEC0871E HTTP 302
  • https://pixel.onaudience.com/?partner=109&icm&cver&smartmap=1&redirect=tags.bluekai.com%2Fsite%2F33141%3F%26id%3D%25m HTTP 302
  • https://tags.bluekai.com/site/33141?&id=da4919ac68b3cf85
Request Chain 73
  • https://network-n-com.videoplayerhub.com/galleryplayer.js HTTP 301
  • https://btloader.com/tag?h=network-n-com&upapi=true
Request Chain 79
  • https://map.go.affec.tv/map/3a/?pid=CoIKSWHydZGg9vowA0FsAg%3D%3D&us_privacy=&ts=1643279761569.1 HTTP 303
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fmap.go.affec.tv%2Fmap%2Fan%2F%24UID%3Fch%3D61f27591bea1e300012d9a97%26chc%3Dtt%26floc%3D%26redirect_url%3D HTTP 307
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fmap.go.affec.tv%252Fmap%252Fan%252F%2524UID%253Fch%253D61f27591bea1e300012d9a97%2526chc%253Dtt%2526floc%253D%2526redirect_url%253D HTTP 302
  • https://map.go.affec.tv/map/an/8076697769768775013?ch=61f27591bea1e300012d9a97&chc=tt&floc=&redirect_url=
Request Chain 80
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1388&partner_device_id=CoIKSWHydZGg9vowA0FsAg%3D%3D&us_privacy=&random=1643279761569.2&redirect=https%3A%2F%2Fthinkcxad.azurewebsites.net%2Fapi%2Fpixel%3Fid%3D%24%7BTA_DEVICE_ID%7D%26partner%3DTAPAD HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=1388&partner_device_id=CoIKSWHydZGg9vowA0FsAg%3D%3D&us_privacy=&random=1643279761569.2&redirect=https%3A%2F%2Fthinkcxad.azurewebsites.net%2Fapi%2Fpixel%3Fid%3D%24%7BTA_DEVICE_ID%7D%26partner%3DTAPAD HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=d807e161-1268-48ea-b4cc-24025f67c8db%252Chttps%253A%252F%252Fusermatch.krxd.net%252Fum%252Fv2%253Fpartner%253Dtapad&gdpr=0&gdpr_consent= HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9&ttd_puid=d807e161-1268-48ea-b4cc-24025f67c8db%2Chttps%3A%2F%2Fusermatch.krxd.net%2Fum%2Fv2%3Fpartner%3Dtapad HTTP 302
  • https://usermatch.krxd.net/um/v2?partner=tapad HTTP 302
  • https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=tapad
Request Chain 81
  • https://ps.eyeota.net/pixel?pid=c9gd671&t=gif&uid=CoIKSWHydZGg9vowA0FsAg%3D%3D&us_privacy=&33random=1643279761569.3&cat=33across HTTP 302
  • https://ps.eyeota.net/pixel/bounce/?pid=c9gd671&t=gif&uid=CoIKSWHydZGg9vowA0FsAg%3D%3D&us_privacy=&33random=1643279761569.3&cat=33across HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=eye&google_cm&google_sc&google_hm=MlJTYnNCNVZiaGFraGxJVnI5R1YxMm44NDRyVG9vQTMyampxTkg4aUtoWnM&gdpr=0&gdpr_consent=&uid=1&bid=gdo9o51&newuser=1&referrer_pid=c9gd671 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=eye&google_cm=&google_sc=&google_hm=MlJTYnNCNVZiaGFraGxJVnI5R1YxMm44NDRyVG9vQTMyampxTkg4aUtoWnM&gdpr=0&gdpr_consent=&uid=1&bid=gdo9o51&newuser=1&referrer_pid=c9gd671&google_tc= HTTP 302
  • https://ps.eyeota.net/match?gdpr=0&gdpr_consent=&uid=1&bid=gdo9o51&newuser=1&referrer_pid=c9gd671&google_gid=CAESEPeyadtRrGEdI6nszINtHro&google_cver=1
Request Chain 82
  • https://spl.zeotap.com/z.png?zdid=239&ctry=CA&env=mWeb&eventType=pageview&zpb=wu%21&zpbcat=Entertainment&zcluid=CoIKSWHydZGg9vowA0FsAg%3D%3D&us_privacy=&ziid=1643279761569.4 HTTP 302
  • https://ib.adnxs.com/getuid?https://mwzeom.zeotap.com/mw?adnxs_uid=$UID&zpartnerid=2&ctry=CA&env=mWeb&eventType=pageview&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=690d6934-8037-4c11-553c-f3fb75ad636a&us_privacy=&zcluid=CoIKSWHydZGg9vowA0FsAg%3D%3D&zdid=239&ziid=1643279761569.4&zpb=wu%21&zpbcat=Entertainment HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fadnxs_uid%3D%24UID%26zpartnerid%3D2%26ctry%3DCA%26env%3DmWeb%26eventType%3Dpageview%26id_mid_4%3Dbf8833df-0427-45d8-543c-55530debb000%26reqId%3D690d6934-8037-4c11-553c-f3fb75ad636a%26us_privacy%3D%26zcluid%3DCoIKSWHydZGg9vowA0FsAg%253D%253D%26zdid%3D239%26ziid%3D1643279761569.4%26zpb%3Dwu%2521%26zpbcat%3DEntertainment HTTP 302
  • https://mwzeom.zeotap.com/mw?adnxs_uid=8076697769768775013&zpartnerid=2&ctry=CA&env=mWeb&eventType=pageview&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=690d6934-8037-4c11-553c-f3fb75ad636a&us_privacy=&zcluid=CoIKSWHydZGg9vowA0FsAg==&zdid=239&ziid=1643279761569.4&zpb=wu!&zpbcat=Entertainment
Request Chain 83
  • https://dp2.33across.com/ps/?pid=1205&random=1643279761569.5 HTTP 302
  • https://idsync.rlcdn.com/405716.gif?partner_uid=118925965970971
Request Chain 84
  • https://dp1.33across.com/ps/?pid=669&uid=CoIKSWHydZGg9vowA0FsAg%3D%3D&us_privacy=&random=1643279761569.7 HTTP 302
  • https://secure.adnxs.com/mapuid?t=2&member=1001&user=118925965971079&seg_code=33x&random=1643279761
Request Chain 87
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=1h1y1a7&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=1h1y1a7&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.sharethis.com/ttd?uid=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9&gdpr=0&gdpr_consent=
Request Chain 88
  • https://loadus.exelator.com/load/?p=847&g=001&j=0&gdpr=0&gdpr_consent= HTTP 302
  • https://loadus.exelator.com/load/?p=847&g=001&j=0&gdpr=0&gdpr_consent=&xl8blockcheck=1 HTTP 302
  • https://sync.sharethis.com/nlsn?uid=b4f2b14df122fcd774d406d6e8fdf8f2
Request Chain 89
  • https://ps.eyeota.net/pixel?pid=1mpb5m0&t=gif&gdpr=0&gdpr_consent= HTTP 302
  • https://ps.eyeota.net/pixel/bounce/?pid=1mpb5m0&t=gif&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.sharethis.com/eyeota?uid=2jH2Sp-tQ6PvIQXExROENlQmhJYl7eKJD-9UbTrRVudQ&gdpr=0&gdpr_consent=
Request Chain 90
  • https://ml314.com/utsync.ashx?eid=50131&et=13&cid=lr&fp=ZGoABWHydZEAAAAIMeZBAw%3D%3D&gdpr=0&gdpr_consent=&return=https%3A%2F%2Fidsync.rlcdn.com%2F395886.gif%3Fpartner_uid%3D%5BPersonID%5D HTTP 302
  • https://idsync.rlcdn.com/395886.gif?partner_uid=3624714392487067690 HTTP 307
  • https://idsync.rlcdn.com/1000.gif?memo=CO6UGBIeChoIARCuXxoTMzYyNDcxNDM5MjQ4NzA2NzY5MBAAGg0IkevJjwYSBQjoBxAAQgBKAA HTTP 307
  • https://ml314.com/csync.ashx?fp=8c9981dd170b4c94df15b50233d169980061a3eac3e971d94682a948d972cc68f4cb09cee1a4f8eb&person_id=3624714392487067690&eid=50082
Request Chain 91
  • https://tags.bluekai.com/site/59574?id=ZGoABWHydZEAAAAIMeZBAw%3D%3D&redir=https%3A%2F%2Fsync.sharethis.com%2Foracle%3Fuid%3D%24_BK_UUID%26BK_SWAP_DEST%3D5957 HTTP 302
  • https://sync.sharethis.com/oracle?uid=$_BK_UUID&BK_SWAP_DEST=5957
Request Chain 102
  • https://ap.lijit.com/readerinfo/v2 HTTP 307
  • https://ap.lijit.com/readerinfo/v2?sovrn_retry=true
Request Chain 103
  • https://ap.lijit.com/readerinfo/v2 HTTP 307
  • https://ap.lijit.com/readerinfo/v2?sovrn_retry=true
Request Chain 104
  • https://ap.lijit.com/readerinfo/v2 HTTP 307
  • https://ap.lijit.com/readerinfo/v2?sovrn_retry=true
Request Chain 118
  • https://gum.criteo.com/sid/json?origin=publishertag&domain=dl-file.com&sn=ChromeSyncframe&so=0&topUrl=dl-file.com&cw=1&lsw=1 HTTP 302
  • https://mug.criteo.com/sid?cpp=ywxL6XxHR0k0QStBTjgrZFhQVUFUY3NZN1d0MXlUdWhacFp2dkhBOXYrVE9zU2ZxRUtaZnpmUEZHR0VmeEhIWDRPWXBaTU9GZHNiQTZ2ZnB6SWlBLy9wUFFBb0xRMCtZWXBJMUZKdVJzN0RhMFoxN2k4K1BTaWhjTVBrNkdqU3krTEw2Q2YwRStDR0NOakdvTEZDa1UrYVZ3QWttM0RnbnVObi8vK2JjU3pjcVpQRzRyUWx5Q1M2L05jUXpiRTk4V3A2UHV2Z3lFbGhrSXpMTjBwRisydW1kb2lnamI3d2V2TTE2OS8wWXZBWWdHU2NtM0hlTDlwZHNKUW5LRzNFcHEzTnBnUjdqUktsRDlZaDFvVDVHMTM4SStxUT09fA&cppv=2
Request Chain 128
  • https://um.simpli.fi/lj_match?r=28402 HTTP 302
  • https://ce.lijit.com/merge?pid=2&3pid=40B9F463736C486D959A5DD2CDD1535E
Request Chain 129
  • https://i.liadm.com/s/57333?bidder_id=204553&bidder_uuid=ea8da53a8382297d947cc829 HTTP 303
  • https://i.liadm.com/s/57333?bidder_id=204553&bidder_uuid=ea8da53a8382297d947cc829&_li_chk=true&previous_uuid=aeb5c7c0356348249fc0349dc43ed430 HTTP 303
  • https://x.bidswitch.net/sync?dsp_id=42&user_id= HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?dsp_id=42&user_id=
Request Chain 131
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=lotame&ttd_tpi=1&gdpr=0 HTTP 302
  • https://bcp.crwdcntrl.net/map/c=10620/tp=TRAD/tpid=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9
Request Chain 133
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=LOTAME&partner_device_id=f298cfe6fb5a3a352a645b17c8f4641&gdpr=0&partner_url=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D10158%2Ftp%3DTPAD%2Ftpid%3D%24%7BTA_DEVICE_ID%7D HTTP 302
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Freceive%3Fpartner_id%3DAPPNEXUS%26partner_device_id%3D%24UID%26pt%3Dd807e161-1268-48ea-b4cc-24025f67c8db%252Chttps%253A%252F%252Fsync.crwdcntrl.net%252Fmap%252Fc%253D10158%252Ftp%253DTPAD%252Ftpid%253Dd807e161-1268-48ea-b4cc-24025f67c8db HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=APPNEXUS&partner_device_id=8076697769768775013&pt=d807e161-1268-48ea-b4cc-24025f67c8db%2Chttps%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D10158%2Ftp%3DTPAD%2Ftpid%3Dd807e161-1268-48ea-b4cc-24025f67c8db HTTP 302
  • https://sync.crwdcntrl.net/map/c=10158/tp=TPAD/tpid=d807e161-1268-48ea-b4cc-24025f67c8db
Request Chain 134
  • https://dmp.truoptik.com/f2d2e39fc16bc9cc/sync.gif?cbp=tpid&cbk=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D10832%2Ftp%3DTRUP HTTP 302
  • https://sync.crwdcntrl.net/map/c=10832/tp=TRUP/tpid=4d0691e82daf92e47b5f5eca908a6495
Request Chain 135
  • https://ads.avocet.io/getuid?url=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D10492%2Ftp%3DAVCT%2Ftpid%3D%7B%7BUUID%7D%7D HTTP 301
  • https://ads.avct.cloud/getuid?r=1&url=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D10492%2Ftp%3DAVCT%2Ftpid%3D%7B%7BUUID%7D%7D HTTP 307
  • https://ads.avct.cloud/getuid?bounce=true&r=1&url=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D10492%2Ftp%3DAVCT%2Ftpid%3D%7B%7BUUID%7D%7D HTTP 302
  • https://sync.crwdcntrl.net/map/c=10492/tp=AVCT/tpid=0c0728a9-d8ef-4ebe-8748-08595262fc4b
Request Chain 136
  • https://dpm.demdex.net/ibs:dpid=121998&dpuuid=f298cfe6fb5a3a352a645b17c8f4641&redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D9828%2Ftp%3DADBE%2Ftpid%3D%24%7BDD_UUID%7D HTTP 302
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=121998&dpuuid=f298cfe6fb5a3a352a645b17c8f4641&redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D9828%2Ftp%3DADBE%2Ftpid%3D%24%7BDD_UUID%7D HTTP 302
  • https://sync.crwdcntrl.net/map/c=9828/tp=ADBE/tpid=74739629937459372872527991058192254433
Request Chain 140
  • https://global.ib-ibi.com/image.sbxx?go=262106&pid=420&xid=f298cfe6fb5a3a352a645b17c8f4641 HTTP 302
  • https://ib.mookie1.com/image.sbxx?go=262106&pid=420&xid=f298cfe6fb5a3a352a645b17c8f4641
Request Chain 141
  • https://aa.agkn.com/adscores/g.pixel?sid=9202276048 HTTP 302
  • https://bcp.crwdcntrl.net/5/c=368/tp=NEUS/tpid=164090404044007714999
Request Chain 143
  • https://sync.tidaltv.com/GenericUserSync.ashx?dpid=1695 HTTP 302
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=1695&s_h=1 HTTP 302
  • https://bcp.crwdcntrl.net/map/c=6584/tp=VIDO/tpid=a53dad5f-a643-470a-abef-c3c91d7cc37f
Request Chain 144
  • https://sync.mathtag.com/sync/img?sync=auto&mt_exid=10040&redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fqmap%3Fc%3D4735%26tp%3DMDMA%26tpid%3D%5BMM_UUID%5D HTTP 302
  • https://sync.crwdcntrl.net/qmap?c=4735&tp=MDMA&tpid=ae5661f2-7593-4600-a67e-b76a480711f0
Request Chain 145
  • https://pixel-sync.sitescout.com/connectors/lotame/usersync?redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D1389%2Ftp%3DSTSC%2Ftpid%3D%24UUID HTTP 302
  • https://pixel-sync.sitescout.com/connectors/lotame/usersync?cookieQ=1&redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D1389%2Ftp%3DSTSC%2Ftpid%3D%24UUID HTTP 302
  • https://sync.crwdcntrl.net/map/c=1389/tp=STSC/tpid=97d4a6eb-c5a0-45bf-9f14-bc4cb64b87ff-61f27592-4341
Request Chain 147
  • https://sync-tm.everesttech.net/upi/pid/bsTd8NdE?redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D1811%2Ftp%3DTBMG%2Ftpid%3D%24%7BTM_USER_ID%7D HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/bsTd8NdE?redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D1811%2Ftp%3DTBMG%2Ftpid%3D%24%7BTM_USER_ID%7D&_test=YfJ1kgABr3rv_ABH HTTP 302
  • https://sync.crwdcntrl.net/map/c=1811/tp=TBMG/tpid=YfJ1kgABr3rv_ABH&_test=YfJ1kgABr3rv_ABH
Request Chain 151
  • https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMzQ4ODM4MC90LzI/dpuid/f298cfe6fb5a3a352a645b17c8f4641/url/https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=$!%7BTURN_UUID%7D HTTP 302
  • https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=4331370182010635377
Request Chain 152
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc=281%2Frand=458408060%2Ftpid%3D%24UID%2Ftp%3DANXS HTTP 302
  • https://sync.crwdcntrl.net/map/c=281/rand=458408060/tpid=8076697769768775013/tp=ANXS
Request Chain 153
  • https://i.liadm.com/s/59074?bidder_id=204553&bidder_uuid=ea8da53a8382297d947cc829 HTTP 303
  • https://i.liadm.com/s/59074?bidder_id=204553&bidder_uuid=ea8da53a8382297d947cc829&_li_chk=true&previous_uuid=97601ab4a06e40d4ae26b18337ccb6db HTTP 303
  • https://i6.liadm.com/s/59074?bidder_id=204553&bidder_uuid=ea8da53a8382297d947cc829
Request Chain 154
  • https://p.adsymptotic.com/d/px/?_pid=15697&_psign=0a885fb568701ac53478d88866a10345&_pu&_puuid=ea8da53a8382297d947cc829&_redirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D5014%263pid%3D${UUID}&_rand=23858 HTTP 302
  • https://p.adsymptotic.com/d/px/?_pid=15697&_psign=0a885fb568701ac53478d88866a10345&_pu&_puuid=ea8da53a8382297d947cc829&_redirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D5014%263pid%3D${UUID}&_rand=23858&_expected_cookie=3784fd3971cf773ccba62daea795a47c HTTP 302
  • https://ce.lijit.com/merge?pid=5014&3pid=3784fd3971cf773ccba62daea795a47c
Request Chain 157
  • https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=39&mi=10&dpi=793790479&pt=17&dpn=1&jsver=3&iiqidtype=2&iiqpcid=a1a9ba84-b091-4b0f-839b-245e8aa2a6c4&iiqpciddate=1643279762747&iiqcallcount=0&iiqfailcount=0&iiqnodata=false&iiqlocalstorageenabled=0&tsrnd=578_1643279762748&fbp=2503514552&cttl=43200000 HTTP 302
  • https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=39&mi=10&dpi=793790479&pt=17&dpn=1&jsver=3&iiqidtype=2&iiqpcid=a1a9ba84-b091-4b0f-839b-245e8aa2a6c4&iiqpciddate=1643279762747&iiqcallcount=0&iiqfailcount=0&iiqnodata=false&iiqlocalstorageenabled=0&tsrnd=578_1643279762748&fbp=2503514552&cttl=43200000&ckls=true&ci=PyhM2rLAGW&nc=false&trid=-1476173787
Request Chain 165
  • https://sync.search.spotxchange.com/partner?adv_id=8805&redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D94%26advUuid%3D%24SPOTX_USER_ID HTTP 302
  • https://sync.search.spotxchange.com/partner?adv_id=8805&redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D94%26advUuid%3D%24SPOTX_USER_ID&__user_check__=1&sync_id=ecee378e-7f5c-11ec-b664-12d4f2240203 HTTP 302
  • https://live.primis.tech/live/liveCS.php?source=external&csuuid=61f275927240c&pixel=&advId=94&advUuid=ecee3721-7f5c-11ec-b664-12d4f2240203
Request Chain 166
  • https://u.openx.net/w/1.0/cm?id=476b50d3-5ccf-49a1-89b8-1ddf8ea18042&r=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D98%26advUuid%3D HTTP 302
  • https://u.openx.net/w/1.0/cm?cc=1&id=476b50d3-5ccf-49a1-89b8-1ddf8ea18042&r=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D98%26advUuid%3D HTTP 302
  • https://live.primis.tech/live/liveCS.php?source=external&csuuid=61f275927240c&pixel=&advId=98&advUuid=ac5a11b0-0971-42c2-ad24-0fb13e7291d4
Request Chain 180
  • https://x.bidswitch.net/sync?ssp=sekindo&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.adstanding.com/ssp/bidswitch/cookie?bidswitch_ssp_id=sekindo&bidswitch_custom_parameter=c842ca48-ee24-4529-8afa-5d2f74bfe7d3 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=317&user_id=0da4a144dfa05de443ae9e5bd7f6b02d&expires=30&ssp=sekindo&bsw_param=c842ca48-ee24-4529-8afa-5d2f74bfe7d3 HTTP 302
  • https://live.primis.tech/live/liveCS.php?source=external&pixel=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26mi%3D10%26dpi%3D1267919208%26pcid%3Dc842ca48-ee24-4529-8afa-5d2f74bfe7d3%26csh%3D&advId=24830&advUuid=c842ca48-ee24-4529-8afa-5d2f74bfe7d3 HTTP 301
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=1267919208&pcid=c842ca48-ee24-4529-8afa-5d2f74bfe7d3&csh=
Request Chain 181
  • https://csync.loopme.me/?redirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D93%26advUuid%3D%7Bdevice_id%7D HTTP 307
  • https://live.primis.tech/live/liveCS.php?source=external&csuuid=61f275927240c&pixel=&advId=93&advUuid=44280146-657c-4a1d-bdd1-e8678b761404
Request Chain 182
  • https://ssum-sec.casalemedia.com/usermatchredir?s=192962&cb=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D99%26advUuid%3D HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D99%26advUuid%3D&s=192962&C=1 HTTP 302
  • https://live.primis.tech/live/liveCS.php?source=external&csuuid=61f275927240c&pixel=&advId=99&advUuid=YfJ1k4fAXGcl1AX3NhIYCAAAAHcAAAAB
Request Chain 183
  • https://eb2.3lift.com/getuid?redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26pixel%3Dhttps%253A%252F%252Fsync.intentiq.com%252Fprofiles_engine%252FProfilesEngineServlet%253Fat%253D20%2526mi%253D10%2526dpi%253D259151345%2526pcid%253D%24UID%26advId%3D121%26advUuid%3D%24UID HTTP 302
  • https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26pixel%3Dhttps%253A%252F%252Fsync.intentiq.com%252Fprofiles_engine%252FProfilesEngineServlet%253Fat%253D20%2526mi%253D10%2526dpi%253D259151345%2526pcid%253D%24UID%26advId%3D121%26advUuid%3D%24UID HTTP 302
  • https://live.primis.tech/live/liveCS.php?source=external&pixel=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26mi%3D10%26dpi%3D259151345%26pcid%3D3522455783818883563132&advId=121&advUuid=3522455783818883563132 HTTP 301
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=259151345&pcid=3522455783818883563132 HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?p=156872&pu=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1402230080%26mi%3D10%26csh%3D259151345%26rnd%3D-1463126760%26pcid%3D%23PMUID HTTP 302
  • https://sync.resetdigital.co:10001/csync/pubmatic HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTgmdGw9NzIwMA==&piggybackCookie=000000985FFA0FE8 HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Request Chain 184
  • https://pixel.rubiconproject.com/exchange/sync.php?p=primis HTTP 302
  • https://live.primis.tech/live/liveCS.php?source=external&csuuid=618110e63fc8f&advId=100&advUuid=KYWUCC1Q-A-1ZXB&pixel=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26mi%3D10%26dpi%3D1725065545%26pcid%3DKYWUCC1Q-A-1ZXB HTTP 301
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=1725065545&pcid=KYWUCC1Q-A-1ZXB HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?p=156872&pu=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1402230080%26mi%3D10%26csh%3D1725065545%26rnd%3D-2146729112%26pcid%3D%23PMUID HTTP 302
  • https://sync.resetdigital.co:10001/csync/pubmatic HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTgmdGw9NzIwMA==&piggybackCookie=000000985FFA0FEA HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Request Chain 185
  • https://secure.adnxs.com/getuid?https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D105%26advUuid%3D%24UID HTTP 302
  • https://live.primis.tech/live/liveCS.php?source=external&csuuid=61f275927240c&pixel=&advId=105&advUuid=8076697769768775013
Request Chain 194
  • https://creativecdn.com/cm-notify?pi=admatic HTTP 302
  • https://creativecdn.com/cm-notify?pi=admatic&tc=1 HTTP 302
  • https://sync.console.adtarget.com.tr/csync?t=a&ep=307080&extuid=ZugxgMfMSiDFdMdGSo7L&pi=admatic&tc=1
Request Chain 195
  • https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID HTTP 302
  • https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Request Chain 204
  • https://c1.adform.net/serving/cookie/match?party=14&cid=B09EB3C0-DC2F-4842-9351-62624B73CF07 HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=B09EB3C0-DC2F-4842-9351-62624B73CF07
Request Chain 205
  • https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YfJ1kgABr3rv_ABH&gdpr=0&gdpr_consent=
Request Chain 206
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:ae5661f2-7593-4600-a67e-b76a480711f0&gdpr=0&gdpr_consent=
Request Chain 207
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent= HTTP 303
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1 HTTP 303
  • https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFEX2tFN0Q1T3NBQUVabUxjb1NKZw&bee_sync_partners=syn%2Cpp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 302
  • https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=syn%2Cpp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 303
  • https://sync.technoratimedia.com/services?srv=cs&pid=73&uid=AAD_kE7D5OsAAEZmLcoSJg&cb=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Csas%252Cpm%26bee_sync_current_partner%3Dsyn%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2 HTTP 307
  • https://match.prod.bidr.io/cookie-sync?bee_sync_partners=pp,sas,pm&bee_sync_current_partner=syn&bee_sync_initiator=adx&bee_sync_hop_count=2 HTTP 303
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAD_kE7D5OsAAEZmLcoSJg HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Request Chain 208
  • https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@ HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
Request Chain 210
  • https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent= HTTP 302
  • https://cm.adgrx.com/bridge.gif?AG_PID=pubmatic&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=ed229770-7f5c-11ec-b8cd-a176aed107ee HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1402230080&mi=10&csh=1725065545&rnd=-2146729112&pcid=B09EB3C0-DC2F-4842-9351-62624B73CF07 HTTP 302
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1709765917%26mi%3D10%26csh%3D1725065545%3B1402230080%26rnd%3D-547671279&pcid=$UID HTTP 302
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1709765917&mi=10&csh=1725065545;1402230080&rnd=-547671279&pcid=8076697769768775013 HTTP 302
  • https://u.openx.net/w/1.0/cm?id=476b50d3-5ccf-49a1-89b8-1ddf8ea18042&r=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1486637409%26mi%3D10%26csh%3D1725065545%3B1402230080%3B1709765917%26rnd%3D1414594404%26pcid%3D HTTP 302
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1486637409&mi=10&csh=1725065545;1402230080;1709765917&rnd=1414594404&pcid=ac5a11b0-0971-42c2-ad24-0fb13e7291d4 HTTP 302
  • https://sync.search.spotxchange.com/partner?adv_id=8805&redir=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1072441116%26mi%3D10%26csh%3D1725065545%3B1402230080%3B1709765917%3B1486637409%26rnd%3D1199885315%26pcid%3D%24SPOTX_USER_ID HTTP 302
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1072441116&mi=10&csh=1725065545;1402230080;1709765917;1486637409&rnd=1199885315&pcid=ecee3721-7f5c-11ec-b664-12d4f2240203 HTTP 302
  • https://sync.mathtag.com/sync/img?mt_exid=10019&redir=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1678944572%26mi%3D10%26csh%3D1725065545%3B1402230080%3B1709765917%3B1486637409%3B1072441116%26rnd%3D-2139492339%26pcid=[MM_UUID] HTTP 302
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1678944572&mi=10&csh=1725065545;1402230080;1709765917;1486637409;1072441116&rnd=-2139492339&pcid=ae5661f2-7593-4600-a67e-b76a480711f0 HTTP 302
  • https://ce.lijit.com/merge?pid=8101&3pid=PyhM2rLAGW&location=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D396218182%26mi%3D10%26csh%3D1725065545%3B1402230080%3B1709765917%3B1486637409%3B1072441116%3B1678944572%26rnd%3D-630398492%26pcid%3D%5BSOVRNID%5D HTTP 302
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=396218182&mi=10&csh=1725065545;1402230080;1709765917;1486637409;1072441116;1678944572&rnd=-630398492&pcid=ea8da53a8382297d947cc829 HTTP 302
  • https://sync.1rx.io/usersync/intentiq/0?dspret=1&redir=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D541745869%26mi%3D10%26csh%3D1725065545%3B1402230080%3B1709765917%3B1486637409%3B1072441116%3B1678944572%3B396218182%26rnd%3D-1741579180%26pcid%3D%5BRX_UUID%5D HTTP 302
  • https://sync.1rx.io/usersync/intentiq/0?zcc=1&redir=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D541745869%26mi%3D10%26csh%3D1725065545%3B1402230080%3B1709765917%3B1486637409%3B1072441116%3B1678944572%3B396218182%26rnd%3D-1741579180%26pcid%3D%5BRX_UUID%5D&cb=1643279764113 HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-34bda023-e7fb-4006-a037-75451037f05f-005?redir=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D541745869%26mi%3D10%26csh%3D1725065545%3B1402230080%3B1709765917%3B1486637409%3B1072441116%3B1678944572%3B396218182%26rnd%3D-1741579180%26pcid%3DRX-34bda023-e7fb-4006-a037-75451037f05f-005 HTTP 302
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=541745869&mi=10&csh=1725065545;1402230080;1709765917;1486637409;1072441116;1678944572;396218182&rnd=-1741579180&pcid=RX-34bda023-e7fb-4006-a037-75451037f05f-005
Request Chain 211
  • https://sync.srv.stackadapt.com/sync?nid=11 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=QrJbSI1kTdhjVy9nAXnghZU4mbg HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
  • https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
  • https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=8076697769768775013 HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
Request Chain 212
  • https://beacon.lynx.cognitivlabs.com/pbmtc.gif?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTM0MzkmdGw9MTI5NjAw&piggybackCookie=$UID HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTM0MzkmdGw9MTI5NjAw&piggybackCookie=a9a074dc-98b5-4181-8327-6aa57c315c4d&r=https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=${PUBMATIC_UID} HTTP 302
  • https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=B09EB3C0-DC2F-4842-9351-62624B73CF07
Request Chain 213
  • https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID} HTTP 302
  • https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Request Chain 214
  • https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent= HTTP 302
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:vv14SpX61Nd28j5&gdpr=0&gdpr_consent= HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
  • https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:3839d6e9-2d72-4fa4-b31f-02c90b6d8112&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Request Chain 215
  • https://mweb.ck.inmobi.com/sync/15?redirect=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA%3D%3D%26piggybackCookie%3D%24DSP_CKID HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=94084a27-cd62-4568-8595-1c9383506ae6 HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
Request Chain 216
  • https://ums.acuityplatform.com/tum?umid=6 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=642939852354 HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1402230080&mi=10&csh=1725065545&rnd=-2146729112&pcid=B09EB3C0-DC2F-4842-9351-62624B73CF07 HTTP 302
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1709765917%26mi%3D10%26csh%3D1725065545%3B1402230080%26rnd%3D1651642158&pcid=$UID HTTP 302
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1709765917&mi=10&csh=1725065545;1402230080&rnd=1651642158&pcid=8076697769768775013 HTTP 302
  • https://u.openx.net/w/1.0/cm?id=476b50d3-5ccf-49a1-89b8-1ddf8ea18042&r=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1486637409%26mi%3D10%26csh%3D1725065545%3B1402230080%3B1709765917%26rnd%3D-1048493698%26pcid%3D HTTP 302
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1486637409&mi=10&csh=1725065545;1402230080;1709765917&rnd=-1048493698&pcid=ac5a11b0-0971-42c2-ad24-0fb13e7291d4 HTTP 302
  • https://sync.search.spotxchange.com/partner?adv_id=8805&redir=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1072441116%26mi%3D10%26csh%3D1725065545%3B1402230080%3B1709765917%3B1486637409%26rnd%3D625797583%26pcid%3D%24SPOTX_USER_ID HTTP 302
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1072441116&mi=10&csh=1725065545;1402230080;1709765917;1486637409&rnd=625797583&pcid=ecee3721-7f5c-11ec-b664-12d4f2240203 HTTP 302
  • https://sync.mathtag.com/sync/img?mt_exid=10019&redir=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1678944572%26mi%3D10%26csh%3D1725065545%3B1402230080%3B1709765917%3B1486637409%3B1072441116%26rnd%3D1556134368%26pcid=[MM_UUID] HTTP 302
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1678944572&mi=10&csh=1725065545;1402230080;1709765917;1486637409;1072441116&rnd=1556134368&pcid=ae5661f2-7593-4600-a67e-b76a480711f0 HTTP 302
  • https://ce.lijit.com/merge?pid=8101&3pid=PyhM2rLAGW&location=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D396218182%26mi%3D10%26csh%3D1725065545%3B1402230080%3B1709765917%3B1486637409%3B1072441116%3B1678944572%26rnd%3D-1869466815%26pcid%3D%5BSOVRNID%5D HTTP 302
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=396218182&mi=10&csh=1725065545;1402230080;1709765917;1486637409;1072441116;1678944572&rnd=-1869466815&pcid=ea8da53a8382297d947cc829 HTTP 302
  • https://sync.1rx.io/usersync/intentiq/0?dspret=1&redir=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D541745869%26mi%3D10%26csh%3D1725065545%3B1402230080%3B1709765917%3B1486637409%3B1072441116%3B1678944572%3B396218182%26rnd%3D-770594566%26pcid%3D%5BRX_UUID%5D HTTP 302
  • https://sync.1rx.io/usersync/intentiq/0?zcc=1&redir=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D541745869%26mi%3D10%26csh%3D1725065545%3B1402230080%3B1709765917%3B1486637409%3B1072441116%3B1678944572%3B396218182%26rnd%3D-770594566%26pcid%3D%5BRX_UUID%5D&cb=1643279764153 HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-a90002de-8bb6-4b1f-b058-c4573ef93963-005?redir=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D541745869%26mi%3D10%26csh%3D1725065545%3B1402230080%3B1709765917%3B1486637409%3B1072441116%3B1678944572%3B396218182%26rnd%3D-770594566%26pcid%3DRX-a90002de-8bb6-4b1f-b058-c4573ef93963-005 HTTP 302
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=541745869&mi=10&csh=1725065545;1402230080;1709765917;1486637409;1072441116;1678944572;396218182&rnd=-770594566&pcid=RX-a90002de-8bb6-4b1f-b058-c4573ef93963-005
Request Chain 217
  • https://match.bnmla.com/usersync?sspid=10738&redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw%26piggybackCookie%3D%5BUUID%5D HTTP 302
  • https://um.simpli.fi/bnmlahttps%3A%2F%2Fmatch.bnmla.com%2Fusersync%3Fdspid%3D6%26uuid%3D%24UID HTTP 302
  • https://match.bnmla.com/usersync?dspid=6&uuid=40B9F463736C486D959A5DD2CDD1535E HTTP 302
  • https://sync.technoratimedia.com/services?srv=cs&pid=70&cb=https%3A%2F%2Fmatch.bnmla.com%2Fusersync%3Fdspid%3D170%26uuid%3D%5BUSER_ID%5D HTTP 307
  • https://match.bnmla.com/usersync?dspid=170&uuid=AE5B512D4C1E42A889A0326421311214 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw&piggybackCookie=f8d06313-9395-4c25-87ce-6f8ce6901e87 HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Request Chain 218
  • https://px.owneriq.net/epm?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=$UID HTTP 302
  • https://px.owneriq.net/ecc?redir=https%3a%2f%2fsimage2.pubmatic.com%2fAdServer%2fPug%3fvcode%3dbz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw%26piggybackCookie%3dQ6965661631600973261&uid=Q6965661631600973261&ref=%2Fepm HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=Q6965661631600973261 HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
  • https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:acc014df-3d8c-451a-8877-463a39727408&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Request Chain 220
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=sJ6zwNwvSEKTUWJiS3PPBw%3D%3D HTTP 302
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Request Chain 221
  • https://idsync.rlcdn.com/420486.gif?partner_uid=B09EB3C0-DC2F-4842-9351-62624B73CF07 HTTP 307
  • https://pippio.com/api/sync?pid=5324&it=1&iv=82afbd619b2d0572292835bdba0b387ad3317d0f677097e3e4ecf4d1535e4a90791426b5417dce21&_=2 HTTP 307
  • https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpElsKVwgBEJInGlA4MmFmYmQ2MTliMmQwNTcyMjkyODM1YmRiYTBiMzg3YWQzMzE3ZDBmNjc3MDk3ZTNlNGVjZjRkMTUzNWU0YTkwNzkxNDI2YjU0MTdkY2UyMRAAGgwIk-vJjwYSBAgCEABCAEoA HTTP 302
  • https://pippio.com/api/sync/ddp?pid=2&m=CMwpElsKVwgBEJInGlA4MmFmYmQ2MTliMmQwNTcyMjkyODM1YmRiYTBiMzg3YWQzMzE3ZDBmNjc3MDk3ZTNlNGVjZjRkMTUzNWU0YTkwNzkxNDI2YjU0MTdkY2UyMRAAGgwIk-vJjwYSBAgCEABCAEoA&google_gid=CAESEGTFwSzgP1sxkxvPb0BA2eM&google_cver=1 HTTP 307
  • https://tags.rd.linksynergy.com/rcs?ns=lr&uid3= HTTP 303
  • https://idsync.rlcdn.com/458249.gif?partner_uid=4c2c312e-e822-455d-a6bd-696ed236160a
Request Chain 222
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=ae5661f2-7593-4600-a67e-b76a480711f0
Request Chain 223
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QjA5RUIzQzAtREMyRi00ODQyLTkzNTEtNjI2MjRCNzNDRjA3&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Request Chain 224
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEDcASlNj9LjEWEWrsWick5c&google_cver=1
Request Chain 225
  • https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:40B9F463736C486D959A5DD2CDD1535E HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Request Chain 226
  • https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=4331370182010635377&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Request Chain 227
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9
Request Chain 229
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=B09EB3C0-DC2F-4842-9351-62624B73CF07&redir=true&gdpr=0&gdpr_consent= HTTP 302
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=B09EB3C0-DC2F-4842-9351-62624B73CF07&redir=true&gdpr=0&gdpr_consent=&verify=true HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-dMySDyxE2uWlK3gzxRDNanS3EJeWOHw-~A&gdpr=0&gdpr_consent=
Request Chain 230
  • https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=8076697769768775013&gdpr=0&gdpr_consent=
Request Chain 231
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=ed29ef90-7f5c-11ec-8a96-67f41156c3d5&gdpr=0&gdpr_consent=
Request Chain 232
  • https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=B09EB3C0-DC2F-4842-9351-62624B73CF07&gdpr=0&gdpr_consent= HTTP 302
  • https://pubmatic-match.dotomi.com/match/bounce/current?DotomiTest=765c9cc810f108ef&is_secure=true&networkId=17100&version=1&nuid=B09EB3C0-DC2F-4842-9351-62624B73CF07&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAADLZgTBhVIdANrckugAAAAAAA&expiration=1643366163&nuid=B09EB3C0-DC2F-4842-9351-62624B73CF07&is_secure=true&gdpr_consent=&gdpr=0 HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Request Chain 234
  • https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=a-OvoWrn8KBw4vClPrDk92S2qqZw5fmrPrZ5UFSh
Request Chain 235
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MTI5NjAw&piggybackCookie=97d4a6eb-c5a0-45bf-9f14-bc4cb64b87ff-61f27592-4341&gdpr=0&gdpr_consent=
Request Chain 236
  • https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
  • https://inv-nets.admixer.net/adxcm.aspx?ssp=D41B0D84-4DB7-4D9C-81CC-3A497DB5D0A6&rurl=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D354%26user_id%3D%24%24visitor_cookie%24%24%26ssp%3Dpubmatic%26bsw_param%3Dc842ca48-ee24-4529-8afa-5d2f74bfe7d3%26gdpr%3D0%26consent%3D%26gdpr_pd%3D%26expires%3D7 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=354&user_id=60a09d9a6c55480d8ef596ea357329d2&ssp=pubmatic&bsw_param=c842ca48-ee24-4529-8afa-5d2f74bfe7d3&gdpr=0&consent=&gdpr_pd=&expires=7 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=c842ca48-ee24-4529-8afa-5d2f74bfe7d3&gdpr=0&gdpr_consent=&gdpr_pd= HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Request Chain 237
  • https://pmp.mxptint.net/sn.ashx?&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjc0NCZ0bD0xNTc2ODAw&piggybackCookie=R1B330_EA58DD1C_C4F741B&r=https://pmp.mxptint.net/sn.ashx?ak=1 HTTP 302
  • https://pmp.mxptint.net/sn.ashx?ak=1
Request Chain 238
  • https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=3450203132156163805 HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
Request Chain 240
  • https://ih.adscale.de/uu?cbfn=receive&t=1643279763 HTTP 302
  • https://ih.adscale.de/uu?cbfn=receive&t=1643279763&nut&uu=4a3494f4b38c4774a1502e08cfec66ee
Request Chain 241
  • https://pixel.sitescout.com/dmp/pixelSync?network=EPLANNING&rurl=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fuid%3D%7BUSER_ID%7D%26dc%3D0abbcb4eba840e59%26fi%3D6ee78b0b29ddbac9 HTTP 302
  • https://loadm.exelator.com/load/?p=204&g=700&j=r&buid=97d4a6eb-c5a0-45bf-9f14-bc4cb64b87ff-61f27592-4341&ru=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_id%3D97d4a6eb-c5a0-45bf-9f14-bc4cb64b87ff-61f27592-4341%26partner_url%3Dhttps%253A%252F%252Fu-iad04.e-planning.net%252Fum%253Fuid%253D97d4a6eb-c5a0-45bf-9f14-bc4cb64b87ff-61f27592-4341%2526dc%253D0abbcb4eba840e59%2526fi%253D6ee78b0b29ddbac9 HTTP 302
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=97d4a6eb-c5a0-45bf-9f14-bc4cb64b87ff-61f27592-4341&partner_url=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fuid%3D97d4a6eb-c5a0-45bf-9f14-bc4cb64b87ff-61f27592-4341%26dc%3D0abbcb4eba840e59%26fi%3D6ee78b0b29ddbac9 HTTP 302
  • https://u-iad04.e-planning.net/um?uid=97d4a6eb-c5a0-45bf-9f14-bc4cb64b87ff-61f27592-4341&dc=0abbcb4eba840e59&fi=6ee78b0b29ddbac9
Request Chain 242
  • https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Dff96d1aa62deeebd%26fi%3D6ee78b0b29ddbac9%26uid%3D%24%7BUID%7D HTTP 302
  • https://u-iad04.e-planning.net/um?dc=ff96d1aa62deeebd&fi=6ee78b0b29ddbac9&uid=622178cf-fca8-49d8-82cd-59875361104c
Request Chain 245
  • https://sync.richaudience.com/f7872c90c5d3791e2b51f7edce1a0a5d/?p=25BiP9IMgN&r=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fuid%3D[PDID]%26dc%3Dfabfd6762b833237%26fi%3D6ee78b0b29ddbac9 HTTP 302
  • https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fads.us.e-planning.net%2F HTTP 302
  • https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fads.us.e-planning.net%2F&rd=1
Request Chain 246
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D8103fa85295fbe60%26fi%3D6ee78b0b29ddbac9%26uid%3D%24UID HTTP 302
  • https://u-iad04.e-planning.net/um?dc=8103fa85295fbe60&fi=6ee78b0b29ddbac9&uid=8076697769768775013
Request Chain 247
  • https://sync.go.sonobi.com/us?loc=%0A%0Ahttps%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3De52415579699e09f%26fi%3D6ee78b0b29ddbac9%26uid%3D%5BUID%5D HTTP 302
  • https://u-iad04.e-planning.net/um?dc=e52415579699e09f&fi=6ee78b0b29ddbac9&uid=161ebbbc-52fa-4dfd-9dd6-69f8615e9eb5
Request Chain 248
  • https://cs.emxdgt.com/um?ssp=pbs&gdpr=0&gdpr_consent={{.GDPRConsent}}&us_privacy={{.USPrivacy}}&redirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Dd87251d0debad578%26fi%3D6ee78b0b29ddbac9%26uid%3D%24UID HTTP 302
  • https://ib.adnxs.com/getuid?https://cs.emxdgt.com/umcheck?apnxid=$UID&redirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Dd87251d0debad578%26fi%3D6ee78b0b29ddbac9%26uid%3D%24EMXUID&b64_redirect=aHR0cHM6Ly91LWlhZDA0LmUtcGxhbm5pbmcubmV0L3VtP2RjPWQ4NzI1MWQwZGViYWQ1NzgmZmk9NmVlNzhiMGIyOWRkYmFjOSZ1aWQ9JEVNWFVJRA== HTTP 302
  • https://cs.emxdgt.com/umcheck?apnxid=8076697769768775013&redirect=https://u-iad04.e-planning.net/um?dc=d87251d0debad578&fi=6ee78b0b29ddbac9&uid=$EMXUID&b64_redirect=aHR0cHM6Ly91LWlhZDA0LmUtcGxhbm5pbmcubmV0L3VtP2RjPWQ4NzI1MWQwZGViYWQ1NzgmZmk9NmVlNzhiMGIyOWRkYmFjOSZ1aWQ9JEVNWFVJRA== HTTP 302
  • https://u-iad04.e-planning.net/um?dc=d87251d0debad578&fi=6ee78b0b29ddbac9&uid=8076697769768775013brt64351643279763639134b5
Request Chain 250
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?&p=eplanning_east&endpoint=us-east HTTP 301
  • https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Request Chain 263
  • https://pixel.tapad.com/idsync/ex/push?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dbf8833df-0427-45d8-543c-55530debb000%26reqId%3De1d19b4a-b394-4c6f-4490-0df57c0a8958%26zdid%3D1361 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=540&dpuuid=d807e161-1268-48ea-b4cc-24025f67c8db&redir=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Freceive%3Fpartner_id%3DADB%26partner_device_id%3D%24%7BDD_UUID%7D%26pt%3Dd807e161-1268-48ea-b4cc-24025f67c8db%252Chttps%253A%252F%252Fmwzeom.zeotap.com%252Fmw%253Fcid%253Dd807e161-1268-48ea-b4cc-24025f67c8db%2526zpartnerid%253D5%2526env%253DmWeb%2526eventType%253Dmap%2526gdpr%253D1%2526gdpr_consent%253D%2526id_mid_4%253Dbf8833df-0427-45d8-543c-55530debb000%2526reqId%253De1d19b4a-b394-4c6f-4490-0df57c0a8958%2526zdid%253D1361 HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=ADB&partner_device_id=74739629937459372872527991058192254433&pt=d807e161-1268-48ea-b4cc-24025f67c8db%2Chttps%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3Dd807e161-1268-48ea-b4cc-24025f67c8db%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dbf8833df-0427-45d8-543c-55530debb000%26reqId%3De1d19b4a-b394-4c6f-4490-0df57c0a8958%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=d807e161-1268-48ea-b4cc-24025f67c8db&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361
Request Chain 265
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dbf8833df-0427-45d8-543c-55530debb000%26reqId%3De1d19b4a-b394-4c6f-4490-0df57c0a8958%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361
Request Chain 268
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?gdpr=0&gdpr_consent=&rd=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1384%26env%3DmWeb%26cid%3D%23PM_USER_ID%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dbf8833df-0427-45d8-543c-55530debb000%26reqId%3De1d19b4a-b394-4c6f-4490-0df57c0a8958%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?zpartnerid=1384&env=mWeb&cid=B09EB3C0-DC2F-4842-9351-62624B73CF07&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361
Request Chain 269
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=a53dad5f-a643-470a-abef-c3c91d7cc37f&zpartnerid=317&gdpr=1&gdpr_consent=
Request Chain 270
  • https://dpm.demdex.net/ibs:dpid=199624&dpuuid=bf8833df-0427-45d8-543c-55530debb000&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dbf8833df-0427-45d8-543c-55530debb000%26reqId%3De1d19b4a-b394-4c6f-4490-0df57c0a8958%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=74739629937459372872527991058192254433&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361
Request Chain 271
  • https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%25%25COOKIE%25%25%26env%3DmWeb%26zpartnerid%3D563%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dbf8833df-0427-45d8-543c-55530debb000%26reqId%3De1d19b4a-b394-4c6f-4490-0df57c0a8958%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=7057832844559251595&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361
Request Chain 272
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=bf8833df-0427-45d8-543c-55530debb000&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dbf8833df-0427-45d8-543c-55530debb000%26reqId%3De1d19b4a-b394-4c6f-4490-0df57c0a8958%26zdid%3D1361 HTTP 302
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=bf8833df-0427-45d8-543c-55530debb000&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dbf8833df-0427-45d8-543c-55530debb000%26reqId%3De1d19b4a-b394-4c6f-4490-0df57c0a8958%26zdid%3D1361&bounce=1&random=3166899844 HTTP 302
  • https://mwzeom.zeotap.com/mw?webouuid=utrDC1EwqMtB5hjmvVUzn.&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361
Request Chain 273
  • https://sync.smartadserver.com/getuid?gdpr=0&gdpr_consent=&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D[sas_uid]%26zpartnerid%3D592%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dbf8833df-0427-45d8-543c-55530debb000%26reqId%3De1d19b4a-b394-4c6f-4490-0df57c0a8958%26zdid%3D1361 HTTP 302
  • https://sync.smartadserver.com/getuid?gdpr=0&gdpr_consent=&url=https://mwzeom.zeotap.com/mw?cid=[sas_uid]&zpartnerid=592&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361&cklb=1 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=5628564532996906156
Request Chain 274
  • https://bcp.crwdcntrl.net/map/c=13620/tp=ZEOT/tpid=bf8833df-0427-45d8-543c-55530debb000?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?pid=f298cfe6fb5a3a352a645b17c8f4641&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361
Request Chain 275
  • https://cms.analytics.yahoo.com/cms?partner_id=ZTAP HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=y-9qSJNG9E2ook0Q9bJxtFsuqQiHmg6WIlpQ--~A&zpartnerid=570&env=mWeb
Request Chain 276
  • https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=CAN&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=CAN&zdid=1361&cid=uVzvTCTx3bfKGiLbFOZEJlnW7K9vn5d6%2BS41iYitP1U%3D
Request Chain 277
  • https://odr.mookie1.com/t/v2?tagid=V2_746632&src.visitorId=bf8833df-0427-45d8-543c-55530debb000&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?zpartnerid=993&env=mWeb&cid=10595703288584715056&zdid=1361&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&w_k=${w_k}&user_zi=${user_zi}&optin=${optin}&uc=${uc}&z_p=${z_p}&gdpr=1&gdpr_consent=
Request Chain 279
  • https://sync-tm.everesttech.net/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dbf8833df-0427-45d8-543c-55530debb000%26reqId%3De1d19b4a-b394-4c6f-4490-0df57c0a8958%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YfJ1kgABr3rv_ABH&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361
Request Chain 280
  • https://usermatch.krxd.net/um/v2?partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?zpartnerid=768&cid=OoGGK-mt&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361 HTTP 302
  • https://beacon.krxd.net/usermatch.gif?partner=zeotap&partner_uid=bf8833df-0427-45d8-543c-55530debb000
Request Chain 281
  • https://s.amazon-adsystem.com/dcm?pid=39af290e-e48a-466a-ba7d-77872fa636b5&id=bf8833df-0427-45d8-543c-55530debb000&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361 HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=39af290e-e48a-466a-ba7d-77872fa636b5&id=bf8833df-0427-45d8-543c-55530debb000&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361&dcc=t
Request Chain 287
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YfJ1k4fAXGcl1AX3NhIYCAAAAHcAAAAB HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YfJ1k4fAXGcl1AX3NhIYCAAAAHcAAAAB&dcc=t
Request Chain 288
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YfJ1k4fAXGcl1AX3NhIYCAAA HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESENl89Nifbqkoww5OOn8oRSY&google_cver=1
Request Chain 289
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YfJ1k4fAXGcl1AX3NhIYCAAAAHcAAAAB&gdpr_consent=&us_privacy=&gdpr= HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEAQvWdHZbeI-5_rpC_h2pMI&google_cver=1
Request Chain 290
  • https://match.adsrvr.org/track/cmf/casale HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9&expiration=1645871763&gdpr=0&gdpr_consent=
Request Chain 291
  • https://match.prod.bidr.io/cookie-sync/ie HTTP 303
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AAD_kE7D5OsAAEZmLcoSJg&expiration=1644489363
Request Chain 292
  • https://ib.adnxs.com/getuid?https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=$UID HTTP 302
  • https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=8076697769768775013
Request Chain 294
  • https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=YfJ1k4fAXGcl1AX3NhIYCAAAAHcAAAAB&gdpr_consent=&us_privacy=&gdpr= HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/casale/YfJ1k4fAXGcl1AX3NhIYCAAAAHcAAAAB
Request Chain 304
  • https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=eplanning_east&gdpr_consent=undefined&gdpr=0&khaos=KYWUCC1Q-A-1ZXB HTTP 302
  • https://sync.e-planning.net/um?uid=KYWUCC1Q-A-1ZXB&dc=9bcc91305985f0db&iss=1&gdpr=0&gdpr_consent=undefined
Request Chain 305
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Danswermedia%26uid%3D%24UID HTTP 302
  • https://sync.quantumdex.io/setuid?bidder=answermedia&uid=8076697769768775013
Request Chain 306
  • https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D HTTP 302
  • https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D&crf=1 HTTP 302
  • https://sync.quantumdex.io/setuid?bidder=between&uid=c88b4441-6d17-531b-897e-6e78e88c1bec
Request Chain 307
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dappnexus%26uid%3D%24UID HTTP 302
  • https://sync.quantumdex.io/setuid?bidder=appnexus&uid=8076697769768775013
Request Chain 308
  • https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsonobi%26uid%3D%5BUID%5D HTTP 302
  • https://sync.quantumdex.io/setuid?bidder=sonobi&uid=161ebbbc-52fa-4dfd-9dd6-69f8615e9eb5
Request Chain 309
  • https://ups.analytics.yahoo.com/ups/58424/occ HTTP 302
  • https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-wPVvR2dE2uGrSFIKdUNLy51fvJ0ghZ834cFl_nI-~A
Request Chain 310
  • https://id5-sync.com/i/495/0.gif?callback=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dinmobi%26uid%3D%7BID5UID%7D HTTP 302
  • https://id5-sync.com/c/495/0/0/1.gif?gdpr=0&gdpr_consent= HTTP 302
  • https://sync.quantumdex.io/setuid?bidder=inmobi&uid=ID5-ZHMOlpCwfRQQhIJ1XQcvDYTOIADL-m-eMPwItfdl7w
Request Chain 312
  • https://match.sharethrough.com/FGMrCMMc/v1?redirectUri=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsharethrough%26uid%3D%24UID HTTP 302
  • https://sync.quantumdex.io/setuid?bidder=sharethrough&uid=ae19c55d-8c27-4ec5-a31c-b78feddde6ff
Request Chain 323
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1&gdpr=0 HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/mj5sZLCEIkSthmoCuy1Vjg?csrc=&gdpr=0 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=7358308858084391727
Request Chain 324
  • https://match.adsrvr.org/track/cmf/rubicon?gdpr=0 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9&gdpr=0&gdpr_consent=&expires=30
Request Chain 325
  • https://token.rubiconproject.com/token?pid=2249&pt=n&gdpr=0 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NmIyNDUwYTEyYWYxNjhlNDU2ZDUzZDIyMzIzMzRkZjEzZDYwOGNmZA&gdpr=0
Request Chain 326
  • https://token.rubiconproject.com/token?pid=25470&gdpr=0 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1lXVUNDMVEtQS0xWlhC&gdpr=0
Request Chain 327
  • https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&gdpr=0 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YfJ1kgABr3rv_ABH&gdpr=0
Request Chain 329
  • https://token.rubiconproject.com/token?pid=26594&gdpr=0 HTTP 302
  • https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KYWUCC1Q-A-1ZXB&sigv=1&esig=2~83d1e1606763f314bd8a33c4ea9428ac894f893f&gdpr=0
Request Chain 330
  • https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D&gdpr=0 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=ae5661f2-7593-4600-a67e-b76a480711f0&expires=28
Request Chain 332
  • https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=8076697769768775013
Request Chain 334
  • https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YfJ1kgABr3rv_ABH
Request Chain 335
  • https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=ae5661f2-7593-4600-a67e-b76a480711f0
Request Chain 336
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=48 HTTP 302
  • https://tags.bluekai.com/site/17724?id=97d4a6eb-c5a0-45bf-9f14-bc4cb64b87ff-61f27592-4341&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D64%26external_user_id%3D97d4a6eb-c5a0-45bf-9f14-bc4cb64b87ff-61f27592-4341%26expiration%3D1645871764 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=97d4a6eb-c5a0-45bf-9f14-bc4cb64b87ff-61f27592-4341&expiration=1645871764
Request Chain 337
  • https://beacon.lynx.cognitivlabs.com/ix.gif HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=3c02446a-e065-476e-b8c7-6b0dc5c40a95&expiration=1674815764
Request Chain 338
  • https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1 HTTP 302
  • https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1&prevuid=03030001_61f2759466c92&knw=0 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=03030001_61f2759466c92
Request Chain 339
  • https://bttrack.com/pixel/cookiesync?source=67e94f23-25d6-4008-8236-375d1743c2e0&secure=1 HTTP 302
  • https://dsum.casalemedia.com/crum?cm_dsp_id=156&external_user_id=2b5dd949-f357-4658-8c42-b132e993d1db
Request Chain 341
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=4d443a3ea2&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=td&nuid=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9&pubid=4d443a3ea2
Request Chain 342
  • https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID] HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=ae5661f2-7593-4600-a67e-b76a480711f0
Request Chain 343
  • https://x.bidswitch.net/sync?ssp=sonobi&gdpr=0&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=sonobi&bsw_param=c842ca48-ee24-4529-8afa-5d2f74bfe7d3&google_hm=Yzg0MmNhNDgtZWUyNC00NTI5LThhZmEtNWQyZjc0YmZlN2Qz HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEPRQCaUiRTxIwdoJxnl1lQM&google_cver=1&ssp=sonobi&bsw_param=c842ca48-ee24-4529-8afa-5d2f74bfe7d3 HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=c842ca48-ee24-4529-8afa-5d2f74bfe7d3
Request Chain 344
  • https://p.rfihub.com/cm?pub=35683&in=1 HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=zt&nuid=970314628629171378
Request Chain 345
  • https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=161ebbbc-52fa-4dfd-9dd6-69f8615e9eb5&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=WEtjM3JpR1R0X0k0MERjUEFsQmQtZw&gdpr=&gdpr_consent= HTTP 302
  • https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEGAzRHK7FY-PzqDnebGUt0w&google_cver=1 HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=pp&nuid=kTygETMkxOsS
Request Chain 346
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=3061&partner_device_id=161ebbbc-52fa-4dfd-9dd6-69f8615e9eb5 HTTP 302
  • https://sync.mathtag.com/sync/img?mt_exid=10072&redir=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Freceive%3Fpartner_id%3D2989%26partner_device_id%3D%5BMM_UUID%5D%26pt%3Dd807e161-1268-48ea-b4cc-24025f67c8db%252C HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=2989&partner_device_id=ae5661f2-7593-4600-a67e-b76a480711f0&pt=d807e161-1268-48ea-b4cc-24025f67c8db%2C
Request Chain 347
  • https://id5-sync.com/s/434/9.gif?puid=161ebbbc-52fa-4dfd-9dd6-69f8615e9eb5&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/c/434/434/9/1.gif?puid=161ebbbc-52fa-4dfd-9dd6-69f8615e9eb5&gdpr=0&gdpr_consent= HTTP 302
  • https://ib.adnxs.com/getuid?https://id5-sync.com/c/434/2/8/2.gif?puid=$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/c/434/2/8/2.gif?puid=8076697769768775013&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.mathtag.com/sync/img?mt_exid=10089&mt_exuid=ID5-ZHMOlm4AjjTxjY1E03qUIBORU9LdvHYjJSi6Q5AZXA&redir=https%3A%2F%2Fid5-sync.com%2Fc%2F434%2F3%2F7%2F3.gif%3Fpuid%3D%5BUUID%5D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/c/434/3/7/3.gif?puid=ae5661f2-7593-4600-a67e-b76a480711f0&gdpr=0&gdpr_consent= HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=8h9u11h&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/k/264.gif?puid=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9&ttl=%%TTL%% HTTP 302
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fid5-sync.com%2Fc%2F434%2F429%2F5%2F5.gif%3Fpuid%3D%23PM_USER_ID%26gdpr%3D0%26gdpr_consent%3D&gdpr_consent=&gdpr=0 HTTP 302
  • https://id5-sync.com/c/434/429/5/5.gif?puid=B09EB3C0-DC2F-4842-9351-62624B73CF07&gdpr=0&gdpr_consent= HTTP 302
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2922&partner_url=https%3A%2F%2Fid5-sync.com%2Fc%2F434%2F108%2F4%2F6.gif%3Fpuid%3D%24%7BTA_DEVICE_ID%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/c/434/108/4/6.gif?puid=d807e161-1268-48ea-b4cc-24025f67c8db&gdpr=0&gdpr_consent= HTTP 302
  • https://rtd-tm.everesttech.net/upi/pid/dm4ha19W?redir=https%3A%2F%2Fid5-sync.com%2Fc%2F434%2F136%2F3%2F7.gif%3Fpuid%3D%24%7BTM_USER_ID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://id5-sync.com/c/434/136/3/7.gif?puid=YfJ1kgABr3rv_ABH&gdpr=0&gdpr_consent= HTTP 302
  • https://cookie-matching.mediarithmics.com/v1/get_user_agent_id?dom_token=id517&sd=Y2FzY2FkZXNSZW1haW5pbmc9MiZjYXNjYWRlc0RvbmU9OCZpbml0aWF0aW5nUGFydG5lcj00MzQmZm9ybWF0PWdpZiY HTTP 303
  • https://cookie-matching.mediarithmics.com/v1/get_or_create?sd=Y2FzY2FkZXNSZW1haW5pbmc9MiZjYXNjYWRlc0RvbmU9OCZpbml0aWF0aW5nUGFydG5lcj00MzQmZm9ybWF0PWdpZiY&domid=1033 HTTP 303
  • https://cm.g.doubleclick.net/pixel?google_nid=medr&google_cm&key=GOO&sd=Y2FzY2FkZXNSZW1haW5pbmc9MiZjYXNjYWRlc0RvbmU9OCZpbml0aWF0aW5nUGFydG5lcj00MzQmZm9ybWF0PWdpZiY&action=GET_ID&opid=goo&etid=&domid=1033&ops=apx HTTP 302
  • https://cookie-matching.mediarithmics.com/input?key=GOO&key=GOO&sd=Y2FzY2FkZXNSZW1haW5pbmc9MiZjYXNjYWRlc0RvbmU9OCZpbml0aWF0aW5nUGFydG5lcj00MzQmZm9ybWF0PWdpZiY&action=GET_ID&opid=goo&etid=&domid=1033&ops=apx&google_gid=CAESEHeTh2Z2USnyOZQ4mcRMHLM&google_cver=1 HTTP 303
  • https://ib.adnxs.com/getuid?https://cookie-matching.mediarithmics.com/input?key=APX&apx_uid=$UID&opid=apx&ops=&utidl=tech:goo:CAESEHeTh2Z2USnyOZQ4mcRMHLM&sd=Y2FzY2FkZXNSZW1haW5pbmc9MiZjYXNjYWRlc0RvbmU9OCZpbml0aWF0aW5nUGFydG5lcj00MzQmZm9ybWF0PWdpZiY&action=GET_ID&etid=&domid=1033 HTTP 302
  • https://cookie-matching.mediarithmics.com/input?key=APX&apx_uid=8076697769768775013&opid=apx&ops=&utidl=tech:goo:CAESEHeTh2Z2USnyOZQ4mcRMHLM&sd=Y2FzY2FkZXNSZW1haW5pbmc9MiZjYXNjYWRlc0RvbmU9OCZpbml0aWF0aW5nUGFydG5lcj00MzQmZm9ybWF0PWdpZiY&action=GET_ID&etid=&domid=1033 HTTP 303
  • https://id5-sync.com/qp/18.gif?puid=vec%3A24784681701&sd=Y2FzY2FkZXNSZW1haW5pbmc9MiZjYXNjYWRlc0RvbmU9OCZpbml0aWF0aW5nUGFydG5lcj00MzQmZm9ybWF0PWdpZiY
Request Chain 348
  • https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=39&mi=10&dpi=570392714&pt=17&dpn=1&dpt=&trid=&pcid=161ebbbc-52fa-4dfd-9dd6-69f8615e9eb5 HTTP 302
  • https://sync.1rx.io/usersync/intentiq/0?dspret=1&redir=https%3A%2F%2Fapi.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D541745869%26mi%3D10%26csh%3D570392714%26rnd%3D837545206%26pcid%3D%5BRX_UUID%5D HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-a90002de-8bb6-4b1f-b058-c4573ef93963-005?redir=https%3A%2F%2Fapi.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D541745869%26mi%3D10%26csh%3D570392714%26rnd%3D837545206%26pcid%3DRX-a90002de-8bb6-4b1f-b058-c4573ef93963-005 HTTP 302
  • https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=541745869&mi=10&csh=570392714&rnd=837545206&pcid=RX-a90002de-8bb6-4b1f-b058-c4573ef93963-005 HTTP 302
  • https://eb2.3lift.com/getuid?redir=https%3A%2F%2Fapi.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D259151345%26mi%3D10%26csh%3D570392714%3B541745869%26rnd%3D-1186440715%26pcid%3D$UID HTTP 302
  • https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=259151345&mi=10&csh=570392714;541745869&rnd=-1186440715&pcid=3522455783818883563132 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=12218&nid=2528&put=PyhM2rLAGW&expires=1825&rnd=926842293
Request Chain 349
  • https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=MTYxZWJiYmMtNTJmYS00ZGZkLTlkZDYtNjlmODYxNWU5ZWI1 HTTP 302
  • https://sync.go.sonobi.com/usg.gif?google_gid=CAESEGBUyAhjXA6y82w_3sKekK0&google_cver=1
Request Chain 360
  • https://bbnaut.ibillboard.com/match/AdScale?partneruid=4a3494f4b38c4774a1502e08cfec66ee&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F12c4aab3da0a4f36a6cbbd4aff29f584%2F1643279764267%2F0%2Fimg%3Ftpid%3D101%26tpuid%3DIBB_USER_ID&gdpr=0 HTTP 302
  • https://ih.adscale.de/sium/12c4aab3da0a4f36a6cbbd4aff29f584/1643279764267/0/img?tpid=101&tpuid=BBID-01-03179937647534265-16510104
Request Chain 394
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm&gdpr=0 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENl89Nifbqkoww5OOn8oRSY&google_cver=1&gdpr=0
Request Chain 395
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&gdpr=0&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YfJ1k4fAXGcl1AX3NhIYCAAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENl89Nifbqkoww5OOn8oRSY&google_cver=1
Request Chain 396
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm&gdpr=0 HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&gdpr=0&code=CAESEOeOtvfCxzVcHLgm2fXnX2Y&google_cver=1
Request Chain 397
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODA3NjY5Nzc2OTc2ODc3NTAxMw%3D%3D
Request Chain 398
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm&gdpr=0 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENl89Nifbqkoww5OOn8oRSY&google_cver=1&gdpr=0
Request Chain 399
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&gdpr=0&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YfJ1k4fAXGcl1AX3NhIYCAAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENl89Nifbqkoww5OOn8oRSY&google_cver=1
Request Chain 400
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm&gdpr=0 HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&gdpr=0&code=CAESEOeOtvfCxzVcHLgm2fXnX2Y&google_cver=1
Request Chain 401
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODA3NjY5Nzc2OTc2ODc3NTAxMw%3D%3D
Request Chain 405
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEE09z7DORRr12gYTAcg_Z_s&google_cver=1&gdpr=0
Request Chain 406
  • https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&gdpr=0&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=Nzc5MDI0Y2EtOGM0MC0yNDk1LWZjYTEtYzMyYjE4ZDgxY2Ex
Request Chain 407
  • https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm&gdpr=0 HTTP 302
  • https://sync.teads.tv/um?eid=3&uid=CAESEPJPnBFf7_zJTldK-SOXL04&google_cver=1&gdpr=0
Request Chain 408
  • https://sync.teads.tv/um?eid=3&uid=&gdpr=0&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=NjRjYzQ5ZWQtZWFjNC00MmM1LTllYzUtMzljM2Y3YzQ5ZWQw
Request Chain 410
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fdl-file.com%2F&domain=dl-file.com&bundle=FZGcuV9PT1hrVFVmWWsxUGp6Q3BwJTJGdU1LSk94Wnk4WnMlMkZpWmlLOUVpOXdPd2xPZEp2c1RZTXhwRnRBV2MwYVNWMnRjeEt5SEZNRE5GJTJCUVZOQmZkZUwxb2ZQUng3OE9zS0l0Q2hqVktLMlRqb2Nlalp1bGhIZmpxNXBoUExibTdhb21VNGM3a0g2dXZUWkRpbDlHdzVjbSUyQkFTUSUzRCUzRA&cw=1&lsw=1 HTTP 302
  • https://mug.criteo.com/sid?cpp=pEshX3xtL3NRTWdWS1ZZRmQvRkV4V2dEakVTOFhOVFNQRENwRDBldi9JMERIY3VDaVBCcjhiN1lHVTNrT3lQMVlyYlJuRW0xV0w2M2hjV2lDdW5uV1lpMjdUY1BPV1VLQXZFNEVXaE9OYlhvcFZzQXBOYmJTMGpYTzdOdTZTcWxhZEk1YUROTGcrQTRQMlRVUjRZdmRlcnVNeXpIUWIyQ0NmWU5MOHRMbFlOMzNlU0dXY2JiYmg2djVwd0lQRGV4U1JwUStvdjg0MGZIUzMwanlTNXVvaFhIVGlxZmJ6YUdNY3hjcU5xRFNETmFHaXV6YXdrUmVRUHpqaUR0L3FST2Y0bGgxdi9rOUppVVRlT0ZiY0oxY0ZPRi83dz09fA&cppv=2
Request Chain 419
  • https://sync-tm.everesttech.net/upi/pid/m7y5t93k?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55986%2Fsync%3Fuid%3D%24%7BUSER_ID%7D%26_origin%3D0&gdpr=0&gdpr_consent= HTTP 302
  • https://pixel.advertising.com/ups/55986/sync?uid=YfJ1kgABr3rv_ABH&_origin=0&gdpr=0&gdpr_consent= HTTP 302
  • https://pixel.advertising.com/ups/55986/sync?uid=YfJ1kgABr3rv_ABH&_origin=0&gdpr=0&gdpr_consent=&verify=true HTTP 302
  • https://ups.analytics.yahoo.com/ups/55986/sync?uid=YfJ1kgABr3rv_ABH&_origin=0&gdpr=0&gdpr_consent=&apid=UPee1e8926-7f5c-11ec-88c4-0ab41587ebe7
Request Chain 420
  • https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true HTTP 302
  • https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&verify=true HTTP 302
  • https://ups.analytics.yahoo.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&apid=UPee1e8926-7f5c-11ec-88c4-0ab41587ebe7 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm&google_hm=VVBlZTFlODkyNi03ZjVjLTExZWMtODhjNC0wYWI0MTU4N2ViZTc%3D HTTP 302
  • https://pixel.advertising.com/ups/57304/sync?uid=CAESEJgotH3H1w7cP7gGvHrjC3c&google_cver=1 HTTP 302
  • https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEJgotH3H1w7cP7gGvHrjC3c&google_cver=1&apid=UPee1e8926-7f5c-11ec-88c4-0ab41587ebe7
Request Chain 421
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adaptv&ttd_tpi=1 HTTP 302
  • https://ups.analytics.yahoo.com/ups/55953/sync?uid=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9&_origin=1&gdpr=0&gdpr_consent=
Request Chain 422
  • https://ads.stickyadstv.com/auto-user-sync HTTP 302
  • https://1f2e7.v.fwmrm.net/ad/u?_dv=2&dsp_user_mapping=true&127719=291176a43186b0efa326df3d4194d68&rdU=https%3A%2F%2Fads.stickyadstv.com%2Fuser-registering%3FdataProviderId%3D1169%26userId%3d%23%7buser.id%7d HTTP 302
  • https://ads.stickyadstv.com/user-registering?dataProviderId=1169&userId=o24fe_7057832840264562917 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=stickyxchange_dbm&google_cm=&google_sc&google_hm=MjkxMTc2YTQzMTg2YjBlZmEzMjZkZjNkNDE5NGQ2OA==&gdpr=0&gdpr_consent= HTTP 302
  • https://ads.stickyadstv.com/user-registering?dataProviderId=141&userId=CAESEIq-lr5_rTGrJlZit6LAqSc&google_cver=1&gdpr=0&gdpr_consent= HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=stickyads&ttd_tpi=1&gdpr=0&gdpr_consent=&gdpr=0&gdpr_consent= HTTP 302
  • https://ads.stickyadstv.com/user-registering?dataProviderId=208&userId=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9 HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/stickyads/291176a43186b0efa326df3d4194d68?gdpr=0&gdpr_consent= HTTP 302
  • https://ads.stickyadstv.com/user-registering?dataProviderId=199&userId=y-tFVNkfBE2oPuil2ByJR.5h5aqrDWC9hAB_awH1mc~A HTTP 302
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fads.stickyadstv.com%2Fuser-registering%3FdataProviderId%3D209&gdpr=0&gdpr_consent=%26userId%3D$UID HTTP 302
  • https://ads.stickyadstv.com/user-registering?dataProviderId=209&gdpr=0&gdpr_consent=&userId=8076697769768775013 HTTP 302
  • https://sync.mathtag.com/sync/img?mt_exid=44&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fads.stickyadstv.com%2Fuser-registering%3FdataProviderId%3D183%26userId%3D%5BMM_UUID%5D&gdpr=0&gdpr_consent= HTTP 302
  • https://ads.stickyadstv.com/user-registering?dataProviderId=183&userId=ae5661f2-7593-4600-a67e-b76a480711f0&gdpr=0&gdpr_consent= HTTP 302
  • https://pm.w55c.net/ping_match.gif?st=FREEWHEEL&rurl=https%3A%2F%2Fads.stickyadstv.com%2Fuser-registering%3FdataProviderId%3D593&userId=_wfivefivec_&gdpr=0&gdpr_consent= HTTP 302
  • https://ads.stickyadstv.com/user-registering?dataProviderId=593&userId=vv14SpX61Nd28j5&gdpr=0&gdpr_consent= HTTP 302
  • https://sync-tm.everesttech.net/upi/pid/wGbQAlJJ?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fads.stickyadstv.com%2Fuser-registering%3FdataProviderId%3D187%26userId%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent= HTTP 302
  • https://ads.stickyadstv.com/user-registering?dataProviderId=187&userId=YfJ1kgABr3rv_ABH&gdpr=0&gdpr_consent= HTTP 302
  • https://match.prod.bidr.io/cookie-sync/stv?gdpr=0&gdpr_consent=&gdpr=0&gdpr_consent= HTTP 303
  • https://ads.stickyadstv.com/user-registering?dataProviderId=817&userId=AAD_kE7D5OsAAEZmLcoSJg&gdpr=0 HTTP 302
  • https://c1.adform.net/serving/cookie/match/?party=18&gdpr=0 HTTP 302
  • https://ads.stickyadstv.com/user-registering?dataProviderId=189&userId=3450203132156163805
Request Chain 426
  • https://ssum.casalemedia.com/usermatchredir?s=183592&cb=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D63%26tpuid%3D__UID__&uid=b8bb9c6f169f6e2962a2d4f249ff27c62e1a63ecb7380c2e3a5f2ede5da37e05&tpid=63&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F12c4aab3da0a4f36a6cbbd4aff29f584%2F1643279764267%2F0%2Fimg&gdpr=0 HTTP 302
  • https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=63&tpuid=YfJ1k4fAXGcl1AX3NhIYCAAA%26119
Request Chain 442
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=3658&xuid=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9&dongle=0cfd
Request Chain 443
  • https://ad.mrtnsvr.com/sync/triplelift HTTP 302
  • https://eb2.3lift.com/xuidmid=7976&xuid=Y_1yns54M&dongle=u6nf
Request Chain 444
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEFUR5WPh0gcGr6EpEfq3UiQ&dongle=c627&gdpr=0&gdpr_consent=&google_cver=1
Request Chain 445
  • https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=0&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=0&gdpr_consent=&us_privacy=&google_hm=MzUyMjQ1NTc4MzgxODg4MzU2MzEzMg%3D%3D
Request Chain 446
  • https://px.ads.linkedin.com/setuid?partner=tripleliftdbredirect&tlUid=3522455783818883563132&dbredirect=true&gdpr=0&consent= HTTP 302
  • https://px.ads.linkedin.com/setuid?partner=tripleliftdbredirect&tlUid=3522455783818883563132&dbredirect=true&gdpr=0&consent=&cookiesTest=true HTTP 302
  • https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=58300170-245d-47b4-ad2b-bcbd2fd95a74&_noobservation=1
Request Chain 447
  • https://pr-bh.ybp.yahoo.com/sync/triplelift/3522455783818883563132?gdpr=0&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=2662&xuid=y-NKSHeHhE2oRTdx0X0Z1xn3v08zCVSVEfA2xqGqsdRQ--~A&dongle=0883
Request Chain 448
  • https://x.bidswitch.net/sync?ssp=triplelift&user_id=3522455783818883563132&gdpr=0&gdpr_consent= HTTP 302
  • https://cm.smadex.com/sync?sm_did=bds&bds_ssp_id=triplelift&bds_param=c842ca48-ee24-4529-8afa-5d2f74bfe7d3 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=340&user_id=e4b40a9c-b3b4-45ad-a359-64731c063052&expires=10&ssp=triplelift&bsw_param=c842ca48-ee24-4529-8afa-5d2f74bfe7d3 HTTP 302
  • https://eb2.3lift.com/xuid?mid=2409&xuid=c842ca48-ee24-4529-8afa-5d2f74bfe7d3&dongle=d3d3&gdpr=&gdpr_consent=&gdpr_pd=
Request Chain 451
  • https://b1sync.zemanta.com/usersync/triplelift?gdpr=0&gdpr_consent= HTTP 302
  • https://stags.bluekai.com/site/23178?id=oVsUmNgT0LhHi9MYDApD&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS6ZLCGIXDG3DJMZ2C4Y3PNUXXQ5LJMQ7WI33OM5WGKPLEMJQTQJTFPBRWQYLOM5ST25DSNFYGYZLMNFTHIJTHMRYHEPJQEZWWSZB5GI2DMMBGPB2WSZB5N5LHGVLNJZTVIMCMNBEGSOKNLFCEC4CE&gdpr=0 HTTP 302
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS6ZLCGIXDG3DJMZ2C4Y3PNUXXQ5LJMQ7WI33OM5WGKPLEMJQTQJTFPBRWQYLOM5ST25DSNFYGYZLMNFTHIJTHMRYHEPJQEZWWSZB5GI2DMMBGPB2WSZB5N5LHGVLNJZTVIMCMNBEGSOKNLFCEC4CE HTTP 302
  • https://eb2.3lift.com/xuid?dongle=dba8&gdpr=0&mid=2460&xuid=oVsUmNgT0LhHi9MYDApD
Request Chain 458
  • https://x.bidswitch.net/sync?ssp=admatic HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=bidswitch&ttd_tpi=1&ttd_puid=admatic&gdpr=&gdpr_consent= HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=93&user_id=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9&expires=30&ssp=admatic&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT_21} HTTP 302
  • https://ads4.admatic.com.tr/showad/px/ums/sync/bsw?bsw_uuid=c842ca48-ee24-4529-8afa-5d2f74bfe7d3&dsp_uuid=&dsp_id= HTTP 302
  • https://ads3.admatic.com.tr/user?bsw_uuid=c842ca48-ee24-4529-8afa-5d2f74bfe7d3&dsp_uuid=&dsp_id=
Request Chain 462
  • https://track.adform.net/serving/cookie/match/?party=9&uid=f4d521b61d37f6bad999fa2b8081ce649195279e27aa8b0d447ce4fd8adc9930&tpid=42&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F12c4aab3da0a4f36a6cbbd4aff29f584%2F1643279764267%2F0%2Fimg&gdpr=0 HTTP 302
  • https://ih.adscale.de/sium/12c4aab3da0a4f36a6cbbd4aff29f584/1643279764267/0/img?tpid=42&gdpr=0&tpuid=3450203132156163805
Request Chain 471
  • https://ad.turn.com/r/cs?pid=3&google_gid=CAESEMrBxY_KWfZaoYvR4HKgJ9c&google_cver=1&google_push=AYg5qPIq9tbWlPlSsjquhMznAvdDK6rYeARGuEppwDsicWv19F0KbfsE6quo7A5RMbAuUzQcAmk-F1OCpcpkK1zxLm7f2Qrad8yCXB5sUt0qcA2xF60VORhu4DXGt_-REd04lywCJ4P7gug HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NDMzMTM3MDE4MjAxMDYzNTM3Nw==&gdpr=0&gdpr_consent= HTTP 302
  • https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=0&gdpr_consent=&google_gid=CAESEMrBxY_KWfZaoYvR4HKgJ9c&google_cver=1
Request Chain 472
  • https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEG8gxe9pMXm7_SoTkx77AXw&google_cver=1&google_push=AYg5qPLUkbTlCBitYDuWNxOGncjIombrtmDJn66FXhiKKeEmEbli0VhltIYz4xfPWuWlDfQ9TwFl8bhDTNWhtTtr2vjBy3mocbzHTG24TOiARkiJuN2A3Sqp7wCce5SKYlxOdoqLk0im3Y8 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WWZKMWtnQUJyM3J2X0FCSA==&google_gid=CAESEG8gxe9pMXm7_SoTkx77AXw&google_cver=1&google_push=AYg5qPLUkbTlCBitYDuWNxOGncjIombrtmDJn66FXhiKKeEmEbli0VhltIYz4xfPWuWlDfQ9TwFl8bhDTNWhtTtr2vjBy3mocbzHTG24TOiARkiJuN2A3Sqp7wCce5SKYlxOdoqLk0im3Y8
Request Chain 473
  • https://fksnk.com/cs/google?google_gid=CAESEPrQ0vsC4XikJOblzH7CAFY&google_cver=1&google_push=AYg5qPJ672hztLM0QYGlZGZlz7tyi5ADWewKwccF2a01hirgNjYoYGzwtVLvrF9ZGXuQCcViZKTvu35-4Xz1wtPErJ_KvLvYDoAgjl6BgZQBqfQlPmciCU0NCii02Gpt2fVxFYz6ALPcFzw HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=ODYwMjk5OTM3NDdBQkFCMA==
Request Chain 474
  • https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEK29qslJYrnkCDwMI64QuWc&google_cver=1&google_push=AYg5qPIJ3i9OjxIhGYzeAdJejOfOJn1bjnKOscscYec9mtU2magKGbhZEqzus6Cur4wsErX6zNJz24vUDdpcg8pvR4Nz842XZdWaR9GZFKQOkEKG6uz1TgO6tRmWUMkm0445S3tWEG4IEfY HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AYg5qPIJ3i9OjxIhGYzeAdJejOfOJn1bjnKOscscYec9mtU2magKGbhZEqzus6Cur4wsErX6zNJz24vUDdpcg8pvR4Nz842XZdWaR9GZFKQOkEKG6uz1TgO6tRmWUMkm0445S3tWEG4IEfY&google_hm=b1ZzVW1OZ1QwTGhIaTlNWURBcEQ=
Request Chain 475
  • https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEKovoFi1oe6aFV5cCP9_MXQ&google_cver=1&google_push=AYg5qPIf43xRBCjiG0Z-VeWTnrLwMawpNxfjE5M5zPKBI6B72FXD9SN2vYjTUEkkizOtqMRDzQQov2-cmAxtt4i2oUayfGHntdEaAUTF29Q4rMpPPM50s_cca7V7_NAkJ4BDr17fzbVQNNw HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPIf43xRBCjiG0Z-VeWTnrLwMawpNxfjE5M5zPKBI6B72FXD9SN2vYjTUEkkizOtqMRDzQQov2-cmAxtt4i2oUayfGHntdEaAUTF29Q4rMpPPM50s_cca7V7_NAkJ4BDr17fzbVQNNw
Request Chain 476
  • https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEO9du5EHSTcr3Kkl3gLAwE8&google_cver=1&google_push=AYg5qPKALXy1U1n1HnMolYKBzvPKyRa_ZNrYGLBine0lcOArcziO0HdfnjLswoFUQILfabpZsHi07D532RfDpeWwmbpqxyCFy3CNjqsE5fLXlJB1ZWq9zwaE1fvl6AYUDIZwBjwLfW_jZKc HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1OVVlfeE54RTJ1SGZJRk9Wd2FscFdkUWltTjE0VDIzWX5B&google_push=AYg5qPKALXy1U1n1HnMolYKBzvPKyRa_ZNrYGLBine0lcOArcziO0HdfnjLswoFUQILfabpZsHi07D532RfDpeWwmbpqxyCFy3CNjqsE5fLXlJB1ZWq9zwaE1fvl6AYUDIZwBjwLfW_jZKc
Request Chain 477
  • https://ius.ctnsnet.com/int/cm?exc=1&acc=crimtan_holdings_limited&google_gid=CAESEL1WMe6Qy_YXWt6izZNDXTw&google_cver=1&google_push=AYg5qPK5fQMv-Ep9tEKA9YIYJjVASFZaMR1u2tggChLDTYVNiExHaFwqyOaXSun2pH78nHn16WmPYFeHdxrlyJBsceZpCBaWm5T7yMxRYA7n9Oz3UKiJNKvHgQ6OrG3hGw0qiHvvrR8U9IPl HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AYg5qPK5fQMv-Ep9tEKA9YIYJjVASFZaMR1u2tggChLDTYVNiExHaFwqyOaXSun2pH78nHn16WmPYFeHdxrlyJBsceZpCBaWm5T7yMxRYA7n9Oz3UKiJNKvHgQ6OrG3hGw0qiHvvrR8U9IPl&google_hm=RS3zP53zQfekDJNwSYRF0Lg
Request Chain 480
  • https://px.owneriq.net/ecmg?google_gid=CAESEObGCAPpXaUkhtjga0AaRfw&google_cver=1&google_push=AYg5qPJd7RwS5VcT9PGKcYHWyHPmb71ITaK_hQ2ldG6B5TBu15lC1t4-yf8H_Ic1avoeqxEKLNhmo5bkE3XMP6r_K6VfV4Jn0cB5Etq_89YhWAaNXDYvXuwisy6qJjotom-fVCka65PL8jp3 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=owneriq1&google_sc&google_push=AYg5qPJd7RwS5VcT9PGKcYHWyHPmb71ITaK_hQ2ldG6B5TBu15lC1t4-yf8H_Ic1avoeqxEKLNhmo5bkE3XMP6r_K6VfV4Jn0cB5Etq_89YhWAaNXDYvXuwisy6qJjotom-fVCka65PL8jp3&google_cver=1&google_gid=CAESEObGCAPpXaUkhtjga0AaRfw&google_hm=UTY5NjU2NjE2MzE2MDA5NzMyNjFQ
Request Chain 481
  • https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESENodqvXvdNsAg-sV9GYdGUQ&google_cver=1&google_push=AYg5qPIw6Jl7mJ1MiZo9-pEfiYSKe9Wq_GCyyUNH8a2kPzLxMj7tbJlEvIB84G12cvXGGpntnoPHhtLc0y4Z-a3NMmnpHHMk6WNOM8wja6wRGqwK81D3biBxUsjAtjIirNQPqY45a7Zy37sF HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=rlZh8nWTRgCmfrdqSAcR8A&google_push=AYg5qPIw6Jl7mJ1MiZo9-pEfiYSKe9Wq_GCyyUNH8a2kPzLxMj7tbJlEvIB84G12cvXGGpntnoPHhtLc0y4Z-a3NMmnpHHMk6WNOM8wja6wRGqwK81D3biBxUsjAtjIirNQPqY45a7Zy37sF
Request Chain 482
  • https://aep.mxptint.net/sn.ashx?google_gid=CAESEDpAegGB908Za1_9iEayVns&google_cver=1&google_push=AYg5qPK48OYlNPpEBs35bWJhqFC8uDiR7S5Gpr5QBE_0gWS5MIhu8SYn-W0x1o46PtSEGkivJqkPBvELcZVvcjNvskO7H01Xs1xMGzQ83gQQ_Wfs9mEjZKRq_INQ8utGnXHkeq4Y3GRxleM HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pf8b3zh4kyw&google_push=AYg5qPK48OYlNPpEBs35bWJhqFC8uDiR7S5Gpr5QBE_0gWS5MIhu8SYn-W0x1o46PtSEGkivJqkPBvELcZVvcjNvskO7H01Xs1xMGzQ83gQQ_Wfs9mEjZKRq_INQ8utGnXHkeq4Y3GRxleM&google_hm=UjFCMzMwX0VBNThERDFDX0M0Rjc0MUI%3D
Request Chain 483
  • https://a.clickcertain.com/px/img/g/?google_gid=CAESEAg8OMOQHdVG7I7rUjN7KSA&google_cver=1&google_push=AYg5qPIc1hlSbjC0NwRcFZXqZrCjm_My5ug7xV8sXv5ww318doTl0JJBF31kK_rAtRrR6F9gWkrkNRLDYOsDokSPS9H6b3eWPwUo_1-et_LJqrcA9sgVvY5iFRy-4mx3aJ0hq80L9_GsiJfW HTTP 302
  • https://i.liadm.com/s/56408?bidder_id=200441&bidder_uuid=5c178c8e-b9ee-4d6b-a60d-6cab3978d124&ccid=5c178c8e-b9ee-4d6b-a60d-6cab3978d124&redir=https%253a%252f%252fsecure%252eadnxs%252ecom%252fgetuidu%253fhttps%253a%252f%252fa%252eclickcertain%252ecom%252fpx%252fimg%252fg%252f%253fdone%253dtrue%2526google_gid%253dCAESEAg8OMOQHdVG7I7rUjN7KSA%2526google_cver%253d1%2526google_push%253dAYg5qPIc1hlSbjC0NwRcFZXqZrCjm_My5ug7xV8sXv5ww318doTl0JJBF31kK_rAtRrR6F9gWkrkNRLDYOsDokSPS9H6b3eWPwUo_1%252det_LJqrcA9sgVvY5iFRy%252d4mx3aJ0hq80L9_GsiJfW%2526anx_uId%253d%2524UID HTTP 303
  • https://a.clickcertain.com/px/li/?ccid=5c178c8e-b9ee-4d6b-a60d-6cab3978d124&redir=https%3a%2f%2fsecure%2eadnxs%2ecom%2fgetuidu%3fhttps%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fimg%2fg%2f%3fdone%3dtrue%26google_gid%3dCAESEAg8OMOQHdVG7I7rUjN7KSA%26google_cver%3d1%26google_push%3dAYg5qPIc1hlSbjC0NwRcFZXqZrCjm_My5ug7xV8sXv5ww318doTl0JJBF31kK_rAtRrR6F9gWkrkNRLDYOsDokSPS9H6b3eWPwUo_1%2det_LJqrcA9sgVvY5iFRy%2d4mx3aJ0hq80L9_GsiJfW%26anx_uId%3d%24UID HTTP 302
  • https://secure.adnxs.com/getuidu?https://a.clickcertain.com/px/img/g/?done=true&google_gid=CAESEAg8OMOQHdVG7I7rUjN7KSA&google_cver=1&google_push=AYg5qPIc1hlSbjC0NwRcFZXqZrCjm_My5ug7xV8sXv5ww318doTl0JJBF31kK_rAtRrR6F9gWkrkNRLDYOsDokSPS9H6b3eWPwUo_1-et_LJqrcA9sgVvY5iFRy-4mx3aJ0hq80L9_GsiJfW&anx_uId=$UID HTTP 302
  • https://a.clickcertain.com/px/img/g/?done=true&google_gid=CAESEAg8OMOQHdVG7I7rUjN7KSA&google_cver=1&google_push=AYg5qPIc1hlSbjC0NwRcFZXqZrCjm_My5ug7xV8sXv5ww318doTl0JJBF31kK_rAtRrR6F9gWkrkNRLDYOsDokSPS9H6b3eWPwUo_1-et_LJqrcA9sgVvY5iFRy-4mx3aJ0hq80L9_GsiJfW&anx_uId=8076697769768775013 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=clickcertain&google_push=AYg5qPIc1hlSbjC0NwRcFZXqZrCjm_My5ug7xV8sXv5ww318doTl0JJBF31kK_rAtRrR6F9gWkrkNRLDYOsDokSPS9H6b3eWPwUo_1-et_LJqrcA9sgVvY5iFRy-4mx3aJ0hq80L9_GsiJfW&google_hm=NWMxNzhjOGUtYjllZS00ZDZiLWE2MGQtNmNhYjM5NzhkMTI0
Request Chain 484
  • https://match.360yield.com/match/ebda?google_gid=CAESEEOZpxzlcakwD1bzCQGE7d8&google_cver=1&google_push=AYg5qPIjbwa7IrQCMWfLiZ1iSuV_mN-dmzgvaaE82QzWtoenFfRQ2eJpUODIGPetpaiCpKCKxbxLO5gRA4Aal_kNSUsLU0QH_XO-vuc1Ff5u2wTGpRDkF-LB6x2DUCg5w3lIaNXigG56Yv2c HTTP 302
  • https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEEOZpxzlcakwD1bzCQGE7d8&google_cver=1&google_push=AYg5qPIjbwa7IrQCMWfLiZ1iSuV_mN-dmzgvaaE82QzWtoenFfRQ2eJpUODIGPetpaiCpKCKxbxLO5gRA4Aal_kNSUsLU0QH_XO-vuc1Ff5u2wTGpRDkF-LB6x2DUCg5w3lIaNXigG56Yv2c HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=Fs92_2RHRueoY92QyRsbMA&google_push=AYg5qPIjbwa7IrQCMWfLiZ1iSuV_mN-dmzgvaaE82QzWtoenFfRQ2eJpUODIGPetpaiCpKCKxbxLO5gRA4Aal_kNSUsLU0QH_XO-vuc1Ff5u2wTGpRDkF-LB6x2DUCg5w3lIaNXigG56Yv2c HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=Fs92_2RHRueoY92QyRsbMA&google_push=AYg5qPIjbwa7IrQCMWfLiZ1iSuV_mN-dmzgvaaE82QzWtoenFfRQ2eJpUODIGPetpaiCpKCKxbxLO5gRA4Aal_kNSUsLU0QH_XO-vuc1Ff5u2wTGpRDkF-LB6x2DUCg5w3lIaNXigG56Yv2c HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=Fs92_2RHRueoY92QyRsbMA&google_push=AYg5qPIjbwa7IrQCMWfLiZ1iSuV_mN-dmzgvaaE82QzWtoenFfRQ2eJpUODIGPetpaiCpKCKxbxLO5gRA4Aal_kNSUsLU0QH_XO-vuc1Ff5u2wTGpRDkF-LB6x2DUCg5w3lIaNXigG56Yv2c HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=Fs92_2RHRueoY92QyRsbMA&google_push=AYg5qPIjbwa7IrQCMWfLiZ1iSuV_mN-dmzgvaaE82QzWtoenFfRQ2eJpUODIGPetpaiCpKCKxbxLO5gRA4Aal_kNSUsLU0QH_XO-vuc1Ff5u2wTGpRDkF-LB6x2DUCg5w3lIaNXigG56Yv2c HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=Fs92_2RHRueoY92QyRsbMA&google_push=AYg5qPIjbwa7IrQCMWfLiZ1iSuV_mN-dmzgvaaE82QzWtoenFfRQ2eJpUODIGPetpaiCpKCKxbxLO5gRA4Aal_kNSUsLU0QH_XO-vuc1Ff5u2wTGpRDkF-LB6x2DUCg5w3lIaNXigG56Yv2c HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=Fs92_2RHRueoY92QyRsbMA&google_push=AYg5qPIjbwa7IrQCMWfLiZ1iSuV_mN-dmzgvaaE82QzWtoenFfRQ2eJpUODIGPetpaiCpKCKxbxLO5gRA4Aal_kNSUsLU0QH_XO-vuc1Ff5u2wTGpRDkF-LB6x2DUCg5w3lIaNXigG56Yv2c HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=Fs92_2RHRueoY92QyRsbMA&google_push=AYg5qPIjbwa7IrQCMWfLiZ1iSuV_mN-dmzgvaaE82QzWtoenFfRQ2eJpUODIGPetpaiCpKCKxbxLO5gRA4Aal_kNSUsLU0QH_XO-vuc1Ff5u2wTGpRDkF-LB6x2DUCg5w3lIaNXigG56Yv2c HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=Fs92_2RHRueoY92QyRsbMA&google_push=AYg5qPIjbwa7IrQCMWfLiZ1iSuV_mN-dmzgvaaE82QzWtoenFfRQ2eJpUODIGPetpaiCpKCKxbxLO5gRA4Aal_kNSUsLU0QH_XO-vuc1Ff5u2wTGpRDkF-LB6x2DUCg5w3lIaNXigG56Yv2c HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=Fs92_2RHRueoY92QyRsbMA&google_push=AYg5qPIjbwa7IrQCMWfLiZ1iSuV_mN-dmzgvaaE82QzWtoenFfRQ2eJpUODIGPetpaiCpKCKxbxLO5gRA4Aal_kNSUsLU0QH_XO-vuc1Ff5u2wTGpRDkF-LB6x2DUCg5w3lIaNXigG56Yv2c HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=Fs92_2RHRueoY92QyRsbMA&google_push=AYg5qPIjbwa7IrQCMWfLiZ1iSuV_mN-dmzgvaaE82QzWtoenFfRQ2eJpUODIGPetpaiCpKCKxbxLO5gRA4Aal_kNSUsLU0QH_XO-vuc1Ff5u2wTGpRDkF-LB6x2DUCg5w3lIaNXigG56Yv2c HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=Fs92_2RHRueoY92QyRsbMA&google_push=AYg5qPIjbwa7IrQCMWfLiZ1iSuV_mN-dmzgvaaE82QzWtoenFfRQ2eJpUODIGPetpaiCpKCKxbxLO5gRA4Aal_kNSUsLU0QH_XO-vuc1Ff5u2wTGpRDkF-LB6x2DUCg5w3lIaNXigG56Yv2c HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=Fs92_2RHRueoY92QyRsbMA&google_push=AYg5qPIjbwa7IrQCMWfLiZ1iSuV_mN-dmzgvaaE82QzWtoenFfRQ2eJpUODIGPetpaiCpKCKxbxLO5gRA4Aal_kNSUsLU0QH_XO-vuc1Ff5u2wTGpRDkF-LB6x2DUCg5w3lIaNXigG56Yv2c HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=Fs92_2RHRueoY92QyRsbMA&google_push=AYg5qPIjbwa7IrQCMWfLiZ1iSuV_mN-dmzgvaaE82QzWtoenFfRQ2eJpUODIGPetpaiCpKCKxbxLO5gRA4Aal_kNSUsLU0QH_XO-vuc1Ff5u2wTGpRDkF-LB6x2DUCg5w3lIaNXigG56Yv2c HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=Fs92_2RHRueoY92QyRsbMA&google_push=AYg5qPIjbwa7IrQCMWfLiZ1iSuV_mN-dmzgvaaE82QzWtoenFfRQ2eJpUODIGPetpaiCpKCKxbxLO5gRA4Aal_kNSUsLU0QH_XO-vuc1Ff5u2wTGpRDkF-LB6x2DUCg5w3lIaNXigG56Yv2c HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=Fs92_2RHRueoY92QyRsbMA&google_push=AYg5qPIjbwa7IrQCMWfLiZ1iSuV_mN-dmzgvaaE82QzWtoenFfRQ2eJpUODIGPetpaiCpKCKxbxLO5gRA4Aal_kNSUsLU0QH_XO-vuc1Ff5u2wTGpRDkF-LB6x2DUCg5w3lIaNXigG56Yv2c HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=Fs92_2RHRueoY92QyRsbMA&google_push=AYg5qPIjbwa7IrQCMWfLiZ1iSuV_mN-dmzgvaaE82QzWtoenFfRQ2eJpUODIGPetpaiCpKCKxbxLO5gRA4Aal_kNSUsLU0QH_XO-vuc1Ff5u2wTGpRDkF-LB6x2DUCg5w3lIaNXigG56Yv2c HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=Fs92_2RHRueoY92QyRsbMA&google_push=AYg5qPIjbwa7IrQCMWfLiZ1iSuV_mN-dmzgvaaE82QzWtoenFfRQ2eJpUODIGPetpaiCpKCKxbxLO5gRA4Aal_kNSUsLU0QH_XO-vuc1Ff5u2wTGpRDkF-LB6x2DUCg5w3lIaNXigG56Yv2c HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=Fs92_2RHRueoY92QyRsbMA&google_push=AYg5qPIjbwa7IrQCMWfLiZ1iSuV_mN-dmzgvaaE82QzWtoenFfRQ2eJpUODIGPetpaiCpKCKxbxLO5gRA4Aal_kNSUsLU0QH_XO-vuc1Ff5u2wTGpRDkF-LB6x2DUCg5w3lIaNXigG56Yv2c HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=Fs92_2RHRueoY92QyRsbMA&google_push=AYg5qPIjbwa7IrQCMWfLiZ1iSuV_mN-dmzgvaaE82QzWtoenFfRQ2eJpUODIGPetpaiCpKCKxbxLO5gRA4Aal_kNSUsLU0QH_XO-vuc1Ff5u2wTGpRDkF-LB6x2DUCg5w3lIaNXigG56Yv2c
Request Chain 485
  • https://beacon.lynx.cognitivlabs.com/adx.gif?google_gid=CAESEEPbYc9DcQqBw9b4dsUBiLY&google_cver=1&google_push=AYg5qPKzN3Nvzbwc0JxXkWUCL95jgJE1Npf9CfaP7EWboide-1pjIJ3OdeQYZpwstWnaPFKf1lk7cZQ3gp5QnBJkuHp-SJ6sSKEZNSEAU7rLVzSMUYcvwUFzYskSq4Hx4Kr_b2CgQqodoELE7w HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=cognitiv&google_hm=akQCPGXgbke4x2sNxcQKlQ&google_push=AYg5qPKzN3Nvzbwc0JxXkWUCL95jgJE1Npf9CfaP7EWboide-1pjIJ3OdeQYZpwstWnaPFKf1lk7cZQ3gp5QnBJkuHp-SJ6sSKEZNSEAU7rLVzSMUYcvwUFzYskSq4Hx4Kr_b2CgQqodoELE7w
Request Chain 486
  • https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEKG8orLl5AchsLgP9uFn6xM&google_cver=1&google_push=AYg5qPJweN1CmwM9zGVC7oLK9weBnTQvK8Bhr89rGZInWhUkaXeMw9qvDTe2SSxOdcqLS9cnB0CP2m4Eqg_YF0iRjq_KrWUQAQ5XYsR8C-rMXpoojyDWi318ysr-fRheitR4-2VbRwO8Ytf8 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=onetag_eb&google_hm=google_push=AYg5qPJweN1CmwM9zGVC7oLK9weBnTQvK8Bhr89rGZInWhUkaXeMw9qvDTe2SSxOdcqLS9cnB0CP2m4Eqg_YF0iRjq_KrWUQAQ5XYsR8C-rMXpoojyDWi318ysr-fRheitR4-2VbRwO8Ytf8
Request Chain 492
  • https://rtb.openx.net/sync/dds?google_gid=CAESEF8UwjpbYSZODR9tt9a_NqI&google_cver=1&google_push=AYg5qPKTJ0WFTSadjH9ZqAjfNkKDT4h4kk1Od7ORpsHX1N5rtUNS8ejndHAtPbZKv335iKi3vK2kDwrmwSJyxxSTeUf-7KcnLDyR HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPKTJ0WFTSadjH9ZqAjfNkKDT4h4kk1Od7ORpsHX1N5rtUNS8ejndHAtPbZKv335iKi3vK2kDwrmwSJyxxSTeUf-7KcnLDyR&google_hm=hKl9POyxwx8PNdUlASPoew==
Request Chain 493
  • https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEK29qslJYrnkCDwMI64QuWc&google_cver=1&google_push=AYg5qPIUWKaDN1BcGPj74A6MfT7nLZpLJ5gqmerXa9b6aLs8ORe64z2H6x-eBevgv2TpvBemzBPLpYvYzEg4mfBsLlr3Iwy5_wjZ HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AYg5qPIUWKaDN1BcGPj74A6MfT7nLZpLJ5gqmerXa9b6aLs8ORe64z2H6x-eBevgv2TpvBemzBPLpYvYzEg4mfBsLlr3Iwy5_wjZ&google_hm=b1ZzVW1OZ1QwTGhIaTlNWURBcEQ=
Request Chain 494
  • https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEKovoFi1oe6aFV5cCP9_MXQ&google_cver=1&google_push=AYg5qPJeQvB_YkItTwDEsImJmEoOfZziE7A8GnyKQV90-rNG2kYURlxN5QD8KKIikWkCgG_pWHLuAcrQiRYWc03BMu8fVN6KoM_3 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPJeQvB_YkItTwDEsImJmEoOfZziE7A8GnyKQV90-rNG2kYURlxN5QD8KKIikWkCgG_pWHLuAcrQiRYWc03BMu8fVN6KoM_3
Request Chain 495
  • https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEJ2lB0yMRtvFbZj1igR5_r8&google_cver=1&google_push=AYg5qPKK1tfbPH7yBKYahGTciEjEcsN1kjABYvmFa18IPxYHEBxHiACQbpiIgFhqLxPir19AHGn8hGNXtLjkhBFeo_p0MRz5RXz3 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=0&gdpr_consent=&us_privacy=&google_hm=MzUyMjQ1NTc4MzgxODg4MzU2MzEzMg%3D%3D&google_push=AYg5qPKK1tfbPH7yBKYahGTciEjEcsN1kjABYvmFa18IPxYHEBxHiACQbpiIgFhqLxPir19AHGn8hGNXtLjkhBFeo_p0MRz5RXz3
Request Chain 496
  • https://rtb2-useast.torchad.com/sync?exchange=309&google_gid=CAESEMKcF_ZkBAI2XS6KvHHN3y8&google_cver=1&google_push=AYg5qPLYUyJKfMejvXaWStPQRkES9_Nv0ua0vKiGhDwdgqfALMj3yW_E9h_L3brqjvFBOid2KTBO4LIGPvNILac1Efavm_KEtlQR HTTP 302
  • https://dsp.adkernel.com/adkuid?r=https%3A%2F%2Frtb2-useast.torchad.com%2Fsync%3Fexchange%3D309%26google_gid%3DCAESEMKcF_ZkBAI2XS6KvHHN3y8%26google_cver%3D1%26google_push%3DAYg5qPLYUyJKfMejvXaWStPQRkES9_Nv0ua0vKiGhDwdgqfALMj3yW_E9h_L3brqjvFBOid2KTBO4LIGPvNILac1Efavm_KEtlQR HTTP 302
  • https://rtb2-useast.torchad.com/sync?adkuid=A8550707361343690447&exchange=309&google_gid=CAESEMKcF_ZkBAI2XS6KvHHN3y8&google_cver=1&google_push=AYg5qPLYUyJKfMejvXaWStPQRkES9_Nv0ua0vKiGhDwdgqfALMj3yW_E9h_L3brqjvFBOid2KTBO4LIGPvNILac1Efavm_KEtlQR HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=unmatched_solutions_ltd&google_hm=QTg1NTA3MDczNjEzNDM2OTA0NDc&google_push=AYg5qPLYUyJKfMejvXaWStPQRkES9_Nv0ua0vKiGhDwdgqfALMj3yW_E9h_L3brqjvFBOid2KTBO4LIGPvNILac1Efavm_KEtlQR HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=unmatched_solutions_ltd&google_hm=QTg1NTA3MDczNjEzNDM2OTA0NDc&google_push=AYg5qPLYUyJKfMejvXaWStPQRkES9_Nv0ua0vKiGhDwdgqfALMj3yW_E9h_L3brqjvFBOid2KTBO4LIGPvNILac1Efavm_KEtlQR HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=unmatched_solutions_ltd&google_hm=QTg1NTA3MDczNjEzNDM2OTA0NDc&google_push=AYg5qPLYUyJKfMejvXaWStPQRkES9_Nv0ua0vKiGhDwdgqfALMj3yW_E9h_L3brqjvFBOid2KTBO4LIGPvNILac1Efavm_KEtlQR HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=unmatched_solutions_ltd&google_hm=QTg1NTA3MDczNjEzNDM2OTA0NDc&google_push=AYg5qPLYUyJKfMejvXaWStPQRkES9_Nv0ua0vKiGhDwdgqfALMj3yW_E9h_L3brqjvFBOid2KTBO4LIGPvNILac1Efavm_KEtlQR HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=unmatched_solutions_ltd&google_hm=QTg1NTA3MDczNjEzNDM2OTA0NDc&google_push=AYg5qPLYUyJKfMejvXaWStPQRkES9_Nv0ua0vKiGhDwdgqfALMj3yW_E9h_L3brqjvFBOid2KTBO4LIGPvNILac1Efavm_KEtlQR HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=unmatched_solutions_ltd&google_hm=QTg1NTA3MDczNjEzNDM2OTA0NDc&google_push=AYg5qPLYUyJKfMejvXaWStPQRkES9_Nv0ua0vKiGhDwdgqfALMj3yW_E9h_L3brqjvFBOid2KTBO4LIGPvNILac1Efavm_KEtlQR HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=unmatched_solutions_ltd&google_hm=QTg1NTA3MDczNjEzNDM2OTA0NDc&google_push=AYg5qPLYUyJKfMejvXaWStPQRkES9_Nv0ua0vKiGhDwdgqfALMj3yW_E9h_L3brqjvFBOid2KTBO4LIGPvNILac1Efavm_KEtlQR HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=unmatched_solutions_ltd&google_hm=QTg1NTA3MDczNjEzNDM2OTA0NDc&google_push=AYg5qPLYUyJKfMejvXaWStPQRkES9_Nv0ua0vKiGhDwdgqfALMj3yW_E9h_L3brqjvFBOid2KTBO4LIGPvNILac1Efavm_KEtlQR HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=unmatched_solutions_ltd&google_hm=QTg1NTA3MDczNjEzNDM2OTA0NDc&google_push=AYg5qPLYUyJKfMejvXaWStPQRkES9_Nv0ua0vKiGhDwdgqfALMj3yW_E9h_L3brqjvFBOid2KTBO4LIGPvNILac1Efavm_KEtlQR HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=unmatched_solutions_ltd&google_hm=QTg1NTA3MDczNjEzNDM2OTA0NDc&google_push=AYg5qPLYUyJKfMejvXaWStPQRkES9_Nv0ua0vKiGhDwdgqfALMj3yW_E9h_L3brqjvFBOid2KTBO4LIGPvNILac1Efavm_KEtlQR HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=unmatched_solutions_ltd&google_hm=QTg1NTA3MDczNjEzNDM2OTA0NDc&google_push=AYg5qPLYUyJKfMejvXaWStPQRkES9_Nv0ua0vKiGhDwdgqfALMj3yW_E9h_L3brqjvFBOid2KTBO4LIGPvNILac1Efavm_KEtlQR HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=unmatched_solutions_ltd&google_hm=QTg1NTA3MDczNjEzNDM2OTA0NDc&google_push=AYg5qPLYUyJKfMejvXaWStPQRkES9_Nv0ua0vKiGhDwdgqfALMj3yW_E9h_L3brqjvFBOid2KTBO4LIGPvNILac1Efavm_KEtlQR HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=unmatched_solutions_ltd&google_hm=QTg1NTA3MDczNjEzNDM2OTA0NDc&google_push=AYg5qPLYUyJKfMejvXaWStPQRkES9_Nv0ua0vKiGhDwdgqfALMj3yW_E9h_L3brqjvFBOid2KTBO4LIGPvNILac1Efavm_KEtlQR HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=unmatched_solutions_ltd&google_hm=QTg1NTA3MDczNjEzNDM2OTA0NDc&google_push=AYg5qPLYUyJKfMejvXaWStPQRkES9_Nv0ua0vKiGhDwdgqfALMj3yW_E9h_L3brqjvFBOid2KTBO4LIGPvNILac1Efavm_KEtlQR HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=unmatched_solutions_ltd&google_hm=QTg1NTA3MDczNjEzNDM2OTA0NDc&google_push=AYg5qPLYUyJKfMejvXaWStPQRkES9_Nv0ua0vKiGhDwdgqfALMj3yW_E9h_L3brqjvFBOid2KTBO4LIGPvNILac1Efavm_KEtlQR HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=unmatched_solutions_ltd&google_hm=QTg1NTA3MDczNjEzNDM2OTA0NDc&google_push=AYg5qPLYUyJKfMejvXaWStPQRkES9_Nv0ua0vKiGhDwdgqfALMj3yW_E9h_L3brqjvFBOid2KTBO4LIGPvNILac1Efavm_KEtlQR HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=unmatched_solutions_ltd&google_hm=QTg1NTA3MDczNjEzNDM2OTA0NDc&google_push=AYg5qPLYUyJKfMejvXaWStPQRkES9_Nv0ua0vKiGhDwdgqfALMj3yW_E9h_L3brqjvFBOid2KTBO4LIGPvNILac1Efavm_KEtlQR HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=unmatched_solutions_ltd&google_hm=QTg1NTA3MDczNjEzNDM2OTA0NDc&google_push=AYg5qPLYUyJKfMejvXaWStPQRkES9_Nv0ua0vKiGhDwdgqfALMj3yW_E9h_L3brqjvFBOid2KTBO4LIGPvNILac1Efavm_KEtlQR
Request Chain 497
  • https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEO9du5EHSTcr3Kkl3gLAwE8&google_cver=1&google_push=AYg5qPKyO-m0ItnldvCREfyDq4Q36nIwL-9aS_ol17-bJ20p-Y6Cz19p29nS7RT65k84AtVHgBgt50NeO9Qn9nUZ7fiUR6KqV7U7hw HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1OVVlfeE54RTJ1SGZJRk9Wd2FscFdkUWltTjE0VDIzWX5B&google_push=AYg5qPKyO-m0ItnldvCREfyDq4Q36nIwL-9aS_ol17-bJ20p-Y6Cz19p29nS7RT65k84AtVHgBgt50NeO9Qn9nUZ7fiUR6KqV7U7hw
Request Chain 506
  • https://ad.turn.com/r/cs?pid=21 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=4331370182010635377
Request Chain 507
  • https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1 HTTP 302
  • https://casale-match.dotomi.com/match/bounce/current?DotomiTest=12394d381ea608f0&is_secure=true&networkId=19998&version=1 HTTP 302
  • https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=AAADLIc50Ls_9gN1T4xLAAAAAAA&expiration=1643366166&is_secure=true
Request Chain 508
  • https://pixel.quantserve.com/pixel/p-Z8PuJEk6U7Hyq.gif?idmatch=0 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=0&external_user_id=aujW0WvsidBx6YnVP7udh2W909Zx7oDbP70qjCXw
Request Chain 509
  • https://um.simpli.fi/pm_match?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=$UID HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=40B9F463736C486D959A5DD2CDD1535E
Request Chain 510
  • https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=ae5661f2-7593-4600-a67e-b76a480711f0
Request Chain 512
  • https://dmp.brand-display.com/cm/api/index?cm_dsp_id=191&cm_user_id=%3CIndex_user_id%3E HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=191&expiration=63072000&external_user_id=b4341328-7fd7-d81d-2845065f
Request Chain 519
  • https://um2.eqads.com/um/cs HTTP 302
  • https://um2.eqads.com/um/cs&eq_cc=1
Request Chain 521
  • https://dis.criteo.com/dis/usersync.aspx?r=17&p=32&cp=adscale&url=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D40%26tpuid%3D%40%40CRITEO_USERID%40%40&uid=c9d2693f173497b36f55112bceb1087ec6e2ddf20bc6597bbf30553ed8dceddb&tpid=40&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F12c4aab3da0a4f36a6cbbd4aff29f584%2F1643279764267%2F0%2Fimg&gdpr=0 HTTP 302
  • https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=f095fa86-630b-46c9-a5e8-a56131072114&gdpr=0
Request Chain 524
  • https://sync.mathtag.com/sync/img?mt_exid=26&redir=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D39%26tpuid%3D%5BMM_UUID%5D&uid=d56c572e0d5f0689792f842dab6a93ad7d8165233a56e8564d1a01aa1319d7a7&tpid=39&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F12c4aab3da0a4f36a6cbbd4aff29f584%2F1643279764267%2F0%2Fimg&gdpr=0 HTTP 302
  • https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=ae5661f2-7593-4600-a67e-b76a480711f0&gdpr=0&gdpr_consent=
Request Chain 527
  • https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_sc&uid=ddc7a76ba96ed0b365c1599160272d5e2631dc373fa5f0014f95d8b6f422fdb9&tpid=38&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F12c4aab3da0a4f36a6cbbd4aff29f584%2F1643279764267%2F0%2Fimg&gdpr=0 HTTP 302
  • https://ih.adscale.de/sium/12c4aab3da0a4f36a6cbbd4aff29f584/1643279764267/0/img?uid=ddc7a76ba96ed0b365c1599160272d5e2631dc373fa5f0014f95d8b6f422fdb9&tpid=38&gdpr=0&tpuid=CAESEAXJpR-r_xPRLil-2qhwYn0&google_cver=1
Request Chain 532
  • https://adscale-emea.adnxs.com/getuid?https%3A%2F%2Fih.adscale.de%2Fsium%2F12c4aab3da0a4f36a6cbbd4aff29f584%2F1643279764267%2F0%2Fimg%3Ftpid%3D75%26tpuid%3D%24UID&gdpr=0 HTTP 302
  • https://ih.adscale.de/sium/12c4aab3da0a4f36a6cbbd4aff29f584/1643279764267/0/img?tpid=75&tpuid=8076697769768775013&gdpr=0
Request Chain 535
  • https://sync.srv.stackadapt.com/sync?nid=lotame HTTP 302
  • https://bcp.crwdcntrl.net/map/c=6569/tp=STKA/tpid=0-42b25b48-8d64-4dd8-6357-2f670179e085$ip$149.56.153.184
Request Chain 536
  • https://cm.adgrx.com/bridge?AG_SETCOOKIE&AG_PID=lotame&AG_REDIR=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D363%2Ftp%3DADGR%2Ftpid%3D__AG_UID__ HTTP 302
  • https://sync.crwdcntrl.net/map/c=363/tp=ADGR/tpid=ed229770-7f5c-11ec-b8cd-a176aed107ee
Request Chain 537
  • https://pm.w55c.net/ping_match.gif?st=lotame&rurl=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D1818%2Ftp%3DDTXU%2Ftpid%3D_wfivefivec_ HTTP 302
  • https://sync.crwdcntrl.net/map/c=1818/tp=DTXU/tpid=vv14SpX61Nd28j5
Request Chain 538
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc=281%2Frand=929654170%2Ftpid%3D%24UID%2Ftp%3DANXS HTTP 302
  • https://sync.crwdcntrl.net/map/c=281/rand=929654170/tpid=8076697769768775013/tp=ANXS
Request Chain 539
  • https://px.surveywall-api.survata.com/t HTTP 302
  • https://bcp.crwdcntrl.net/map/c=10098/tp=SRVT/tpid=09e2ffd2-fcd8-b831-38ba-667be3ca5278
Request Chain 541
  • https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_cm&red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=8dfOTNl12jiSUGOvzUx3lxk7Q&gdpr=0&gdpr_consent= HTTP 302
  • https://a.audrte.com/g?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=8dfOTNl12jiSUGOvzUx3lxk7Q&gdpr=0&gdpr_consent=&google_gid=CAESEDtXk6Dn6ioQIPgRkQjQBSs&google_cver=1 HTTP 302
  • https://a.audrte.com/p
Request Chain 542
  • https://dmp.adform.net/serving/cookie/match/?party=1003&gdpr=0&gdpr_consent= HTTP 302
  • https://a.audrte.com/a?adform_uid=3450203132156163805 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_cm&red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbeyJuYW1lIjoiZXllb3RhIn1dfQ%3D%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://a.audrte.com/g?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbeyJuYW1lIjoiZXllb3RhIn1dfQ%3D%3D&gdpr=0&gdpr_consent=&google_gid=CAESEDtXk6Dn6ioQIPgRkQjQBSs&google_cver=1 HTTP 302
  • https://ps.eyeota.net/match?bid=kh51m51&uid=8dfOTNl12jiSUGOvzUx3lxk7Q&gdpr=0&gdpr_consent=
Request Chain 544
  • https://tracking.m6r.eu/sync/adscaleRedirect?gdprFallback=true&uid=df8838e9993030c13121536ced3a33cb19b7c5dcf0fef3c5558423a9b3ab60e9&tpid=48&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F12c4aab3da0a4f36a6cbbd4aff29f584%2F1643279764267%2F0%2Fjs&gdpr=0 HTTP 302
  • https://tracking.m6r.eu/sync/adscaleRedirect?gdprFallback=true&uid=df8838e9993030c13121536ced3a33cb19b7c5dcf0fef3c5558423a9b3ab60e9&tpid=48&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F12c4aab3da0a4f36a6cbbd4aff29f584%2F1643279764267%2F0%2Fjs&gdpr=0&checkcookies=true HTTP 302
  • https://ih.adscale.de/sium/12c4aab3da0a4f36a6cbbd4aff29f584/1643279764267/0/js?tpid=48&tpuid=4646c54dea09729b49cbdd16934e7bdf
Request Chain 549
  • https://x.bidswitch.net/sync?ssp=admatic HTTP 302
  • https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=admatic HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=70&user_id=3450203132156163805&ssp=admatic HTTP 302
  • https://ads4.admatic.com.tr/showad/px/ums/sync/bsw?bsw_uuid=c842ca48-ee24-4529-8afa-5d2f74bfe7d3&dsp_uuid=&dsp_id= HTTP 302
  • https://ads3.admatic.com.tr/user?bsw_uuid=c842ca48-ee24-4529-8afa-5d2f74bfe7d3&dsp_uuid=&dsp_id=
Request Chain 569
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fdl-file.com%2F&domain=dl-file.com&bundle=FZGcuV9PT1hrVFVmWWsxUGp6Q3BwJTJGdU1LSk94Wnk4WnMlMkZpWmlLOUVpOXdPd2xPZEp2c1RZTXhwRnRBV2MwYVNWMnRjeEt5SEZNRE5GJTJCUVZOQmZkZUwxb2ZQUng3OE9zS0l0Q2hqVktLMlRqb2Nlalp1bGhIZmpxNXBoUExibTdhb21VNGM3a0g2dXZUWkRpbDlHdzVjbSUyQkFTUSUzRCUzRA&cw=1&lsw=1 HTTP 302
  • https://mug.criteo.com/sid?cpp=JPB6eXxNTWZjTjRReURZOGlCckpNV0N1UWNiVHpBMVM2azNSYjhCc1ZrdXplSzQwZDJIOVUrNnJBWVBaODdSTmdCUit6OFFreHhOSEFMSTBORGY5WHNxRE5jY0RaSTVRZUt1Y2IyelRtNEMycWhuSEZ2N1NKZ1V3RTQ1NXFCM25HL01lMFBzejBwc0ltSTFEbVhtMTdVNy9Zc2lnVjQ4TlVwYWYxSGhQMWY4L21wRk9VZ3dxTHBsM2V2UENjTTI3YnJWSldQUVFqbkQ5SGVrR2V5RmVnSG9CeHNCd3FqT3RZVkZDZ1g1L0NoY1daS3F4dExoc1dUL1d0Rmx5U3RCd3J6Ykc0Y3hYcC9tVk9zdUU0RHFJOTlEM2lCUT09fA&cppv=2
Request Chain 580
  • https://x.bidswitch.net/sync?ssp=admatic HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=bidswitch&ttd_tpi=1&ttd_puid=admatic&gdpr=&gdpr_consent= HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=93&user_id=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9&expires=30&ssp=admatic&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT_21} HTTP 302
  • https://ads4.admatic.com.tr/showad/px/ums/sync/bsw?bsw_uuid=c842ca48-ee24-4529-8afa-5d2f74bfe7d3&dsp_uuid=&dsp_id= HTTP 302
  • https://ads3.admatic.com.tr/user?bsw_uuid=c842ca48-ee24-4529-8afa-5d2f74bfe7d3&dsp_uuid=&dsp_id=

582 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request Banks_2012_Chevy131217.rar.html
dl-file.com/g6zkpczghqdr/
Redirect Chain
  • http://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
  • https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
18 KB
18 KB
Document
General
Full URL
https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.217.183.17 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS
ns555652.ip-144-217-183.net
Software
Apache /
Resource Hash
0206c8e52782162dac5c192d01296a82c0aa40e89e26bc729417001ee03c44af

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9

Response headers

Date
Thu, 27 Jan 2022 10:36:00 GMT
Server
Apache
Expires
Wed, 26 Jan 2022 10:36:00 GMT
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html ; charset=UTF-8

Redirect headers

Date
Thu, 27 Jan 2022 10:36:00 GMT
Server
Apache
Location
https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Content-Length
272
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=iso-8859-1
js
www.googletagmanager.com/gtag/
90 KB
36 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-75596034-1
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
930bace270ec211672a216909208999bcb594bf5bebd43abca0476ce63f060bb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:00 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35991
x-xss-protection
0
last-modified
Thu, 27 Jan 2022 09:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 27 Jan 2022 10:36:00 GMT
NewTheme.css
dl-file.com/css/
74 KB
75 KB
Stylesheet
General
Full URL
https://dl-file.com/css/NewTheme.css
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.217.183.17 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS
ns555652.ip-144-217-183.net
Software
Apache /
Resource Hash
4acf4136b03b7954122a580eae0f47a316d9c7100dfbd764ef23b4bcdbfce6f1
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'none';
X-Content-Type-Options
nosniff
Last-Modified
Tue, 26 Oct 2021 12:13:20 GMT
Server
Apache
Date
Thu, 27 Jan 2022 10:36:00 GMT
Strict-Transport-Security
max-age=31536000
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
75981
ETag
"128cd-5cf406744f388"
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/
23 KB
6 KB
Stylesheet
General
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:00 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
617, 617
age
24106356
cdn-cachedat
2021-03-10 13:26:28
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:54 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
9de03c320bd826dd854266be13ad082b
cf-ray
6d415668e87eece6-YUL
cdn-requestcountrycode
US
cdn-requestpullsuccess
True
api.js
www.google.com/recaptcha/
850 B
965 B
Script
General
Full URL
https://www.google.com/recaptcha/api.js
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:821::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
2d0d70bdd33a5d857dd6e01b3b1cad840d3496d2023ffe1b4f521a02ffdffc46
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
552
x-xss-protection
1; mode=block
expires
Thu, 27 Jan 2022 10:36:00 GMT
jquery-1.9.1.min.js
dl-file.com/js/
90 KB
91 KB
Script
General
Full URL
https://dl-file.com/js/jquery-1.9.1.min.js
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.217.183.17 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS
ns555652.ip-144-217-183.net
Software
Apache /
Resource Hash
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'none';
X-Content-Type-Options
nosniff
Last-Modified
Mon, 01 Jun 2015 06:04:12 GMT
Server
Apache
Date
Thu, 27 Jan 2022 10:36:00 GMT
Strict-Transport-Security
max-age=31536000
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
92629
ETag
"169d5-5176e98442f00"
jquery.paging.js
dl-file.com/js/
19 KB
19 KB
Script
General
Full URL
https://dl-file.com/js/jquery.paging.js
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.217.183.17 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS
ns555652.ip-144-217-183.net
Software
Apache /
Resource Hash
c8ecfe747c979fbd87624913200a9237343679923b495885bced089b80fc84f6
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'none';
X-Content-Type-Options
nosniff
Last-Modified
Mon, 01 Jun 2015 06:04:12 GMT
Server
Apache
Date
Thu, 27 Jan 2022 10:36:00 GMT
Strict-Transport-Security
max-age=31536000
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
19365
ETag
"4ba5-5176e98442f00"
jquery.ui.js
dl-file.com/js/
398 B
922 B
Script
General
Full URL
https://dl-file.com/js/jquery.ui.js
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.217.183.17 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS
ns555652.ip-144-217-183.net
Software
Apache / PHP/5.4.16
Resource Hash
a6c748745997e83f17b90756869af2a20cf156acf538f1681a8f93a26edaa94c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:00 GMT
X-Content-Type-Options
nosniff
Server
Apache
X-Powered-By
PHP/5.4.16
Strict-Transport-Security
max-age=31536000
Content-Type
text/javascript
Cache-Control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Content-Security-Policy
frame-ancestors 'none';
Connection
Keep-Alive
Keep-Alive
timeout=5, max=97
Content-Length
398
jquery.cookie.js
dl-file.com/js/
3 KB
3 KB
Script
General
Full URL
https://dl-file.com/js/jquery.cookie.js
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.217.183.17 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS
ns555652.ip-144-217-183.net
Software
Apache /
Resource Hash
c4fb91befcf134b81ecfa1c586e1f9d6426c8f4fc1f6c130ac1fddb49ab5df96
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'none';
X-Content-Type-Options
nosniff
Last-Modified
Mon, 01 Jun 2015 06:04:12 GMT
Server
Apache
Date
Thu, 27 Jan 2022 10:36:00 GMT
Strict-Transport-Security
max-age=31536000
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
3121
ETag
"c31-5176e98442f00"
paging.js
dl-file.com/js/
2 KB
2 KB
Script
General
Full URL
https://dl-file.com/js/paging.js
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.217.183.17 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS
ns555652.ip-144-217-183.net
Software
Apache /
Resource Hash
e8a4ec002545486fb475c977fc9d53ac48a77cfb3d36ac91042c14dc688d5657
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'none';
X-Content-Type-Options
nosniff
Last-Modified
Mon, 01 Jun 2015 06:04:12 GMT
Server
Apache
Date
Thu, 27 Jan 2022 10:36:00 GMT
Strict-Transport-Security
max-age=31536000
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
1709
ETag
"6ad-5176e98442f00"
publishertag.js
static.criteo.net/js/ld/
125 KB
40 KB
Script
General
Full URL
https://static.criteo.net/js/ld/publishertag.js
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
nginx /
Resource Hash
1eadc253aa14701ab7ee3d2126ffd9ee8edd6cfb9f3c98284511c392740bcc57
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:00 GMT
content-encoding
gzip
last-modified
Mon, 24 Jan 2022 04:27:58 GMT
server
nginx
etag
W/"61ee2ace-1f234"
strict-transport-security
max-age=31536000; preload;
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Fri, 28 Jan 2022 10:36:00 GMT
ico_noads.png
dl-file.com/images-NewTheme/
3 KB
3 KB
Image
General
Full URL
https://dl-file.com/images-NewTheme/ico_noads.png
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.217.183.17 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS
ns555652.ip-144-217-183.net
Software
Apache /
Resource Hash
f6bf6d1af4e1926e10a1f8b61a1d0a658a48e7ffe323b13ef50d57438e6f24b7
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'none';
X-Content-Type-Options
nosniff
Last-Modified
Tue, 14 Nov 2017 09:45:41 GMT
Server
Apache
Date
Thu, 27 Jan 2022 10:36:01 GMT
Strict-Transport-Security
max-age=31536000
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=96
Content-Length
2722
ETag
"aa2-55dee400ee2bd"
ico_compressed.png
dl-file.com/images-NewTheme/
2 KB
3 KB
Image
General
Full URL
https://dl-file.com/images-NewTheme/ico_compressed.png
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.217.183.17 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS
ns555652.ip-144-217-183.net
Software
Apache /
Resource Hash
e22a0f3f0c63f4f9e2be0b362a40706b6504d08e370a2769b8293ddbb203b3dc
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'none';
X-Content-Type-Options
nosniff
Last-Modified
Tue, 14 Nov 2017 09:50:34 GMT
Server
Apache
Date
Thu, 27 Jan 2022 10:36:01 GMT
Strict-Transport-Security
max-age=31536000
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
2192
ETag
"890-55dee51826a47"
about_hd.png
dl-file.com/images-NewTheme/
7 KB
8 KB
Image
General
Full URL
https://dl-file.com/images-NewTheme/about_hd.png
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.217.183.17 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS
ns555652.ip-144-217-183.net
Software
Apache /
Resource Hash
12d9d71d8c07e3b32e6922a03a1d0c0183f6dee780a3229305f3b0f3c4aea4b4
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'none';
X-Content-Type-Options
nosniff
Last-Modified
Mon, 06 Nov 2017 09:31:03 GMT
Server
Apache
Date
Thu, 27 Jan 2022 10:36:01 GMT
Strict-Transport-Security
max-age=31536000
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
7453
ETag
"1d1d-55d4d1cfdb3b0"
ico_fb.png
dl-file.com/images-NewTheme/
1 KB
2 KB
Image
General
Full URL
https://dl-file.com/images-NewTheme/ico_fb.png
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.217.183.17 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS
ns555652.ip-144-217-183.net
Software
Apache /
Resource Hash
e26142148dc2365533532cc901d730ee02f79bfffb9da86b20873911281c180f
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'none';
X-Content-Type-Options
nosniff
Last-Modified
Mon, 06 Nov 2017 08:24:21 GMT
Server
Apache
Date
Thu, 27 Jan 2022 10:36:01 GMT
Strict-Transport-Security
max-age=31536000
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
1141
ETag
"475-55d4c2e693909"
ico_tr.png
dl-file.com/images-NewTheme/
1 KB
2 KB
Image
General
Full URL
https://dl-file.com/images-NewTheme/ico_tr.png
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.217.183.17 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS
ns555652.ip-144-217-183.net
Software
Apache /
Resource Hash
94024b15f0a587f637a2303205ae361518e1965d6beb190c005e04307783bf19
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'none';
X-Content-Type-Options
nosniff
Last-Modified
Mon, 06 Nov 2017 08:24:20 GMT
Server
Apache
Date
Thu, 27 Jan 2022 10:36:01 GMT
Strict-Transport-Security
max-age=31536000
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
1420
ETag
"58c-55d4c2e5ae129"
ico_yt.png
dl-file.com/images-NewTheme/
1 KB
2 KB
Image
General
Full URL
https://dl-file.com/images-NewTheme/ico_yt.png
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.217.183.17 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS
ns555652.ip-144-217-183.net
Software
Apache /
Resource Hash
163aab8fdd4b7cfa854101763984a802120bf13a82d6f841c33ee9cd201f28c4
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'none';
X-Content-Type-Options
nosniff
Last-Modified
Mon, 06 Nov 2017 08:24:21 GMT
Server
Apache
Date
Thu, 27 Jan 2022 10:36:01 GMT
Strict-Transport-Security
max-age=31536000
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
1276
ETag
"4fc-55d4c2e6919c9"
ico_in.png
dl-file.com/images-NewTheme/
1 KB
2 KB
Image
General
Full URL
https://dl-file.com/images-NewTheme/ico_in.png
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.217.183.17 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS
ns555652.ip-144-217-183.net
Software
Apache /
Resource Hash
d97f3efe68f835117863e4d76fec93f4309fd3c9070b3eee59400d7f145517d2
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'none';
X-Content-Type-Options
nosniff
Last-Modified
Mon, 06 Nov 2017 08:24:19 GMT
Server
Apache
Date
Thu, 27 Jan 2022 10:36:01 GMT
Strict-Transport-Security
max-age=31536000
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=95
Content-Length
1253
ETag
"4e5-55d4c2e4a85a9"
app.js
kumo.network-n.com/dist/
14 KB
6 KB
Script
General
Full URL
https://kumo.network-n.com/dist/app.js
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.181.168.47 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
edge-742.bunnyinfra.net
Software
BunnyCDN-NY1-742 /
Resource Hash
f69e6bb514bf46b194ba98bb53c8b1ec2c3ac997b9e7b5cd5dcedd189fd95f90

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:01 GMT
content-encoding
br
cdn-edgestorageid
742
cdn-cachedat
01/26/2022 16:59:36
cdn-pullzone
411106
cdn-requestpullsuccess
True
server
BunnyCDN-NY1-742
last-modified
Wed, 26 Jan 2022 16:59:21 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
etag
W/"61f17de9-39cb"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
cdn-cache
HIT
cdn-uid
ba22edd1-b119-4d71-a19a-0ecb82f45dc0
cache-control
public, max-age=2592000
cdn-requestid
0366325ac773d887a6c5f438d293166f
cdn-requestcountrycode
CA
cdn-status
200
expires
Fri, 25 Feb 2022 16:59:36 GMT
analytics.js
www.google-analytics.com/
49 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-75596034-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:823::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
850
date
Thu, 27 Jan 2022 10:21:51 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Thu, 27 Jan 2022 12:21:51 GMT
recaptcha__en.js
www.gstatic.com/recaptcha/releases/dPctOHA2ifhWm5WzFM_B5TjT/
351 KB
139 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/dPctOHA2ifhWm5WzFM_B5TjT/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
db6e227c51b78203752bdc36a19b414161c5beae47cc0cdf2ff9f5c89f4f2526
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://dl-file.com/
Origin
https://dl-file.com
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 06:35:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
14406
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
141778
x-xss-protection
0
last-modified
Mon, 24 Jan 2022 05:03:25 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 27 Jan 2023 06:35:55 GMT
js15_as.js
s10.histats.com/
11 KB
5 KB
Script
General
Full URL
https://s10.histats.com/js15_as.js
Requested by
Host: dl-file.com
URL: https://dl-file.com/js/jquery.ui.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.105.201.240 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
/
Resource Hash
2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:28:18 GMT
content-encoding
br
last-modified
Thu, 16 Apr 2020 10:44:16 GMT
x-cdn-pop-ip
137.74.122.0/26
etag
"-375139978"
x-cacheable
Matched cache
content-type
application/javascript; charset=UTF-8
x-cdn-pop
bhs
accept-ranges
bytes
content-length
4364
x-request-id
514000985
logo_w.png
dl-file.com/images-NewTheme/
1 KB
2 KB
Image
General
Full URL
https://dl-file.com/images-NewTheme/logo_w.png
Requested by
Host: dl-file.com
URL: https://dl-file.com/css/NewTheme.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.217.183.17 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS
ns555652.ip-144-217-183.net
Software
Apache /
Resource Hash
38eba31327475bf6d3b177561a8a2a5cadfa16ed7efab885684acafdb0bd0bfe
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/css/NewTheme.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'none';
X-Content-Type-Options
nosniff
Last-Modified
Mon, 06 Nov 2017 06:50:18 GMT
Server
Apache
Date
Thu, 27 Jan 2022 10:36:01 GMT
Strict-Transport-Security
max-age=31536000
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
1407
ETag
"57f-55d4ade1945ca"
logo.png
dl-file.com/images-NewTheme/
1 MB
1 MB
Image
General
Full URL
https://dl-file.com/images-NewTheme/logo.png
Requested by
Host: dl-file.com
URL: https://dl-file.com/css/NewTheme.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.217.183.17 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS
ns555652.ip-144-217-183.net
Software
Apache /
Resource Hash
e76f2c32ecd923b05ca6b92d18ebdd280a0d761c2dd5a386d327ba747c5b4ba1
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/css/NewTheme.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'none';
X-Content-Type-Options
nosniff
Last-Modified
Mon, 05 Nov 2018 11:14:44 GMT
Server
Apache
Date
Thu, 27 Jan 2022 10:36:01 GMT
Strict-Transport-Security
max-age=31536000
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=94
Content-Length
1095003
ETag
"10b55b-579e8fe015452"
ico_globe.png
dl-file.com/images-NewTheme/
773 B
1 KB
Image
General
Full URL
https://dl-file.com/images-NewTheme/ico_globe.png
Requested by
Host: dl-file.com
URL: https://dl-file.com/css/NewTheme.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.217.183.17 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS
ns555652.ip-144-217-183.net
Software
Apache /
Resource Hash
798adb8860b3dc412e2d789d153f1824e085eef370e05b7531e192a433c06cd4
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/css/NewTheme.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'none';
X-Content-Type-Options
nosniff
Last-Modified
Mon, 06 Nov 2017 02:19:51 GMT
Server
Apache
Date
Thu, 27 Jan 2022 10:36:01 GMT
Strict-Transport-Security
max-age=31536000
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
773
ETag
"305-55d4716dbccc6"
flags.png
dl-file.com/images/
15 KB
15 KB
Image
General
Full URL
https://dl-file.com/images/flags.png
Requested by
Host: dl-file.com
URL: https://dl-file.com/css/NewTheme.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.217.183.17 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS
ns555652.ip-144-217-183.net
Software
Apache /
Resource Hash
0787e30d6145bc8b8b92ed329f664bcc3012162ccba9ef943d7ada480afb74e9
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/css/NewTheme.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'none';
X-Content-Type-Options
nosniff
Last-Modified
Mon, 01 Jun 2015 06:04:10 GMT
Server
Apache
Date
Thu, 27 Jan 2022 10:36:01 GMT
Strict-Transport-Security
max-age=31536000
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
15180
ETag
"3b4c-5176e9825aa80"
btn_signup.png
dl-file.com/images-NewTheme/
2 KB
2 KB
Image
General
Full URL
https://dl-file.com/images-NewTheme/btn_signup.png
Requested by
Host: dl-file.com
URL: https://dl-file.com/css/NewTheme.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.217.183.17 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS
ns555652.ip-144-217-183.net
Software
Apache /
Resource Hash
9be599d6cefdb3787be094191b685a027f52e6bf4ef49d04a50310e7b023c0a6
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/css/NewTheme.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'none';
X-Content-Type-Options
nosniff
Last-Modified
Mon, 06 Nov 2017 04:28:57 GMT
Server
Apache
Date
Thu, 27 Jan 2022 10:36:01 GMT
Strict-Transport-Security
max-age=31536000
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
1928
ETag
"788-55d48e496518c"
btn_login.png
dl-file.com/images-NewTheme/
2 KB
2 KB
Image
General
Full URL
https://dl-file.com/images-NewTheme/btn_login.png
Requested by
Host: dl-file.com
URL: https://dl-file.com/css/NewTheme.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.217.183.17 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS
ns555652.ip-144-217-183.net
Software
Apache /
Resource Hash
3b92fd57682bb7613f88077272e0020c5f2cdf808b7e6f39e6d5ef765a1d5717
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/css/NewTheme.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'none';
X-Content-Type-Options
nosniff
Last-Modified
Mon, 06 Nov 2017 04:28:58 GMT
Server
Apache
Date
Thu, 27 Jan 2022 10:36:01 GMT
Strict-Transport-Security
max-age=31536000
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=96
Content-Length
2086
ETag
"826-55d48e4a9c9ec"
about_bk.png
dl-file.com/images-NewTheme/
176 KB
176 KB
Image
General
Full URL
https://dl-file.com/images-NewTheme/about_bk.png
Requested by
Host: dl-file.com
URL: https://dl-file.com/css/NewTheme.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.217.183.17 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS
ns555652.ip-144-217-183.net
Software
Apache /
Resource Hash
9d78c0148361a3fcb690e899c0dd3885c79797359301f6829e98ae476b800460
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/css/NewTheme.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'none';
X-Content-Type-Options
nosniff
Last-Modified
Mon, 06 Nov 2017 09:23:46 GMT
Server
Apache
Date
Thu, 27 Jan 2022 10:36:01 GMT
Strict-Transport-Security
max-age=31536000
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
180306
ETag
"2c052-55d4d02eb1481"
Candara.woff
dl-file.com/css/fonts/
93 KB
93 KB
Font
General
Full URL
https://dl-file.com/css/fonts/Candara.woff
Requested by
Host: dl-file.com
URL: https://dl-file.com/css/NewTheme.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.217.183.17 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS
ns555652.ip-144-217-183.net
Software
Apache /
Resource Hash
a4fd29aeff5c2151c3e4a2d0edc28885ffd0675a6d3a59e3ca229944e3490c0e
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://dl-file.com/css/NewTheme.css
Origin
https://dl-file.com
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'none';
X-Content-Type-Options
nosniff
Last-Modified
Sun, 05 Nov 2017 18:01:42 GMT
Server
Apache
Date
Thu, 27 Jan 2022 10:36:01 GMT
Strict-Transport-Security
max-age=31536000
Content-Type
application/font-woff
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
94920
ETag
"172c8-55d402162d6b5"
Candarab.woff
dl-file.com/css/fonts/
94 KB
95 KB
Font
General
Full URL
https://dl-file.com/css/fonts/Candarab.woff
Requested by
Host: dl-file.com
URL: https://dl-file.com/css/NewTheme.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.217.183.17 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS
ns555652.ip-144-217-183.net
Software
Apache /
Resource Hash
79ea0fcaad1578acda495df0617d5b4f46de11c0b2dab44f6d20609935385e6c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://dl-file.com/css/NewTheme.css
Origin
https://dl-file.com
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'none';
X-Content-Type-Options
nosniff
Last-Modified
Sun, 05 Nov 2017 18:01:45 GMT
Server
Apache
Date
Thu, 27 Jan 2022 10:36:01 GMT
Strict-Transport-Security
max-age=31536000
Content-Type
application/font-woff
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
96452
ETag
"178c4-55d402190cc55"
OpenSans-Regular.woff
dl-file.com/css/fonts/
66 KB
66 KB
Font
General
Full URL
https://dl-file.com/css/fonts/OpenSans-Regular.woff
Requested by
Host: dl-file.com
URL: https://dl-file.com/css/NewTheme.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.217.183.17 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS
ns555652.ip-144-217-183.net
Software
Apache /
Resource Hash
d12fd1d8afb1c2d8cb9d59868336a6c9e357af548f36aa41bcdb12fa19158365
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://dl-file.com/css/NewTheme.css
Origin
https://dl-file.com
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'none';
X-Content-Type-Options
nosniff
Last-Modified
Thu, 09 Nov 2017 15:09:20 GMT
Server
Apache
Date
Thu, 27 Jan 2022 10:36:01 GMT
Strict-Transport-Security
max-age=31536000
Content-Type
application/font-woff
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
67528
ETag
"107c8-55d8e304af94f"
ERASDEMI.woff
dl-file.com/css/fonts/
31 KB
32 KB
Font
General
Full URL
https://dl-file.com/css/fonts/ERASDEMI.woff
Requested by
Host: dl-file.com
URL: https://dl-file.com/css/NewTheme.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.217.183.17 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS
ns555652.ip-144-217-183.net
Software
Apache /
Resource Hash
7b748cce237953136fb0e45af806e1d89388aee1c24d9f1ef89a732399a6c2e2
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://dl-file.com/css/NewTheme.css
Origin
https://dl-file.com
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'none';
X-Content-Type-Options
nosniff
Last-Modified
Mon, 06 Nov 2017 09:54:30 GMT
Server
Apache
Date
Thu, 27 Jan 2022 10:36:01 GMT
Strict-Transport-Security
max-age=31536000
Content-Type
application/font-woff
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
32140
ETag
"7d8c-55d4d70d5ff40"
0.php
s4.histats.com/stats/
380 B
515 B
Script
General
Full URL
https://s4.histats.com/stats/0.php?4533243&@f16&@g1&@h1&@i1&@j1643279761145&@k0&@l1&@mDownload%20Banks%202012%20Chevy131217%20rar&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1600&@b1:-39290553&@b3:1643279761&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&@w
Requested by
Host: s10.histats.com
URL: https://s10.histats.com/js15_as.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.99.13.63 , Canada, ASN16276 (OVH, FR),
Reverse DNS
ns504751.ip-192-99-13.net
Software
/
Resource Hash
51867d40da35c11a8ccd02403bc3cb7cba45abebf9c700b805e538f50445556f

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 10:36:01 GMT
Connection
close
Content-Length
380
Content-Type
text/html;charset=UTF-8
collect
www.google-analytics.com/j/
1 B
203 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=546788133&t=pageview&_s=1&dl=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&ul=en-us&de=UTF-8&dt=Download%20Banks%202012%20Chevy131217%20rar&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=1961415192&gjid=1174289186&cid=1624041702.1643279761&tid=UA-75596034-1&_gid=1379691550.1643279761&_r=1&gtm=2ou1o0&z=27750274
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:823::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://dl-file.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:01 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://dl-file.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
dl-file.json
kumo.network-n.com/configs/sites/
5 KB
2 KB
Fetch
General
Full URL
https://kumo.network-n.com/configs/sites/dl-file.json
Requested by
Host: kumo.network-n.com
URL: https://kumo.network-n.com/dist/app.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.181.168.47 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
edge-742.bunnyinfra.net
Software
BunnyCDN-NY1-742 /
Resource Hash
33dee7fa45081df914f1fba121163e094867f79a774f90baad1c57350a1e1ed3

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:01 GMT
content-encoding
br
cdn-edgestorageid
742
access-control-allow-origin
*
cdn-cachedat
01/26/2022 17:14:23
cdn-pullzone
411106
server
BunnyCDN-NY1-742
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
last-modified
Tue, 18 Jan 2022 16:44:10 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
etag
W/"61e6ee5a-1438"
vary
Accept-Encoding
content-type
application/json
cdn-cache
HIT
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=3600
cdn-uid
ba22edd1-b119-4d71-a19a-0ecb82f45dc0
cdn-requestid
de11727992ef28f111ad9e2ed4c616bc
cdn-requestcountrycode
CA
cdn-status
200
cdn-requestpullsuccess
True
/
e.dtscout.com/e/
9 KB
10 KB
Script
General
Full URL
https://e.dtscout.com/e/?v=1a&pid=5200&site=1&l=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&j=
Requested by
Host: s4.histats.com
URL: https://s4.histats.com/stats/0.php?4533243&@f16&@g1&@h1&@i1&@j1643279761145&@k0&@l1&@mDownload%20Banks%202012%20Chevy131217%20rar&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1600&@b1:-39290553&@b3:1643279761&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&@w
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
158.69.139.230 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
ip230.ip-158-69-139.net
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
cc5f3fda871642edf3fb1c0ed6c8364c279db41f718c5ec545691e951ccd63d5

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 10:36:01 GMT
X-T
0.611
Server
nginx/1.14.0 (Ubuntu)
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
no-cache
Connection
close
X-S
mtl3
Expires
Thu, 27 Jan 2022 10:36:00 GMT
/
t.dtscout.com/idg/ Frame 57C0
1 KB
751 B
Document
General
Full URL
https://t.dtscout.com/idg/?su=4C301643279761416951F781EEC0871E
Requested by
Host: e.dtscout.com
URL: https://e.dtscout.com/e/?v=1a&pid=5200&site=1&l=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&j=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
158.69.139.230 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
ip230.ip-158-69-139.net
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
5b654eb052c4b95a4e657fb80003c7534d3252268da258e6dba342e3bd5c70f1

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/

Response headers

Server
nginx/1.14.0 (Ubuntu)
Date
Thu, 27 Jan 2022 10:36:01 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
close
Expires
Thu, 27 Jan 2022 10:36:00 GMT
Cache-Control
no-cache
Content-Encoding
gzip
tag.min.js
get.s-onetag.com/f0c84061-4182-4398-8e37-5ff5b5698a6f/
30 KB
10 KB
Script
General
Full URL
https://get.s-onetag.com/f0c84061-4182-4398-8e37-5ff5b5698a6f/tag.min.js
Requested by
Host: e.dtscout.com
URL: https://e.dtscout.com/e/?v=1a&pid=5200&site=1&l=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&j=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.63.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-63-125.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d9262f833e999fddfae1cb297ae5f9e260529ca0ca737ed805a11fbf3ab92bcd

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id
BC1z2ASq_5A8fCLvu30SOKeIK4SZ9jqY
content-encoding
gzip
last-modified
Thu, 03 Jun 2021 13:27:46 GMT
server
AmazonS3
age
44585
etag
W/"a1c6ef0f57fd5dc66dd46feb78238adf"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
via
1.1 7f822cbc5468903ff5582a7c6af4c024.cloudfront.net (CloudFront)
cache-control
max-age=86400
date
Wed, 26 Jan 2022 22:12:56 GMT
x-amz-cf-pop
EWR53-C1
x-amz-cf-id
DS17JkkMJOwuAD_jwjFfxXmlKF4ylz3HmG2N0LCCdRTzDnaApQcMDg==
dtscout
pd.sharethis.com/pd/
2 KB
3 KB
Script
General
Full URL
https://pd.sharethis.com/pd/dtscout
Requested by
Host: e.dtscout.com
URL: https://e.dtscout.com/e/?v=1a&pid=5200&site=1&l=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&j=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.140.12.176 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-140-12-176.us-east-2.compute.amazonaws.com
Software
/
Resource Hash
9c8244b4455fc8b74201cfb5dcbb90bc02ecbcc0c5aa57cb805ef59f6e9f9338
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains;

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 10:36:01 GMT
Connection
keep-alive
X-Robots-Tag
noindex, nofollow
Content-Length
2273
Strict-Transport-Security
max-age=63072000; includeSubDomains;
Content-Type
application/javascript
afwu.js
cdn.tynt.com/
10 KB
4 KB
Script
General
Full URL
https://cdn.tynt.com/afwu.js
Requested by
Host: e.dtscout.com
URL: https://e.dtscout.com/e/?v=1a&pid=5200&site=1&l=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&j=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.28.199 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7ee04154662e67cdd4a6694f6afacb682bb184617b5e81948524637dde2f31d3

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:01 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Fri, 27 Aug 2021 20:58:51 GMT
server
cloudflare
age
221744
etag
W/"6129520b-288b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=259200
cf-ray
6d41566c8c4c4003-YYZ
expires
Sun, 30 Jan 2022 10:36:01 GMT
/
t.dtscout.com/pv/
50 B
318 B
Script
General
Full URL
https://t.dtscout.com/pv/?_a=v&_h=dl-file.com&_ss=341ls0ii5w&_pv=1&_ls=0&_u1=1&_u3=1&_cc=ca&_pl=d&_cbid=64nh&_cb=_dtspv.c
Requested by
Host: e.dtscout.com
URL: https://e.dtscout.com/e/?v=1a&pid=5200&site=1&l=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&j=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
158.69.139.230 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
ip230.ip-158-69-139.net
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
6201cadc13be520feed6d597df1531b6d24005c4c24df4f63c695e0f4df9ba89

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 10:36:01 GMT
X-T
0.164
Server
nginx/1.14.0 (Ubuntu)
Transfer-Encoding
chunked
X-C
0
Content-Type
application/javascript
Cache-Control
no-cache
Connection
close
Expires
Thu, 27 Jan 2022 10:36:00 GMT
lt.min.js
tags.crwdcntrl.net/lt/c/3825/
43 KB
44 KB
Script
General
Full URL
https://tags.crwdcntrl.net/lt/c/3825/lt.min.js
Requested by
Host: e.dtscout.com
URL: https://e.dtscout.com/e/?v=1a&pid=5200&site=1&l=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&j=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.230.162.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-230-162-121.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c5f5fafca53e303f739660340b7354ea21f79ccb6f80aed85f4110c941b6cfc9

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Wed, 26 Jan 2022 21:00:24 GMT
via
1.1 3f6eb9ff07d4d2f572d4e8e6fb935a36.cloudfront.net (CloudFront)
last-modified
Mon, 10 Jan 2022 15:33:32 GMT
server
AmazonS3
age
48938
etag
"e8e52baa0cf6ccb764f317323674bacd"
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
max-age: 86400
x-amz-cf-pop
EWR53-C3
accept-ranges
bytes
content-length
44180
x-amz-cf-id
aB_4H3oaO-6nzeW9XkDy-7H79p1YGEkS9ipJwhxGYgMGEAGKdHe4Cg==
/
t.dtscdn.com/widget/
0
406 B
Script
General
Full URL
https://t.dtscdn.com/widget/?d=4C301643279761416951F781EEC0871E&nid=300&p=836148727&t=0&s=1600x1200x24&u=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&r=
Requested by
Host: e.dtscout.com
URL: https://e.dtscout.com/e/?v=1a&pid=5200&site=1&l=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&j=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
45.55.96.63 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 10:19:10 GMT
X-T
1.1
x-server
web16.ny1.dtscdn.com
Cache-Control
no-cache
Content-Type
application/javascript; charset=UTF-8
Transfer-Encoding
chunked
Expires
Thu, 27 Jan 2022 10:19:09 GMT
e
a.dtssrv.com/
21 B
655 B
XHR
General
Full URL
https://a.dtssrv.com/e?i=4C301643279761416951F781EEC0871E
Requested by
Host: e.dtscout.com
URL: https://e.dtscout.com/e/?v=1a&pid=5200&site=1&l=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&j=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:4e62 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e5cd1f921cfaad94ec50091c4faf10097e1191cbd744781c7c83c0b11f293029

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:01 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
pragma
cache
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
86400
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bVrlIkzgg03mEQ9us8rp280bCPu0FjJJwqAi2WEAIPKIlVpzNQUURHUt%2FrhnATEESRKgDFKStTg2CpzdnXTzzYmp1sWphEQq4h9f0WW9YyfQ97DMdpgB0F72bTLiYDMkGcRUFcmQSuTXcPQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://dl-file.com
cache-control
s-maxage=0
access-control-allow-credentials
true
cf-ray
6d41566cfafe4bcb-YUL
expires
Thu, 27 Jan 2022 12:36:01 GMT
27675
tags.bluekai.com/site/
62 B
425 B
Image
General
Full URL
https://tags.bluekai.com/site/27675?id=4C301643279761416951F781EEC0871E&ret=html&phint=__bk_t%3DDownload%20Banks%202012%20Chevy131217%20rar&phint=__bk_k%3Dbanks%2C%202012%2C%20chevy131217%2C%20rar&phint=__bk_l%3Dhttps%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&r=53815462
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
184.85.195.135 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-85-195-135.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:01 GMT
P3P
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
62
BK-Server
8770
Expires
Thu, 01 Dec 1994 16:00:00 GMT
33141
tags.bluekai.com/site/
Redirect Chain
  • https://pixel.onaudience.com/?partner=137085098&mapped=4C301643279761416951F781EEC0871E
  • https://pixel.onaudience.com/?partner=109&icm&cver&smartmap=1&redirect=tags.bluekai.com%2Fsite%2F33141%3F%26id%3D%25m
  • https://tags.bluekai.com/site/33141?&id=da4919ac68b3cf85
62 B
583 B
Image
General
Full URL
https://tags.bluekai.com/site/33141?&id=da4919ac68b3cf85
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
HTTP/1.1
Server
184.85.195.135 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-85-195-135.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 10:36:01 GMT
Connection
keep-alive
P3P
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Content-Length
62
Content-Type
image/gif

Redirect headers

location
https://tags.bluekai.com/site/33141?&id=da4919ac68b3cf85
content-length
0
/
onetag-geo.s-onetag.com/
535 B
949 B
Fetch
General
Full URL
https://onetag-geo.s-onetag.com/
Requested by
Host: get.s-onetag.com
URL: https://get.s-onetag.com/f0c84061-4182-4398-8e37-5ff5b5698a6f/tag.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.230.162.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-230-162-14.ewr53.r.cloudfront.net
Software
/
Resource Hash
338dacde17883d60c2dfd00e56dd18d04bcebe147e818315978f530e19397009

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 26 Jan 2022 17:50:51 GMT
via
1.1 2c0478fce3b7f4f5348678901d1bf60a.cloudfront.net (CloudFront), 1.1 a5e3b467ea385e6efe6a1a3ce283b4c0.cloudfront.net (CloudFront)
age
60310
x-amzn-requestid
7a5959be-a0fb-461d-b139-c1e841dc1025
x-cache
Hit from cloudfront
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=86400
x-amz-cf-pop
IAD89-P2, EWR53-C3
x-amz-apigw-id
MkJ_WF8pCYcFsPw=
content-length
535
x-amz-cf-id
arAvuJXeH_dxWRm2Wp6diTo9IcQiQkzTtZxhrV_z1fwTJWpoiCIiNw==
cmp.js
kumo.network-n.com/dist/1.8.1/
7 KB
3 KB
Script
General
Full URL
https://kumo.network-n.com/dist/1.8.1/cmp.js
Requested by
Host: kumo.network-n.com
URL: https://kumo.network-n.com/dist/app.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.181.168.47 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
edge-742.bunnyinfra.net
Software
BunnyCDN-NY1-742 /
Resource Hash
8202571db9f2ea40369490f678a76862163cb069ea4e8cb3fda96a22c6861aed

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:01 GMT
content-encoding
br
cdn-edgestorageid
742
cdn-cachedat
01/26/2022 16:59:36
cdn-pullzone
411106
cdn-requestpullsuccess
True
server
BunnyCDN-NY1-742
last-modified
Thu, 06 Jan 2022 17:27:44 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
etag
W/"61d72690-1d34"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
cdn-cache
HIT
cdn-uid
ba22edd1-b119-4d71-a19a-0ecb82f45dc0
cache-control
public, max-age=2592000
cdn-requestid
abb510ff844b9637e7457e45b649d894
cdn-requestcountrycode
CA
cdn-status
200
expires
Fri, 25 Feb 2022 16:59:36 GMT
blockthrough.js
kumo.network-n.com/dist/1.8.1/
2 KB
1 KB
Script
General
Full URL
https://kumo.network-n.com/dist/1.8.1/blockthrough.js
Requested by
Host: kumo.network-n.com
URL: https://kumo.network-n.com/dist/app.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.181.168.47 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
edge-742.bunnyinfra.net
Software
BunnyCDN-NY1-742 /
Resource Hash
0b1b3945a211fc6571364c238e76ed74f574f03eaebb5a411a8e4fd08b4c7faf

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:01 GMT
content-encoding
br
cdn-edgestorageid
742
cdn-cachedat
01/26/2022 16:59:36
cdn-pullzone
411106
cdn-requestpullsuccess
True
server
BunnyCDN-NY1-742
last-modified
Thu, 06 Jan 2022 17:27:44 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
etag
W/"61d72690-84d"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
cdn-cache
HIT
cdn-uid
ba22edd1-b119-4d71-a19a-0ecb82f45dc0
cache-control
public, max-age=2592000
cdn-requestid
aaf8420824ec9f8cd8d69f2599470602
cdn-requestcountrycode
CA
cdn-status
200
expires
Fri, 25 Feb 2022 16:59:36 GMT
gpt.js
kumo.network-n.com/dist/1.8.1/
9 KB
4 KB
Script
General
Full URL
https://kumo.network-n.com/dist/1.8.1/gpt.js
Requested by
Host: kumo.network-n.com
URL: https://kumo.network-n.com/dist/app.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.181.168.47 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
edge-742.bunnyinfra.net
Software
BunnyCDN-NY1-742 /
Resource Hash
9badfa5ba8ca442451cf829c5c9c37e1d2595c9cd2cb90954c69b04428e0e93c

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:01 GMT
content-encoding
br
cdn-edgestorageid
742
cdn-cachedat
01/26/2022 16:59:36
cdn-pullzone
411106
cdn-requestpullsuccess
True
server
BunnyCDN-NY1-742
last-modified
Thu, 06 Jan 2022 17:27:44 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
etag
W/"61d72690-232b"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
cdn-cache
HIT
cdn-uid
ba22edd1-b119-4d71-a19a-0ecb82f45dc0
cache-control
public, max-age=2592000
cdn-requestid
e0b17b54b9243c7ec4008212546f9dd5
cdn-requestcountrycode
CA
cdn-status
200
expires
Fri, 25 Feb 2022 16:59:36 GMT
permutive.js
kumo.network-n.com/dist/1.8.1/
4 KB
2 KB
Script
General
Full URL
https://kumo.network-n.com/dist/1.8.1/permutive.js
Requested by
Host: kumo.network-n.com
URL: https://kumo.network-n.com/dist/app.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.181.168.47 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
edge-742.bunnyinfra.net
Software
BunnyCDN-NY1-742 /
Resource Hash
8d1b9197e2144f98194a97ef296dc74408b864937477ffd41b3621ea28d3a3c8

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:01 GMT
content-encoding
br
cdn-edgestorageid
742
cdn-cachedat
01/26/2022 16:59:33
cdn-pullzone
411106
cdn-requestpullsuccess
True
server
BunnyCDN-NY1-742
last-modified
Thu, 06 Jan 2022 17:27:44 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
etag
W/"61d72690-11e8"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
cdn-cache
HIT
cdn-uid
ba22edd1-b119-4d71-a19a-0ecb82f45dc0
cache-control
public, max-age=2592000
cdn-requestid
2c2bd43d30c995d03624242ec21f020a
cdn-requestcountrycode
CA
cdn-status
200
expires
Fri, 25 Feb 2022 16:59:33 GMT
amazon.js
kumo.network-n.com/dist/1.8.1/
3 KB
2 KB
Script
General
Full URL
https://kumo.network-n.com/dist/1.8.1/amazon.js
Requested by
Host: kumo.network-n.com
URL: https://kumo.network-n.com/dist/app.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.181.168.47 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
edge-742.bunnyinfra.net
Software
BunnyCDN-NY1-742 /
Resource Hash
0607b5f2817edf03fcc5627f365fd21f6daa0adf074389eeffcecb3a90597918

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:01 GMT
content-encoding
br
cdn-edgestorageid
742
cdn-cachedat
01/26/2022 16:59:33
cdn-pullzone
411106
cdn-requestpullsuccess
True
server
BunnyCDN-NY1-742
last-modified
Thu, 06 Jan 2022 17:27:44 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
etag
W/"61d72690-c73"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
cdn-cache
HIT
cdn-uid
ba22edd1-b119-4d71-a19a-0ecb82f45dc0
cache-control
public, max-age=2592000
cdn-requestid
2751d506cd02161d63f4c518f80b1a2a
cdn-requestcountrycode
CA
cdn-status
200
expires
Fri, 25 Feb 2022 16:59:33 GMT
prebid.js
kumo.network-n.com/dist/1.8.1/
16 KB
6 KB
Script
General
Full URL
https://kumo.network-n.com/dist/1.8.1/prebid.js
Requested by
Host: kumo.network-n.com
URL: https://kumo.network-n.com/dist/app.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.181.168.47 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
edge-742.bunnyinfra.net
Software
BunnyCDN-NY1-742 /
Resource Hash
2715ff30bbe123604043f90778f457b0f1c98bd32b4a63ad423cae69450fa3d5

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:01 GMT
content-encoding
br
cdn-edgestorageid
742
cdn-cachedat
01/26/2022 16:59:37
cdn-pullzone
411106
cdn-requestpullsuccess
True
server
BunnyCDN-NY1-742
last-modified
Thu, 06 Jan 2022 17:27:44 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
etag
W/"61d72690-3e35"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
cdn-cache
HIT
cdn-uid
ba22edd1-b119-4d71-a19a-0ecb82f45dc0
cache-control
public, max-age=2592000
cdn-requestid
d2c475669e6bfba8165a3133324f9296
cdn-requestcountrycode
CA
cdn-status
200
expires
Fri, 25 Feb 2022 16:59:37 GMT
pubstack.js
kumo.network-n.com/dist/1.8.1/
11 KB
4 KB
Script
General
Full URL
https://kumo.network-n.com/dist/1.8.1/pubstack.js
Requested by
Host: kumo.network-n.com
URL: https://kumo.network-n.com/dist/app.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.181.168.47 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
edge-742.bunnyinfra.net
Software
BunnyCDN-NY1-742 /
Resource Hash
a61959912f1d82d7a5e743328cbfd5fa0405e4ca6c7676a23336a02d30eb8838

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:01 GMT
content-encoding
br
cdn-edgestorageid
742
cdn-cachedat
01/26/2022 16:59:37
cdn-pullzone
411106
cdn-requestpullsuccess
True
server
BunnyCDN-NY1-742
last-modified
Thu, 06 Jan 2022 17:27:44 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
etag
W/"61d72690-2a31"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
cdn-cache
HIT
cdn-uid
ba22edd1-b119-4d71-a19a-0ecb82f45dc0
cache-control
public, max-age=2592000
cdn-requestid
7ddee8805626dc636533eb34cb2d1851
cdn-requestcountrycode
CA
cdn-status
200
expires
Fri, 25 Feb 2022 16:59:37 GMT
celtra-bfab.js
kumo.network-n.com/dist/1.8.1/
8 KB
4 KB
Script
General
Full URL
https://kumo.network-n.com/dist/1.8.1/celtra-bfab.js
Requested by
Host: kumo.network-n.com
URL: https://kumo.network-n.com/dist/app.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.181.168.47 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
edge-742.bunnyinfra.net
Software
BunnyCDN-NY1-742 /
Resource Hash
473595be27a04c9ffac4f825cab8e1ecf296c706df387525350144d55e91c200

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:01 GMT
content-encoding
br
cdn-edgestorageid
742
cdn-cachedat
01/26/2022 16:59:37
cdn-pullzone
411106
cdn-requestpullsuccess
True
server
BunnyCDN-NY1-742
last-modified
Thu, 06 Jan 2022 17:27:44 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
etag
W/"61d72690-21a6"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
cdn-cache
HIT
cdn-uid
ba22edd1-b119-4d71-a19a-0ecb82f45dc0
cache-control
public, max-age=2592000
cdn-requestid
9275a4c7fc8b1ec45356ef3ab2ef15de
cdn-requestcountrycode
CA
cdn-status
200
expires
Fri, 25 Feb 2022 16:59:37 GMT
gpt-positions.js
kumo.network-n.com/dist/1.8.1/
10 KB
5 KB
Script
General
Full URL
https://kumo.network-n.com/dist/1.8.1/gpt-positions.js
Requested by
Host: kumo.network-n.com
URL: https://kumo.network-n.com/dist/app.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.181.168.47 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
edge-742.bunnyinfra.net
Software
BunnyCDN-NY1-742 /
Resource Hash
e105d2d5a0a4edf850b6f2636d15fcfd0f7c3f17c494eeb859fd99077ec37abf

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:01 GMT
content-encoding
br
cdn-edgestorageid
742
cdn-cachedat
01/26/2022 16:59:37
cdn-pullzone
411106
cdn-requestpullsuccess
True
server
BunnyCDN-NY1-742
last-modified
Thu, 06 Jan 2022 17:27:44 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
etag
W/"61d72690-28f8"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
cdn-cache
HIT
cdn-uid
ba22edd1-b119-4d71-a19a-0ecb82f45dc0
cache-control
public, max-age=2592000
cdn-requestid
48198964fe379dee6fa3cc81219cffba
cdn-requestcountrycode
CA
cdn-status
200
expires
Fri, 25 Feb 2022 16:59:37 GMT
primis.js
kumo.network-n.com/dist/1.8.1/
8 KB
4 KB
Script
General
Full URL
https://kumo.network-n.com/dist/1.8.1/primis.js
Requested by
Host: kumo.network-n.com
URL: https://kumo.network-n.com/dist/app.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.181.168.47 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
edge-742.bunnyinfra.net
Software
BunnyCDN-NY1-742 /
Resource Hash
b58f731e7bde735c42ab3bd683dfe93fd88acf7d49ecc739fcd7b01bbb6eb6fc

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:01 GMT
content-encoding
br
cdn-edgestorageid
742
cdn-cachedat
01/26/2022 16:59:32
cdn-pullzone
411106
cdn-requestpullsuccess
True
server
BunnyCDN-NY1-742
last-modified
Thu, 06 Jan 2022 17:27:44 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
etag
W/"61d72690-2189"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
cdn-cache
HIT
cdn-uid
ba22edd1-b119-4d71-a19a-0ecb82f45dc0
cache-control
public, max-age=2592000
cdn-requestid
70f75187d3db49ec38015f732abf65a7
cdn-requestcountrycode
CA
cdn-status
200
expires
Fri, 25 Feb 2022 16:59:32 GMT
request-manager.js
kumo.network-n.com/dist/1.8.1/
11 KB
4 KB
Script
General
Full URL
https://kumo.network-n.com/dist/1.8.1/request-manager.js
Requested by
Host: kumo.network-n.com
URL: https://kumo.network-n.com/dist/app.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.181.168.47 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
edge-742.bunnyinfra.net
Software
BunnyCDN-NY1-742 /
Resource Hash
a91e581ed3c506b6a7639910624b7e0a9d327af4f23d6c8258b3168d56511836

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:01 GMT
content-encoding
br
cdn-edgestorageid
742
cdn-cachedat
01/26/2022 16:59:34
cdn-pullzone
411106
cdn-requestpullsuccess
True
server
BunnyCDN-NY1-742
last-modified
Thu, 06 Jan 2022 17:27:44 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
etag
W/"61d72690-2a0d"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
cdn-cache
HIT
cdn-uid
ba22edd1-b119-4d71-a19a-0ecb82f45dc0
cache-control
public, max-age=2592000
cdn-requestid
ba097a4c003765c8b32b214fa3666b8e
cdn-requestcountrycode
CA
cdn-status
200
expires
Fri, 25 Feb 2022 16:59:34 GMT
refresh.js
kumo.network-n.com/dist/1.8.1/
17 KB
6 KB
Script
General
Full URL
https://kumo.network-n.com/dist/1.8.1/refresh.js
Requested by
Host: kumo.network-n.com
URL: https://kumo.network-n.com/dist/app.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.181.168.47 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
edge-742.bunnyinfra.net
Software
BunnyCDN-NY1-742 /
Resource Hash
3b8e930a763cf5255cad67d12a944f0f6c9697056c41e51dcb011929ad35a415

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:01 GMT
content-encoding
br
cdn-edgestorageid
742
cdn-cachedat
01/26/2022 16:59:34
cdn-pullzone
411106
cdn-requestpullsuccess
True
server
BunnyCDN-NY1-742
last-modified
Thu, 06 Jan 2022 17:27:44 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
etag
W/"61d72690-4470"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
cdn-cache
HIT
cdn-uid
ba22edd1-b119-4d71-a19a-0ecb82f45dc0
cache-control
public, max-age=2592000
cdn-requestid
670cfcadca8fb6a2c9351ea0e2c9ec8a
cdn-requestcountrycode
CA
cdn-status
200
expires
Fri, 25 Feb 2022 16:59:34 GMT
p
ic.tynt.com/b/
35 B
523 B
Image
General
Full URL
https://ic.tynt.com/b/p?id=wu!&lm=0&ts=1643279761394&dn=AFWU&iso=0&t=Download%20Banks%202012%20Chevy131217%20rar
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.33 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip33.67-202-105.static.steadfastdns.net
Software
nginx/1.16.1 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:01 GMT
last-modified
Fri, 16 Apr 2010 15:38:20 GMT
server
nginx/1.16.1
etag
"4bc8846c-23"
p3p
policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID", CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
cache-control
"no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
accept-ranges
bytes
content-type
image/gif
content-length
35
expires
"Sat, 26 Jul 1997 05:00:00 GMT"
gpt.js
securepubads.g.doubleclick.net/tag/js/
79 KB
27 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: kumo.network-n.com
URL: https://kumo.network-n.com/dist/app.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
sffe /
Resource Hash
0ced9e4fe5ecdba11a20821ace67179d99b6ddd8ac6f10c0126e419df09fc2f5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27068
x-xss-protection
0
server
sffe
etag
"1114 / 262 of 1000 / last-modified: 1643276519"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Thu, 27 Jan 2022 10:36:01 GMT
t.dhj
t.sharethis.com/1/d/
2 KB
2 KB
Script
General
Full URL
https://t.sharethis.com/1/d/t.dhj?cid=c010&cls=C&rnd=0.373411060577409&stid=ZGoABWHydZEAAAAIMeZBAw%3D%3D
Requested by
Host: pd.sharethis.com
URL: https://pd.sharethis.com/pd/dtscout
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.106.245.174 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-106-245-174.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
7c1118eb24bfa93eea877c04b9f141d0984b8666306e2625fd7ca54e86956158
Security Headers
Name Value
Strict-Transport-Security max-age=2628000 ; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 10:36:01 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2628000 ; includeSubDomains
Content-Type
application/javascript
Cache-Control
private, max-age=3600
Connection
keep-alive
X-Robots-Tag
noindex, nofollow
Content-Length
1364
Expires
Thu, 27 Jan 2022 11:36:01 GMT
dtscout
pd.sharethis.com/pd/
42 B
265 B
Image
General
Full URL
https://pd.sharethis.com/pd/dtscout?_t_=px&url=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&event_source=dtscout&rnd=0.373411060577409&exptid=ZGoABWHydZEAAAAIMeZBAw%3D%3D&fcmp=false
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.140.12.176 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-140-12-176.us-east-2.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains;

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 10:36:01 GMT
Connection
keep-alive
X-Robots-Tag
noindex, nofollow
Content-Length
42
Strict-Transport-Security
max-age=63072000; includeSubDomains;
Content-Type
image/gif
prebid.php
kumo.network-n.com/
258 KB
84 KB
Script
General
Full URL
https://kumo.network-n.com/prebid.php?v=4.42.1&adapters=adagio,onetag,outbrain,pubmatic,triplelift
Requested by
Host: kumo.network-n.com
URL: https://kumo.network-n.com/dist/1.8.1/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.181.168.47 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
edge-742.bunnyinfra.net
Software
BunnyCDN-NY1-742 /
Resource Hash
09604fca2527b5184d15d530220a39108b5630efb5821a69c688e5bfcf09270f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:01 GMT
content-encoding
br
x-content-type-options
nosniff
cdn-edgestorageid
742
cdn-cachedat
01/26/2022 17:14:23
cdn-pullzone
411106
x-xss-protection
1; mode=block
server
BunnyCDN-NY1-742
cdn-proxyver
1.02
cdn-requestpullcode
200
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript; charset=UTF-8
cdn-cache
HIT
cdn-uid
ba22edd1-b119-4d71-a19a-0ecb82f45dc0
cache-control
public, max-age=2592000
x-server
1
cdn-requestid
8067e1e4d09165fa990f18bd1aed6a59
cdn-requestcountrycode
CA
cdn-status
200
cdn-requestpullsuccess
True
t_.htm
t.sharethis.com/a/ Frame D7BF
2 KB
1 KB
Document
General
Full URL
https://t.sharethis.com/a/t_.htm?ver=1.825.22796&cid=c010&cls=C
Requested by
Host: t.sharethis.com
URL: https://t.sharethis.com/1/d/t.dhj?cid=c010&cls=C&rnd=0.373411060577409&stid=ZGoABWHydZEAAAAIMeZBAw%3D%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.106.245.174 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-106-245-174.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
ec73870a124df2d105249652c84da8f949bf73bcd5ca8ad6deca84b4fbd2e9d0
Security Headers
Name Value
Strict-Transport-Security max-age=2628000 ; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/

Response headers

Content-Length
1160
Cache-Control
max-age=604800
Expires
Thu, 03 Feb 2022 10:36:01 GMT
Date
Thu, 27 Jan 2022 10:36:01 GMT
Connection
keep-alive
Strict-Transport-Security
max-age=2628000 ; includeSubDomains
Content-Encoding
gzip
Content-Type
text/html
X-Robots-Tag
noindex, nofollow
v2
de.tynt.com/deb/
1 KB
2 KB
Script
General
Full URL
https://de.tynt.com/deb/v2?id=wu!&dn=AFWU&cc=1&r=
Requested by
Host: cdn.tynt.com
URL: https://cdn.tynt.com/afwu.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.32 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip32.67-202-105.static.steadfastdns.net
Software
/
Resource Hash
e79333cc12542ef5814da5f3e1bb905dbc9ad673861b8bb62d90f3378fd8558c

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:01 GMT
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false
content-type
application/javascript
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
content-length
1378
expires
Sat, 26 Jul 1997 05:00:00 GMT
EU
onetag-geo-grouping.s-onetag.com/regionalbloc/
1 KB
832 B
Fetch
General
Full URL
https://onetag-geo-grouping.s-onetag.com/regionalbloc/EU
Requested by
Host: get.s-onetag.com
URL: https://get.s-onetag.com/f0c84061-4182-4398-8e37-5ff5b5698a6f/tag.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.31.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-31-29.ewr53.r.cloudfront.net
Software
restify /
Resource Hash
6088012dda2274a27fa40ed153d9e3a6c96a22af1b177f8a2916368eb3e88bb0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 00:32:19 GMT
content-encoding
gzip
server
restify
age
36222
vary
Accept-Encoding,origin
x-cache
Hit from cloudfront
content-type
application/json
access-control-allow-origin
https://dl-file.com
access-control-expose-headers
api-version, content-length, content-md5, content-type, date, request-id, response-time
cache-control
max-age=86400
x-amz-cf-pop
EWR53-C2
x-amz-cf-id
cKzTPTGCmzyCcYec4nfJ5J7Vn5TBsXa25oca17oNZn6Ii101QNEo0Q==
via
1.1 b1cccfee199a18a4097165436eb291a8.cloudfront.net (CloudFront)
pubads_impl_2022011002.js
securepubads.g.doubleclick.net/gpt/
352 KB
118 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js?31064551
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
sffe /
Resource Hash
e87e542e34fc3af7847f53ae5c258f82ff2d8739646ed8d249c9a54ede9f7128
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 04:19:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
22564
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
121009
x-xss-protection
0
last-modified
Mon, 10 Jan 2022 21:10:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Fri, 27 Jan 2023 04:19:57 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/
64 B
93 B
XHR
General
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=dl-file.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
cafe /
Resource Hash
968eddce0f701c286e074befb5246716f1f9e39384ec3c67e68a0c6afd500e0d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 27 Jan 2022 10:36:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
68
x-xss-protection
0
expires
Thu, 27 Jan 2022 10:36:01 GMT
t_.js
t.sharethis.com/1.825.22796/a/CA/ Frame DAFC
20 KB
9 KB
Script
General
Full URL
https://t.sharethis.com/1.825.22796/a/CA/t_.js?cid=c010&cls=C
Requested by
Host: t.sharethis.com
URL: https://t.sharethis.com/a/t_.htm?ver=1.825.22796&cid=c010&cls=C
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.106.245.174 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-106-245-174.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
03cc80b72954259a734b4beca35fca811c57ee695756eb84270f5e36ad6263d4
Security Headers
Name Value
Strict-Transport-Security max-age=2628000 ; includeSubDomains

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://t.sharethis.com/a/t_.htm?ver=1.825.22796&cid=c010&cls=C
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 10:36:01 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=2628000 ; includeSubDomains
Content-Type
text/javascript
Cache-Control
max-age=604800
Connection
keep-alive
X-Robots-Tag
noindex, nofollow
Content-Length
8767
Expires
Thu, 03 Feb 2022 10:36:01 GMT
cmp.min.css
cdn.consentmanager.mgr.consensu.org/delivery/
24 KB
5 KB
Stylesheet
General
Full URL
https://cdn.consentmanager.mgr.consensu.org/delivery/cmp.min.css
Requested by
Host: kumo.network-n.com
URL: https://kumo.network-n.com/dist/1.8.1/cmp.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:ca00::4 London, United Kingdom, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software
CDN77-Turbo / PleskLin
Resource Hash
75f527fbaa9c085d67889a6d29a38315325c369f1147807e4bbce2a2f8fcd029

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-77-pop
londonGB
date
Thu, 27 Jan 2022 10:36:01 GMT
content-encoding
br
vary
Accept-Encoding, Accept-Encoding
x-77-nzt-ray
Axfh8JtLoH4=
x-powered-by
PleskLin
x-77-cache
HIT
x-cache
HIT
x-age
1781
x-77-nzt
AVm7pwFj7Df/9QYAAA==
x-accel-expires
@1643279780
last-modified
Tue, 18 Jan 2022 00:11:41 GMT
server
CDN77-Turbo
etag
W/"603e-5d5d01d0f2940"
access-control-max-age
1000
access-control-allow-methods
POST, GET, OPTIONS, DELETE, PUT
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=1800, public
cmp.php
consentmanager.mgr.consensu.org/delivery/
5 KB
2 KB
Script
General
Full URL
https://consentmanager.mgr.consensu.org/delivery/cmp.php?id=9545&h=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&&__cmpfcc=1&l=&o=1643279761650
Requested by
Host: kumo.network-n.com
URL: https://kumo.network-n.com/dist/1.8.1/cmp.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
87.230.98.74 , Germany, ASN61157 (PLUSSERVER-ASN1, DE),
Reverse DNS
ma5037422.psmanaged.com
Software
/
Resource Hash
e9238dafc9cbef806deb06895ecc1a0da068cb7e12e9563c07ce1d1c89ecd5a9
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:02 GMT
Content-Encoding
gzip
Last-Modified
Thu, 27 Jan 2022 10:36:02 GMT
Transfer-Encoding
chunked
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate
X-XSS-Protection
0
Expires
Thu, 01 Dec 1994 16:00:00 GMT
cmp_en.min.js
cdn.consentmanager.mgr.consensu.org/delivery/
337 KB
64 KB
Script
General
Full URL
https://cdn.consentmanager.mgr.consensu.org/delivery/cmp_en.min.js
Requested by
Host: kumo.network-n.com
URL: https://kumo.network-n.com/dist/1.8.1/cmp.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:ca00::4 London, United Kingdom, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software
CDN77-Turbo / PleskLin
Resource Hash
b60e934203d9142d90ff84d24c80ab486ed50a76146d78541e3316be240bc40c

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-77-pop
londonGB
date
Thu, 27 Jan 2022 10:36:01 GMT
content-encoding
br
vary
Accept-Encoding, Accept-Encoding
x-77-nzt-ray
FA3v2bQ88fM=
x-powered-by
PleskLin
x-77-cache
HIT
x-cache
HIT
x-age
1778
x-77-nzt
AVm7pwHXpdn/8gYAAA==
x-accel-expires
@1643279783
last-modified
Tue, 18 Jan 2022 16:20:56 GMT
server
CDN77-Turbo
etag
W/"54274-5d5dda75e0a00"
access-control-max-age
1000
access-control-allow-methods
POST, GET, OPTIONS, DELETE, PUT
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=1800, public
tag
btloader.com/
Redirect Chain
  • https://network-n-com.videoplayerhub.com/galleryplayer.js
  • https://btloader.com/tag?h=network-n-com&upapi=true
22 KB
8 KB
Script
General
Full URL
https://btloader.com/tag?h=network-n-com&upapi=true
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
H2
Server
2606:4700:20::681a:68b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8e8aca32971b9f5589212f75509c68f62a70d00334efea6880f2b223a225e42a

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

cf-ray
6d41566fcd84ca67-YUL
date
Thu, 27 Jan 2022 10:36:01 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
1015
etag
W/"aff4f6d1e719f4b029e260384b556923"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iI39tHyXiU4uODtvH69c8voBO4cNyK3NADudfnlFMUyC8r6ZT8Jizr3cEbNs%2FF9DP3wKeFKkzv5YpMzW5LaDZZpSR823A2Ljz8M0sMjj8awHBZgWtKtR17AjlOQk7x18CV5LHoFSVZvABw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=1800, must-revalidate
content-encoding
br

Redirect headers

date
Thu, 27 Jan 2022 10:36:01 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WCWCI5177lT4obWjJvknEvCUbzPQmdQJqEGNpsHkuDswjQxFDojWn3agc6b%2Fp2Il7T3f8FgSdcf6v9tJmdqn3P4NO%2Fyzn4eBoi4PBwuAtj1OOJf6zf9bEXbDuDMq33dv1L4jzRJAEX3Re8rCtXI3S3tGZmGmysV5SQp53221"}],"group":"cf-nel","max_age":604800}
location
https://btloader.com/tag?h=network-n-com&upapi=true
cache-control
max-age=3600
cf-ray
6d41566f0a804bb9-YUL
expires
Thu, 27 Jan 2022 11:36:01 GMT
00917082-71e9-498e-8343-00c3df06b798-web.js
00917082-71e9-498e-8343-00c3df06b798.edge.permutive.app/
581 KB
146 KB
Script
General
Full URL
https://00917082-71e9-498e-8343-00c3df06b798.edge.permutive.app/00917082-71e9-498e-8343-00c3df06b798-web.js
Requested by
Host: kumo.network-n.com
URL: https://kumo.network-n.com/dist/app.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:551 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7064e5cec87237de1bbd37783dcbb78af34f757f6990e6df3f37d273455e5f2e

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:01 GMT
content-encoding
br
cf-cache-status
HIT
x-goog-meta-oid
00917082-71e9-498e-8343-00c3df06b798
age
1040
x-guploader-uploadid
ADPycdsSLSL1KZKwcKM1KSYiLOSENM-APzHbpwxRpBmt-tWAu-mSPIh20CSzyszjpMefxVBKZIRvtw7PCKYQluxFUPw
x-goog-storage-class
REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
content-type
application/javascript
last-modified
Wed, 26 Jan 2022 11:17:01 GMT
server
cloudflare
etag
W/"b024746802ca134654ab8d82f5c609a6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=YXuJUA==, md5=sCR0aALKE0ZUq42C9cYJpg==
x-goog-generation
1643195821373030
cache-control
public, max-age=900
x-goog-stored-content-length
161592
cf-ray
6d41566f2f654bbf-YUL
expires
Thu, 27 Jan 2022 10:51:01 GMT
apstag.js
c.amazon-adsystem.com/aax2/
134 KB
36 KB
Script
General
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: kumo.network-n.com
URL: https://kumo.network-n.com/dist/1.8.1/amazon.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.192.160.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-192-160-42.ewr53.r.cloudfront.net
Software
Server /
Resource Hash
c7360a9b46fde11845b3090ca0034fb409d92398a71f3ae15fac3a2fa29ae6cc

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 26 Jan 2022 21:10:01 GMT
content-encoding
gzip
age
48359
x-cache
Hit from cloudfront
timing-allow-origin
*
server
Server
x-amz-rid
1F940PJN5T088NJBC3RM
etag
a89a0f9aa62d9c46ee287cd1f0b6423d
vary
Accept-Encoding
x-amz-version-id
GzCVpXkwVbKPnWWiNgpDCABi9Jbs4BMI
via
1.1 48242c037992a87d34be1f3c114efc0a.cloudfront.net (CloudFront)
cache-control
public, max-age=86400
x-amz-cf-pop
EWR53-C3
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
dee0j7JY0i5DK-VhC492BP1Pn3U4dNbufWrBYTVnJbyVqy0Htjqtsg==
latest.json
cdn.jsdelivr.net/gh/prebid/currency-file@1/
2 KB
1 KB
XHR
General
Full URL
https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20220127
Requested by
Host: kumo.network-n.com
URL: https://kumo.network-n.com/prebid.php?v=4.42.1&adapters=adagio,onetag,outbrain,pubmatic,triplelift
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5225e165e735eb5976fc276ee97ccc63d7c3bb65f6daaf49b1d050b3d54a4972
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://dl-file.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 27 Jan 2022 10:36:01 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
27287
x-jsd-version
1.0.1234
x-cache
HIT, MISS
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra19163-FRA, cache-yyz4526-YYZ
timing-allow-origin
*
x-jsd-version-type
version
server
cloudflare
etag
W/"6a1-rxvUMxV0OesouxuDePhBOiTvEVA"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
cf-ray
6d41566efbde4bd6-YUL
87deb108-4e58-4efe-a82c-59315f7609e1
boot.pbstck.com/v1/tag/
2 KB
933 B
Script
General
Full URL
https://boot.pbstck.com/v1/tag/87deb108-4e58-4efe-a82c-59315f7609e1
Requested by
Host: kumo.network-n.com
URL: https://kumo.network-n.com/dist/1.8.1/pubstack.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:5d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
256833f504c0139360ba10d6909baebaf9cba322ecb8d62a41d1abf93527d136

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 27 Jan 2022 10:36:01 GMT
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
application/javascript
access-control-allow-origin
*
cache-control
private,max-age=120
cf-ray
6d41566f2eb27150-YUL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
lotame-sync.html
cdn-tc.33across.com/ Frame 8441
343 B
532 B
Document
General
Full URL
https://cdn-tc.33across.com/lotame-sync.html
Requested by
Host: de.tynt.com
URL: https://de.tynt.com/deb/v2?id=wu!&dn=AFWU&cc=1&r=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.15.222 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
70170e469d8d05527acab7e3335c6fe91e2966ddbb6e9ea6211260b8f717d120

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html

Response headers

date
Thu, 27 Jan 2022 10:36:01 GMT
content-type
text/html
last-modified
Fri, 27 Aug 2021 20:58:45 GMT
vary
Accept-Encoding
etag
W/"61295205-157"
content-encoding
gzip
cf-cache-status
HIT
age
231457
expires
Sun, 30 Jan 2022 10:36:01 GMT
cache-control
public, max-age=259200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6d41566f5bad4009-YYZ
8076697769768775013
map.go.affec.tv/map/an/
Redirect Chain
  • https://map.go.affec.tv/map/3a/?pid=CoIKSWHydZGg9vowA0FsAg%3D%3D&us_privacy=&ts=1643279761569.1
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fmap.go.affec.tv%2Fmap%2Fan%2F%24UID%3Fch%3D61f27591bea1e300012d9a97%26chc%3Dtt%26floc%3D%26redirect_url%3D
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fmap.go.affec.tv%252Fmap%252Fan%252F%2524UID%253Fch%253D61f27591bea1e300012d9a97%2526chc%253Dtt%2526floc%253D%2526redirect_url%253D
  • https://map.go.affec.tv/map/an/8076697769768775013?ch=61f27591bea1e300012d9a97&chc=tt&floc=&redirect_url=
0
622 B
Image
General
Full URL
https://map.go.affec.tv/map/an/8076697769768775013?ch=61f27591bea1e300012d9a97&chc=tt&floc=&redirect_url=
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
H2
Server
13.225.214.37 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-214-37.ewr50.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:02 GMT
via
1.1 3aa2aa1b7b816f70e94675c9a63f98d0.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR50-C1
content-encoding
gzip
x-amz-cf-id
tiTGtdVp5u5FSOmNADg317IiIXE7v9dzgJA0rPBajc02BNUFhwgheA==
vary
Accept-Encoding
x-cache
Miss from cloudfront

Redirect headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:02 GMT
X-Proxy-Origin
149.56.153.184; 149.56.153.184; 564.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
21f13bd9-f6cc-4823-adbf-2ce59ef54e73
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://map.go.affec.tv/map/an/8076697769768775013?ch=61f27591bea1e300012d9a97&chc=tt&floc=&redirect_url=
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
usermatch.gif
beacon.krxd.net/
Redirect Chain
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1388&partner_device_id=CoIKSWHydZGg9vowA0FsAg%3D%3D&us_privacy=&random=1643279761569.2&redirect=https%3A%2F%2Fthinkcxad.azurewebsites.net%2Fapi%...
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=1388&partner_device_id=CoIKSWHydZGg9vowA0FsAg%3D%3D&us_privacy=&random=1643279761569.2&redirect=https%3A%2F%2Fthinkcxad.azurewebsites.net%...
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=d807e161-1268-48ea-b4cc-24025f67c8db%252Chttps%253A%252F%252Fusermatch.krxd.net%252Fum%252Fv2%253Fpartner%253Dtapad&gdpr=...
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9&ttd_puid=d807e161-1268-48ea-b4cc-24025f67c8db%2Chttps%3A%2F%2Fusermatch.krxd.net%2Fu...
  • https://usermatch.krxd.net/um/v2?partner=tapad
  • https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=tapad
0
338 B
Image
General
Full URL
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=tapad
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
H2
Server
54.211.161.228 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-211-161-228.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:02 GMT
cache-control
private, no-cache, no-store
x-request-time
D=52 t=1643279762
x-served-by
beacon-n001-ash-prod.krxd.net
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=tapad
date
Thu, 27 Jan 2022 10:36:02 GMT
x-cache-hits
0
x-age
0
content-length
0
x-cache
MISS
x-served-by
usermatch-a001-ash-prod.krxd.net
match
ps.eyeota.net/
Redirect Chain
  • https://ps.eyeota.net/pixel?pid=c9gd671&t=gif&uid=CoIKSWHydZGg9vowA0FsAg%3D%3D&us_privacy=&33random=1643279761569.3&cat=33across
  • https://ps.eyeota.net/pixel/bounce/?pid=c9gd671&t=gif&uid=CoIKSWHydZGg9vowA0FsAg%3D%3D&us_privacy=&33random=1643279761569.3&cat=33across
  • https://cm.g.doubleclick.net/pixel?google_nid=eye&google_cm&google_sc&google_hm=MlJTYnNCNVZiaGFraGxJVnI5R1YxMm44NDRyVG9vQTMyampxTkg4aUtoWnM&gdpr=0&gdpr_consent=&uid=1&bid=gdo9o51&newuser=1&referrer...
  • https://cm.g.doubleclick.net/pixel?google_nid=eye&google_cm=&google_sc=&google_hm=MlJTYnNCNVZiaGFraGxJVnI5R1YxMm44NDRyVG9vQTMyampxTkg4aUtoWnM&gdpr=0&gdpr_consent=&uid=1&bid=gdo9o51&newuser=1&referr...
  • https://ps.eyeota.net/match?gdpr=0&gdpr_consent=&uid=1&bid=gdo9o51&newuser=1&referrer_pid=c9gd671&google_gid=CAESEPeyadtRrGEdI6nszINtHro&google_cver=1
70 B
440 B
Image
General
Full URL
https://ps.eyeota.net/match?gdpr=0&gdpr_consent=&uid=1&bid=gdo9o51&newuser=1&referrer_pid=c9gd671&google_gid=CAESEPeyadtRrGEdI6nszINtHro&google_cver=1
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
HTTP/1.1
Server
52.55.144.0 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-55-144-0.compute-1.amazonaws.com
Software
/
Resource Hash
de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 10:36:02 GMT
Content-Type
image/gif
Content-Length
70
P3P
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:02 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ps.eyeota.net/match?gdpr=0&gdpr_consent=&uid=1&bid=gdo9o51&newuser=1&referrer_pid=c9gd671&google_gid=CAESEPeyadtRrGEdI6nszINtHro&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
375
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
mw
mwzeom.zeotap.com/
Redirect Chain
  • https://spl.zeotap.com/z.png?zdid=239&ctry=CA&env=mWeb&eventType=pageview&zpb=wu%21&zpbcat=Entertainment&zcluid=CoIKSWHydZGg9vowA0FsAg%3D%3D&us_privacy=&ziid=1643279761569.4
  • https://ib.adnxs.com/getuid?https://mwzeom.zeotap.com/mw?adnxs_uid=$UID&zpartnerid=2&ctry=CA&env=mWeb&eventType=pageview&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=690d6934-8037-4c11-553c-...
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fadnxs_uid%3D%24UID%26zpartnerid%3D2%26ctry%3DCA%26env%3DmWeb%26eventType%3Dpageview%26id_mid_4%3Dbf8833df-0427-45d8-54...
  • https://mwzeom.zeotap.com/mw?adnxs_uid=8076697769768775013&zpartnerid=2&ctry=CA&env=mWeb&eventType=pageview&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=690d6934-8037-4c11-553c-f3fb75ad636a&...
95 B
201 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?adnxs_uid=8076697769768775013&zpartnerid=2&ctry=CA&env=mWeb&eventType=pageview&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=690d6934-8037-4c11-553c-f3fb75ad636a&us_privacy=&zcluid=CoIKSWHydZGg9vowA0FsAg==&zdid=239&ziid=1643279761569.4&zpb=wu!&zpbcat=Entertainment
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:02 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://dl-file.com
access-control-allow-credentials
true
cf-ray
6d415670ac8a7139-YUL
access-control-allow-headers
*
content-length
95

Redirect headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:01 GMT
X-Proxy-Origin
149.56.153.184; 149.56.153.184; 806.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
e6444e96-34a1-4826-8454-e9226a0af775
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://mwzeom.zeotap.com/mw?adnxs_uid=8076697769768775013&zpartnerid=2&ctry=CA&env=mWeb&eventType=pageview&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=690d6934-8037-4c11-553c-f3fb75ad636a&us_privacy=&zcluid=CoIKSWHydZGg9vowA0FsAg==&zdid=239&ziid=1643279761569.4&zpb=wu!&zpbcat=Entertainment
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
405716.gif
idsync.rlcdn.com/
Redirect Chain
  • https://dp2.33across.com/ps/?pid=1205&random=1643279761569.5
  • https://idsync.rlcdn.com/405716.gif?partner_uid=118925965970971
42 B
298 B
Image
General
Full URL
https://idsync.rlcdn.com/405716.gif?partner_uid=118925965970971
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
H2
Server
35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
146.60.190.35.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 27 Jan 2022 10:36:02 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:01 GMT
referrer-policy
unsafe-url
server
33XP004
x-33x-status
4000000000004000C
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location
https://idsync.rlcdn.com/405716.gif?partner_uid=118925965970971
cache-control
no-store, no-cache, must-revalidate
content-length
0
expires
Thu, 01-Jan-70 00:00:01 GMT
mapuid
secure.adnxs.com/
Redirect Chain
  • https://dp1.33across.com/ps/?pid=669&uid=CoIKSWHydZGg9vowA0FsAg%3D%3D&us_privacy=&random=1643279761569.7
  • https://secure.adnxs.com/mapuid?t=2&member=1001&user=118925965971079&seg_code=33x&random=1643279761
43 B
951 B
Image
General
Full URL
https://secure.adnxs.com/mapuid?t=2&member=1001&user=118925965971079&seg_code=33x&random=1643279761
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
HTTP/1.1
Server
68.67.179.113 Secaucus, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
564.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:02 GMT
X-Proxy-Origin
149.56.153.184; 149.56.153.184; 564.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
e1ffa0b3-cde8-414c-b46c-de82745440e3
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:01 GMT
referrer-policy
unsafe-url
server
33XP004
x-33x-status
402044000C
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location
https://secure.adnxs.com/mapuid?t=2&member=1001&user=118925965971079&seg_code=33x&random=1643279761
cache-control
no-store, no-cache, must-revalidate
content-length
0
expires
Thu, 01-Jan-70 00:00:01 GMT
dataBeacons.min.js
data-beacons.s-onetag.com/
6 KB
2 KB
Script
General
Full URL
https://data-beacons.s-onetag.com/dataBeacons.min.js
Requested by
Host: get.s-onetag.com
URL: https://get.s-onetag.com/f0c84061-4182-4398-8e37-5ff5b5698a6f/tag.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.230.162.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-230-162-76.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
31e12a7a30e633b99dc01daa1c2064b8b78098f5d9cccfe3aad2d2904125a775

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id
syrhL4HxyQ94RzTlcl0y8HYCMGvvMWLr
content-encoding
gzip
last-modified
Wed, 07 Jul 2021 16:31:37 GMT
server
AmazonS3
age
443
etag
W/"5ff42869b876a4eddafd981cab0b8818"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
via
1.1 3f6eb9ff07d4d2f572d4e8e6fb935a36.cloudfront.net (CloudFront)
cache-control
max-age=3600
date
Thu, 27 Jan 2022 10:28:39 GMT
x-amz-cf-pop
EWR53-C3
x-amz-cf-id
Sp3eg6kMQCtbxwYVae8sNnHSwNtx4yctebuaFSATm-tzDkMLgNDstQ==
test_oracle
pd.sharethis.com/pd/ Frame 1811
438 B
675 B
Script
General
Full URL
https://pd.sharethis.com/pd/test_oracle
Requested by
Host: t.sharethis.com
URL: https://t.sharethis.com/a/t_.htm?ver=1.825.22796&cid=c010&cls=C
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.140.12.176 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-140-12-176.us-east-2.compute.amazonaws.com
Software
/
Resource Hash
8a578ceb96d7aebd4a21364544c6e8231fdba71f0be574b3b8d2ca707a5337d6
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains;

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://t.sharethis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 10:36:01 GMT
Connection
keep-alive
X-Robots-Tag
noindex, nofollow
Content-Length
438
Strict-Transport-Security
max-age=63072000; includeSubDomains;
Content-Type
application/javascript
ttd
sync.sharethis.com/ Frame DAFC
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=1h1y1a7&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=1h1y1a7&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://sync.sharethis.com/ttd?uid=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9&gdpr=0&gdpr_consent=
42 B
297 B
Image
General
Full URL
https://sync.sharethis.com/ttd?uid=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9&gdpr=0&gdpr_consent=
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
HTTP/1.1
Server
3.129.242.122 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-129-242-122.us-east-2.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains;

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://t.sharethis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Strict-Transport-Security
max-age=63072000; includeSubDomains;
Connection
keep-alive
X-Robots-Tag
noindex, nofollow
Date
Thu, 27 Jan 2022 10:36:02 GMT
Content-Length
42
Stid
ZGoABWHydZEAAAAIMeZBAw==
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:01 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://sync.sharethis.com/ttd?uid=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9&gdpr=0&gdpr_consent=
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
215
nlsn
sync.sharethis.com/ Frame DAFC
Redirect Chain
  • https://loadus.exelator.com/load/?p=847&g=001&j=0&gdpr=0&gdpr_consent=
  • https://loadus.exelator.com/load/?p=847&g=001&j=0&gdpr=0&gdpr_consent=&xl8blockcheck=1
  • https://sync.sharethis.com/nlsn?uid=b4f2b14df122fcd774d406d6e8fdf8f2
42 B
297 B
Image
General
Full URL
https://sync.sharethis.com/nlsn?uid=b4f2b14df122fcd774d406d6e8fdf8f2
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
HTTP/1.1
Server
3.129.242.122 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-129-242-122.us-east-2.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains;

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://t.sharethis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Strict-Transport-Security
max-age=63072000; includeSubDomains;
Connection
keep-alive
X-Robots-Tag
noindex, nofollow
Date
Thu, 27 Jan 2022 10:36:02 GMT
Content-Length
42
Stid
ZGoABWHydZEAAAAIMeZBAw==
Content-Type
image/gif

Redirect headers

date
Thu, 27 Jan 2022 10:36:01 GMT
server
nginx
x-powered-by
Undertow/1
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
location
https://sync.sharethis.com/nlsn?uid=b4f2b14df122fcd774d406d6e8fdf8f2
cache-control
no-cache
access-control-allow-credentials
true
content-type
image/gif
content-length
0
eyeota
sync.sharethis.com/ Frame DAFC
Redirect Chain
  • https://ps.eyeota.net/pixel?pid=1mpb5m0&t=gif&gdpr=0&gdpr_consent=
  • https://ps.eyeota.net/pixel/bounce/?pid=1mpb5m0&t=gif&gdpr=0&gdpr_consent=
  • https://sync.sharethis.com/eyeota?uid=2jH2Sp-tQ6PvIQXExROENlQmhJYl7eKJD-9UbTrRVudQ&gdpr=0&gdpr_consent=
42 B
297 B
Image
General
Full URL
https://sync.sharethis.com/eyeota?uid=2jH2Sp-tQ6PvIQXExROENlQmhJYl7eKJD-9UbTrRVudQ&gdpr=0&gdpr_consent=
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
HTTP/1.1
Server
3.129.242.122 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-129-242-122.us-east-2.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains;

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://t.sharethis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Strict-Transport-Security
max-age=63072000; includeSubDomains;
Connection
keep-alive
X-Robots-Tag
noindex, nofollow
Date
Thu, 27 Jan 2022 10:36:02 GMT
Content-Length
42
Stid
ZGoABWHydZEAAAAIMeZBAw==
Content-Type
image/gif

Redirect headers

Location
https://sync.sharethis.com/eyeota?uid=2jH2Sp-tQ6PvIQXExROENlQmhJYl7eKJD-9UbTrRVudQ&gdpr=0&gdpr_consent=
Date
Thu, 27 Jan 2022 10:36:01 GMT
Content-Length
0
P3P
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
csync.ashx
ml314.com/ Frame DAFC
Redirect Chain
  • https://ml314.com/utsync.ashx?eid=50131&et=13&cid=lr&fp=ZGoABWHydZEAAAAIMeZBAw%3D%3D&gdpr=0&gdpr_consent=&return=https%3A%2F%2Fidsync.rlcdn.com%2F395886.gif%3Fpartner_uid%3D%5BPersonID%5D
  • https://idsync.rlcdn.com/395886.gif?partner_uid=3624714392487067690
  • https://idsync.rlcdn.com/1000.gif?memo=CO6UGBIeChoIARCuXxoTMzYyNDcxNDM5MjQ4NzA2NzY5MBAAGg0IkevJjwYSBQjoBxAAQgBKAA
  • https://ml314.com/csync.ashx?fp=8c9981dd170b4c94df15b50233d169980061a3eac3e971d94682a948d972cc68f4cb09cee1a4f8eb&person_id=3624714392487067690&eid=50082
43 B
312 B
Image
General
Full URL
https://ml314.com/csync.ashx?fp=8c9981dd170b4c94df15b50233d169980061a3eac3e971d94682a948d972cc68f4cb09cee1a4f8eb&person_id=3624714392487067690&eid=50082
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
HTTP/1.1
Server
34.233.103.61 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-103-61.compute-1.amazonaws.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://t.sharethis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 10:36:01 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Content-Type
image/gif
Cache-Control
private
Connection
keep-alive
Content-Length
43
Expires
Fri, 28 Jan 2022 05:36:02 GMT

Redirect headers

date
Thu, 27 Jan 2022 10:36:02 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://ml314.com/csync.ashx?fp=8c9981dd170b4c94df15b50233d169980061a3eac3e971d94682a948d972cc68f4cb09cee1a4f8eb&person_id=3624714392487067690&eid=50082
cache-control
no-cache, no-store
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
oracle
sync.sharethis.com/ Frame DAFC
Redirect Chain
  • https://tags.bluekai.com/site/59574?id=ZGoABWHydZEAAAAIMeZBAw%3D%3D&redir=https%3A%2F%2Fsync.sharethis.com%2Foracle%3Fuid%3D%24_BK_UUID%26BK_SWAP_DEST%3D5957
  • https://sync.sharethis.com/oracle?uid=$_BK_UUID&BK_SWAP_DEST=5957
42 B
297 B
Image
General
Full URL
https://sync.sharethis.com/oracle?uid=$_BK_UUID&BK_SWAP_DEST=5957
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
HTTP/1.1
Server
3.129.242.122 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-129-242-122.us-east-2.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains;

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://t.sharethis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Strict-Transport-Security
max-age=63072000; includeSubDomains;
Connection
keep-alive
X-Robots-Tag
noindex, nofollow
Date
Thu, 27 Jan 2022 10:36:02 GMT
Content-Length
42
Stid
ZGoABWHydZEAAAAIMeZBAw==
Content-Type
image/gif

Redirect headers

Location
https://sync.sharethis.com/oracle?uid=$_BK_UUID&BK_SWAP_DEST=5957
Date
Thu, 27 Jan 2022 10:36:01 GMT
Connection
keep-alive
Content-Length
0
P3P
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
config
c.amazon-adsystem.com/cdn/prod/
0
306 B
XHR
General
Full URL
https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fdl-file.com&pubid=26c60b4f-549a-4efd-8ae0-f00e07c46204
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.192.160.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-192-160-42.ewr53.r.cloudfront.net
Software
Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 06:39:18 GMT
via
1.1 48242c037992a87d34be1f3c114efc0a.cloudfront.net (CloudFront)
server
Server
age
14202
x-cache
Hit from cloudfront
access-control-allow-origin
https://dl-file.com
cache-control
max-age=21550, s-maxage=21600
access-control-allow-credentials
true
x-amz-cf-pop
EWR53-C3
x-amz-cf-id
6fRHWjU7naR7JoJGJ56sejbANP5ISrG312S1ektrSo4cDD9UhuCVrQ==
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/
6 KB
7 KB
XHR
General
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.192.160.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-192-160-42.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 03:08:11 GMT
via
1.1 3f6eb9ff07d4d2f572d4e8e6fb935a36.cloudfront.net (CloudFront)
vary
Accept-Encoding,Origin
age
26871
x-cache
Hit from cloudfront
content-length
6482
last-modified
Fri, 21 Jan 2022 02:54:57 GMT
server
AmazonS3
etag
"a4d296427fc806b21335359e398c025c"
access-control-max-age
3000
access-control-allow-methods
GET
x-amz-version-id
eaU6ir6qmGswM2SGRmLi7PKhBcBrRdvn
access-control-allow-origin
*
cache-control
public, max-age=86400
x-amz-cf-pop
EWR53-C3
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
PDiUNETMUvXmS-tqfUpJBSyjjoL2hQ2sHCvXgzIFMr64CxBsJqvp3Q==
bk-coretag.js
tags.bkrtx.com/js/ Frame 1811
51 KB
16 KB
Script
General
Full URL
https://tags.bkrtx.com/js/bk-coretag.js
Requested by
Host: pd.sharethis.com
URL: https://pd.sharethis.com/pd/test_oracle
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.5.229.102 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-5-229-102.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
88cd43c3f5453f7b4db2cbe884b47db3c8317860a2ce6e9b2bc934ff4b8e32eb
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://t.sharethis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Strict-Transport-Security
max-age=15724800; includeSubDomains
Content-Encoding
gzip
Last-Modified
Fri, 21 May 2021 19:14:21 GMT
Server
nginx/1.15.8
ETag
W/"60a8068d-cbc2"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=604800
Date
Thu, 27 Jan 2022 10:36:01 GMT
Connection
keep-alive
Content-Length
16078
Expires
Thu, 03 Feb 2022 10:36:01 GMT
sync.min.js
tags.crwdcntrl.net/lt/c/16311/ Frame 8441
23 KB
8 KB
Script
General
Full URL
https://tags.crwdcntrl.net/lt/c/16311/sync.min.js
Requested by
Host: cdn-tc.33across.com
URL: https://cdn-tc.33across.com/lotame-sync.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.230.162.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-230-162-121.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5640e2177d8a24c6aef1d923c981591689205237b9c2fcba5215d10aa7bcf52e

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://cdn-tc.33across.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Thu, 27 Jan 2022 04:30:36 GMT
content-encoding
gzip
last-modified
Tue, 23 Nov 2021 20:35:46 GMT
server
AmazonS3
age
21926
etag
W/"01cacbace375528e9789d3b3ed3804c2"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
via
1.1 3f6eb9ff07d4d2f572d4e8e6fb935a36.cloudfront.net (CloudFront)
cache-control
max-age: 86400
x-amz-cf-pop
EWR53-C3
x-amz-cf-id
TGMd9a-PA0LGrITG-E6UBoaUwBCS9Q2oNwTBOWz153ZXGFaP9phN8g==
97cd5609-ce4b-4ed2-8952-58b946352942
https://dl-file.com/
366 KB
0
Other
General
Full URL
blob:https://dl-file.com/97cd5609-ce4b-4ed2-8952-58b946352942
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e6faea8c6293e13dd284996ad31aee2fa8925db94593d8412a86362701005e51

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Length
374584
map
bcp.crwdcntrl.net/6/ Frame 8441
429 B
1 KB
XHR
General
Full URL
https://bcp.crwdcntrl.net/6/map
Requested by
Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16311/sync.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.20.97.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-20-97-150.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
039e116c9eac66f48a135dd8b99954b57bf7443e5e2caecc8e6fe0336d6275ce

Request headers

Referer
https://cdn-tc.33across.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:02 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
https://cdn-tc.33across.com
cache-control
no-cache
x-server
10.40.4.56
access-control-allow-credentials
true
content-type
application/json;charset=utf-8
content-length
429
expires
0
l
api.btloader.com/
0
66 B
Image
General
Full URL
https://api.btloader.com/l?event=unknownDomain&org=5684350990417920&domain=dl-file.com
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.23.194 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
194.23.211.130.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:02 GMT
via
1.1 google
alt-svc
clear
vary
Origin
index-monitoring-04822ac.js
cdn.pbstck.com/
178 KB
49 KB
XHR
General
Full URL
https://cdn.pbstck.com/index-monitoring-04822ac.js
Requested by
Host: boot.pbstck.com
URL: https://boot.pbstck.com/v1/tag/87deb108-4e58-4efe-a82c-59315f7609e1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:5d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c9e1bea6f6e5a2efe42f07bc94d4431bf5682f4c025272eab0551ffa3ce67a6e

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:02 GMT
content-encoding
br
cf-cache-status
HIT
age
169354
x-guploader-uploadid
ADPycduk5QVUJswVikdJs5zeGiyAd3pxExy330oTWgqpYsyZDNdO0UXqu51wgKgSclP7wreK_VU_zj5Vcvpw67aC4RP-78GqYQ
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 23 Dec 2021 13:53:28 GMT
server
cloudflare
etag
W/"286e0057212f1557df0c370594b32122"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=k+UYWQ==, md5=KG4AVyEvFVffDDcFlLMhIg==
x-goog-generation
1640267608787336
access-control-allow-origin
*
content-type
application/javascript
access-control-expose-headers
Cache-Control, Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=604800, immutable
x-goog-stored-content-length
49256
cf-ray
6d4156707aedca5f-YUL
expires
Tue, 01 Feb 2022 10:54:52 GMT
index-refresh-04822ac.js
cdn.pbstck.com/
146 KB
41 KB
XHR
General
Full URL
https://cdn.pbstck.com/index-refresh-04822ac.js
Requested by
Host: boot.pbstck.com
URL: https://boot.pbstck.com/v1/tag/87deb108-4e58-4efe-a82c-59315f7609e1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:5d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fb75611df838a70ce6ea0fbef3f296111a8815508de40f20725acc57d2893179

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:02 GMT
content-encoding
br
cf-cache-status
HIT
age
252268
x-guploader-uploadid
ADPycds8zTF0e57uJdIeU1IMfqoXiFhCSnLB7THxAyw6POMqBG3rnwxUh8kxvuFh-HiVWr41mrorif62aPjgqbNvhxZBs6AQZg
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 23 Dec 2021 13:53:31 GMT
server
cloudflare
etag
W/"ffc78afa3a654b1ec97265565ab55c2e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=hUuVEA==, md5=/8eK+jplSx7JcmVWWrVcLg==
x-goog-generation
1640267611658034
access-control-allow-origin
*
content-type
application/javascript
access-control-expose-headers
Cache-Control, Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=604800, immutable
x-goog-stored-content-length
40728
cf-ray
6d4156707aefca5f-YUL
expires
Mon, 31 Jan 2022 11:44:52 GMT
59574
stags.bluekai.com/site/ Frame 561D
73 B
774 B
Document
General
Full URL
https://stags.bluekai.com/site/59574?ret=html&phint=id%3DZGoABWHydZEAAAAIMeZBAw%3D%3D&phint=__bk_k%3D&phint=__bk_l%3Dhttps%3A%2F%2Ft.sharethis.com%2Fa%2Ft_.htm%3Fver%3D1.825.22796%26cid%3Dc010%26cls%3DC&phint=__bk_v%3D3.1.10&limit=5&r=47982063
Requested by
Host: tags.bkrtx.com
URL: https://tags.bkrtx.com/js/bk-coretag.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
184.85.195.135 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-85-195-135.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
0be6916731a201c80f67f69252819473e0909e287df3ee18087cd3300be2965a

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://t.sharethis.com/

Response headers

Content-Type
text/html
Content-Length
73
P3P
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Date
Thu, 27 Jan 2022 10:36:02 GMT
Connection
keep-alive
v2
ap.lijit.com/readerinfo/
Redirect Chain
  • https://ap.lijit.com/readerinfo/v2
  • https://ap.lijit.com/readerinfo/v2?sovrn_retry=true
41 B
459 B
Fetch
General
Full URL
https://ap.lijit.com/readerinfo/v2?sovrn_retry=true
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
HTTP/1.1
Server
216.52.2.48 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
/
Resource Hash
4b18489a165f8e7d49245c82d9c21fd3697adbd1df29fc367e233c6b6cfb63c9

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 10:36:02 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://dl-file.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap5ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
61

Redirect headers

Date
Thu, 27 Jan 2022 10:36:02 GMT
Access-Control-Allow-Origin
https://dl-file.com
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Location
https://ap.lijit.com/readerinfo/v2?sovrn_retry=true
Access-Control-Allow-Credentials
true
Connection
close
X-Sovrn-Pod
ad_ap5ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
v2
ap.lijit.com/readerinfo/
Redirect Chain
  • https://ap.lijit.com/readerinfo/v2
  • https://ap.lijit.com/readerinfo/v2?sovrn_retry=true
41 B
459 B
Fetch
General
Full URL
https://ap.lijit.com/readerinfo/v2?sovrn_retry=true
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
HTTP/1.1
Server
216.52.2.48 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
/
Resource Hash
60cfb4c991b760885018dccbe4030609d8d2b1928a8ed356af17ad51caea7f51

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 10:36:02 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://dl-file.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap5ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
61

Redirect headers

Date
Thu, 27 Jan 2022 10:36:02 GMT
Access-Control-Allow-Origin
https://dl-file.com
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Location
https://ap.lijit.com/readerinfo/v2?sovrn_retry=true
Access-Control-Allow-Credentials
true
Connection
close
X-Sovrn-Pod
ad_ap5ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
v2
ap.lijit.com/readerinfo/
Redirect Chain
  • https://ap.lijit.com/readerinfo/v2
  • https://ap.lijit.com/readerinfo/v2?sovrn_retry=true
41 B
459 B
Fetch
General
Full URL
https://ap.lijit.com/readerinfo/v2?sovrn_retry=true
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
HTTP/1.1
Server
216.52.2.48 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
/
Resource Hash
4b18489a165f8e7d49245c82d9c21fd3697adbd1df29fc367e233c6b6cfb63c9

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 10:36:02 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://dl-file.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap5ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
61

Redirect headers

Date
Thu, 27 Jan 2022 10:36:02 GMT
Access-Control-Allow-Origin
https://dl-file.com
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Location
https://ap.lijit.com/readerinfo/v2?sovrn_retry=true
Access-Control-Allow-Credentials
true
Connection
close
X-Sovrn-Pod
ad_ap5ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
bV8xLndfOTU0NS5kXzM4MTAueF8xMDIudi5wLnRfMzgxMA.js
cdn.consentmanager.mgr.consensu.org/delivery/customdata/
57 KB
11 KB
Script
General
Full URL
https://cdn.consentmanager.mgr.consensu.org/delivery/customdata/bV8xLndfOTU0NS5kXzM4MTAueF8xMDIudi5wLnRfMzgxMA.js
Requested by
Host: consentmanager.mgr.consensu.org
URL: https://consentmanager.mgr.consensu.org/delivery/cmp.php?id=9545&h=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&&__cmpfcc=1&l=&o=1643279761650
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:ca00::4 London, United Kingdom, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software
CDN77-Turbo / PleskLin
Resource Hash
f918c43f2ac9d9f4418b1759426e18be2ddc9f543e40709e1bef7da90e011a52
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-77-pop
londonGB
date
Thu, 27 Jan 2022 10:36:02 GMT
content-encoding
br
vary
Accept-Encoding, Accept-Encoding
x-powered-by
PleskLin
x-77-cache
HIT
x-cache
HIT
x-age
1779
x-xss-protection
0
x-77-nzt
AVm7pwHG057/8wYAAA==
x-accel-expires
@1643279783
last-modified
Thu, 27 Jan 2022 10:06:23 GMT
server
CDN77-Turbo
x-77-nzt-ray
irEpClnFanY=
access-control-max-age
1000
access-control-allow-methods
POST, GET, OPTIONS, DELETE, PUT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*, *
cache-control
public, max-age=1800
expires
Thu, 27 Jan 2022 10:36:23 GMT
syncframe
gum.criteo.com/ Frame 18AB
13 KB
5 KB
Document
General
Full URL
https://gum.criteo.com/syncframe?origin=publishertag&topUrl=dl-file.com
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a001::c , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
/
Resource Hash
051668900f3f9c5235992fcebe36b4af3290b7d8cd274ec7b10821dd961c50e0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/

Response headers

cache-control
private, max-age=3600
content-type
text/html; charset=utf-8
content-encoding
gzip
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
server-processing-duration-in-ticks
2921
date
Thu, 27 Jan 2022 10:36:02 GMT
content-length
5180
strict-transport-security
max-age=31536000; preload;
optimus_rules.json
tags.crwdcntrl.net/lt/c/3825/
4 KB
1 KB
XHR
General
Full URL
https://tags.crwdcntrl.net/lt/c/3825/optimus_rules.json
Requested by
Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/3825/lt.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.230.162.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-230-162-121.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9933d7066a22669cd5d48d0051aa5f2d7ea91bad0a9223f3d7884e93c3ca8a28

Request headers

Referer
https://dl-file.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 26 Jan 2022 20:44:46 GMT
content-encoding
gzip
age
49877
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
access-control-allow-origin
*
last-modified
Mon, 10 Jan 2022 15:33:32 GMT
server
AmazonS3
etag
W/"6db43f44304c37d76768275ee4f01ba4"
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET
content-type
application/json
via
1.1 4ce15cd7013298653f4333aa57416c80.cloudfront.net (CloudFront)
cache-control
max-age: 86400
x-amz-cf-pop
EWR53-C3
x-amz-cf-id
b81tEAFRhTJOkDBRaZQzYmOjx-lvlI6BkeiSWfhTjgl5giPO-Ful7g==
pxid
00917082-71e9-498e-8343-00c3df06b798.prmutv.co/v2.0/
12 B
316 B
XHR
General
Full URL
https://00917082-71e9-498e-8343-00c3df06b798.prmutv.co/v2.0/pxid?k=77604859-ffe0-4bc9-9ccd-67044cad2410
Requested by
Host: 00917082-71e9-498e-8343-00c3df06b798.edge.permutive.app
URL: https://00917082-71e9-498e-8343-00c3df06b798.edge.permutive.app/00917082-71e9-498e-8343-00c3df06b798-web.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.241.9.51 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
51.9.241.35.bc.googleusercontent.com
Software
Permutive /
Resource Hash
481d77f5d1a9c24f102bb6af246ecbff595011e0d73e70b652c39d702565d47d

Request headers

Referer
https://dl-file.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
content-type
text/plain

Response headers

date
Thu, 27 Jan 2022 10:36:02 GMT
content-encoding
gzip
server
Permutive
vary
Origin,Access-Control-Request-Method
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
https://dl-file.com
access-control-expose-headers
*
access-control-allow-credentials
true
access-control-max-age
86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
32
via
1.1 google
getuidj
ib.adnxs.com/
29 B
860 B
XHR
General
Full URL
https://ib.adnxs.com/getuidj
Requested by
Host: 00917082-71e9-498e-8343-00c3df06b798.edge.permutive.app
URL: https://00917082-71e9-498e-8343-00c3df06b798.edge.permutive.app/00917082-71e9-498e-8343-00c3df06b798-web.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.161.208 New York, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
806.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
b013c987554d3046fb540fb4f8d39b7632eab376107cc3b3cf0ce3d640973ef6
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://dl-file.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
content-type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:02 GMT
X-Proxy-Origin
149.56.153.184; 149.56.153.184; 806.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
d49988af-9d5e-4b4b-b43b-714a376f90d1
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://dl-file.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
29
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
00917082-71e9-498e-8343-00c3df06b798-models.bin
cdn.permutive.com/models/v2/
4 KB
4 KB
XHR
General
Full URL
https://cdn.permutive.com/models/v2/00917082-71e9-498e-8343-00c3df06b798-models.bin
Requested by
Host: 00917082-71e9-498e-8343-00c3df06b798.edge.permutive.app
URL: https://00917082-71e9-498e-8343-00c3df06b798.edge.permutive.app/00917082-71e9-498e-8343-00c3df06b798-web.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.150.54 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
28be5230e473e643d3f0c493727e45e5135bfde203fa78fc0975383c98368d6b

Request headers

Referer
https://dl-file.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
content-type
text/plain

Response headers

date
Thu, 27 Jan 2022 10:36:02 GMT
content-encoding
gzip
cf-cache-status
HIT
x-goog-meta-oid
00917082-71e9-498e-8343-00c3df06b798
age
730
x-guploader-uploadid
ADPycdtLXTdoveL7nPmr7vN205YcdCdkg8p9ED05DY4gpiKrZnWGCSF2KQ7mel_ahQXhwpX5Z-fDdryl29PoGFpSZgc
x-goog-storage-class
REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
content-type
application/x-binary
content-length
2885
last-modified
Thu, 27 Jan 2022 06:02:16 GMT
server
cloudflare
etag
"62ed448b5cf1f7c459d748e931ab3288"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=S7N7uA==, md5=Yu1Ei1zx98RZ10jpMasyiA==
x-goog-generation
1643263336866494
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=900, no-transform
x-goog-stored-content-length
2885
accept-ranges
bytes
cf-ray
6d4156736b643fd2-YYZ
expires
Thu, 27 Jan 2022 10:23:52 GMT
liveView.php
live.primis.tech/live/
44 KB
12 KB
Script
General
Full URL
https://live.primis.tech/live/liveView.php?schain=1.0,1!network-n.com,pa_f06496e7,1&cbuster=1643279761715&subId=[SUBID_ENCODED]&pubUrl=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&s=109741
Requested by
Host: kumo.network-n.com
URL: https://kumo.network-n.com/dist/1.8.1/primis.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.244.48.95 New York, United States, ASN36007 (KAMATERA, US),
Reverse DNS
Software
nginx /
Resource Hash
a329c1bb704210e5dc1302fd35bba22d775d13577787d834360d4801da442080

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:02 GMT
content-encoding
gzip
server
nginx
age
0
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin
*
cache-control
no-store
content-type
text/javascript; charset=utf-8
bid
c.amazon-adsystem.com/e/dtb/
23 B
487 B
XHR
General
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&pid=0hTlktlfyfzH0&cb=0&ws=1600x1200&v=7.72.0&t=1000&slots=%5B%7B%22sd%22%3A%22nn_lb2%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%226928793%2Fdl-file-61deae48ca228%2Fdl-file-LB2-61deb04e3ea83%22%7D%2C%7B%22sd%22%3A%22nn_lb1%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x250%22%2C%22970x90%22%5D%2C%22sn%22%3A%226928793%2Fdl-file-61deae48ca228%2Fdl-file-LB1-61deb048709e3%22%7D%2C%7B%22sd%22%3A%22nn_lb3%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x250%22%2C%22970x90%22%5D%2C%22sn%22%3A%226928793%2Fdl-file-61deae48ca228%2Fdl-file-LB3-61deb05c0f307%22%7D%5D&schain=1.0%2C1!network-n.com%2Cpa_f06496e7%2C1%2C%2C%2C&pubid=26c60b4f-549a-4efd-8ae0-f00e07c46204&gdpre=0&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.192.160.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-192-160-42.ewr53.r.cloudfront.net
Software
Server /
Resource Hash
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:02 GMT
via
1.1 48242c037992a87d34be1f3c114efc0a.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
EWR53-C3
x-amz-rid
N51BN1SRDDGVRH0SSA60
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://dl-file.com
access-control-allow-credentials
true
permissions-policy
interest-cohort=()
strict-transport-security
max-age=47474747; includeSubDomains; preload
timing-allow-origin
*
content-length
23
x-amz-cf-id
WA202mrRsdZuiFj0vchWKb5l41jxwg4kV0cC3hA8JyS1YhvJeQu14A==
localstore.js
script.4dex.io/
483 B
942 B
Script
General
Full URL
https://script.4dex.io/localstore.js
Requested by
Host: kumo.network-n.com
URL: https://kumo.network-n.com/prebid.php?v=4.42.1&adapters=adagio,onetag,outbrain,pubmatic,triplelift
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:02 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
71076
x-amz-request-id
tx412e9c28221a4f3f86dcd-0061f15fee
x-amz-id-2
tx412e9c28221a4f3f86dcd-0061f15fee
last-modified
Wed, 26 Jan 2022 14:43:29 GMT
server
cloudflare
etag
W/"922cffdd75f7192f75231d92684885aa"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iXr2M0Xqgn23HLPHobhdKT2vRY3FbYhL6N%2BX7CusUMSD7ql4rk9FyPh4gwL%2FAZC8zKmMwNGlyrhruT3ogb4vStu72z3b7fB19TVnBM3BysIrBu43Pki4gs%2FC%2FBeEes5veSYG1Q9Jl%2BF2Fg1O"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=1800
x-amz-version-id
1643208209303360
cf-ray
6d41567389577157-YUL
/
consentmanager.mgr.consensu.org/delivery/info/
43 B
353 B
Image
General
Full URL
https://consentmanager.mgr.consensu.org/delivery/info/?id=9545&did=1&cfdid=1&t=pv.cn.d_reg0&h=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&o=1643279762411&l=EN&lv=9317&d=1&ct=14&e=&e2=&e3=&i=&sv=46&dv=102&
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
87.230.98.74 , Germany, ASN61157 (PLUSSERVER-ASN1, DE),
Reverse DNS
ma5037422.psmanaged.com
Software
/
Resource Hash
5704a2e9f2f7ce43a79f9b407f1aedcfd50223cbe8bd2f71ff8c5c819e469cbc
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:02 GMT
Last-Modified
Thu, 27 Jan 2022 10:36:02 GMT
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate
Content-Length
43
X-XSS-Protection
0
Expires
Thu, 01 Dec 1994 16:00:00 GMT
geoip
api.permutive.com/v2.0/
229 B
451 B
XHR
General
Full URL
https://api.permutive.com/v2.0/geoip?include=geo&include=isp&include=ip_hash&k=77604859-ffe0-4bc9-9ccd-67044cad2410
Requested by
Host: 00917082-71e9-498e-8343-00c3df06b798.edge.permutive.app
URL: https://00917082-71e9-498e-8343-00c3df06b798.edge.permutive.app/00917082-71e9-498e-8343-00c3df06b798-web.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.254.252 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
252.254.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
989d94d8baba214a6dcc1ba6795c35dc9ce9cf94863248b8970cd8e864674347

Request headers

Referer
https://dl-file.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
content-type
text/plain

Response headers

date
Thu, 27 Jan 2022 10:36:02 GMT
content-encoding
gzip
server
Permutive
vary
Origin,Access-Control-Request-Method
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
https://dl-file.com
access-control-expose-headers
*
access-control-allow-credentials
true
access-control-max-age
86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
166
via
1.1 google
data
bcp.crwdcntrl.net/6/
233 B
1 KB
XHR
General
Full URL
https://bcp.crwdcntrl.net/6/data
Requested by
Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/3825/lt.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.20.97.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-20-97-150.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
24ceee16d95794d1757253f7e6451854f15832340267b9397039df550bb0cb50

Request headers

Referer
https://dl-file.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:02 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
https://dl-file.com
cache-control
no-cache
x-server
10.40.42.16
access-control-allow-credentials
true
content-type
application/json;charset=utf-8
content-length
233
expires
0
6fdecd3b-710f-42a2-9850-0f755dcdf48d
https://dl-file.com/
19 KB
0
Other
General
Full URL
blob:https://dl-file.com/6fdecd3b-710f-42a2-9850-0f755dcdf48d
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c2ad9c00c1716188af8903fbb0b6635ec44e6d4b89da7b24e12487b9f8aa87c9

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Length
19525
sid
mug.criteo.com/ Frame 18AB
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=publishertag&domain=dl-file.com&sn=ChromeSyncframe&so=0&topUrl=dl-file.com&cw=1&lsw=1
  • https://mug.criteo.com/sid?cpp=ywxL6XxHR0k0QStBTjgrZFhQVUFUY3NZN1d0MXlUdWhacFp2dkhBOXYrVE9zU2ZxRUtaZnpmUEZHR0VmeEhIWDRPWXBaTU9GZHNiQTZ2ZnB6SWlBLy9wUFFBb0xRMCtZWXBJMUZKdVJzN0RhMFoxN2k4K1BTaWhjTVBrNk...
428 B
632 B
Fetch
General
Full URL
https://mug.criteo.com/sid?cpp=ywxL6XxHR0k0QStBTjgrZFhQVUFUY3NZN1d0MXlUdWhacFp2dkhBOXYrVE9zU2ZxRUtaZnpmUEZHR0VmeEhIWDRPWXBaTU9GZHNiQTZ2ZnB6SWlBLy9wUFFBb0xRMCtZWXBJMUZKdVJzN0RhMFoxN2k4K1BTaWhjTVBrNkdqU3krTEw2Q2YwRStDR0NOakdvTEZDa1UrYVZ3QWttM0RnbnVObi8vK2JjU3pjcVpQRzRyUWx5Q1M2L05jUXpiRTk4V3A2UHV2Z3lFbGhrSXpMTjBwRisydW1kb2lnamI3d2V2TTE2OS8wWXZBWWdHU2NtM0hlTDlwZHNKUW5LRzNFcHEzTnBnUjdqUktsRDlZaDFvVDVHMTM4SStxUT09fA&cppv=2
Protocol
H2
Server
178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
22485626e9e949550c5ac01eef006c927a37ec908872549a50f64f0ad0235e04
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://gum.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:01 GMT
content-encoding
gzip
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://gum.criteo.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
4163
strict-transport-security
max-age=31536000; preload;
expires
0

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:01 GMT
strict-transport-security
max-age=31536000; preload;
content-type
text/html; charset=utf-8
location
https://mug.criteo.com/sid?cpp=ywxL6XxHR0k0QStBTjgrZFhQVUFUY3NZN1d0MXlUdWhacFp2dkhBOXYrVE9zU2ZxRUtaZnpmUEZHR0VmeEhIWDRPWXBaTU9GZHNiQTZ2ZnB6SWlBLy9wUFFBb0xRMCtZWXBJMUZKdVJzN0RhMFoxN2k4K1BTaWhjTVBrNkdqU3krTEw2Q2YwRStDR0NOakdvTEZDa1UrYVZ3QWttM0RnbnVObi8vK2JjU3pjcVpQRzRyUWx5Q1M2L05jUXpiRTk4V3A2UHV2Z3lFbGhrSXpMTjBwRisydW1kb2lnamI3d2V2TTE2OS8wWXZBWWdHU2NtM0hlTDlwZHNKUW5LRzNFcHEzTnBnUjdqUktsRDlZaDFvVDVHMTM4SStxUT09fA&cppv=2
cache-control
no-cache, no-store, must-revalidate
server-processing-duration-in-ticks
1883
content-length
541
expires
0
liveView.php
live.primis.tech/live/ Frame FC14
4 KB
2 KB
Script
General
Full URL
https://live.primis.tech/live/liveView.php?schain=1.0,1!network-n.com,pa_f06496e7,1&cbuster=1643279761715&subId=[SUBID_ENCODED]&pubUrl=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&s=109741&cbuster=1643279762&pubUrlAuto=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=&videoHelperParam=JTdCJTIycHJpbWlzX2N1c3RvbV90YXJnZXQlMjIlM0ElN0IlMjJ1cmwlMjIlM0ElMjIlMkZnNnprcGN6Z2hxZHIlMkZCYW5rc18yMDEyX0NoZXZ5MTMxMjE3LnJhciUyMiU3RCU3RA==
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?schain=1.0,1!network-n.com,pa_f06496e7,1&cbuster=1643279761715&subId=[SUBID_ENCODED]&pubUrl=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&s=109741
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.244.48.95 New York, United States, ASN36007 (KAMATERA, US),
Reverse DNS
Software
nginx /
Resource Hash
9855c7c8a4b51486b7de5061053ccfe055da618500b4f94534d113571956381c

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:02 GMT
content-encoding
gzip
server
nginx
age
0
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin
*
cache-control
no-store
content-type
text/javascript; charset=utf-8
lt.iframe.html
tags.crwdcntrl.net/lt/shared/2/ Frame 3549
2 KB
1 KB
Document
General
Full URL
https://tags.crwdcntrl.net/lt/shared/2/lt.iframe.html?c=3825
Requested by
Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/3825/lt.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.230.162.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-230-162-121.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
63cf7a38baaaaebc012cfc355797544949b60c040b5da57560f26d88502d1372

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/

Response headers

content-type
text/html
date
Wed, 26 Jan 2022 12:59:45 GMT
last-modified
Mon, 01 Feb 2021 20:35:17 GMT
etag
W/"6fcf4f5197ab24c92d090f6ac8d87e01"
x-amz-server-side-encryption
AES256
cache-control
max-age: 86400
server
AmazonS3
content-encoding
gzip
vary
Accept-Encoding
x-cache
Hit from cloudfront
via
1.1 3f6eb9ff07d4d2f572d4e8e6fb935a36.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-C3
x-amz-cf-id
tDoacBupevLJPbpJSDAotslq6-RBZRb5QFhFHpmOyCcYF5XNpV4a9Q==
age
77778
adagio.js
script.4dex.io/
71 KB
23 KB
Fetch
General
Full URL
https://script.4dex.io/adagio.js
Requested by
Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7447c1664f6a06328cd895a4914acad40ad47827ebe00becbd570138ff7e785c

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:02 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
71063
access-control-max-age
3000
access-control-allow-methods
GET
x-amz-request-id
tx9877a171c8c94ecb8ec44-0061f15ff4
x-amz-id-2
tx9877a171c8c94ecb8ec44-0061f15ff4
last-modified
Wed, 26 Jan 2022 14:43:28 GMT
server
cloudflare
etag
W/"88567a823cfd2840dd0a3198b929d466"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dFTK6EoBbx%2FedLBj2qqD8FbnnC9tCZC%2B1eHB1NT5raHfr60cVe9mS3tzlQXNHyC5UGj2kOkMwpQdXuTsPIZ%2BERCMn7e7Zy%2FFTvMvQPgKWDfpjk5kbPdY%2Fp%2BDDUHARXtdf%2F9irfglEDQ8%2B4c5"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=1800
access-control-allow-credentials
true
x-amz-version-id
1643208208262354
cf-ray
6d41567419da7142-YUL
access-control-allow-headers
Authorization
hls.0.12.4_2.min.js
live.primis.tech/content/video/hls/ Frame FC14
256 KB
86 KB
Script
General
Full URL
https://live.primis.tech/content/video/hls/hls.0.12.4_2.min.js
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?schain=1.0,1!network-n.com,pa_f06496e7,1&cbuster=1643279761715&subId=[SUBID_ENCODED]&pubUrl=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&s=109741&cbuster=1643279762&pubUrlAuto=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=&videoHelperParam=JTdCJTIycHJpbWlzX2N1c3RvbV90YXJnZXQlMjIlM0ElN0IlMjJ1cmwlMjIlM0ElMjIlMkZnNnprcGN6Z2hxZHIlMkZCYW5rc18yMDEyX0NoZXZ5MTMxMjE3LnJhciUyMiU3RCU3RA==
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.244.48.95 New York, United States, ASN36007 (KAMATERA, US),
Reverse DNS
Software
nginx /
Resource Hash
13ab06913444b6e3b4139e5487813073f11e082878ae8a5bf5213fdc6f95f5e0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:02 GMT
content-encoding
gzip
last-modified
Thu, 13 Aug 2020 08:36:10 GMT
server
nginx
etag
W/"5f34fb7a-3ff27"
content-type
application/javascript
cache-control
max-age=31536000, public
expires
Fri, 27 Jan 2023 10:36:02 GMT
prebidVid.5.18.0_8.min.js
live.primis.tech/content/prebid/ Frame FC14
478 KB
173 KB
Script
General
Full URL
https://live.primis.tech/content/prebid/prebidVid.5.18.0_8.min.js
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?schain=1.0,1!network-n.com,pa_f06496e7,1&cbuster=1643279761715&subId=[SUBID_ENCODED]&pubUrl=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&s=109741&cbuster=1643279762&pubUrlAuto=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=&videoHelperParam=JTdCJTIycHJpbWlzX2N1c3RvbV90YXJnZXQlMjIlM0ElN0IlMjJ1cmwlMjIlM0ElMjIlMkZnNnprcGN6Z2hxZHIlMkZCYW5rc18yMDEyX0NoZXZ5MTMxMjE3LnJhciUyMiU3RCU3RA==
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.244.48.95 New York, United States, ASN36007 (KAMATERA, US),
Reverse DNS
Software
nginx /
Resource Hash
5fb143acb6c2530794155476810cebbd511a5b51399ae7ed92f77e6bf7d2cf55

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:02 GMT
content-encoding
gzip
last-modified
Thu, 20 Jan 2022 13:46:36 GMT
server
nginx
etag
W/"61e967bc-777e2"
content-type
application/javascript
cache-control
max-age=31536000, public
expires
Fri, 27 Jan 2023 10:36:02 GMT
liveVideo.php
live.primis.tech/live/ Frame FC14
635 KB
178 KB
Script
General
Full URL
https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032322D30312D32375F31327D7B7331373037383430307D7B4333317D7B535A4777745A6D6C735A53356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583634307D7B593434307D7B66317D7B4C31323636337DFEFE&userIpAddr=149.56.153.184&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F97.0.4692.71+Safari%2F537.36&debugInformation=&kv_enc_1=url%3D%252Fg6zkpczghqdr%252FBanks_2012_Chevy131217.rar&isWePassGdpr=1&schain=1.0%2C1%21network-n.com%2Cpa_f06496e7%2C1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&isSinglePageFloatSupport=0&csuuid=61f275927240c&debugInfo=17078400_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17078400&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2cafjgvulrox&secondaryContent=&x=640&y=440&pubUrl=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=0&flow_bottomOffset=90&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=0&gdprConsent=&contentFeedId=&geoLati=45.4995&geoLong=-73.5848&vpTemplate=12663&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=dl-file.com
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?schain=1.0,1!network-n.com,pa_f06496e7,1&cbuster=1643279761715&subId=[SUBID_ENCODED]&pubUrl=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&s=109741&cbuster=1643279762&pubUrlAuto=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=&videoHelperParam=JTdCJTIycHJpbWlzX2N1c3RvbV90YXJnZXQlMjIlM0ElN0IlMjJ1cmwlMjIlM0ElMjIlMkZnNnprcGN6Z2hxZHIlMkZCYW5rc18yMDEyX0NoZXZ5MTMxMjE3LnJhciUyMiU3RCU3RA==
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.244.48.95 New York, United States, ASN36007 (KAMATERA, US),
Reverse DNS
Software
nginx /
Resource Hash
db983074200d71339a25c4550b0a146f38dde476ed1c67addc08e461952d6ae0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:02 GMT
content-encoding
gzip
server
nginx
content-type
text/html; charset=UTF-8
identify
api.permutive.com/v2.0/
50 B
91 B
XHR
General
Full URL
https://api.permutive.com/v2.0/identify?k=77604859-ffe0-4bc9-9ccd-67044cad2410
Requested by
Host: 00917082-71e9-498e-8343-00c3df06b798.edge.permutive.app
URL: https://00917082-71e9-498e-8343-00c3df06b798.edge.permutive.app/00917082-71e9-498e-8343-00c3df06b798-web.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.254.252 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
252.254.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
2f20d7bb7ae7ea856b18e405ae48bd85335e673710f5072b316a18c7c4ecc08c

Request headers

Referer
https://dl-file.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
content-type
text/plain

Response headers

date
Thu, 27 Jan 2022 10:36:02 GMT
content-encoding
gzip
server
Permutive
vary
Origin,Access-Control-Request-Method
access-control-allow-methods
POST
content-type
application/json
access-control-allow-origin
https://dl-file.com
access-control-expose-headers
*
access-control-allow-credentials
true
access-control-max-age
86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
70
via
1.1 google
pixels
bcp.crwdcntrl.net/ Frame 1DEC
4 KB
4 KB
Document
General
Full URL
https://bcp.crwdcntrl.net/pixels?s=150%2C116%2C115%2C106%2C104%2C97%2C94%2C92%2C81%2C80%2C78%2C65%2C61%2C50%2C38%2C33%2C31%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Requested by
Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/shared/2/lt.iframe.html?c=3825
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.20.97.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-20-97-150.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2093fcda80c5a060493b2458948666ada367e5e88a4b583db2b574d3c921e2eb

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://tags.crwdcntrl.net/

Response headers

date
Thu, 27 Jan 2022 10:36:02 GMT
content-type
text/html
content-length
3827
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
cache-control
no-cache
pragma
no-cache
expires
0
x-server
10.40.34.124
server
Jetty(9.4.38.v20210224)
ProfilesEngineServlet
api.intentiq.com/profiles_engine/ Frame 6630
0
0
Document
General
Full URL
https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=15&eid=19&aw=468&ah=60&pagePos=1&vip=true&secure=1&sub_eid=15052&maxed=1&rnd=82651
Requested by
Host: data-beacons.s-onetag.com
URL: https://data-beacons.s-onetag.com/dataBeacons.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.31.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-31-74.ewr53.r.cloudfront.net
Software
Apache-Coyote/1.1 /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/

Response headers

date
Thu, 27 Jan 2022 10:36:02 GMT
server
Apache-Coyote/1.1
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
x-cache
Miss from cloudfront
via
1.1 b7d10369ae737ec35cf8d7faced56ef0.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-C2
x-amz-cf-id
iTgwdRXmnDhH1vJriwqLblQ_unA_3NHuZoFaFldIOsJWrTi7Yzg8lg==
merge
ce.lijit.com/
Redirect Chain
  • https://um.simpli.fi/lj_match?r=28402
  • https://ce.lijit.com/merge?pid=2&3pid=40B9F463736C486D959A5DD2CDD1535E
43 B
670 B
Image
General
Full URL
https://ce.lijit.com/merge?pid=2&3pid=40B9F463736C486D959A5DD2CDD1535E
Protocol
HTTP/1.1
Server
216.52.2.48 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:03 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap5ams1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

date
Thu, 27 Jan 2022 10:36:02 GMT
x-content-type-options
nosniff
server
nginx
location
https://ce.lijit.com/merge?pid=2&3pid=40B9F463736C486D959A5DD2CDD1535E
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
138
expires
Wed, 26 Jan 2022 10:36:02 GMT
sync
x.bidswitch.net/ul_cb/
Redirect Chain
  • https://i.liadm.com/s/57333?bidder_id=204553&bidder_uuid=ea8da53a8382297d947cc829
  • https://i.liadm.com/s/57333?bidder_id=204553&bidder_uuid=ea8da53a8382297d947cc829&_li_chk=true&previous_uuid=aeb5c7c0356348249fc0349dc43ed430
  • https://x.bidswitch.net/sync?dsp_id=42&user_id=
  • https://x.bidswitch.net/ul_cb/sync?dsp_id=42&user_id=
43 B
510 B
Image
General
Full URL
https://x.bidswitch.net/ul_cb/sync?dsp_id=42&user_id=
Protocol
HTTP/1.1
Server
35.211.178.172 North Charleston, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS
172.178.211.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 10:36:03 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif

Redirect headers

Location
https://x.bidswitch.net/ul_cb/sync?dsp_id=42&user_id=
Date
Thu, 27 Jan 2022 10:36:02 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
/
wt.rqtrk.eu/ Frame 1DEC
43 B
351 B
Image
General
Full URL
https://wt.rqtrk.eu/?pid=e34a6063-e846-4ccb-98d8-0eba4dd66b75&src=www&type=100&sid=0&cb=457525166&gdpr=0&gdpr_consent=&gdpr_pd=0&uid=f298cfe6fb5a3a352a645b17c8f4641
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=150%2C116%2C115%2C106%2C104%2C97%2C94%2C92%2C81%2C80%2C78%2C65%2C61%2C50%2C38%2C33%2C31%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.235.11.24 , Canada, ASN16276 (OVH, FR),
Reverse DNS
haproxy-ca-002.roqad.pl
Software
istio-envoy /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:02 GMT
server
istio-envoy
p3p
CP="NOI DSP COR DEVa PSAa PSDa OUR BUS UNI COM NAV STA"
cache-control
no-cache,private
x-envoy-upstream-service-time
1
content-type
image/gif
content-length
43
expires
Thu, 27 Jan 2022 10:36:01 GMT
tpid=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9
bcp.crwdcntrl.net/map/c=10620/tp=TRAD/ Frame 1DEC
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=lotame&ttd_tpi=1&gdpr=0
  • https://bcp.crwdcntrl.net/map/c=10620/tp=TRAD/tpid=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9
49 B
265 B
Image
General
Full URL
https://bcp.crwdcntrl.net/map/c=10620/tp=TRAD/tpid=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=150%2C116%2C115%2C106%2C104%2C97%2C94%2C92%2C81%2C80%2C78%2C65%2C61%2C50%2C38%2C33%2C31%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Protocol
H2
Server
52.20.97.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-20-97-150.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:02 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.40.47.186
content-type
image/gif
content-length
49
expires
0

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:02 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://bcp.crwdcntrl.net/map/c=10620/tp=TRAD/tpid=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
205
ltm
audex.userreport.com/sync/put/ Frame 1DEC
43 B
433 B
Image
General
Full URL
https://audex.userreport.com/sync/put/ltm?ltmid=f298cfe6fb5a3a352a645b17c8f4641
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=150%2C116%2C115%2C106%2C104%2C97%2C94%2C92%2C81%2C80%2C78%2C65%2C61%2C50%2C38%2C33%2C31%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.226.31.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-31-11.ewr53.r.cloudfront.net
Software
nginx/1.18.0 /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 10:36:02 GMT
Via
1.1 343d70dd2c23b73057116d47a342c588.cloudfront.net (CloudFront)
Last-Modified
Mon, 28 Sep 1970 06:00:00 GMT
Server
nginx/1.18.0
X-Amz-Cf-Pop
EWR53-C2
X-Cache
Miss from cloudfront
Content-Type
image/gif
Connection
keep-alive
Content-Length
43
X-Amz-Cf-Id
AmJP9XARrDJNcRQSKp73jQrbewilzhljr233SjE6t9PVIE7HDIOVbA==
tpid=d807e161-1268-48ea-b4cc-24025f67c8db
sync.crwdcntrl.net/map/c=10158/tp=TPAD/ Frame 1DEC
Redirect Chain
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=LOTAME&partner_device_id=f298cfe6fb5a3a352a645b17c8f4641&gdpr=0&partner_url=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D10158%2Ftp%3DTPAD%2Ftpi...
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Freceive%3Fpartner_id%3DAPPNEXUS%26partner_device_id%3D%24UID%26pt%3Dd807e161-1268-48ea-b4cc-24025f67c8db%252Chttps%253A...
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=APPNEXUS&partner_device_id=8076697769768775013&pt=d807e161-1268-48ea-b4cc-24025f67c8db%2Chttps%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D10158%2Ftp...
  • https://sync.crwdcntrl.net/map/c=10158/tp=TPAD/tpid=d807e161-1268-48ea-b4cc-24025f67c8db
49 B
264 B
Image
General
Full URL
https://sync.crwdcntrl.net/map/c=10158/tp=TPAD/tpid=d807e161-1268-48ea-b4cc-24025f67c8db
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=150%2C116%2C115%2C106%2C104%2C97%2C94%2C92%2C81%2C80%2C78%2C65%2C61%2C50%2C38%2C33%2C31%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Protocol
H2
Server
52.20.97.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-20-97-150.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:02 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.40.4.211
content-type
image/gif
content-length
49
expires
0

Redirect headers

location
https://sync.crwdcntrl.net/map/c=10158/tp=TPAD/tpid=d807e161-1268-48ea-b4cc-24025f67c8db
date
Thu, 27 Jan 2022 10:36:02 GMT
via
1.1 google
alt-svc
clear
content-length
0
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
tpid=4d0691e82daf92e47b5f5eca908a6495
sync.crwdcntrl.net/map/c=10832/tp=TRUP/ Frame 1DEC
Redirect Chain
  • https://dmp.truoptik.com/f2d2e39fc16bc9cc/sync.gif?cbp=tpid&cbk=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D10832%2Ftp%3DTRUP
  • https://sync.crwdcntrl.net/map/c=10832/tp=TRUP/tpid=4d0691e82daf92e47b5f5eca908a6495
49 B
265 B
Image
General
Full URL
https://sync.crwdcntrl.net/map/c=10832/tp=TRUP/tpid=4d0691e82daf92e47b5f5eca908a6495
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=150%2C116%2C115%2C106%2C104%2C97%2C94%2C92%2C81%2C80%2C78%2C65%2C61%2C50%2C38%2C33%2C31%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Protocol
H2
Server
52.20.97.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-20-97-150.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:02 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.40.46.180
content-type
image/gif
content-length
49
expires
0

Redirect headers

date
Thu, 27 Jan 2022 10:36:02 GMT
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
access-control-allow-origin
*
user-agent
Tru Optik DMP 1.3.1
content-length
142
x-xss-protection
1; mode=block
pragma
no-cache
to-dmp-sync
s7-dmp-ny2-eqx.truoptik.com
server
cloudflare
x-frame-options
SAMEORIGIN
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15552000; includeSubDomains
content-type
text/html
location
https://sync.crwdcntrl.net/map/c=10832/tp=TRUP/tpid=4d0691e82daf92e47b5f5eca908a6495
cache-control
no-store
cf-ray
6d415674fd495407-YYZ
expires
0
tpid=0c0728a9-d8ef-4ebe-8748-08595262fc4b
sync.crwdcntrl.net/map/c=10492/tp=AVCT/ Frame 1DEC
Redirect Chain
  • https://ads.avocet.io/getuid?url=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D10492%2Ftp%3DAVCT%2Ftpid%3D%7B%7BUUID%7D%7D
  • https://ads.avct.cloud/getuid?r=1&url=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D10492%2Ftp%3DAVCT%2Ftpid%3D%7B%7BUUID%7D%7D
  • https://ads.avct.cloud/getuid?bounce=true&r=1&url=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D10492%2Ftp%3DAVCT%2Ftpid%3D%7B%7BUUID%7D%7D
  • https://sync.crwdcntrl.net/map/c=10492/tp=AVCT/tpid=0c0728a9-d8ef-4ebe-8748-08595262fc4b
49 B
268 B
Image
General
Full URL
https://sync.crwdcntrl.net/map/c=10492/tp=AVCT/tpid=0c0728a9-d8ef-4ebe-8748-08595262fc4b
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=150%2C116%2C115%2C106%2C104%2C97%2C94%2C92%2C81%2C80%2C78%2C65%2C61%2C50%2C38%2C33%2C31%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Protocol
H2
Server
52.20.97.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-20-97-150.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:03 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.40.2.113
content-type
image/gif
content-length
49
expires
0

Redirect headers

location
https://sync.crwdcntrl.net/map/c=10492/tp=AVCT/tpid=0c0728a9-d8ef-4ebe-8748-08595262fc4b
date
Thu, 27 Jan 2022 10:36:02 GMT
p3p
policyref="http://cdn.avocet.io/w3c/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-length
111
content-type
text/html; charset=utf-8
tpid=74739629937459372872527991058192254433
sync.crwdcntrl.net/map/c=9828/tp=ADBE/ Frame 1DEC
Redirect Chain
  • https://dpm.demdex.net/ibs:dpid=121998&dpuuid=f298cfe6fb5a3a352a645b17c8f4641&redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D9828%2Ftp%3DADBE%2Ftpid%3D%24%7BDD_UUID%7D
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=121998&dpuuid=f298cfe6fb5a3a352a645b17c8f4641&redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D9828%2Ftp%3DADBE%2Ftpid%3D%24%7BDD_UUID%7D
  • https://sync.crwdcntrl.net/map/c=9828/tp=ADBE/tpid=74739629937459372872527991058192254433
49 B
263 B
Image
General
Full URL
https://sync.crwdcntrl.net/map/c=9828/tp=ADBE/tpid=74739629937459372872527991058192254433
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=150%2C116%2C115%2C106%2C104%2C97%2C94%2C92%2C81%2C80%2C78%2C65%2C61%2C50%2C38%2C33%2C31%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Protocol
H2
Server
52.20.97.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-20-97-150.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:03 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.40.4.26
content-type
image/gif
content-length
49
expires
0

Redirect headers

DCS
dcs-prod-usw2-1-v024-0d9735100.edge-usw2.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
7HJ/Uy8ETLI=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
https://sync.crwdcntrl.net/map/c=9828/tp=ADBE/tpid=74739629937459372872527991058192254433
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 UTC
identity
c.cintnetworks.com/ Frame 1DEC
0
565 B
Image
General
Full URL
https://c.cintnetworks.com/identity?a=5461&id=Lotame:f298cfe6fb5a3a352a645b17c8f4641
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=150%2C116%2C115%2C106%2C104%2C97%2C94%2C92%2C81%2C80%2C78%2C65%2C61%2C50%2C38%2C33%2C31%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.71.11.141 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 10:36:02 GMT
Vary
Origin
P3P
CP="This is not a P3P policy! See https://cint.com/cookie-usage/ for more info."
Arr-Disable-Session-Affinity
true
Cache-Control
max-age=60, private, must-revalidate
Access-Control-Allow-Credentials
true
Keep-Alive
timeout=5
Content-Length
0
lotame
sync.sharethis.com/ Frame 1DEC
42 B
297 B
Image
General
Full URL
https://sync.sharethis.com/lotame?uid=f298cfe6fb5a3a352a645b17c8f4641&gdpr=0
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=150%2C116%2C115%2C106%2C104%2C97%2C94%2C92%2C81%2C80%2C78%2C65%2C61%2C50%2C38%2C33%2C31%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.129.242.122 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-129-242-122.us-east-2.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains;

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Strict-Transport-Security
max-age=63072000; includeSubDomains;
Connection
keep-alive
X-Robots-Tag
noindex, nofollow
Date
Thu, 27 Jan 2022 10:36:02 GMT
Content-Length
42
Stid
ZGoABWHydZEAAAAIMeZBAw==
Content-Type
image/gif
usermatch.gif
beacon.krxd.net/ Frame 1DEC
0
337 B
Image
General
Full URL
https://beacon.krxd.net/usermatch.gif?partner=lotame&partner_uid=f298cfe6fb5a3a352a645b17c8f4641
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=150%2C116%2C115%2C106%2C104%2C97%2C94%2C92%2C81%2C80%2C78%2C65%2C61%2C50%2C38%2C33%2C31%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.211.161.228 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-211-161-228.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:02 GMT
cache-control
private, no-cache, no-store
x-request-time
D=40 t=1643279762
x-served-by
beacon-n033-ash-prod.krxd.net
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
image.sbxx
ib.mookie1.com/ Frame 1DEC
Redirect Chain
  • https://global.ib-ibi.com/image.sbxx?go=262106&pid=420&xid=f298cfe6fb5a3a352a645b17c8f4641
  • https://ib.mookie1.com/image.sbxx?go=262106&pid=420&xid=f298cfe6fb5a3a352a645b17c8f4641
120 B
992 B
Image
General
Full URL
https://ib.mookie1.com/image.sbxx?go=262106&pid=420&xid=f298cfe6fb5a3a352a645b17c8f4641
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=150%2C116%2C115%2C106%2C104%2C97%2C94%2C92%2C81%2C80%2C78%2C65%2C61%2C50%2C38%2C33%2C31%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Protocol
HTTP/1.1
Server
64.58.232.177 , United States, ASN13649 (ASN-VINS, US),
Reverse DNS
be31-199.crrt01.las04.flexential.net
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
42b601bc0d93dfca6e350b46d113bf8e7ff9e40a87a0c57ab9b3c9c219062423

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:02 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
p3p
CP=\"DSP COR ADM DEV PSA PSD OUR\", CP="DSP COR ADM DEV PSA PSD OUR"
Access-Control-Allow-Origin
*
Cache-Control
no-cache
X-Server
LAS08
Content-Type
image/png
Content-Length
120
Expires
-1

Redirect headers

Date
Thu, 27 Jan 2022 10:36:02 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Location
https://ib.mookie1.com:443/image.sbxx?go=262106&pid=420&xid=f298cfe6fb5a3a352a645b17c8f4641
p3p
CP="DSP COR ADM DEV PSA PSD OUR"
Access-Control-Allow-Origin
*
Cache-Control
private
X-Server
LAS11
Content-Type
text/html; charset=utf-8
Content-Length
216
tpid=164090404044007714999
bcp.crwdcntrl.net/5/c=368/tp=NEUS/ Frame 1DEC
Redirect Chain
  • https://aa.agkn.com/adscores/g.pixel?sid=9202276048
  • https://bcp.crwdcntrl.net/5/c=368/tp=NEUS/tpid=164090404044007714999
49 B
799 B
Image
General
Full URL
https://bcp.crwdcntrl.net/5/c=368/tp=NEUS/tpid=164090404044007714999
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=150%2C116%2C115%2C106%2C104%2C97%2C94%2C92%2C81%2C80%2C78%2C65%2C61%2C50%2C38%2C33%2C31%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Protocol
H2
Server
52.20.97.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-20-97-150.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:03 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.40.13.223
content-type
image/gif
content-length
49
expires
0

Redirect headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:02 GMT
Server
AAWebServer
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET, POST, OPTIONS
P3P
policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
Location
https://bcp.crwdcntrl.net/5/c=368/tp=NEUS/tpid=164090404044007714999
Cache-Control
no-cache, no-store, must-revalidate
Connection
close
Access-Control-Allow-Headers
accept, cache-control, origin, x-requested-with, x-file-name, content-type
Expires
0
utsync.ashx
ml314.com/ Frame 1DEC
43 B
517 B
Image
General
Full URL
https://ml314.com/utsync.ashx?eid=50146&et=0&fp=f298cfe6fb5a3a352a645b17c8f4641&gdpr=0
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=150%2C116%2C115%2C106%2C104%2C97%2C94%2C92%2C81%2C80%2C78%2C65%2C61%2C50%2C38%2C33%2C31%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.233.103.61 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-103-61.compute-1.amazonaws.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:02 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
p3P
CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
Cache-Control
private
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
0,Fri, 28 Jan 2022 05:36:02 GMT
tpid=a53dad5f-a643-470a-abef-c3c91d7cc37f
bcp.crwdcntrl.net/map/c=6584/tp=VIDO/ Frame 1DEC
Redirect Chain
  • https://sync.tidaltv.com/GenericUserSync.ashx?dpid=1695
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=1695&s_h=1
  • https://bcp.crwdcntrl.net/map/c=6584/tp=VIDO/tpid=a53dad5f-a643-470a-abef-c3c91d7cc37f
49 B
265 B
Image
General
Full URL
https://bcp.crwdcntrl.net/map/c=6584/tp=VIDO/tpid=a53dad5f-a643-470a-abef-c3c91d7cc37f
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=150%2C116%2C115%2C106%2C104%2C97%2C94%2C92%2C81%2C80%2C78%2C65%2C61%2C50%2C38%2C33%2C31%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Protocol
H2
Server
52.20.97.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-20-97-150.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:03 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.40.10.105
content-type
image/gif
content-length
49
expires
0

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:03 GMT
server
Apache-Coyote/1.1
location
https://bcp.crwdcntrl.net/map/c=6584/tp=VIDO/tpid=a53dad5f-a643-470a-abef-c3c91d7cc37f
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
0
x-xss-protection
1; mode=block
expires
0
qmap
sync.crwdcntrl.net/ Frame 1DEC
Redirect Chain
  • https://sync.mathtag.com/sync/img?sync=auto&mt_exid=10040&redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fqmap%3Fc%3D4735%26tp%3DMDMA%26tpid%3D%5BMM_UUID%5D
  • https://sync.crwdcntrl.net/qmap?c=4735&tp=MDMA&tpid=ae5661f2-7593-4600-a67e-b76a480711f0
49 B
265 B
Image
General
Full URL
https://sync.crwdcntrl.net/qmap?c=4735&tp=MDMA&tpid=ae5661f2-7593-4600-a67e-b76a480711f0
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=150%2C116%2C115%2C106%2C104%2C97%2C94%2C92%2C81%2C80%2C78%2C65%2C61%2C50%2C38%2C33%2C31%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Protocol
H2
Server
52.20.97.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-20-97-150.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:02 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.40.41.139
content-type
image/gif
content-length
49
expires
0

Redirect headers

Date
Thu, 27 Jan 2022 10:36:02 GMT
Server
MT3 4133 baa842e master iad-pixel-x15 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://sync.crwdcntrl.net/qmap?c=4735&tp=MDMA&tpid=ae5661f2-7593-4600-a67e-b76a480711f0
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Thu, 27 Jan 2022 10:36:01 GMT
tpid=97d4a6eb-c5a0-45bf-9f14-bc4cb64b87ff-61f27592-4341
sync.crwdcntrl.net/map/c=1389/tp=STSC/ Frame 1DEC
Redirect Chain
  • https://pixel-sync.sitescout.com/connectors/lotame/usersync?redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D1389%2Ftp%3DSTSC%2Ftpid%3D%24UUID
  • https://pixel-sync.sitescout.com/connectors/lotame/usersync?cookieQ=1&redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D1389%2Ftp%3DSTSC%2Ftpid%3D%24UUID
  • https://sync.crwdcntrl.net/map/c=1389/tp=STSC/tpid=97d4a6eb-c5a0-45bf-9f14-bc4cb64b87ff-61f27592-4341
49 B
264 B
Image
General
Full URL
https://sync.crwdcntrl.net/map/c=1389/tp=STSC/tpid=97d4a6eb-c5a0-45bf-9f14-bc4cb64b87ff-61f27592-4341
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=150%2C116%2C115%2C106%2C104%2C97%2C94%2C92%2C81%2C80%2C78%2C65%2C61%2C50%2C38%2C33%2C31%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Protocol
H2
Server
52.20.97.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-20-97-150.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:02 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.40.14.47
content-type
image/gif
content-length
49
expires
0

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:02 GMT
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location
https://sync.crwdcntrl.net/map/c=1389/tp=STSC/tpid=97d4a6eb-c5a0-45bf-9f14-bc4cb64b87ff-61f27592-4341
cache-control
max-age=0,no-cache,no-store
content-length
0
expires
Tue, 11 Oct 1977 12:34:56 GMT
token
token.rubiconproject.com/ Frame 1DEC
0
675 B
Image
General
Full URL
https://token.rubiconproject.com/token?pid=7&puid=f298cfe6fb5a3a352a645b17c8f4641&gdpr=0
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=150%2C116%2C115%2C106%2C104%2C97%2C94%2C92%2C81%2C80%2C78%2C65%2C61%2C50%2C38%2C33%2C31%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
8.43.72.98 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
X-RPHost
bd0f62a3fbacfef6a33ae6abaf6daf37
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
tpid=YfJ1kgABr3rv_ABH&_test=YfJ1kgABr3rv_ABH
sync.crwdcntrl.net/map/c=1811/tp=TBMG/ Frame 1DEC
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/bsTd8NdE?redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D1811%2Ftp%3DTBMG%2Ftpid%3D%24%7BTM_USER_ID%7D
  • https://sync-tm.everesttech.net/ct/upi/pid/bsTd8NdE?redir=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D1811%2Ftp%3DTBMG%2Ftpid%3D%24%7BTM_USER_ID%7D&_test=YfJ1kgABr3rv_ABH
  • https://sync.crwdcntrl.net/map/c=1811/tp=TBMG/tpid=YfJ1kgABr3rv_ABH&_test=YfJ1kgABr3rv_ABH
49 B
265 B
Image
General
Full URL
https://sync.crwdcntrl.net/map/c=1811/tp=TBMG/tpid=YfJ1kgABr3rv_ABH&_test=YfJ1kgABr3rv_ABH
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=150%2C116%2C115%2C106%2C104%2C97%2C94%2C92%2C81%2C80%2C78%2C65%2C61%2C50%2C38%2C33%2C31%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Protocol
H2
Server
52.20.97.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-20-97-150.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:03 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.40.11.196
content-type
image/gif
content-length
49
expires
0

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:03 GMT
via
1.1 varnish
server
Varnish
x-timer
S1643279763.016736,VS0,VE0
x-served-by
cache-yul12827-YUL
x-cache
HIT
location
https://sync.crwdcntrl.net/map/c=1811/tp=TBMG/tpid=YfJ1kgABr3rv_ABH&_test=YfJ1kgABr3rv_ABH
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
pixel
cm.g.doubleclick.net/ Frame 1DEC
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=lotame_dmp&google_hm=${base64_profileid}
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=150%2C116%2C115%2C106%2C104%2C97%2C94%2C92%2C81%2C80%2C78%2C65%2C61%2C50%2C38%2C33%2C31%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.32.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:02 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
5907
tags.bluekai.com/site/ Frame 1DEC
62 B
615 B
Image
General
Full URL
https://tags.bluekai.com/site/5907?limit=0&id=d837a96051a98a91392ef13e5d360436
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=150%2C116%2C115%2C106%2C104%2C97%2C94%2C92%2C81%2C80%2C78%2C65%2C61%2C50%2C38%2C33%2C31%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
184.85.195.135 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-85-195-135.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 10:36:02 GMT
Connection
keep-alive
P3P
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Content-Length
62
Content-Type
image/gif
g.json
aa.agkn.com/adscores/ Frame 1DEC
103 B
748 B
Script
General
Full URL
https://aa.agkn.com/adscores/g.json?sid=9202507693
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=150%2C116%2C115%2C106%2C104%2C97%2C94%2C92%2C81%2C80%2C78%2C65%2C61%2C50%2C38%2C33%2C31%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
156.154.202.36 , United States, ASN19907 (NEUSTAR-AS6, US),
Reverse DNS
Software
AAWebServer /
Resource Hash
e1ce17fd79478fbb0830c687ff4046c86993acb5fd14fc35b4fd29bed00ce94a

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:02 GMT
Server
AAWebServer
Access-Control-Allow-Methods
GET, POST, OPTIONS
P3P
policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
close
Content-Type
application/json
Access-Control-Allow-Headers
accept, cache-control, origin, x-requested-with, x-file-name, content-type
Content-Length
103
Expires
0
tpid=4331370182010635377
sync.crwdcntrl.net/map/c=10915/tp=TRNN/ Frame 1DEC
Redirect Chain
  • https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMzQ4ODM4MC90LzI/dpuid/f298cfe6fb5a3a352a645b17c8f4641/url/https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=$!%7BTURN_UUID%7D
  • https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=4331370182010635377
49 B
264 B
Image
General
Full URL
https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=4331370182010635377
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=150%2C116%2C115%2C106%2C104%2C97%2C94%2C92%2C81%2C80%2C78%2C65%2C61%2C50%2C38%2C33%2C31%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Protocol
H2
Server
52.20.97.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-20-97-150.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:03 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.40.47.47
content-type
image/gif
content-length
49
expires
0

Redirect headers

location
https://sync.crwdcntrl.net/map/c=10915/tp=TRNN/tpid=4331370182010635377
pragma
no-cache
date
Thu, 27 Jan 2022 10:36:02 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
tp=ANXS
sync.crwdcntrl.net/map/c=281/rand=458408060/tpid=8076697769768775013/ Frame 1DEC
Redirect Chain
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc=281%2Frand=458408060%2Ftpid%3D%24UID%2Ftp%3DANXS
  • https://sync.crwdcntrl.net/map/c=281/rand=458408060/tpid=8076697769768775013/tp=ANXS
49 B
265 B
Image
General
Full URL
https://sync.crwdcntrl.net/map/c=281/rand=458408060/tpid=8076697769768775013/tp=ANXS
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/pixels?s=150%2C116%2C115%2C106%2C104%2C97%2C94%2C92%2C81%2C80%2C78%2C65%2C61%2C50%2C38%2C33%2C31%2C26%2C22%2C12%2C8%2C3%2C2&c=3825
Protocol
H2
Server
52.20.97.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-20-97-150.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:03 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.40.36.191
content-type
image/gif
content-length
49
expires
0

Redirect headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:02 GMT
X-Proxy-Origin
149.56.153.184; 149.56.153.184; 564.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
f400719e-3d5d-4958-9758-0119a9141980
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://sync.crwdcntrl.net/map/c=281/rand=458408060/tpid=8076697769768775013/tp=ANXS
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
59074
i6.liadm.com/s/
Redirect Chain
  • https://i.liadm.com/s/59074?bidder_id=204553&bidder_uuid=ea8da53a8382297d947cc829
  • https://i.liadm.com/s/59074?bidder_id=204553&bidder_uuid=ea8da53a8382297d947cc829&_li_chk=true&previous_uuid=97601ab4a06e40d4ae26b18337ccb6db
  • https://i6.liadm.com/s/59074?bidder_id=204553&bidder_uuid=ea8da53a8382297d947cc829
43 B
419 B
Image
General
Full URL
https://i6.liadm.com/s/59074?bidder_id=204553&bidder_uuid=ea8da53a8382297d947cc829
Protocol
HTTP/1.1
Server
2600:1f18:444a:4602:9c05:7f25:f6a5:7205 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 10:36:02 GMT
Cache-Control
no-store
Connection
keep-alive
Content-Length
43
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/gif

Redirect headers

Location
https://i6.liadm.com/s/59074?bidder_id=204553&bidder_uuid=ea8da53a8382297d947cc829
Date
Thu, 27 Jan 2022 10:36:02 GMT
Connection
keep-alive
Content-Length
0
Strict-Transport-Security
max-age=31536000; includeSubDomains
merge
ce.lijit.com/
Redirect Chain
  • https://p.adsymptotic.com/d/px/?_pid=15697&_psign=0a885fb568701ac53478d88866a10345&_pu&_puuid=ea8da53a8382297d947cc829&_redirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D5014%263pid%3D${UUID}&_ra...
  • https://p.adsymptotic.com/d/px/?_pid=15697&_psign=0a885fb568701ac53478d88866a10345&_pu&_puuid=ea8da53a8382297d947cc829&_redirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D5014%263pid%3D${UUID}&_ra...
  • https://ce.lijit.com/merge?pid=5014&3pid=3784fd3971cf773ccba62daea795a47c
43 B
673 B
Image
General
Full URL
https://ce.lijit.com/merge?pid=5014&3pid=3784fd3971cf773ccba62daea795a47c
Protocol
HTTP/1.1
Server
216.52.2.48 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:03 GMT
Server
nginx
X-Powered-By
raptor
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap5ams1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

date
Thu, 27 Jan 2022 10:36:02 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP='NON DSP COR CONi OUR BUS CNT'
location
https://ce.lijit.com/merge?pid=5014&3pid=3784fd3971cf773ccba62daea795a47c
cf-ray
6d4156759f8853dd-YYZ
content-length
0
primisslate.css
live.primis.tech/content/video/css/
17 KB
5 KB
Stylesheet
General
Full URL
https://live.primis.tech/content/video/css/primisslate.css
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032322D30312D32375F31327D7B7331373037383430307D7B4333317D7B535A4777745A6D6C735A53356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583634307D7B593434307D7B66317D7B4C31323636337DFEFE&userIpAddr=149.56.153.184&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F97.0.4692.71+Safari%2F537.36&debugInformation=&kv_enc_1=url%3D%252Fg6zkpczghqdr%252FBanks_2012_Chevy131217.rar&isWePassGdpr=1&schain=1.0%2C1%21network-n.com%2Cpa_f06496e7%2C1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&isSinglePageFloatSupport=0&csuuid=61f275927240c&debugInfo=17078400_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17078400&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2cafjgvulrox&secondaryContent=&x=640&y=440&pubUrl=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=0&flow_bottomOffset=90&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=0&gdprConsent=&contentFeedId=&geoLati=45.4995&geoLong=-73.5848&vpTemplate=12663&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=dl-file.com
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.244.48.95 New York, United States, ASN36007 (KAMATERA, US),
Reverse DNS
Software
nginx /
Resource Hash
4f7cd55655bafca4db9b67255125ed52cd91d21b1727e9f28f71219aa1341de5

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:02 GMT
content-encoding
gzip
last-modified
Tue, 18 Aug 2020 10:07:30 GMT
server
nginx
etag
W/"5f3ba862-45c8"
content-type
text/css
apstag.js
c.amazon-adsystem.com/aax2/ Frame FC14
134 KB
36 KB
Script
General
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032322D30312D32375F31327D7B7331373037383430307D7B4333317D7B535A4777745A6D6C735A53356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583634307D7B593434307D7B66317D7B4C31323636337DFEFE&userIpAddr=149.56.153.184&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F97.0.4692.71+Safari%2F537.36&debugInformation=&kv_enc_1=url%3D%252Fg6zkpczghqdr%252FBanks_2012_Chevy131217.rar&isWePassGdpr=1&schain=1.0%2C1%21network-n.com%2Cpa_f06496e7%2C1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&isSinglePageFloatSupport=0&csuuid=61f275927240c&debugInfo=17078400_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17078400&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2cafjgvulrox&secondaryContent=&x=640&y=440&pubUrl=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=0&flow_bottomOffset=90&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=0&gdprConsent=&contentFeedId=&geoLati=45.4995&geoLong=-73.5848&vpTemplate=12663&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=dl-file.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.192.160.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-192-160-42.ewr53.r.cloudfront.net
Software
Server /
Resource Hash
c7360a9b46fde11845b3090ca0034fb409d92398a71f3ae15fac3a2fa29ae6cc

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 26 Jan 2022 21:10:01 GMT
content-encoding
gzip
age
48360
x-cache
Hit from cloudfront
timing-allow-origin
*
server
Server
x-amz-rid
1F940PJN5T088NJBC3RM
etag
a89a0f9aa62d9c46ee287cd1f0b6423d
vary
Accept-Encoding
x-amz-version-id
GzCVpXkwVbKPnWWiNgpDCABi9Jbs4BMI
via
1.1 48242c037992a87d34be1f3c114efc0a.cloudfront.net (CloudFront)
cache-control
public, max-age=86400
x-amz-cf-pop
EWR53-C3
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
B0vy6TPV2gwwXShf2-utCn_M4Ett1Sfoal-VuWEgrQWXXRoj8J-RPA==
ProfilesEngineServlet
api.intentiq.com/profiles_engine/ Frame FC14
Redirect Chain
  • https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=39&mi=10&dpi=793790479&pt=17&dpn=1&jsver=3&iiqidtype=2&iiqpcid=a1a9ba84-b091-4b0f-839b-245e8aa2a6c4&iiqpciddate=1643279762747&iiqca...
  • https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=39&mi=10&dpi=793790479&pt=17&dpn=1&jsver=3&iiqidtype=2&iiqpcid=a1a9ba84-b091-4b0f-839b-245e8aa2a6c4&iiqpciddate=1643279762747&iiqca...
40 B
846 B
XHR
General
Full URL
https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=39&mi=10&dpi=793790479&pt=17&dpn=1&jsver=3&iiqidtype=2&iiqpcid=a1a9ba84-b091-4b0f-839b-245e8aa2a6c4&iiqpciddate=1643279762747&iiqcallcount=0&iiqfailcount=0&iiqnodata=false&iiqlocalstorageenabled=0&tsrnd=578_1643279762748&fbp=2503514552&cttl=43200000&ckls=true&ci=PyhM2rLAGW&nc=false&trid=-1476173787
Protocol
H2
Server
13.226.31.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-31-74.ewr53.r.cloudfront.net
Software
Apache-Coyote/1.1 /
Resource Hash
1f5f85c03b32c29914eb1d136fcfea793078788bce67c236dbdcf57f997e6b70

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:02 GMT
via
1.1 b7d10369ae737ec35cf8d7faced56ef0.cloudfront.net (CloudFront)
vary
Origin
x-amz-cf-pop
EWR53-C2
x-cache
Miss from cloudfront
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
patent
https://www.almondnet.com/ip
pragma
no-cache
server
Apache-Coyote/1.1
access-control-max-age
3600
access-control-allow-methods
POST, GET
content-type
text/html
access-control-allow-origin
https://dl-file.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Accept, X-Requested-With, remember-me
x-amz-cf-id
ytQXIbzZNphLbIfU647_rXvXD9a1Ss8i0F9Zh2CWo7QGoj5xXjlgwQ==
expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

date
Thu, 27 Jan 2022 10:36:02 GMT
via
1.1 b7d10369ae737ec35cf8d7faced56ef0.cloudfront.net (CloudFront)
vary
Origin
x-amz-cf-pop
EWR53-C2
x-cache
Miss from cloudfront
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
patent
https://www.almondnet.com/ip
content-length
43
pragma
no-cache
access-control-allow-origin
https://dl-file.com
server
Apache-Coyote/1.1
access-control-max-age
3600
access-control-allow-methods
POST, GET
content-type
image/gif
location
https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=39&mi=10&dpi=793790479&pt=17&dpn=1&jsver=3&iiqidtype=2&iiqpcid=a1a9ba84-b091-4b0f-839b-245e8aa2a6c4&iiqpciddate=1643279762747&iiqcallcount=0&iiqfailcount=0&iiqnodata=false&iiqlocalstorageenabled=0&tsrnd=578_1643279762748&fbp=2503514552&cttl=43200000&ckls=true&ci=PyhM2rLAGW&nc=false&trid=-1476173787
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Accept, X-Requested-With, remember-me
x-amz-cf-id
maWtNmaYxz9LPLk7ixSXaFWBsXGG8u46T85hnBuFIWFQkyh3f8T9bg==
expires
Thu, 01 Jan 1970 00:00:00 GMT
ProfilesEngineServlet
sync.intentiq.com/profiles_engine/ Frame FC14
43 B
538 B
Image
General
Full URL
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&secure=1&dpi=1048688155&rnd=288998&iiqidtype=2&iiqpcid=a1a9ba84-b091-4b0f-839b-245e8aa2a6c4&iiqpciddate=1643279762747&tsrnd=755_1643279762748&fbp=2503514552
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.31.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-31-35.ewr53.r.cloudfront.net
Software
Apache-Coyote/1.1 /
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:02 GMT
via
1.1 5301cc544de32ec737d1069c11f7df30.cloudfront.net (CloudFront)
server
Apache-Coyote/1.1
x-amz-cf-pop
EWR53-C2
x-cache
Miss from cloudfront
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
43
x-amz-cf-id
5u58T6eFItkjRATl-a5-GpQ9jzBHmrd-w6bNyUpU-1tKbmAntIfBZg==
expires
Thu, 01 Jan 1970 00:00:00 GMT
tpd
api.permutive.com/v2.0/
2 B
42 B
XHR
General
Full URL
https://api.permutive.com/v2.0/tpd?k=77604859-ffe0-4bc9-9ccd-67044cad2410
Requested by
Host: 00917082-71e9-498e-8343-00c3df06b798.edge.permutive.app
URL: https://00917082-71e9-498e-8343-00c3df06b798.edge.permutive.app/00917082-71e9-498e-8343-00c3df06b798-web.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.254.252 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
252.254.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer
https://dl-file.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
content-type
text/plain

Response headers

date
Thu, 27 Jan 2022 10:36:02 GMT
content-encoding
gzip
server
Permutive
vary
Origin,Access-Control-Request-Method
access-control-allow-methods
POST
content-type
application/json
access-control-allow-origin
https://dl-file.com
access-control-expose-headers
*
access-control-allow-credentials
true
access-control-max-age
86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
22
via
1.1 google
segment
api.permutive.com/adv/v2/
14 B
28 B
XHR
General
Full URL
https://api.permutive.com/adv/v2/segment?new-session=true&k=77604859-ffe0-4bc9-9ccd-67044cad2410
Requested by
Host: 00917082-71e9-498e-8343-00c3df06b798.edge.permutive.app
URL: https://00917082-71e9-498e-8343-00c3df06b798.edge.permutive.app/00917082-71e9-498e-8343-00c3df06b798-web.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.254.252 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
252.254.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
e3aeeb9b76fb8242067c35d89b2a5281561e92a7c9a25239d630f818fe978a7d

Request headers

Referer
https://dl-file.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
*
date
Thu, 27 Jan 2022 10:36:02 GMT
via
1.1 google
server
Permutive
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14
content-type
application/json
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame FC14
6 KB
7 KB
XHR
General
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.192.160.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-192-160-42.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 03:08:11 GMT
via
1.1 3f6eb9ff07d4d2f572d4e8e6fb935a36.cloudfront.net (CloudFront)
vary
Accept-Encoding,Origin
age
26872
x-cache
Hit from cloudfront
content-length
6482
last-modified
Fri, 21 Jan 2022 02:54:57 GMT
server
AmazonS3
etag
"a4d296427fc806b21335359e398c025c"
access-control-max-age
3000
access-control-allow-methods
GET
x-amz-version-id
eaU6ir6qmGswM2SGRmLi7PKhBcBrRdvn
access-control-allow-origin
*
cache-control
public, max-age=86400
x-amz-cf-pop
EWR53-C3
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
z5YDAVSRpP5b68GAoKedt_C2ooQRG_pumZKCztnu_IH2E45JOQ5Q4A==
css
fonts.googleapis.com/ Frame CDD8
2 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto&display=swap
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:824::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
8c4967c13572e41e718dfbb3d84dddeacc748aa14cb2d65ad91ecdde60f50664
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 27 Jan 2022 10:13:21 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 27 Jan 2022 10:36:02 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 27 Jan 2022 10:36:02 GMT
css
fonts.googleapis.com/
2 KB
622 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto&display=swap
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032322D30312D32375F31327D7B7331373037383430307D7B4333317D7B535A4777745A6D6C735A53356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583634307D7B593434307D7B66317D7B4C31323636337DFEFE&userIpAddr=149.56.153.184&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F97.0.4692.71+Safari%2F537.36&debugInformation=&kv_enc_1=url%3D%252Fg6zkpczghqdr%252FBanks_2012_Chevy131217.rar&isWePassGdpr=1&schain=1.0%2C1%21network-n.com%2Cpa_f06496e7%2C1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&isSinglePageFloatSupport=0&csuuid=61f275927240c&debugInfo=17078400_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17078400&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2cafjgvulrox&secondaryContent=&x=640&y=440&pubUrl=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=0&flow_bottomOffset=90&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=0&gdprConsent=&contentFeedId=&geoLati=45.4995&geoLong=-73.5848&vpTemplate=12663&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=dl-file.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:824::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
8c4967c13572e41e718dfbb3d84dddeacc748aa14cb2d65ad91ecdde60f50664
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 27 Jan 2022 10:18:59 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 27 Jan 2022 10:36:02 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 27 Jan 2022 10:36:02 GMT
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 0AD5
14 KB
5 KB
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D0%26gdpr_consent%3D
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032322D30312D32375F31327D7B7331373037383430307D7B4333317D7B535A4777745A6D6C735A53356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583634307D7B593434307D7B66317D7B4C31323636337DFEFE&userIpAddr=149.56.153.184&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F97.0.4692.71+Safari%2F537.36&debugInformation=&kv_enc_1=url%3D%252Fg6zkpczghqdr%252FBanks_2012_Chevy131217.rar&isWePassGdpr=1&schain=1.0%2C1%21network-n.com%2Cpa_f06496e7%2C1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&isSinglePageFloatSupport=0&csuuid=61f275927240c&debugInfo=17078400_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17078400&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2cafjgvulrox&secondaryContent=&x=640&y=440&pubUrl=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=0&flow_bottomOffset=90&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=0&gdprConsent=&contentFeedId=&geoLati=45.4995&geoLong=-73.5848&vpTemplate=12663&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=dl-file.com
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.54.68.197 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-54-68-197.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/

Response headers

last-modified
Tue, 15 Jun 2021 06:08:03 GMT
etag
"1300708-3945-5c4c7cc02bd56"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5054
content-type
text/html; charset=UTF-8
cache-control
max-age=84066
expires
Fri, 28 Jan 2022 09:57:09 GMT
date
Thu, 27 Jan 2022 10:36:03 GMT
vary
Accept-Encoding
liveCS.php
live.primis.tech/live/ Frame 5EB9
Redirect Chain
  • https://sync.search.spotxchange.com/partner?adv_id=8805&redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D94%26advUuid%3D%24...
  • https://sync.search.spotxchange.com/partner?adv_id=8805&redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D94%26advUuid%3D%24...
  • https://live.primis.tech/live/liveCS.php?source=external&csuuid=61f275927240c&pixel=&advId=94&advUuid=ecee3721-7f5c-11ec-b664-12d4f2240203
0
223 B
Document
General
Full URL
https://live.primis.tech/live/liveCS.php?source=external&csuuid=61f275927240c&pixel=&advId=94&advUuid=ecee3721-7f5c-11ec-b664-12d4f2240203
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032322D30312D32375F31327D7B7331373037383430307D7B4333317D7B535A4777745A6D6C735A53356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583634307D7B593434307D7B66317D7B4C31323636337DFEFE&userIpAddr=149.56.153.184&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F97.0.4692.71+Safari%2F537.36&debugInformation=&kv_enc_1=url%3D%252Fg6zkpczghqdr%252FBanks_2012_Chevy131217.rar&isWePassGdpr=1&schain=1.0%2C1%21network-n.com%2Cpa_f06496e7%2C1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&isSinglePageFloatSupport=0&csuuid=61f275927240c&debugInfo=17078400_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17078400&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2cafjgvulrox&secondaryContent=&x=640&y=440&pubUrl=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=0&flow_bottomOffset=90&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=0&gdprConsent=&contentFeedId=&geoLati=45.4995&geoLong=-73.5848&vpTemplate=12663&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=dl-file.com
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.244.48.95 New York, United States, ASN36007 (KAMATERA, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/

Response headers

server
nginx
date
Thu, 27 Jan 2022 10:36:02 GMT
content-type
text/html; charset=utf-8
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control
no-store
pragma
no-cache
age
0
content-encoding
gzip

Redirect headers

Server
nginx
Date
Thu, 27 Jan 2022 10:36:03 GMT
Content-Type
text/plain
Content-Length
0
Connection
keep-alive
Location
https://live.primis.tech/live/liveCS.php?source=external&csuuid=61f275927240c&pixel=&advId=94&advUuid=ecee3721-7f5c-11ec-b664-12d4f2240203
X-fe
399
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
Cache-Control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
liveCS.php
live.primis.tech/live/ Frame 404A
Redirect Chain
  • https://u.openx.net/w/1.0/cm?id=476b50d3-5ccf-49a1-89b8-1ddf8ea18042&r=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D98%26advU...
  • https://u.openx.net/w/1.0/cm?cc=1&id=476b50d3-5ccf-49a1-89b8-1ddf8ea18042&r=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D98%2...
  • https://live.primis.tech/live/liveCS.php?source=external&csuuid=61f275927240c&pixel=&advId=98&advUuid=ac5a11b0-0971-42c2-ad24-0fb13e7291d4
0
223 B
Document
General
Full URL
https://live.primis.tech/live/liveCS.php?source=external&csuuid=61f275927240c&pixel=&advId=98&advUuid=ac5a11b0-0971-42c2-ad24-0fb13e7291d4
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032322D30312D32375F31327D7B7331373037383430307D7B4333317D7B535A4777745A6D6C735A53356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583634307D7B593434307D7B66317D7B4C31323636337DFEFE&userIpAddr=149.56.153.184&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F97.0.4692.71+Safari%2F537.36&debugInformation=&kv_enc_1=url%3D%252Fg6zkpczghqdr%252FBanks_2012_Chevy131217.rar&isWePassGdpr=1&schain=1.0%2C1%21network-n.com%2Cpa_f06496e7%2C1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&isSinglePageFloatSupport=0&csuuid=61f275927240c&debugInfo=17078400_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17078400&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2cafjgvulrox&secondaryContent=&x=640&y=440&pubUrl=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=0&flow_bottomOffset=90&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=0&gdprConsent=&contentFeedId=&geoLati=45.4995&geoLong=-73.5848&vpTemplate=12663&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=dl-file.com
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.244.48.95 New York, United States, ASN36007 (KAMATERA, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/

Response headers

server
nginx
date
Thu, 27 Jan 2022 10:36:02 GMT
content-type
text/html; charset=utf-8
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control
no-store
pragma
no-cache
age
0
content-encoding
gzip

Redirect headers

vary
Accept, Accept-Encoding
server
OXGW/17.1.0
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://live.primis.tech/live/liveCS.php?source=external&csuuid=61f275927240c&pixel=&advId=98&advUuid=ac5a11b0-0971-42c2-ad24-0fb13e7291d4
date
Thu, 27 Jan 2022 10:36:03 GMT
content-type
text/html
content-length
0
content-encoding
gzip
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
sync.html
s.console.adtarget.com.tr/ Frame D0F5
2 KB
1 KB
Document
General
Full URL
https://s.console.adtarget.com.tr/sync.html?aid=556966
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032322D30312D32375F31327D7B7331373037383430307D7B4333317D7B535A4777745A6D6C735A53356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583634307D7B593434307D7B66317D7B4C31323636337DFEFE&userIpAddr=149.56.153.184&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F97.0.4692.71+Safari%2F537.36&debugInformation=&kv_enc_1=url%3D%252Fg6zkpczghqdr%252FBanks_2012_Chevy131217.rar&isWePassGdpr=1&schain=1.0%2C1%21network-n.com%2Cpa_f06496e7%2C1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&isSinglePageFloatSupport=0&csuuid=61f275927240c&debugInfo=17078400_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17078400&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2cafjgvulrox&secondaryContent=&x=640&y=440&pubUrl=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=0&flow_bottomOffset=90&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=0&gdprConsent=&contentFeedId=&geoLati=45.4995&geoLong=-73.5848&vpTemplate=12663&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=dl-file.com
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a06:8640:852:0:ec4:7aff:fe91:19a Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software
VertaMedia 1.0 /
Resource Hash
4a1441716cf00cd1b32779c84dff048f0f590a76beb4d97466d789a6a8c704e6

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/

Response headers

Server
VertaMedia 1.0
Date
Thu, 27 Jan 2022 10:36:03 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
890
Access-Control-Allow-Origin
https://dl-file.com
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Encoding
gzip
liveView.php
live.primis.tech/live/ Frame FC14
109 KB
11 KB
XHR
General
Full URL
https://live.primis.tech/live/liveView.php?hash=pm01ODA1NlZ2nWRsqzFmqFRcoWViqXQ9LTEzqzyxX3Zup3RUrXByPTMzqzyxX3BfYXyypyZypw0mLwEhMCZ2nWRsqzyyq2FvnWkcqHyTqGF0ZT0kJaZcZF9wo250ZW50X3VloD1bqHRjplUmQSUlRvUlRaZcZGViLaBlnW1cpl50ZWNbJTJGqXBfo2FxplUlRzNhMTtyMxZ2nWRyolUlRaVmZXJmJTJGY29hqzVlqGVxJTJGMwt1ODtyMxZ2nWRyo182MDyvYWU2YTt0ZTE4NTMjNwM4NDtlJTJGqzyxNwFyYWMmNTM4MTVwZTI0ODM3NTM4MC5gpDQzqzyxX2NioaRyoaRsnWQ9MwA0Nmt2NSZ2nWRsY29hqGVhqF9xZXNwPVJunW5vo3peU2y4K0V4qHJuY3Rco24eQXJwnGFyYW5mKl0eZXZypay0nGyhZlg3ZSgeoz93JaZcZF9wo250ZW50X3RcqGkyPVJunW5vo3peU2y4K0V4qHJuY3Rco24eQXJwnGFyYW5mKl0eZXZypay0nGyhZlg3ZSgeoz93JaZcZF9wo250ZW50X2R1pzF0nW9hPTYjJzRyYaVaSW5zo3JgYXRco249Jat9ODI2Jax9NDY1JaB1YyVloD1bqHRjplUmQSUlRvUlRzRfLWZcoGUhY29gJTJGZmZ6n3BwrzqbpWRlJTJGQzFhn3NsMwAkMy9DnGV2rTEmMTIkNl5lYXIhnHRgoCZlnT02QmY5NmY2NTUmNmQ2MTp0NmM3QmpmNxImMTqCNTQmMDqEN0I2NDMlMmAmMwMlMxQmMDMkMxQmMwM3NUYmMTMlN0Q3QwpmMmEmNmMjMmpmODM0MmAmMDqEN0I0MmMmMmE3RDqCNTM1QTQ3Nmp3NDVBNxQ2QmpmNUE1MmM1NxE2MwMlMmAmRDqEN0I2MwYmNwt3MwZGNxQ2NTqEN0I3MTY0NwU3MmZCNmQ2RwpjN0Q3QwZGNmp2OTZFNwQ2Rwp3NmM3RDqCNTtmNwM0MmA3RDqCNTxmNDM0MmA3RDqCNwYmMTqEN0I0QmMkMmImNwM2MmM3REZFRxUznXNBpHA9MCZaZW9MYXRcPTQ1LwQ5OTUzZ2ViTG9hZm0gNmMhNTt0OCZ1p2VlSXBBZGRlPTE0OS41Nv4kNTMhMTt0JaVmZXJVQT1No3ccoGkuJTJGNS4jKlUlOFqcozRiq3MeTyQeMTAhMCUmQvgXnW42NCUmQvg4NwQyMwxeQXBjoGVXZWJLnXQyMxY1MmphMmYeJTI4S0uUTUjyMxMeoGyeZSgHZWNeolUlOSgDnHJioWUyMxY5Nl4jLwQ2OTIhNmEeU2FzYXJcJTJGNTM3LwM2JaNwnGFcow0kLwAyMxMkJTIkozV0q29lnl1hLzNioSUlQ3BuX2YjNwQ5NzU3JTJDMSZjoGF5ZXJBpGyJZD0zY3N1qWyxPTYkZwI3NTxlNmI0MGMzY2J1p3Rypw0kNwQmMwp5NmYlOTUlJzg2X2VhY18kPXVloCUmRCUlNTJGZmZ6n3BwrzqbpWRlJTI1MxZCYW5ep18lMDElX0NbZXZ5MTMkMwE3LaJupt==
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032322D30312D32375F31327D7B7331373037383430307D7B4333317D7B535A4777745A6D6C735A53356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583634307D7B593434307D7B66317D7B4C31323636337DFEFE&userIpAddr=149.56.153.184&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F97.0.4692.71+Safari%2F537.36&debugInformation=&kv_enc_1=url%3D%252Fg6zkpczghqdr%252FBanks_2012_Chevy131217.rar&isWePassGdpr=1&schain=1.0%2C1%21network-n.com%2Cpa_f06496e7%2C1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&isSinglePageFloatSupport=0&csuuid=61f275927240c&debugInfo=17078400_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17078400&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2cafjgvulrox&secondaryContent=&x=640&y=440&pubUrl=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=0&flow_bottomOffset=90&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=0&gdprConsent=&contentFeedId=&geoLati=45.4995&geoLong=-73.5848&vpTemplate=12663&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=dl-file.com
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.244.48.95 New York, United States, ASN36007 (KAMATERA, US),
Reverse DNS
Software
nginx /
Resource Hash
84994399cb52ebff9f8fa575e43b7bdc93ca47b7b0d2628ad67b2209d8ab8bee

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:02 GMT
content-encoding
gzip
server
nginx
age
0
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin
https://dl-file.com
cache-control
no-store
access-control-allow-credentials
true
content-type
application/json; charset=utf-8
content-length
10611
liveView.php
live.primis.tech/live/ Frame FC14
63 KB
7 KB
XHR
General
Full URL
https://live.primis.tech/live/liveView.php?hash=pm01ODA1NlZ2nWRsqzFmqFRcoWViqXQ9LTEzqzyxX3Zup3RUrXByPTMzqzyxX3BfYXyypyZypw0mLwEhMCZ2nWRsqzyyq2FvnWkcqHyTqGF0ZT0kJaZcZF9wo250ZW50X3VloD1bqHRjplUmQSUlRvUlRaZcZGViLaBlnW1cpl50ZWNbJTJGqXBfo2FxplUlRzNhMTtyMxZ2nWRyolUlRaVmZXJmJTJGY29hqzVlqGVxJTJGMwt1ODtyMxZ2nWRyo182MDyvYWU2YTt0ZTE4NTMjNwM4NDtlJTJGqzyxNwFyYWMmNTM4MTVwZTI0ODM3NTM4MC5gpDQzqzyxX2NioaRyoaRsnWQ9MwA0Nmt2NSZ2nWRsY29hqGVhqF9xZXNwPVJunW5vo3peU2y4K0V4qHJuY3Rco24eQXJwnGFyYW5mKl0eZXZypay0nGyhZlg3ZSgeoz93JaZcZF9wo250ZW50X3RcqGkyPVJunW5vo3peU2y4K0V4qHJuY3Rco24eQXJwnGFyYW5mKl0eZXZypay0nGyhZlg3ZSgeoz93JaZcZF9wo250ZW50X2R1pzF0nW9hPTYjJzRyYaVaSW5zo3JgYXRco249Jat9NDAjJax9MwI1JaB1YyVloD1bqHRjplUmQSUlRvUlRzRfLWZcoGUhY29gJTJGZmZ6n3BwrzqbpWRlJTJGQzFhn3NsMwAkMy9DnGV2rTEmMTIkNl5lYXIhnHRgoCZlnT02QmY5NmY2NTUmNmQ2MTp0NmM3QmpmNxImMTqCNTQmMDqEN0I2NDMlMmAmMwMlMxQmMDMkMxQmMwM3NUYmMTMlN0Q3QwpmMmEmNmMjMmpmODM0MmAmMDqEN0I0MmMmMmE3RDqCNTM1QTQ3Nmp3NDVBNxQ2QmpmNUE1MmM1NxE2MwMlMmAmRDqEN0I2MwYmNwt3MwZGNxQ2NTqEN0I3MTY0NwU3MmZCNmQ2RwpjN0Q3QwZGNmp2OTZFNwQ2Rwp3NmM3RDqCNTtmNwM0MmA3RDqCNTxmNDM0MmA3RDqCNwYmMTqEN0I0QmMkMmImNwM2MmM3REZFRxUznXNBpHA9MCZaZW9MYXRcPTQ1LwQ5OTUzZ2ViTG9hZm0gNmMhNTt0OCZ1p2VlSXBBZGRlPTE0OS41Nv4kNTMhMTt0JaVmZXJVQT1No3ccoGkuJTJGNS4jKlUlOFqcozRiq3MeTyQeMTAhMCUmQvgXnW42NCUmQvg4NwQyMwxeQXBjoGVXZWJLnXQyMxY1MmphMmYeJTI4S0uUTUjyMxMeoGyeZSgHZWNeolUlOSgDnHJioWUyMxY5Nl4jLwQ2OTIhNmEeU2FzYXJcJTJGNTM3LwM2JaNwnGFcow0kLwAyMxMkJTIkozV0q29lnl1hLzNioSUlQ3BuX2YjNwQ5NzU3JTJDMSZjoGF5ZXJBpGyJZD0zY3N1qWyxPTYkZwI3NTxlNmI0MGMzY2J1p3Rypw0kNwQmMwp5NmYlOTUmJzg2X2VhY18kPXVloCUmRCUlNTJGZmZ6n3BwrzqbpWRlJTI1MxZCYW5ep18lMDElX0NbZXZ5MTMkMwE3LaJupt==
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032322D30312D32375F31327D7B7331373037383430307D7B4333317D7B535A4777745A6D6C735A53356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583634307D7B593434307D7B66317D7B4C31323636337DFEFE&userIpAddr=149.56.153.184&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F97.0.4692.71+Safari%2F537.36&debugInformation=&kv_enc_1=url%3D%252Fg6zkpczghqdr%252FBanks_2012_Chevy131217.rar&isWePassGdpr=1&schain=1.0%2C1%21network-n.com%2Cpa_f06496e7%2C1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&isSinglePageFloatSupport=0&csuuid=61f275927240c&debugInfo=17078400_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17078400&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2cafjgvulrox&secondaryContent=&x=640&y=440&pubUrl=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=0&flow_bottomOffset=90&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=0&gdprConsent=&contentFeedId=&geoLati=45.4995&geoLong=-73.5848&vpTemplate=12663&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=dl-file.com
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.244.48.95 New York, United States, ASN36007 (KAMATERA, US),
Reverse DNS
Software
nginx /
Resource Hash
3e0b14f2f363c1ad90b2dba6e32363ae9be1a7c8a7c4c4e43e5bc9f4d722c8b3

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:02 GMT
content-encoding
gzip
server
nginx
age
0
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin
https://dl-file.com
cache-control
no-store
access-control-allow-credentials
true
content-type
application/json; charset=utf-8
content-length
7392
liveView.php
live.primis.tech/live/ Frame FC14
48 KB
7 KB
XHR
General
Full URL
https://live.primis.tech/live/liveView.php?hash=pm01ODA1NlZ2nWRsqzFmqFRcoWViqXQ9LTEzqzyxX3Zup3RUrXByPTMzqzyxX3BfYXyypyZypw0mLwEhMCZ2nWRsqzyyq2FvnWkcqHyTqGF0ZT0jJaZcZF9wo250ZW50X3VloD1bqHRjplUmQSUlRvUlRaZcZGViLaBlnW1cpl50ZWNbJTJGqXBfo2FxplUlRzNhMTtyMxZ2nWRyolUlRaVmZXJmJTJGY29hqzVlqGVxJTJGMwt1ODtyMxZ2nWRyo182MDyvYWU2YTt0ZTE4NTMjNwM4NDtlJTJGqzyxNwFyYWMmNTM4MTVwZTI0ODM3NTM4MC5gpDQzqzyxX2NioaRyoaRsnWQ9MwA0Nmt2NSZ2nWRsY29hqGVhqF9xZXNwPVJunW5vo3peU2y4K0V4qHJuY3Rco24eQXJwnGFyYW5mKl0eZXZypay0nGyhZlg3ZSgeoz93JaZcZF9wo250ZW50X3RcqGkyPVJunW5vo3peU2y4K0V4qHJuY3Rco24eQXJwnGFyYW5mKl0eZXZypay0nGyhZlg3ZSgeoz93JaZcZF9wo250ZW50X2R1pzF0nW9hPTYjJzRyYaVaSW5zo3JgYXRco249Jat9ODI2Jax9NDY1JaB1YyVloD1bqHRjplUmQSUlRvUlRzRfLWZcoGUhY29gJTJGZmZ6n3BwrzqbpWRlJTJGQzFhn3NsMwAkMy9DnGV2rTEmMTIkNl5lYXIhnHRgoCZlnT02QmY5NmY2NTUmNmQ2MTp0NmM3QmpmNxImMTqCNTQmMDqEN0I2NDMlMmAmMwMlMxQmMDMkMxQmMwM3NUYmMTMlN0Q3QwpmMmEmNmMjMmpmODM0MmAmMDqEN0I0MmMmMmE3RDqCNTM1QTQ3Nmp3NDVBNxQ2QmpmNUE1MmM1NxE2MwMlMmAmRDqEN0I2MwYmNwt3MwZGNxQ2NTqEN0I3MTY0NwU3MmZCNmQ2RwpjN0Q3QwZGNmp2OTZFNwQ2Rwp3NmM3RDqCNTtmNwM0MmA3RDqCNTxmNDM0MmA3RDqCNwYmMTqEN0I0QmMkMmImNwM2MmM3REZFRxUznXNBpHA9MCZaZW9MYXRcPTQ1LwQ5OTUzZ2ViTG9hZm0gNmMhNTt0OCZ1p2VlSXBBZGRlPTE0OS41Nv4kNTMhMTt0JaVmZXJVQT1No3ccoGkuJTJGNS4jKlUlOFqcozRiq3MeTyQeMTAhMCUmQvgXnW42NCUmQvg4NwQyMwxeQXBjoGVXZWJLnXQyMxY1MmphMmYeJTI4S0uUTUjyMxMeoGyeZSgHZWNeolUlOSgDnHJioWUyMxY5Nl4jLwQ2OTIhNmEeU2FzYXJcJTJGNTM3LwM2JaNwnGFcow0kLwAyMxMkJTIkozV0q29lnl1hLzNioSUlQ3BuX2YjNwQ5NzU3JTJDMSZjoGF5ZXJBpGyJZD0zY3N1qWyxPTYkZwI3NTxlNmI0MGMzY2J1p3Rypw0kNwQmMwp5NmYlOTU3Jzg2X2VhY18kPXVloCUmRCUlNTJGZmZ6n3BwrzqbpWRlJTI1MxZCYW5ep18lMDElX0NbZXZ5MTMkMwE3LaJupt==
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032322D30312D32375F31327D7B7331373037383430307D7B4333317D7B535A4777745A6D6C735A53356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583634307D7B593434307D7B66317D7B4C31323636337DFEFE&userIpAddr=149.56.153.184&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F97.0.4692.71+Safari%2F537.36&debugInformation=&kv_enc_1=url%3D%252Fg6zkpczghqdr%252FBanks_2012_Chevy131217.rar&isWePassGdpr=1&schain=1.0%2C1%21network-n.com%2Cpa_f06496e7%2C1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&isSinglePageFloatSupport=0&csuuid=61f275927240c&debugInfo=17078400_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17078400&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2cafjgvulrox&secondaryContent=&x=640&y=440&pubUrl=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=0&flow_bottomOffset=90&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=0&gdprConsent=&contentFeedId=&geoLati=45.4995&geoLong=-73.5848&vpTemplate=12663&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=dl-file.com
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.244.48.95 New York, United States, ASN36007 (KAMATERA, US),
Reverse DNS
Software
nginx /
Resource Hash
d165b14fecdaaec5d9d63c078e34e6f49dcb13eec4a95f4fa919869cb68f6f20

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:02 GMT
content-encoding
gzip
server
nginx
age
0
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin
https://dl-file.com
cache-control
no-store
access-control-allow-credentials
true
content-type
application/json; charset=utf-8
content-length
6436
vid61eac353815ce248375380_thumb.jpg
video.primis.tech/uploads/cn18/video/users/converted/28588/video_609bae6a84e18530638482/ Frame CDD8
3 KB
3 KB
Image
General
Full URL
https://video.primis.tech/uploads/cn18/video/users/converted/28588/video_609bae6a84e18530638482/vid61eac353815ce248375380_thumb.jpg?cbuster=1642776192
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.238.215.60 New York, United States, ASN36007 (KAMATERA, US),
Reverse DNS
Software
Tengine /
Resource Hash
af7479b5ba8447b9c358b5f135051822d13908ad54dd2aa36f2527f466ae4b11

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
via
1.1 6f9ef5ae165c9835aa6935d9fb7e2072.cloudfront.net (CloudFront)
last-modified
Fri, 21 Jan 2022 14:43:13 GMT
server
Tengine
x-amz-cf-pop
EWR53-P1
etag
"299be006fe395c8e80f16f7ecae7caf3"
content-type
image/jpeg
access-control-allow-origin
*
expires
Thu, 10 Feb 2022 10:36:03 GMT
cache-control
max-age=1209600
accept-ranges
bytes
content-length
2646
x-amz-cf-id
oASh4bs0Y9TNRQz3sHLdpyk39antzfOogdcN_4S8blx1WrDcE5QkVw==
x-proxy-cache
HIT
vid61e1a7edf2750582505816_thumb.jpg
video.primis.tech/uploads/cn11/video/users/converted/28588/video_609bae6a84e18530638482/ Frame CDD8
4 KB
4 KB
Image
General
Full URL
https://video.primis.tech/uploads/cn11/video/users/converted/28588/video_609bae6a84e18530638482/vid61e1a7edf2750582505816_thumb.jpg?cbuster=1642179027
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.238.215.60 New York, United States, ASN36007 (KAMATERA, US),
Reverse DNS
Software
Tengine /
Resource Hash
fbe487ec6728938b3e622e8631734fcb9c3a9e39a6ffb69781ad1de430acc75a

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
via
1.1 2e1ee7384096c6afb6c1cfc9e9f5f23e.cloudfront.net (CloudFront)
last-modified
Fri, 14 Jan 2022 16:50:28 GMT
server
Tengine
x-amz-cf-pop
LAX50-C1
etag
"5f03df64bf6a4d2b8a00d1b7f5cd0df1"
content-type
image/jpeg
access-control-allow-origin
*
expires
Thu, 10 Feb 2022 10:36:03 GMT
cache-control
max-age=1209600
accept-ranges
bytes
content-length
3704
x-amz-cf-id
-y8lRmTXTxqXSTCesfd9hCTkyGQp9bt-kA8wmt8RxU4PbSZqE1vGKQ==
x-proxy-cache
HIT
vid61c3550faf1f2020914493_thumb.jpg
video.primis.tech/uploads/cn13/video/users/converted/28588/video_609bae6a84e18530638482/ Frame CDD8
4 KB
4 KB
Image
General
Full URL
https://video.primis.tech/uploads/cn13/video/users/converted/28588/video_609bae6a84e18530638482/vid61c3550faf1f2020914493_thumb.jpg?cbuster=1640191636
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.238.215.60 New York, United States, ASN36007 (KAMATERA, US),
Reverse DNS
Software
Tengine /
Resource Hash
bc3b318859454b4c871f892c8c3c8321609eb3ece4b388054a2d0969a839e25c

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
via
1.1 feb0b2cc886fee67750b2bfa4d010786.cloudfront.net (CloudFront)
last-modified
Wed, 22 Dec 2021 16:47:17 GMT
server
Tengine
x-amz-cf-pop
LAX3-C2
etag
"88b8b18818a5d2538e8a31342380f212"
content-type
image/jpeg
access-control-allow-origin
*
expires
Thu, 10 Feb 2022 10:36:03 GMT
cache-control
max-age=1209600
accept-ranges
bytes
content-length
3790
x-amz-cf-id
n1dl9DLcUvcyX_VbyqW_wRaOqqujzwzYopoxeqdZ_JHpBedKW9iIZg==
x-proxy-cache
HIT
vid61eac7fabeec7760341329_thumb.jpg
video.primis.tech/uploads/cn18/video/users/converted/28588/video_609bae6a84e18530638482/ Frame CDD8
4 KB
4 KB
Image
General
Full URL
https://video.primis.tech/uploads/cn18/video/users/converted/28588/video_609bae6a84e18530638482/vid61eac7fabeec7760341329_thumb.jpg?cbuster=1642776808
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.238.215.60 New York, United States, ASN36007 (KAMATERA, US),
Reverse DNS
Software
Tengine /
Resource Hash
164316fc9aa82c62a47c69004d092269dbef83bf57624a0a8bae1704e3c5e511

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
via
1.1 6a615842cf9e2c637f2872ee9b70eb72.cloudfront.net (CloudFront)
last-modified
Fri, 21 Jan 2022 14:53:29 GMT
server
Tengine
x-amz-cf-pop
IAD50-C2
etag
"c8ac0347a0f45775b40a873d0cd7e3ac"
content-type
image/jpeg
access-control-allow-origin
*
expires
Thu, 10 Feb 2022 10:36:03 GMT
cache-control
max-age=1209600
accept-ranges
bytes
content-length
4175
x-amz-cf-id
HqeD2POkvnzei4L2_4E2hMnSk4OUYhdz0_4YpmLcQWP8hBmldWy5pw==
x-proxy-cache
HIT
vid61eac570a1ebc564270062_thumb.jpg
video.primis.tech/uploads/cn18/video/users/converted/28588/video_609bae6a84e18530638482/ Frame CDD8
4 KB
5 KB
Image
General
Full URL
https://video.primis.tech/uploads/cn18/video/users/converted/28588/video_609bae6a84e18530638482/vid61eac570a1ebc564270062_thumb.jpg?cbuster=1642776197
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.238.215.60 New York, United States, ASN36007 (KAMATERA, US),
Reverse DNS
Software
Tengine /
Resource Hash
b023d448f9ce740a20e6d419706a20608b26538d770afaf88d78e83821bc5c27

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
via
1.1 3c5c6d0ac004d7cc9b79e2835fc1f6a4.cloudfront.net (CloudFront)
last-modified
Fri, 21 Jan 2022 14:43:17 GMT
server
Tengine
x-amz-cf-pop
EWR53-P1
etag
"269e9f76d1ad2be3494727557ab11e4a"
content-type
image/jpeg
access-control-allow-origin
*
expires
Thu, 10 Feb 2022 10:36:03 GMT
cache-control
max-age=1209600
accept-ranges
bytes
content-length
4348
x-amz-cf-id
SkeJ3ARLXXU6W5zUXq1D7Tc_RBX8DlFAYHCmN6M4XzwOhr4qI-mrxA==
x-proxy-cache
HIT
vid61eacbc136a8f545263299_thumb.jpg
video.primis.tech/uploads/cn18/video/users/converted/28588/video_609bae6a84e18530638482/ Frame CDD8
4 KB
4 KB
Image
General
Full URL
https://video.primis.tech/uploads/cn18/video/users/converted/28588/video_609bae6a84e18530638482/vid61eacbc136a8f545263299_thumb.jpg?cbuster=1642778029
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.238.215.60 New York, United States, ASN36007 (KAMATERA, US),
Reverse DNS
Software
Tengine /
Resource Hash
543b6e4a6bf28975c7bd66745da8a59d803e8cb4ab398489f6e75652243b1812

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
via
1.1 9d35ce6897d7f02042955443076a54de.cloudfront.net (CloudFront)
last-modified
Fri, 21 Jan 2022 15:13:50 GMT
server
Tengine
x-amz-cf-pop
EWR53-P1
etag
"3157ecf6773f93c19d5cd0d07578004c"
content-type
image/jpeg
access-control-allow-origin
*
expires
Thu, 10 Feb 2022 10:36:03 GMT
cache-control
max-age=1209600
accept-ranges
bytes
content-length
4204
x-amz-cf-id
fax4YNvclCZSh8oov8xxYCQsY3PwJZvg2E-N-QcCbcwEjHtILmKiwg==
x-proxy-cache
HIT
vid61debfc2ec924224305660_thumb.jpg
video.primis.tech/uploads/cn9/video/users/converted/28588/video_609bae6a84e18530638482/ Frame CDD8
3 KB
3 KB
Image
General
Full URL
https://video.primis.tech/uploads/cn9/video/users/converted/28588/video_609bae6a84e18530638482/vid61debfc2ec924224305660_thumb.jpg?cbuster=1641990198
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.238.215.60 New York, United States, ASN36007 (KAMATERA, US),
Reverse DNS
Software
Tengine /
Resource Hash
3e3f2e8bbe849b0347807d99ca453bf933cd684ac6a4bfea069ed1f8d519a173

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
via
1.1 c22d4946ef5faea12b8d3942ceb9259a.cloudfront.net (CloudFront)
last-modified
Wed, 12 Jan 2022 12:23:19 GMT
server
Tengine
x-amz-cf-pop
EWR53-P1
etag
"f9222443256d805df13c6b113b0230b3"
content-type
image/jpeg
access-control-allow-origin
*
expires
Thu, 10 Feb 2022 10:36:03 GMT
cache-control
max-age=1209600
accept-ranges
bytes
content-length
2720
x-amz-cf-id
ajbZ7y3XDuoe7zLQfhzG4EMDQjx7O8wMtvymGIxT2mJN5GmCEmH5kQ==
x-proxy-cache
HIT
liveView.php
live.primis.tech/live/
0
226 B
Image
General
Full URL
https://live.primis.tech/live/liveView.php?hash=ozcmPTEznXRiPTEzqzyxX2V2ZW50PTUjJaNypaZypyRcoWU9MTY0MmI3OTp2MvZ2nWRspGkurWVlVzVlPTMhMS4jJaM9MTA5NmQkJaN0YT0jJat9NwQjJax9NDQjJaZcZF9jYXNmRG9gYWyhPWRfLWZcoGUhY29gJaN1YxyxPWRfLWZcoGUhY29gJzRyYaVaSW5zo3JgYXRco249JzymQXBjPTAzpzx9NxM2OTp2NwU1Mmp0NwE3NDpmN0M3MmZCMmE3QwU0MmA3RDqCNwQmMwMjMmImMwJEMmAmMTJEMmImNmVGMmEmMwqEN0I3MmMkMmpmMDM3MmtmNDMjMmA3RDqCNDMmMmMkN0Q3QwUmNUE0Nmp3NmQ1QTZENxM3MmVBNTMmNTZBNwImMwMjM0Q3RDqCNwI2MmY4NmI2RwZENwU3RDqCNmE2NDY1NmM2Qwp0NxY3MDqEN0I2Rwp3Nwx2RTY0NxY3NmpmN0Q3QwU4MmYmNDMjN0Q3QwU5MmQmNDMjN0Q3QwY2MmE3RDqCNEMmMTMlMmYmNwMmN0RGRUZFJzRcYWyxPSZ1p2VlSXBBZGRlPTE0OS41Nv4kNTMhMTt0JaVmZXJVQT1No3ccoGkuJTJGNS4jJTIjJTI4V2yhZG93plUlME5UJTIjMTAhMCUmQvUlMFqcowY0JTNCJTIjrDY0JTI5JTIjQXBjoGVXZWJLnXQyMxY1MmphMmYyMwAyMwuLSFRNTCUlQlUlMGkcn2UyMwBHZWNeolUlOSUlMENbpz9gZSUlRwx3LwAhNDY5Mv43MSUlMFNuZzFlnSUlRwUmNl4mNvZwp3V1nWQ9NwFzMwp1OTI3MwQjYlZwo250ZW50RzyfZUyxPTAzoWVxnWFQoGF5TGymqEyxPTAzoWVxnWFMnXN0SWQ9MCZaZHBlPTAzZ2RjpxNioaNyoaQ9JzymV2VQYXNmR2Rjpw0kJzNwpGE9MCZwY3BuQ29hp2VhqD0zY2J1p3Rypw0kNwQmMwp5NmYlOTM5JaVcZD1TZWgcozRiU1BfYXyypwYkZwI3NTxlOTQ1YzUzpHVvVXJfPWu0qHBmJTNBJTJGJTJGZGjgZzyfZS5wo20yMxZaNacepGN6Z2ukZHIyMxZCYW5ep18lMDElX0NbZXZ5MTMkMwE3LaJupv5bqG1fJzZfo2F0U3RuqHVmPWZuoHNyJzVcZHNjPWycpQ==
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.244.48.95 New York, United States, ASN36007 (KAMATERA, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:02 GMT
content-encoding
gzip
server
nginx
age
0
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin
*
cache-control
no-store
content-type
text/html; charset=UTF-8
p-1ZHFxK2kGG5Cz.gif
pixel.quantserve.com/pixel/ Frame FC14
35 B
373 B
Image
General
Full URL
https://pixel.quantserve.com/pixel/p-1ZHFxK2kGG5Cz.gif?labels=publisher.28588.space.109741,adsize.640x440
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800b:21:2c95:6313:4150:7f7c , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:03 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
ProfilesEngineServlet
sync.intentiq.com/profiles_engine/ Frame FC14
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=sekindo&gdpr=0&gdpr_consent=
  • https://rtb.adstanding.com/ssp/bidswitch/cookie?bidswitch_ssp_id=sekindo&bidswitch_custom_parameter=c842ca48-ee24-4529-8afa-5d2f74bfe7d3
  • https://x.bidswitch.net/sync?dsp_id=317&user_id=0da4a144dfa05de443ae9e5bd7f6b02d&expires=30&ssp=sekindo&bsw_param=c842ca48-ee24-4529-8afa-5d2f74bfe7d3
  • https://live.primis.tech/live/liveCS.php?source=external&pixel=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26mi%3D10%26dpi%3D1267919208%26pcid%3Dc842ca48-ee2...
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=1267919208&pcid=c842ca48-ee24-4529-8afa-5d2f74bfe7d3&csh=
43 B
952 B
Image
General
Full URL
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=1267919208&pcid=c842ca48-ee24-4529-8afa-5d2f74bfe7d3&csh=
Protocol
H2
Server
13.226.31.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-31-35.ewr53.r.cloudfront.net
Software
Apache-Coyote/1.1 /
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:03 GMT
via
1.1 5301cc544de32ec737d1069c11f7df30.cloudfront.net (CloudFront)
server
Apache-Coyote/1.1
x-amz-cf-pop
EWR53-C2
x-cache
Miss from cloudfront
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
43
x-amz-cf-id
Kk_K1Aw-MiexJpxwESeo0H_lJ2JBRvANRcxcWGcJwhx60DVHtrWzcQ==
expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:03 GMT
server
nginx
age
0
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
location
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=1267919208&pcid=c842ca48-ee24-4529-8afa-5d2f74bfe7d3&csh=
cache-control
no-store
content-type
text/html; charset=utf-8
liveCS.php
live.primis.tech/live/ Frame FC14
Redirect Chain
  • https://csync.loopme.me/?redirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D93%26advUuid%3D%7Bdevice_id%7D
  • https://live.primis.tech/live/liveCS.php?source=external&csuuid=61f275927240c&pixel=&advId=93&advUuid=44280146-657c-4a1d-bdd1-e8678b761404
0
223 B
Image
General
Full URL
https://live.primis.tech/live/liveCS.php?source=external&csuuid=61f275927240c&pixel=&advId=93&advUuid=44280146-657c-4a1d-bdd1-e8678b761404
Protocol
H2
Server
199.244.48.95 New York, United States, ASN36007 (KAMATERA, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:03 GMT
content-encoding
gzip
server
nginx
age
0
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control
no-store
content-type
text/html; charset=utf-8

Redirect headers

location
https://live.primis.tech/live/liveCS.php?source=external&csuuid=61f275927240c&pixel=&advId=93&advUuid=44280146-657c-4a1d-bdd1-e8678b761404
date
Thu, 27 Jan 2022 10:36:03 GMT
server
_
content-length
0
liveCS.php
live.primis.tech/live/ Frame FC14
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatchredir?s=192962&cb=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D99%26advUuid%3D
  • https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D99%26advUuid%3D&s=192962&C=1
  • https://live.primis.tech/live/liveCS.php?source=external&csuuid=61f275927240c&pixel=&advId=99&advUuid=YfJ1k4fAXGcl1AX3NhIYCAAAAHcAAAAB
0
223 B
Image
General
Full URL
https://live.primis.tech/live/liveCS.php?source=external&csuuid=61f275927240c&pixel=&advId=99&advUuid=YfJ1k4fAXGcl1AX3NhIYCAAAAHcAAAAB
Protocol
H2
Server
199.244.48.95 New York, United States, ASN36007 (KAMATERA, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:02 GMT
content-encoding
gzip
server
nginx
age
0
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control
no-store
content-type
text/html; charset=utf-8

Redirect headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:03 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://live.primis.tech/live/liveCS.php?source=external&csuuid=61f275927240c&pixel=&advId=99&advUuid=YfJ1k4fAXGcl1AX3NhIYCAAAAHcAAAAB
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Content-Length
334
Expires
Thu, 27 Jan 2022 10:36:03 GMT
ImgSync
image8.pubmatic.com/AdServer/ Frame FC14
Redirect Chain
  • https://eb2.3lift.com/getuid?redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26pixel%3Dhttps%253A%252F%252Fsync.intentiq.com%252Fprofiles_engine%252FProfilesEngineServl...
  • https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26pixel%3Dhttps%253A%252F%252Fsync.intentiq.com%252Fprofile...
  • https://live.primis.tech/live/liveCS.php?source=external&pixel=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26mi%3D10%26dpi%3D259151345%26pcid%3D3522455783818...
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=259151345&pcid=3522455783818883563132
  • https://image8.pubmatic.com/AdServer/ImgSync?p=156872&pu=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1402230080%26mi%3D10%26csh%3D259151345%26rnd%3D-...
  • https://sync.resetdigital.co:10001/csync/pubmatic
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTgmdGw9NzIwMA==&piggybackCookie=000000985FFA0FE8
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
0
43 B
Image
General
Full URL
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Protocol
H2
Server
162.248.18.11 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:02 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
date
Thu, 27 Jan 2022 10:36:03 GMT
cache-control
no-store, no-cache, private
x-lat
njrpug008:0:432
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
ImgSync
image8.pubmatic.com/AdServer/ Frame FC14
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=primis
  • https://live.primis.tech/live/liveCS.php?source=external&csuuid=618110e63fc8f&advId=100&advUuid=KYWUCC1Q-A-1ZXB&pixel=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%...
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=1725065545&pcid=KYWUCC1Q-A-1ZXB
  • https://image8.pubmatic.com/AdServer/ImgSync?p=156872&pu=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1402230080%26mi%3D10%26csh%3D1725065545%26rnd%3D...
  • https://sync.resetdigital.co:10001/csync/pubmatic
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTgmdGw9NzIwMA==&piggybackCookie=000000985FFA0FEA
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
0
43 B
Image
General
Full URL
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Protocol
H2
Server
162.248.18.11 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
date
Thu, 27 Jan 2022 07:36:01 GMT
cache-control
no-store, no-cache, private
x-lat
njrpug030:0:344
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
liveCS.php
live.primis.tech/live/ Frame FC14
Redirect Chain
  • https://secure.adnxs.com/getuid?https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D105%26advUuid%3D%24UID
  • https://live.primis.tech/live/liveCS.php?source=external&csuuid=61f275927240c&pixel=&advId=105&advUuid=8076697769768775013
0
223 B
Image
General
Full URL
https://live.primis.tech/live/liveCS.php?source=external&csuuid=61f275927240c&pixel=&advId=105&advUuid=8076697769768775013
Protocol
H2
Server
199.244.48.95 New York, United States, ASN36007 (KAMATERA, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:02 GMT
content-encoding
gzip
server
nginx
age
0
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control
no-store
content-type
text/html; charset=utf-8

Redirect headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:03 GMT
X-Proxy-Origin
149.56.153.184; 149.56.153.184; 564.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
32091923-2ea8-4610-b6af-666c38f0eee0
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://live.primis.tech/live/liveCS.php?source=external&csuuid=61f275927240c&pixel=&advId=105&advUuid=8076697769768775013
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
vid61eac353815ce248375380.jpg
video.primis.tech/uploads/cn18/video/users/converted/28588/video_609bae6a84e18530638482/
20 KB
20 KB
Image
General
Full URL
https://video.primis.tech/uploads/cn18/video/users/converted/28588/video_609bae6a84e18530638482/vid61eac353815ce248375380.jpg?cbuster=1642776192
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.238.215.60 New York, United States, ASN36007 (KAMATERA, US),
Reverse DNS
Software
Tengine /
Resource Hash
e6e39c9e08dd80a3a54bd1f590ca4095d8c81394e63932dec839ed675ec5b92a

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
via
1.1 1b5c465964c3adabd634c860b3e30ca0.cloudfront.net (CloudFront)
last-modified
Fri, 21 Jan 2022 14:43:12 GMT
server
Tengine
x-amz-cf-pop
IAD50-C2
etag
"cc080fe9c784f6f99f6eda4600698d4c"
content-type
image/jpeg
access-control-allow-origin
*
expires
Thu, 10 Feb 2022 10:36:03 GMT
cache-control
max-age=1209600
accept-ranges
bytes
content-length
20312
x-amz-cf-id
kNt_lNqMTxe0Bw8N3TGkmxjEIOCTxG0SROtX9DXvYLQgwH6uUysvlQ==
x-proxy-cache
HIT
liveView.php
live.primis.tech/live/ Frame FC14
48 KB
7 KB
XHR
General
Full URL
https://live.primis.tech/live/liveView.php?hash=pm01ODA1NlZ2nWRsqzFmqFRcoWViqXQ9LTEzqzyxX3Zup3RUrXByPTMzqzyxX3BfYXyypyZypw0mLwEhMCZ2nWRsqzyyq2FvnWkcqHyTqGF0ZT0jJaZcZF9wo250ZW50X3VloD1bqHRjplUmQSUlRvUlRaZcZGViLaBlnW1cpl50ZWNbJTJGqXBfo2FxplUlRzNhMTtyMxZ2nWRyolUlRaVmZXJmJTJGY29hqzVlqGVxJTJGMwt1ODtyMxZ2nWRyo182MDyvYWU2YTt0ZTE4NTMjNwM4NDtlJTJGqzyxNwFyYWMmNTM4MTVwZTI0ODM3NTM4MC5gpDQzqzyxX2NioaRyoaRsnWQ9MwA0Nmt2NSZ2nWRsY29hqGVhqF9xZXNwPVJunW5vo3peU2y4K0V4qHJuY3Rco24eQXJwnGFyYW5mKl0eZXZypay0nGyhZlg3ZSgeoz93JaZcZF9wo250ZW50X3RcqGkyPVJunW5vo3peU2y4K0V4qHJuY3Rco24eQXJwnGFyYW5mKl0eZXZypay0nGyhZlg3ZSgeoz93JaZcZF9wo250ZW50X2R1pzF0nW9hPTYjJzRyYaVaSW5zo3JgYXRco249Jat9NDAjJax9MwI1JaB1YyVloD1bqHRjplUmQSUlRvUlRzRfLWZcoGUhY29gJTJGZmZ6n3BwrzqbpWRlJTJGQzFhn3NsMwAkMy9DnGV2rTEmMTIkNl5lYXIhnHRgoCZlnT02QmY5NmY2NTUmNmQ2MTp0NmM3QmpmNxImMTqCNTQmMDqEN0I2NDMlMmAmMwMlMxQmMDMkMxQmMwM3NUYmMTMlN0Q3QwpmMmEmNmMjMmpmODM0MmAmMDqEN0I0MmMmMmE3RDqCNTM1QTQ3Nmp3NDVBNxQ2QmpmNUE1MmM1NxE2MwMlMmAmRDqEN0I2MwYmNwt3MwZGNxQ2NTqEN0I3MTY0NwU3MmZCNmQ2RwpjN0Q3QwZGNmp2OTZFNwQ2Rwp3NmM3RDqCNTtmNwM0MmA3RDqCNTxmNDM0MmA3RDqCNwYmMTqEN0I0QmMkMmImNwM2MmM3REZFRxUznXNBpHA9MCZaZW9MYXRcPTQ1LwQ5OTUzZ2ViTG9hZm0gNmMhNTt0OCZ1p2VlSXBBZGRlPTE0OS41Nv4kNTMhMTt0JaVmZXJVQT1No3ccoGkuJTJGNS4jKlUlOFqcozRiq3MeTyQeMTAhMCUmQvgXnW42NCUmQvg4NwQyMwxeQXBjoGVXZWJLnXQyMxY1MmphMmYeJTI4S0uUTUjyMxMeoGyeZSgHZWNeolUlOSgDnHJioWUyMxY5Nl4jLwQ2OTIhNmEeU2FzYXJcJTJGNTM3LwM2JaNwnGFcow0kLwAyMxMkJTIkozV0q29lnl1hLzNioSUlQ3BuX2YjNwQ5NzU3JTJDMSZjoGF5ZXJBpGyJZD0zY3N1qWyxPTYkZwI3NTxlNmI0MGMzY2J1p3Rypw0kNwQmMwp5NmYlOTp5Jzg2X2VhY18kPXVloCUmRCUlNTJGZmZ6n3BwrzqbpWRlJTI1MxZCYW5ep18lMDElX0NbZXZ5MTMkMwE3LaJupt==
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032322D30312D32375F31327D7B7331373037383430307D7B4333317D7B535A4777745A6D6C735A53356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583634307D7B593434307D7B66317D7B4C31323636337DFEFE&userIpAddr=149.56.153.184&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F97.0.4692.71+Safari%2F537.36&debugInformation=&kv_enc_1=url%3D%252Fg6zkpczghqdr%252FBanks_2012_Chevy131217.rar&isWePassGdpr=1&schain=1.0%2C1%21network-n.com%2Cpa_f06496e7%2C1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&isSinglePageFloatSupport=0&csuuid=61f275927240c&debugInfo=17078400_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17078400&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2cafjgvulrox&secondaryContent=&x=640&y=440&pubUrl=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=0&flow_bottomOffset=90&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=0&gdprConsent=&contentFeedId=&geoLati=45.4995&geoLong=-73.5848&vpTemplate=12663&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=dl-file.com
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.244.48.95 New York, United States, ASN36007 (KAMATERA, US),
Reverse DNS
Software
nginx /
Resource Hash
dca292776b1ea1c87f822eacde61d8ad49d1d5cd3e6862adbfedf8f5f0cce674

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:02 GMT
content-encoding
gzip
server
nginx
age
0
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin
https://dl-file.com
cache-control
no-store
access-control-allow-credentials
true
content-type
application/json; charset=utf-8
content-length
6433
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/
15 KB
16 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:820::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://dl-file.com
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sat, 22 Jan 2022 07:38:42 GMT
x-content-type-options
nosniff
age
442641
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:19 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sun, 22 Jan 2023 07:38:42 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame CDD8
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:820::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://dl-file.com
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sat, 22 Jan 2022 07:38:42 GMT
x-content-type-options
nosniff
age
442641
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:19 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sun, 22 Jan 2023 07:38:42 GMT
swfIndex.php
ads.stickyadstv.com/www/delivery/ Frame FC14
67 B
533 B
XHR
General
Full URL
https://ads.stickyadstv.com/www/delivery/swfIndex.php?reqType=AdsSetup&protocolVersion=2.0&zoneId=14000367&componentId=prebid&componentSubId=mustang&timestamp=1643279763094&pKey=182106048&loc=https%3A%2F%2Fdl-file.com%2F&playerSize=400x225&schain=1.0%2C1!network-n.com%2Cpa_f06496e7%2C1%2C%2C%2C!primis.tech%2C28588%2C1%2C%2C%2C
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_8.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
63.251.28.218 , United States, ASN13789 (INTERNAP-BLK3, US),
Reverse DNS
Software
nginx /
Resource Hash
291437ea71e62b1c35d4ec5d3c5ad02cfa930343b41b1472fba70243089c8bbe

Request headers

Referer
https://dl-file.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:03 GMT
Server
nginx
Transfer-Encoding
chunked
Content-Type
application/xml;charset=UTF-8
Access-Control-Allow-Origin
https://dl-file.com
Cache-Control
no-cache
Access-Control-Allow-Credentials
true
Connection
keep-alive
x-sticky-vk
1643279763622039-317
translator
hbopenbid.pubmatic.com/ Frame FC14
0
113 B
XHR
General
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_8.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.111 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://dl-file.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dl-file.com
date
Thu, 27 Jan 2022 10:36:01 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vid61eac353815ce248375380.jpg
video.primis.tech/uploads/cn18/video/users/converted/28588/video_609bae6a84e18530638482/
20 KB
20 KB
Image
General
Full URL
https://video.primis.tech/uploads/cn18/video/users/converted/28588/video_609bae6a84e18530638482/vid61eac353815ce248375380.jpg?cbuster=1642776192
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.238.215.60 New York, United States, ASN36007 (KAMATERA, US),
Reverse DNS
Software
Tengine /
Resource Hash
e6e39c9e08dd80a3a54bd1f590ca4095d8c81394e63932dec839ed675ec5b92a

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
via
1.1 1b5c465964c3adabd634c860b3e30ca0.cloudfront.net (CloudFront)
last-modified
Fri, 21 Jan 2022 14:43:12 GMT
server
Tengine
x-amz-cf-pop
IAD50-C2
etag
"cc080fe9c784f6f99f6eda4600698d4c"
content-type
image/jpeg
access-control-allow-origin
*
expires
Thu, 10 Feb 2022 10:36:03 GMT
cache-control
max-age=1209600
accept-ranges
bytes
content-length
20312
x-amz-cf-id
kNt_lNqMTxe0Bw8N3TGkmxjEIOCTxG0SROtX9DXvYLQgwH6uUysvlQ==
x-proxy-cache
HIT
PugMaster
image6.pubmatic.com/AdServer/ Frame 0AD5
5 KB
6 KB
Script
General
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=43827807&p=159196&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D0%26gdpr_consent%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.113 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
10921a7b0c969559e7be0fefffd09058e7105033bc0da803e417c27b30c2aa70

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:02 GMT
content-type
text/html; charset=UTF-8
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
csync
sync.console.adtarget.com.tr/ Frame D197
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=admatic
  • https://creativecdn.com/cm-notify?pi=admatic&tc=1
  • https://sync.console.adtarget.com.tr/csync?t=a&ep=307080&extuid=ZugxgMfMSiDFdMdGSo7L&pi=admatic&tc=1
0
407 B
Document
General
Full URL
https://sync.console.adtarget.com.tr/csync?t=a&ep=307080&extuid=ZugxgMfMSiDFdMdGSo7L&pi=admatic&tc=1
Requested by
Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
23.227.139.243 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software
VertaMedia 1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://s.console.adtarget.com.tr/

Response headers

Server
VertaMedia 1.0
Date
Thu, 27 Jan 2022 10:36:02 GMT
Content-Length
0
Etag
7b95e55870966218

Redirect headers

date
Thu, 27 Jan 2022 10:36:03 GMT Thu, 27 Jan 2022 10:36:03 GMT
location
https://sync.console.adtarget.com.tr/csync?t=a&ep=307080&extuid=ZugxgMfMSiDFdMdGSo7L&pi=admatic&tc=1
cache-control
no-cache, no-store, must-revalidate, private, max-age=0
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
content-length
0
/
ads.us.e-planning.net/uspd/1/ Frame 8038
Redirect Chain
  • https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
  • https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
2 KB
1 KB
Document
General
Full URL
https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Requested by
Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
172.98.26.126 Ashburn, United States, ASN399668 (E-PLANNING-, US),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
2a8a118789b192ee7c07041b55e6c890268fc2d2d22be5cd509300a40e0baa00

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://s.console.adtarget.com.tr/

Response headers

server
openresty
date
Thu, 27 Jan 2022 10:36:03 GMT
content-type
text/html
cache-control
max-age=0, no-cache
p3p
policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
expires
Thu, 27 Jan 2022 10:36:03 GMT
x-sid
IAD-1222
content-encoding
gzip

Redirect headers

server
openresty
date
Thu, 27 Jan 2022 10:36:03 GMT
content-type
text/html; charset=iso-8859-1
p3p
policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
location
/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
x-sid
IAD-1222
pbsync.html
js.adscale.de/ Frame 2949
3 KB
2 KB
Document
General
Full URL
https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
Requested by
Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21da:ae00:f:4f64:8940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ecde72bc5d9fd5bc5150218535ae8f75ad9161924b91e64b7995c495fc90c246

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://s.console.adtarget.com.tr/

Response headers

content-type
text/html
last-modified
Fri, 21 Jan 2022 03:53:43 GMT
x-amz-version-id
9EXG5D7gSEtb3BiUSVKAeG8DwJodDYlp
server
AmazonS3
content-encoding
gzip
date
Thu, 27 Jan 2022 09:53:52 GMT
cache-control
max-age=7200
etag
W/"5550fca00caf055568d6ced373f2721f"
vary
Accept-Encoding
x-cache
Hit from cloudfront
via
1.1 ab3cd7cfdd9d5cf21e29b3ffd33aa170.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-C1
x-amz-cf-id
m5w_bcRWcq0dJ7Ni7See5kBxfYuBYnqYwmTAqGV7EGBZfas-n3ohDQ==
age
5537
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame D82B
14 KB
5 KB
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307406%26extuid%3D
Requested by
Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.54.68.197 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-54-68-197.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://s.console.adtarget.com.tr/

Response headers

last-modified
Tue, 15 Jun 2021 06:08:03 GMT
etag
"1300708-3945-5c4c7cc02bd56"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5054
content-type
text/html; charset=UTF-8
cache-control
max-age=84066
expires
Fri, 28 Jan 2022 09:57:09 GMT
date
Thu, 27 Jan 2022 10:36:03 GMT
vary
Accept-Encoding
cookie
cm.adform.net/ Frame E189
43 B
106 B
Document
General
Full URL
https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307457%26extuid%3D%24UID
Requested by
Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.25 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://s.console.adtarget.com.tr/

Response headers

server
nginx
date
Thu, 27 Jan 2022 10:36:03 GMT
content-type
image/gif
content-length
43
user
cdn.admatic.com.tr/ Frame CBA8
251 B
663 B
Document
General
Full URL
https://cdn.admatic.com.tr/user
Requested by
Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.181.168.47 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
edge-742.bunnyinfra.net
Software
BunnyCDN-NY1-742 /
Resource Hash
62b58b017cf4d54dc404dbc48e49b0429cbbb46678a868a95bf17664cc6340fd

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://s.console.adtarget.com.tr/

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
content-type
text/html
vary
Accept-Encoding
server
BunnyCDN-NY1-742
cdn-pullzone
266102
cdn-uid
bea626e5-d007-4073-8941-73ce8dd2f81c
cdn-requestcountrycode
CA
cdn-edgestorageid
742
cdn-storagebalancer
LA-107
cdn-storageserver
DE-53
cache-control
public, max-age=3600
cdn-fileserver
141
last-modified
Thu, 11 Feb 2021 13:30:42 GMT
cdn-cachedat
2022-01-01 00:23:02
cdn-requestpullsuccess
True
cdn-requestpullcode
206
cdn-requestid
78a50882a7e9a5aa4678a05481548abb
cdn-status
200
cdn-cache
HIT
content-encoding
gzip
csync
sync.console.adtarget.com.tr/ Frame 404D
0
397 B
Document
General
Full URL
https://sync.console.adtarget.com.tr/csync?t=a&ep=502624&extuid=${USER_ID}
Requested by
Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
23.227.139.243 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software
VertaMedia 1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://s.console.adtarget.com.tr/

Response headers

Server
VertaMedia 1.0
Date
Thu, 27 Jan 2022 10:36:02 GMT
Content-Length
0
Etag
7b95e55870966218
csync
sync.console.adtarget.com.tr/ Frame 7ACE
0
397 B
Document
General
Full URL
https://sync.console.adtarget.com.tr/csync?t=a&ep=544989&extuid=${USER_ID}
Requested by
Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
23.227.139.243 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software
VertaMedia 1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://s.console.adtarget.com.tr/

Response headers

Server
VertaMedia 1.0
Date
Thu, 27 Jan 2022 10:36:02 GMT
Content-Length
0
Etag
7b95e55870966218
csync
sync.console.adtarget.com.tr/ Frame D0F5
0
397 B
Image
General
Full URL
https://sync.console.adtarget.com.tr/csync?t=a&ep=306708&extuid=${USER_ID}
Requested by
Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
23.227.139.243 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software
VertaMedia 1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://s.console.adtarget.com.tr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 10:36:02 GMT
Server
VertaMedia 1.0
Etag
7b95e55870966218
Content-Length
0
csync
sync.console.adtarget.com.tr/ Frame D0F5
43 B
331 B
Image
General
Full URL
https://sync.console.adtarget.com.tr/csync?redir=
Requested by
Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
23.227.139.243 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software
VertaMedia 1.0 /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://s.console.adtarget.com.tr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 10:36:02 GMT
Server
VertaMedia 1.0
Etag
7b95e55870966218
Content-Length
43
Content-Type
image/gif
match
c1.adform.net/serving/cookie/ Frame 3CCB
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=14&cid=B09EB3C0-DC2F-4842-9351-62624B73CF07
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=B09EB3C0-DC2F-4842-9351-62624B73CF07
35 B
467 B
Document
General
Full URL
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=B09EB3C0-DC2F-4842-9351-62624B73CF07
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D0%26gdpr_consent%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.167.164.51 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Thu, 27 Jan 2022 10:36:03 GMT
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate, no-transform
pragma
no-cache
expires
-1
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
strict-transport-security
max-age=31536000; includeSubDomains

Redirect headers

server
nginx
date
Thu, 27 Jan 2022 10:36:03 GMT
content-length
0
location
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=B09EB3C0-DC2F-4842-9351-62624B73CF07
cache-control
no-cache, no-store, must-revalidate, no-transform
pragma
no-cache
expires
-1
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
strict-transport-security
max-age=31536000; includeSubDomains
Pug
simage2.pubmatic.com/AdServer/ Frame 75D4
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YfJ1kgABr3rv_ABH&gdpr=0&gdpr_consent=
1 B
545 B
Document
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YfJ1kgABr3rv_ABH&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D0%26gdpr_consent%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Thu, 27 Jan 2022 10:36:03 GMT
content-type
text/html; charset=utf-8
content-length
1
x-lat
njrpug018:0:502
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

server
Varnish
retry-after
0
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YfJ1kgABr3rv_ABH&gdpr=0&gdpr_consent=
accept-ranges
bytes
date
Thu, 27 Jan 2022 10:36:03 GMT
via
1.1 varnish
x-served-by
cache-yul12827-YUL
x-cache
HIT
x-cache-hits
0
x-timer
S1643279763.287690,VS0,VE0
cache-control
no-cache
pragma
no-cache
content-length
0
Pug
simage2.pubmatic.com/AdServer/ Frame E2C8
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:ae5661f2-7593-4600-a67e-b76a480711f0&gdpr=0&gdpr_consent=
42 B
358 B
Document
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:ae5661f2-7593-4600-a67e-b76a480711f0&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D0%26gdpr_consent%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Thu, 27 Jan 2022 10:36:03 GMT
content-type
image/gif; charset=utf-8
content-length
42
x-lat
njrpug019:0:521
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

Date
Thu, 27 Jan 2022 10:36:03 GMT
Content-Type
image/gif
Content-Length
0
Connection
keep-alive
Keep-Alive
timeout=360
Access-Control-Allow-Origin
*
Server
MT3 4133 baa842e master iad-pixel-x11 config:1.0.0
Cache-Control
no-cache
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:ae5661f2-7593-4600-a67e-b76a480711f0&gdpr=0&gdpr_consent=
Expires
Thu, 27 Jan 2022 10:36:02 GMT
ImgSync
image8.pubmatic.com/AdServer/ Frame D7F6
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1
  • https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFEX2tFN0Q1T3NBQUVabUxjb1NKZw&bee_sync_partners=syn%2Cpp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&...
  • https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=syn%2Cpp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
  • https://sync.technoratimedia.com/services?srv=cs&pid=73&uid=AAD_kE7D5OsAAEZmLcoSJg&cb=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Csas%252Cpm%26bee_sync_current_partn...
  • https://match.prod.bidr.io/cookie-sync?bee_sync_partners=pp,sas,pm&bee_sync_current_partner=syn&bee_sync_initiator=adx&bee_sync_hop_count=2
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAD_kE7D5OsAAEZmLcoSJg
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
0
0
Document
General
Full URL
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D0%26gdpr_consent%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
162.248.18.11 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

cache-control
private,max-age=86400
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date
Thu, 27 Jan 2022 10:36:02 GMT

Redirect headers

server
nginx
date
Thu, 27 Jan 2022 10:36:03 GMT
x-lat
sfopug013:0:470
location
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private
Pug
simage2.pubmatic.com/AdServer/ Frame 05D8
Redirect Chain
  • https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCooki...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
42 B
188 B
Document
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D0%26gdpr_consent%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Thu, 27 Jan 2022 06:27:38 GMT
content-type
image/gif; charset=utf-8
content-length
42
x-lat
njrpug027:0:344
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

date
Thu, 27 Jan 2022 10:36:02 GMT
server
Kestrel
content-length
0
cache-control
no-cache
pragma
no-cache
expires
Thu, 27 Jan 2022 00:00:00 GMT
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
x-errorlevel
0
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
2671085
strict-transport-security
max-age=31536000; preload;
141
match.deepintent.com/usersync/ Frame 72E5
0
222 B
Document
General
Full URL
https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D0%26gdpr_consent%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
38.91.45.7 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
Software
c /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

p3p
policyref='http://cdn.deepintent.com/p3p.xml', CP='NON CUR DEV TAI'
content-type
image/gif
content-length
0
date
Thu, 27 Jan 2022 10:36:03 GMT
server
c
ProfilesEngineServlet
sync.intentiq.com/profiles_engine/ Frame 8570
Redirect Chain
  • https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
  • https://cm.adgrx.com/bridge.gif?AG_PID=pubmatic&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=ed229770-7f5c-11ec-b8cd-a176aed107ee
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1402230080&mi=10&csh=1725065545&rnd=-2146729112&pcid=B09EB3C0-DC2F-4842-9351-62624B73CF07
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1709765917%26mi%3D10%26csh%3D1725065545%3B1402230080%26rnd%3D-547671279&pcid=...
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1709765917&mi=10&csh=1725065545;1402230080&rnd=-547671279&pcid=8076697769768775013
  • https://u.openx.net/w/1.0/cm?id=476b50d3-5ccf-49a1-89b8-1ddf8ea18042&r=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1486637409%26mi%3D10%26csh%3D17250...
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1486637409&mi=10&csh=1725065545;1402230080;1709765917&rnd=1414594404&pcid=ac5a11b0-0971-42c2-ad24-0fb13e7291d4
  • https://sync.search.spotxchange.com/partner?adv_id=8805&redir=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1072441116%26mi%3D10%26csh%3D1725065545%3B1...
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1072441116&mi=10&csh=1725065545;1402230080;1709765917;1486637409&rnd=1199885315&pcid=ecee3721-7f5c-11ec-b664-12d4f2240203
  • https://sync.mathtag.com/sync/img?mt_exid=10019&redir=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1678944572%26mi%3D10%26csh%3D1725065545%3B140223008...
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1678944572&mi=10&csh=1725065545;1402230080;1709765917;1486637409;1072441116&rnd=-2139492339&pcid=ae5661f2-7593-4600-a67e-b7...
  • https://ce.lijit.com/merge?pid=8101&3pid=PyhM2rLAGW&location=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D396218182%26mi%3D10%26csh%3D1725065545%3B140...
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=396218182&mi=10&csh=1725065545;1402230080;1709765917;1486637409;1072441116;1678944572&rnd=-630398492&pcid=ea8da53a8382297d9...
  • https://sync.1rx.io/usersync/intentiq/0?dspret=1&redir=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D541745869%26mi%3D10%26csh%3D1725065545%3B140223008...
  • https://sync.1rx.io/usersync/intentiq/0?zcc=1&redir=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D541745869%26mi%3D10%26csh%3D1725065545%3B1402230080%3...
  • https://sync.targeting.unrulymedia.com/csync/RX-34bda023-e7fb-4006-a037-75451037f05f-005?redir=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D541745869%...
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=541745869&mi=10&csh=1725065545;1402230080;1709765917;1486637409;1072441116;1678944572;396218182&rnd=-1741579180&pcid=RX-34b...
43 B
1 KB
Document
General
Full URL
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=541745869&mi=10&csh=1725065545;1402230080;1709765917;1486637409;1072441116;1678944572;396218182&rnd=-1741579180&pcid=RX-34bda023-e7fb-4006-a037-75451037f05f-005
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D0%26gdpr_consent%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.31.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-31-35.ewr53.r.cloudfront.net
Software
Apache-Coyote/1.1 /
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

content-type
image/gif
content-length
43
date
Thu, 27 Jan 2022 10:36:04 GMT
server
Apache-Coyote/1.1
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
x-cache
Miss from cloudfront
via
1.1 5301cc544de32ec737d1069c11f7df30.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-C2
x-amz-cf-id
Nw4KgiptAihOoHOjtNYuewBs51uvVBM0zDPk1nbWsxfG115Mraomfw==

Redirect headers

Server
Tengine
Date
Thu, 27 Jan 2022 10:36:04 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
P3P
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Location
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=541745869&mi=10&csh=1725065545;1402230080;1709765917;1486637409;1072441116;1678944572;396218182&rnd=-1741579180&pcid=RX-34bda023-e7fb-4006-a037-75451037f05f-005
ETag
RX34bda023e7fb4006a03775451037f05f005
d1ba4609
rtb.gumgum.com/getuid/ Frame A401
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=11
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=QrJbSI1kTdhjVy9nAXnghZU4mbg
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
  • https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
  • https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=8076697769768775013
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
  • https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
35 B
209 B
Document
General
Full URL
https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D0%26gdpr_consent%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.205.181.35 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-205-181-35.compute-1.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

content-type
text/html; charset=utf-8
location
https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date
Thu, 27 Jan 2022 10:36:02 GMT
content-length
216
pbmtc.gif
beacon.lynx.cognitivlabs.com/ Frame C071
Redirect Chain
  • https://beacon.lynx.cognitivlabs.com/pbmtc.gif?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTM0MzkmdGw9MTI5NjAw&piggybackCookie=$UID
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTM0MzkmdGw9MTI5NjAw&piggybackCookie=a9a074dc-98b5-4181-8327-6aa57c315c4d&r=https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=$...
  • https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=B09EB3C0-DC2F-4842-9351-62624B73CF07
42 B
350 B
Document
General
Full URL
https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=B09EB3C0-DC2F-4842-9351-62624B73CF07
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D0%26gdpr_consent%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.175.36.162 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-175-36-162.compute-1.amazonaws.com
Software
Kestrel /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
content-type
image/gif
content-length
42
server
Kestrel

Redirect headers

server
nginx
date
Thu, 27 Jan 2022 10:36:03 GMT
x-lat
njrpug008:0:534
location
https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=B09EB3C0-DC2F-4842-9351-62624B73CF07
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private
i.match
s.tribalfusion.com/z/ Frame 3223
Redirect Chain
  • https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATI...
  • https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMA...
43 B
411 B
Document
General
Full URL
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D0%26gdpr_consent%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:d05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
content-type
image/gif; charset=utf-8
content-length
43
p3p
CP="NOI DEVo TAIa OUR BUS"
x-function
302
cache-control
no-cache private
expires
Thu, 01 Jan 1970 00:00:00 GMT
pragma
no-cache
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6d415679de3c7151-YUL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

date
Thu, 27 Jan 2022 10:36:03 GMT
content-type
text/html
location
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
p3p
CP="NOI DEVo TAIa OUR BUS"
x-function
206
x-reuse-index
1126
cache-control
no-cache private
expires
Thu, 01 Jan 1970 00:00:00 GMT
pragma
no-cache
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6d4156791dce7151-YUL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Pug
simage2.pubmatic.com/AdServer/ Frame 3126
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent=
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:vv14SpX61Nd28j5&gdpr=0&gdpr_consent=
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
  • https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:3839d6e9-2d72-4fa4-b31f-02c90b6d8112&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
42 B
129 B
Document
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:3839d6e9-2d72-4fa4-b31f-02c90b6d8112&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D0%26gdpr_consent%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Thu, 27 Jan 2022 10:36:03 GMT
content-type
image/gif; charset=utf-8
content-length
42
x-lat
njrpug013:0:567
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

Date
Thu, 27 Jan 2022 10:36:03 GMT
Server
Apache
P3P
policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"
Location
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:3839d6e9-2d72-4fa4-b31f-02c90b6d8112&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Content-Length
0
Keep-Alive
timeout=5, max=3000
Connection
Keep-Alive
d1ba4609
rtb.gumgum.com/getuid/ Frame A147
Redirect Chain
  • https://mweb.ck.inmobi.com/sync/15?redirect=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA%3D%3D%26piggybackCookie%3D%24DSP_CKID
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQzNSZ0bD00MzIwMA==&piggybackCookie=94084a27-cd62-4568-8595-1c9383506ae6
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
  • https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
35 B
208 B
Document
General
Full URL
https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D0%26gdpr_consent%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.205.181.35 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-205-181-35.compute-1.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
content-type
image/gif;charset=UTF-8
content-length
35
server
nginx
cache-control
private, no-store, must-revalidate, max-age=0
expires
0
pragma
no-cache
timing-allow-origin
*

Redirect headers

content-type
text/html; charset=utf-8
location
https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date
Thu, 27 Jan 2022 10:36:02 GMT
content-length
216
ProfilesEngineServlet
sync.intentiq.com/profiles_engine/ Frame AE4D
Redirect Chain
  • https://ums.acuityplatform.com/tum?umid=6
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=642939852354
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1402230080&mi=10&csh=1725065545&rnd=-2146729112&pcid=B09EB3C0-DC2F-4842-9351-62624B73CF07
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1709765917%26mi%3D10%26csh%3D1725065545%3B1402230080%26rnd%3D1651642158&pcid=...
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1709765917&mi=10&csh=1725065545;1402230080&rnd=1651642158&pcid=8076697769768775013
  • https://u.openx.net/w/1.0/cm?id=476b50d3-5ccf-49a1-89b8-1ddf8ea18042&r=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1486637409%26mi%3D10%26csh%3D17250...
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1486637409&mi=10&csh=1725065545;1402230080;1709765917&rnd=-1048493698&pcid=ac5a11b0-0971-42c2-ad24-0fb13e7291d4
  • https://sync.search.spotxchange.com/partner?adv_id=8805&redir=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1072441116%26mi%3D10%26csh%3D1725065545%3B1...
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1072441116&mi=10&csh=1725065545;1402230080;1709765917;1486637409&rnd=625797583&pcid=ecee3721-7f5c-11ec-b664-12d4f2240203
  • https://sync.mathtag.com/sync/img?mt_exid=10019&redir=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D1678944572%26mi%3D10%26csh%3D1725065545%3B140223008...
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=1678944572&mi=10&csh=1725065545;1402230080;1709765917;1486637409;1072441116&rnd=1556134368&pcid=ae5661f2-7593-4600-a67e-b76...
  • https://ce.lijit.com/merge?pid=8101&3pid=PyhM2rLAGW&location=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D396218182%26mi%3D10%26csh%3D1725065545%3B140...
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=396218182&mi=10&csh=1725065545;1402230080;1709765917;1486637409;1072441116;1678944572&rnd=-1869466815&pcid=ea8da53a8382297d...
  • https://sync.1rx.io/usersync/intentiq/0?dspret=1&redir=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D541745869%26mi%3D10%26csh%3D1725065545%3B140223008...
  • https://sync.1rx.io/usersync/intentiq/0?zcc=1&redir=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D541745869%26mi%3D10%26csh%3D1725065545%3B1402230080%3...
  • https://sync.targeting.unrulymedia.com/csync/RX-a90002de-8bb6-4b1f-b058-c4573ef93963-005?redir=https%3A%2F%2Fsync.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D541745869%...
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=541745869&mi=10&csh=1725065545;1402230080;1709765917;1486637409;1072441116;1678944572;396218182&rnd=-770594566&pcid=RX-a900...
43 B
1 KB
Document
General
Full URL
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=541745869&mi=10&csh=1725065545;1402230080;1709765917;1486637409;1072441116;1678944572;396218182&rnd=-770594566&pcid=RX-a90002de-8bb6-4b1f-b058-c4573ef93963-005
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D0%26gdpr_consent%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.31.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-31-35.ewr53.r.cloudfront.net
Software
Apache-Coyote/1.1 /
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

content-type
image/gif
content-length
43
date
Thu, 27 Jan 2022 10:36:04 GMT
server
Apache-Coyote/1.1
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
x-cache
Miss from cloudfront
via
1.1 5301cc544de32ec737d1069c11f7df30.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-C2
x-amz-cf-id
A9savDFn9BTr-lYOo1CDEK14HTK3LDvVc4JUuxBXkQGDfS3qan8jLg==

Redirect headers

Server
Tengine
Date
Thu, 27 Jan 2022 10:36:04 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
P3P
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Location
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=541745869&mi=10&csh=1725065545;1402230080;1709765917;1486637409;1072441116;1678944572;396218182&rnd=-770594566&pcid=RX-a90002de-8bb6-4b1f-b058-c4573ef93963-005
ETag
RXa90002de8bb64b1fb058c4573ef93963005
ImgSync
image8.pubmatic.com/AdServer/ Frame ECD9
Redirect Chain
  • https://match.bnmla.com/usersync?sspid=10738&redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw%26piggybackCookie%3D%5BUUID%5D
  • https://um.simpli.fi/bnmlahttps%3A%2F%2Fmatch.bnmla.com%2Fusersync%3Fdspid%3D6%26uuid%3D%24UID
  • https://match.bnmla.com/usersync?dspid=6&uuid=40B9F463736C486D959A5DD2CDD1535E
  • https://sync.technoratimedia.com/services?srv=cs&pid=70&cb=https%3A%2F%2Fmatch.bnmla.com%2Fusersync%3Fdspid%3D170%26uuid%3D%5BUSER_ID%5D
  • https://match.bnmla.com/usersync?dspid=170&uuid=AE5B512D4C1E42A889A0326421311214
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw&piggybackCookie=f8d06313-9395-4c25-87ce-6f8ce6901e87
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
0
0
Document
General
Full URL
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D0%26gdpr_consent%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
162.248.18.11 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

cache-control
private,max-age=86400
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date
Thu, 27 Jan 2022 10:36:02 GMT

Redirect headers

server
nginx
date
Thu, 27 Jan 2022 07:31:19 GMT
x-lat
njrpug024:0:347
location
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private
Pug
simage2.pubmatic.com/AdServer/ Frame C814
Redirect Chain
  • https://px.owneriq.net/epm?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=$UID
  • https://px.owneriq.net/ecc?redir=https%3a%2f%2fsimage2.pubmatic.com%2fAdServer%2fPug%3fvcode%3dbz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw%26piggybackCookie%3dQ6965661631600973261&uid=Q696566163160097...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=Q6965661631600973261
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
  • https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:acc014df-3d8c-451a-8877-463a39727408&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
42 B
187 B
Document
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:acc014df-3d8c-451a-8877-463a39727408&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D0%26gdpr_consent%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Thu, 27 Jan 2022 07:31:51 GMT
content-type
image/gif; charset=utf-8
content-length
42
x-lat
njrpug028:0:395
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

Date
Thu, 27 Jan 2022 10:36:03 GMT
Server
Apache
P3P
policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"
Location
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:acc014df-3d8c-451a-8877-463a39727408&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Content-Length
0
Keep-Alive
timeout=5, max=3000
Connection
Keep-Alive
liveCS.php
live.primis.tech/live/ Frame 5436
0
223 B
Document
General
Full URL
https://live.primis.tech/live/liveCS.php?source=external&csuuid=61f275927240c&pixel=&advId=91&advUuid=B09EB3C0-DC2F-4842-9351-62624B73CF07&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D0%26gdpr_consent%3D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.244.48.95 New York, United States, ASN36007 (KAMATERA, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Thu, 27 Jan 2022 10:36:03 GMT
content-type
text/html; charset=utf-8
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control
no-store
pragma
no-cache
age
0
content-encoding
gzip
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 0AD5
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=sJ6zwNwvSEKTUWJiS3PPBw%3D%3D
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
14 KB
14 KB
Image
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D0%26gdpr_consent%3D
Protocol
H2
Server
23.54.68.197 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-54-68-197.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
content-encoding
gzip
last-modified
Tue, 15 Jun 2021 06:08:03 GMT
server
Apache/2.2.15 (CentOS)
etag
"1300708-3945-5c4c7cc02bd56"
vary
Accept-Encoding
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
max-age=84066
accept-ranges
bytes
content-type
text/html; charset=UTF-8
content-length
5054
expires
Fri, 28 Jan 2022 09:57:09 GMT

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:03 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
272
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
458249.gif
idsync.rlcdn.com/ Frame 0AD5
Redirect Chain
  • https://idsync.rlcdn.com/420486.gif?partner_uid=B09EB3C0-DC2F-4842-9351-62624B73CF07
  • https://pippio.com/api/sync?pid=5324&it=1&iv=82afbd619b2d0572292835bdba0b387ad3317d0f677097e3e4ecf4d1535e4a90791426b5417dce21&_=2
  • https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpElsKVwgBEJInGlA4MmFmYmQ2MTliMmQwNTcyMjkyODM1YmRiYTBiMzg3YWQzMzE3ZDBmNjc3MDk3ZTNlNGVjZjRkMTUzNWU0YTkwNzkxNDI2YjU...
  • https://pippio.com/api/sync/ddp?pid=2&m=CMwpElsKVwgBEJInGlA4MmFmYmQ2MTliMmQwNTcyMjkyODM1YmRiYTBiMzg3YWQzMzE3ZDBmNjc3MDk3ZTNlNGVjZjRkMTUzNWU0YTkwNzkxNDI2YjU0MTdkY2UyMRAAGgwIk-vJjwYSBAgCEABCAEoA&goog...
  • https://tags.rd.linksynergy.com/rcs?ns=lr&uid3=
  • https://idsync.rlcdn.com/458249.gif?partner_uid=4c2c312e-e822-455d-a6bd-696ed236160a
42 B
60 B
Image
General
Full URL
https://idsync.rlcdn.com/458249.gif?partner_uid=4c2c312e-e822-455d-a6bd-696ed236160a
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D0%26gdpr_consent%3D
Protocol
H3
Server
35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
146.60.190.35.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 27 Jan 2022 10:36:03 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42

Redirect headers

location
https://idsync.rlcdn.com/458249.gif?partner_uid=4c2c312e-e822-455d-a6bd-696ed236160a
date
Thu, 27 Jan 2022 10:36:03 GMT
via
1.1 google
x-samesite
secure
alt-svc
clear
content-length
111
content-type
text/html; charset=utf-8
SPug
image4.pubmatic.com/AdServer/ Frame 0AD5
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=ae5661f2-7593-4600-a67e-b76a480711f0
0
260 B
Image
General
Full URL
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=ae5661f2-7593-4600-a67e-b76a480711f0
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D0%26gdpr_consent%3D
Protocol
H2
Server
104.36.115.114 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date
Thu, 27 Jan 2022 10:36:03 GMT
Server
MT3 4133 baa842e master iad-pixel-x24 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=ae5661f2-7593-4600-a67e-b76a480711f0
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Thu, 27 Jan 2022 10:36:02 GMT
Pug
image2.pubmatic.com/AdServer/ Frame 0AD5
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QjA5RUIzQzAtREMyRi00ODQyLTkzNTEtNjI2MjRCNzNDRjA3&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
42 B
186 B
Image
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D0%26gdpr_consent%3D
Protocol
H2
Server
104.36.113.17 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 04:51:03 GMT
cache-control
no-store, no-cache, private
x-lat
sfopug004:0:329
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:03 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame 0AD5
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEDcASlNj9LjEWEWrsWick5c&google_cver=1
0
0
Image
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEDcASlNj9LjEWEWrsWick5c&google_cver=1
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D0%26gdpr_consent%3D
Protocol
H2
Server
104.36.113.17 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:03 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEDcASlNj9LjEWEWrsWick5c&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
379
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ImgSync
image8.pubmatic.com/AdServer/ Frame 0AD5
Redirect Chain
  • https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:40B9F463736C486D959A5DD2CDD1535E
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
0
109 B
Image
General
Full URL
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D0%26gdpr_consent%3D
Protocol
H2
Server
162.248.18.11 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
date
Thu, 27 Jan 2022 10:36:02 GMT
cache-control
no-store, no-cache, private
x-lat
sfopug005:0:455
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
ImgSync
image8.pubmatic.com/AdServer/ Frame 0AD5
Redirect Chain
  • https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=4331370182010635377&gdpr=0&gdpr_consent=&us_privacy=
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
0
112 B
Image
General
Full URL
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D0%26gdpr_consent%3D
Protocol
H2
Server
162.248.18.11 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:02 GMT
cache-control
private,max-age=86400
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
date
Thu, 27 Jan 2022 10:36:03 GMT
cache-control
no-store, no-cache, private
x-lat
njrpug016:0:585
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Pug
simage2.pubmatic.com/AdServer/ Frame 0AD5
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9
42 B
295 B
Image
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D0%26gdpr_consent%3D
Protocol
H2
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
cache-control
no-store, no-cache, private
x-lat
njrpug020:0:455
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:03 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
313
B09EB3C0-DC2F-4842-9351-62624B73CF07
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame 0AD5
43 B
990 B
Image
General
Full URL
https://pr-bh.ybp.yahoo.com/sync/pubmatic/B09EB3C0-DC2F-4842-9351-62624B73CF07?gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D0%26gdpr_consent%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:4e9:5a01:5d12:a26d:2c7b:2781 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
SPug
image4.pubmatic.com/AdServer/ Frame 0AD5
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=B09EB3C0-DC2F-4842-9351-62624B73CF07&redir=true&gdpr=0&gdpr_consent=
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=B09EB3C0-DC2F-4842-9351-62624B73CF07&redir=true&gdpr=0&gdpr_consent=&verify=true
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-dMySDyxE2uWlK3gzxRDNanS3EJeWOHw-~A&gdpr=0&gdpr_consent=
0
48 B
Image
General
Full URL
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-dMySDyxE2uWlK3gzxRDNanS3EJeWOHw-~A&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D0%26gdpr_consent%3D
Protocol
H2
Server
104.36.115.114 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-dMySDyxE2uWlK3gzxRDNanS3EJeWOHw-~A&gdpr=0&gdpr_consent=
date
Thu, 27 Jan 2022 10:36:03 GMT
server
ATS/9.1.0.33
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Pug
image2.pubmatic.com/AdServer/ Frame 0AD5
Redirect Chain
  • https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=8076697769768775013&gdpr=0&gdpr_consent=
42 B
535 B
Image
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=8076697769768775013&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D0%26gdpr_consent%3D
Protocol
H2
Server
104.36.113.17 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:02 GMT
cache-control
no-store, no-cache, private
x-lat
sfopug003:0:313
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:03 GMT
X-Proxy-Origin
149.56.153.184; 149.56.153.184; 806.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
038076aa-9664-4996-93ec-7c5f3a64edd7
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=8076697769768775013&gdpr=0&gdpr_consent=
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame 0AD5
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_cons...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=ed29ef90-7f5c-11ec-8a96-67f41156c3d5&gdpr=0&gdpr_consent=
1 B
217 B
Image
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=ed29ef90-7f5c-11ec-8a96-67f41156c3d5&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D0%26gdpr_consent%3D
Protocol
H2
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
cache-control
no-store, no-cache, private
x-lat
njrpug011:0:767
server
nginx
content-type
text/html; charset=utf-8
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=ed29ef90-7f5c-11ec-8a96-67f41156c3d5&gdpr=0&gdpr_consent=
Date
Thu, 27 Jan 2022 10:36:02 GMT
Server
Apache-Coyote/1.1
Connection
keep-alive
Content-Length
0
X-CI-RTID
ed29ef91-7f5c-11ec-8a96-67f41156c3d5
ImgSync
image8.pubmatic.com/AdServer/ Frame 0AD5
Redirect Chain
  • https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=B09EB3C0-DC2F-4842-9351-62624B73CF07&gdpr=0&gdpr_consent=
  • https://pubmatic-match.dotomi.com/match/bounce/current?DotomiTest=765c9cc810f108ef&is_secure=true&networkId=17100&version=1&nuid=B09EB3C0-DC2F-4842-9351-62624B73CF07&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAADLZgTBhVIdANrckugAAAAAAA&expiration=1643366163&nuid=B09EB3C0-DC2F-4842-9351-62624B73CF07&...
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
0
43 B
Image
General
Full URL
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D0%26gdpr_consent%3D
Protocol
H2
Server
162.248.18.11 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:01 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
date
Thu, 27 Jan 2022 10:36:03 GMT
cache-control
no-store, no-cache, private
x-lat
njrpug029:0:517
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
CookieSyncPubMatic&gdpr=0&gdpr_consent=
rtb.adentifi.com/ Frame 0AD5
0
88 B
Image
General
Full URL
https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D0%26gdpr_consent%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.208.70.15 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-208-70-15.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Connection
keep-alive
Content-Length
0
Content-Type
text/plain
Pug
image2.pubmatic.com/AdServer/ Frame 0AD5
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=a-OvoWrn8KBw4vClPrDk92S2qqZw5fmrPrZ5UFSh
42 B
313 B
Image
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=a-OvoWrn8KBw4vClPrDk92S2qqZw5fmrPrZ5UFSh
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D0%26gdpr_consent%3D
Protocol
H2
Server
104.36.113.17 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:02 GMT
cache-control
no-store, no-cache, private
x-lat
sfopug001:0:478
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:03 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=a-OvoWrn8KBw4vClPrDk92S2qqZw5fmrPrZ5UFSh
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame 0AD5
Redirect Chain
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MTI5NjAw&piggybackCookie=97d4a6eb-c5a0-45bf-9f14-bc4cb64b87ff-61f27592-4341&gdpr=0&gdpr_consent=
42 B
387 B
Image
General
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MTI5NjAw&piggybackCookie=97d4a6eb-c5a0-45bf-9f14-bc4cb64b87ff-61f27592-4341&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D0%26gdpr_consent%3D
Protocol
H2
Server
104.36.113.17 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 07:18:00 GMT
cache-control
no-store, no-cache, private
x-lat
sfopug017:0:403
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:02 GMT
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MTI5NjAw&piggybackCookie=97d4a6eb-c5a0-45bf-9f14-bc4cb64b87ff-61f27592-4341&gdpr=0&gdpr_consent=
cache-control
max-age=0,no-cache,no-store
content-length
0
expires
Tue, 11 Oct 1977 12:34:56 GMT
ImgSync
image8.pubmatic.com/AdServer/ Frame 0AD5
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
  • https://inv-nets.admixer.net/adxcm.aspx?ssp=D41B0D84-4DB7-4D9C-81CC-3A497DB5D0A6&rurl=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D354%26user_id%3D%24%24visitor_cookie%24%24%26ssp%3Dpubmatic%26bsw_param...
  • https://x.bidswitch.net/sync?dsp_id=354&user_id=60a09d9a6c55480d8ef596ea357329d2&ssp=pubmatic&bsw_param=c842ca48-ee24-4529-8afa-5d2f74bfe7d3&gdpr=0&consent=&gdpr_pd=&expires=7
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=c842ca48-ee24-4529-8afa-5d2f74bfe7d3&gdpr=0&gdpr_consent=&gdpr_pd=
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
0
43 B
Image
General
Full URL
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D0%26gdpr_consent%3D
Protocol
H2
Server
162.248.18.11 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:02 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
date
Thu, 27 Jan 2022 10:36:03 GMT
cache-control
no-store, no-cache, private
x-lat
njrpug003:0:655
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
sn.ashx
pmp.mxptint.net/ Frame 0AD5
Redirect Chain
  • https://pmp.mxptint.net/sn.ashx?&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjc0NCZ0bD0xNTc2ODAw&piggybackCookie=R1B330_EA58DD1C_C4F741B&r=https://pmp.mxptint.net/sn.ashx?ak=1
  • https://pmp.mxptint.net/sn.ashx?ak=1
43 B
266 B
Image
General
Full URL
https://pmp.mxptint.net/sn.ashx?ak=1
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D0%26gdpr_consent%3D
Protocol
HTTP/1.1
Server
204.2.255.233 , United States, ASN2914 (NTT-COMMUNICATIONS-2914, US),
Reverse DNS
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
Security Headers
Name Value
Strict-Transport-Security max-age=-326266563; includeSubDomains

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:03 GMT
Cache-Control
no-cache
Expires
-1
Content-Length
43
Strict-Transport-Security
max-age=-326266563; includeSubDomains
Content-Type
image/gif

Redirect headers

location
https://pmp.mxptint.net/sn.ashx?ak=1
date
Thu, 27 Jan 2022 10:36:03 GMT
cache-control
no-store, no-cache, private
x-lat
njrpug007:0:527
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
d1ba4609
rtb.gumgum.com/getuid/ Frame 0AD5
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=3450203132156163805
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
  • https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
35 B
208 B
Image
General
Full URL
https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D0%26gdpr_consent%3D
Protocol
H2
Server
34.205.181.35 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-205-181-35.compute-1.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:03 GMT
server
nginx
content-type
image/gif;charset=UTF-8
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0

Redirect headers

location
https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
date
Thu, 27 Jan 2022 10:36:02 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
216
content-type
text/html; charset=utf-8
events
api.permutive.com/v2.0/batch/
101 B
132 B
XHR
General
Full URL
https://api.permutive.com/v2.0/batch/events?enrich=false&sdkp=true&k=77604859-ffe0-4bc9-9ccd-67044cad2410
Requested by
Host: 00917082-71e9-498e-8343-00c3df06b798.edge.permutive.app
URL: https://00917082-71e9-498e-8343-00c3df06b798.edge.permutive.app/00917082-71e9-498e-8343-00c3df06b798-web.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.254.252 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
252.254.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
864bc898e9c8db99b887a34d202717da3df7caa4c541487f874c141b2f608f03

Request headers

Referer
https://dl-file.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
content-type
text/plain

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
content-encoding
gzip
server
Permutive
vary
Origin,Access-Control-Request-Method
access-control-allow-methods
POST
content-type
application/json
access-control-allow-origin
https://dl-file.com
access-control-expose-headers
*
access-control-allow-credentials
true
access-control-max-age
86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
111
via
1.1 google
uu
ih.adscale.de/ Frame 2949
Redirect Chain
  • https://ih.adscale.de/uu?cbfn=receive&t=1643279763
  • https://ih.adscale.de/uu?cbfn=receive&t=1643279763&nut&uu=4a3494f4b38c4774a1502e08cfec66ee
44 B
213 B
Script
General
Full URL
https://ih.adscale.de/uu?cbfn=receive&t=1643279763&nut&uu=4a3494f4b38c4774a1502e08cfec66ee
Requested by
Host: js.adscale.de
URL: https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
Protocol
H2
Server
18.196.233.14 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-233-14.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
2f9b14165a3e311b57bd26c2d8674da402e61ce992d039cc25350b388d5f659f

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://js.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
content-length
44
content-type
text/javascript;charset=ISO-8859-1

Redirect headers

location
https://ih.adscale.de/uu?cbfn=receive&t=1643279763&nut&uu=4a3494f4b38c4774a1502e08cfec66ee
date
Thu, 27 Jan 2022 10:36:03 GMT
content-length
0
um
u-iad04.e-planning.net/ Frame 8038
Redirect Chain
  • https://pixel.sitescout.com/dmp/pixelSync?network=EPLANNING&rurl=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fuid%3D%7BUSER_ID%7D%26dc%3D0abbcb4eba840e59%26fi%3D6ee78b0b29ddbac9
  • https://loadm.exelator.com/load/?p=204&g=700&j=r&buid=97d4a6eb-c5a0-45bf-9f14-bc4cb64b87ff-61f27592-4341&ru=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_i...
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=97d4a6eb-c5a0-45bf-9f14-bc4cb64b87ff-61f27592-4341&partner_url=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fuid%3D97d4a6eb-c5...
  • https://u-iad04.e-planning.net/um?uid=97d4a6eb-c5a0-45bf-9f14-bc4cb64b87ff-61f27592-4341&dc=0abbcb4eba840e59&fi=6ee78b0b29ddbac9
42 B
103 B
Image
General
Full URL
https://u-iad04.e-planning.net/um?uid=97d4a6eb-c5a0-45bf-9f14-bc4cb64b87ff-61f27592-4341&dc=0abbcb4eba840e59&fi=6ee78b0b29ddbac9
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Server
172.98.26.125 Ashburn, United States, ASN399668 (E-PLANNING-, US),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
server
openresty
content-type
image/gif

Redirect headers

location
https://u-iad04.e-planning.net/um?uid=97d4a6eb-c5a0-45bf-9f14-bc4cb64b87ff-61f27592-4341&dc=0abbcb4eba840e59&fi=6ee78b0b29ddbac9
date
Thu, 27 Jan 2022 10:36:03 GMT
via
1.1 google
alt-svc
clear
content-length
0
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
um
u-iad04.e-planning.net/ Frame 8038
Redirect Chain
  • https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Dff96d1aa62deeebd%26fi%3D6ee78b0b29ddbac9%26uid%3D%24%7BUID%7D
  • https://u-iad04.e-planning.net/um?dc=ff96d1aa62deeebd&fi=6ee78b0b29ddbac9&uid=622178cf-fca8-49d8-82cd-59875361104c
42 B
103 B
Image
General
Full URL
https://u-iad04.e-planning.net/um?dc=ff96d1aa62deeebd&fi=6ee78b0b29ddbac9&uid=622178cf-fca8-49d8-82cd-59875361104c
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Server
172.98.26.125 Ashburn, United States, ASN399668 (E-PLANNING-, US),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
server
openresty
content-type
image/gif

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:03 GMT
via
1.1 google
server
Cowboy
access-control-allow-origin
null
vary
Origin
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://u-iad04.e-planning.net/um?dc=ff96d1aa62deeebd&fi=6ee78b0b29ddbac9&uid=622178cf-fca8-49d8-82cd-59875361104c
access-control-expose-headers
cache-control
private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-request-id
qpqml9coo5idunsa0o91tlseh0f7aivc
ptag
a.audrte.com/ Frame 8038
5 KB
2 KB
Script
General
Full URL
https://a.audrte.com/ptag?p=M1353665098
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.192.120.237 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-192-120-237.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
6bb3a834b607f88addbb6e8a598fb95c18455aab14bdde8b5ab9fd80069e2796

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 10:36:03 GMT
Content-Encoding
gzip
Server
nginx/1.18.0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
text/plain;charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
no-transform, public, max-age=3600
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
1682
lotame.js
s.e-planning.net/esb/4/1/3fb8/69b1486c74a3b7dc/ Frame 8038
266 B
416 B
Script
General
Full URL
https://s.e-planning.net/esb/4/1/3fb8/69b1486c74a3b7dc/lotame.js
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
172.98.26.122 Ashburn, United States, ASN399668 (E-PLANNING-, US),
Reverse DNS
s.e-planning.net
Software
openresty /
Resource Hash
76d1da9e9902ccf3d2983b706151d7c4f1a910c86b757fae4302ccf989c630a7

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:02 GMT
content-encoding
gzip
last-modified
Thu, 19 Nov 2020 16:18:03 GMT
server
openresty
etag
W/"5fb69abb-10a"
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=157680000
expires
Tue, 26 Jan 2027 10:36:02 GMT
/
sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/ Frame 8038
Redirect Chain
  • https://sync.richaudience.com/f7872c90c5d3791e2b51f7edce1a0a5d/?p=25BiP9IMgN&r=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fuid%3D[PDID]%26dc%3Dfabfd6762b833237%26fi%3D6ee78b0b29ddbac9
  • https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fads.us.e-planning.net%2F
  • https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fads.us.e-planning.net%2F&rd=1
0
151 B
Image
General
Full URL
https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fads.us.e-planning.net%2F&rd=1
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Server
168.119.79.223 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.223.79.119.168.clients.your-server.de
Software
nginx/1.14.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

location
date
Thu, 27 Jan 2022 10:36:04 GMT
server
nginx/1.14.2
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type
text/plain;charset=UTF-8

Redirect headers

location
https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fads.us.e-planning.net%2F&rd=1
date
Thu, 27 Jan 2022 10:36:03 GMT
server
nginx/1.14.2
content-type
text/html; charset=UTF-8
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
um
u-iad04.e-planning.net/ Frame 8038
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D8103fa85295fbe60%26fi%3D6ee78b0b29ddbac9%26uid%3D%24UID
  • https://u-iad04.e-planning.net/um?dc=8103fa85295fbe60&fi=6ee78b0b29ddbac9&uid=8076697769768775013
42 B
104 B
Image
General
Full URL
https://u-iad04.e-planning.net/um?dc=8103fa85295fbe60&fi=6ee78b0b29ddbac9&uid=8076697769768775013
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Server
172.98.26.125 Ashburn, United States, ASN399668 (E-PLANNING-, US),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
server
openresty
content-type
image/gif

Redirect headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:03 GMT
X-Proxy-Origin
149.56.153.184; 149.56.153.184; 806.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
06eb2f84-302f-4ece-ad20-36eb373b5dc0
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://u-iad04.e-planning.net/um?dc=8103fa85295fbe60&fi=6ee78b0b29ddbac9&uid=8076697769768775013
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
um
u-iad04.e-planning.net/ Frame 8038
Redirect Chain
  • https://sync.go.sonobi.com/us?loc=%0A%0Ahttps%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3De52415579699e09f%26fi%3D6ee78b0b29ddbac9%26uid%3D%5BUID%5D
  • https://u-iad04.e-planning.net/um?dc=e52415579699e09f&fi=6ee78b0b29ddbac9&uid=161ebbbc-52fa-4dfd-9dd6-69f8615e9eb5
42 B
103 B
Image
General
Full URL
https://u-iad04.e-planning.net/um?dc=e52415579699e09f&fi=6ee78b0b29ddbac9&uid=161ebbbc-52fa-4dfd-9dd6-69f8615e9eb5
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Server
172.98.26.125 Ashburn, United States, ASN399668 (E-PLANNING-, US),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
server
openresty
content-type
image/gif

Redirect headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:03 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-26
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location
https://u-iad04.e-planning.net/um?dc=e52415579699e09f&fi=6ee78b0b29ddbac9&uid=161ebbbc-52fa-4dfd-9dd6-69f8615e9eb5
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
text/plain; charset=utf8
Content-Length
0
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
um
u-iad04.e-planning.net/ Frame 8038
Redirect Chain
  • https://cs.emxdgt.com/um?ssp=pbs&gdpr=0&gdpr_consent={{.GDPRConsent}}&us_privacy={{.USPrivacy}}&redirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Dd87251d0debad578%26fi%3D6ee78b0b29ddbac9%26...
  • https://ib.adnxs.com/getuid?https://cs.emxdgt.com/umcheck?apnxid=$UID&redirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Dd87251d0debad578%26fi%3D6ee78b0b29ddbac9%26uid%3D%24EMXUID&b64_redire...
  • https://cs.emxdgt.com/umcheck?apnxid=8076697769768775013&redirect=https://u-iad04.e-planning.net/um?dc=d87251d0debad578&fi=6ee78b0b29ddbac9&uid=$EMXUID&b64_redirect=aHR0cHM6Ly91LWlhZDA0LmUtcGxhbm5p...
  • https://u-iad04.e-planning.net/um?dc=d87251d0debad578&fi=6ee78b0b29ddbac9&uid=8076697769768775013brt64351643279763639134b5
42 B
103 B
Image
General
Full URL
https://u-iad04.e-planning.net/um?dc=d87251d0debad578&fi=6ee78b0b29ddbac9&uid=8076697769768775013brt64351643279763639134b5
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Server
172.98.26.125 Ashburn, United States, ASN399668 (E-PLANNING-, US),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
server
openresty
content-type
image/gif

Redirect headers

location
https://u-iad04.e-planning.net/um?dc=d87251d0debad578&fi=6ee78b0b29ddbac9&uid=8076697769768775013brt64351643279763639134b5
date
Thu, 27 Jan 2022 10:36:03 GMT
content-length
0
content-type
text/html
bundle.js
cdn.admatic.com.tr/user/ Frame CBA8
54 KB
20 KB
Script
General
Full URL
https://cdn.admatic.com.tr/user/bundle.js
Requested by
Host: cdn.admatic.com.tr
URL: https://cdn.admatic.com.tr/user
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.181.168.47 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
edge-742.bunnyinfra.net
Software
BunnyCDN-NY1-742 /
Resource Hash
8b5cbe512fbb056de7aa42963d3bac7e38adb05e32fbe6f502b4fad3cabf57fc

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://cdn.admatic.com.tr/user
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
content-encoding
br
cdn-edgestorageid
742
cdn-fileserver
141
cdn-storageserver
DE-198
cdn-cachedat
12/14/2021 19:05:19
cdn-pullzone
266102
server
BunnyCDN-NY1-742
last-modified
Fri, 12 Mar 2021 04:24:48 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
etag
W/"604aed10-d908"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
cdn-cache
HIT
cdn-uid
bea626e5-d007-4073-8941-73ce8dd2f81c
cache-control
public, max-age=3600
cdn-requestid
5e42d68f3c57388601104e5dd4e67715
cdn-requestcountrycode
CA
cdn-status
200
cdn-requestpullsuccess
True
usync.html
eus.rubiconproject.com/ Frame DC18
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?&p=eplanning_east&endpoint=us-east
  • https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
281 B
410 B
Document
General
Full URL
https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.57.136.222 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-57-136-222.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/

Response headers

server
Apache/2.2.15 (CentOS)
last-modified
Tue, 14 Dec 2021 23:07:59 GMT
etag
"402b2-119-5d32342a551c0"
accept-ranges
bytes
content-encoding
gzip
content-length
233
content-type
text/html; charset=UTF-8
date
Thu, 27 Jan 2022 10:36:03 GMT
vary
Accept-Encoding

Redirect headers

server
AkamaiGHost
content-length
0
location
https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
date
Thu, 27 Jan 2022 10:36:03 GMT
access-control-allow-credentials
true
access-control-allow-origin
*
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 20D6
14 KB
5 KB
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D6ee78b0b29ddbac9%26uid%3D
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.54.68.197 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-54-68-197.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/

Response headers

last-modified
Tue, 15 Jun 2021 06:08:03 GMT
etag
"1300708-3945-5c4c7cc02bd56"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5054
content-type
text/html; charset=UTF-8
cache-control
max-age=84066
expires
Fri, 28 Jan 2022 09:57:09 GMT
date
Thu, 27 Jan 2022 10:36:03 GMT
vary
Accept-Encoding
usermatch
ssum.casalemedia.com/ Frame 68C6
2 KB
3 KB
Document
General
Full URL
https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D6ee78b0b29ddbac9%26uid%3D
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.54.68.240 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-54-68-240.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b8f3843576caa76ee9e975f8998589bbf219318de6a5a58550408f2c19b5344a

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/

Response headers

Server
Apache
Content-Type
text/html
Dropped-Udsids
241|45|230|39|130|190|5|206
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary
Is-Traffic-Usersync
Expires
Thu, 27 Jan 2022 10:36:03 GMT
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:03 GMT
Content-Length
1621
Connection
keep-alive
navegg_2022_01_br.html
i.e-planning.net/esb/4/1/3fb8/2c3914c3ca0f7642/ Frame 9742
1 KB
987 B
Document
General
Full URL
https://i.e-planning.net/esb/4/1/3fb8/2c3914c3ca0f7642/navegg_2022_01_br.html
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.234.175.175 , United States, ASN30081 (CACHENETWORKS, US),
Reverse DNS
vip1.G-anycast1.cachefly.net
Software
CFS 0215 /
Resource Hash
fda04c7b27b3db6bda165e1d1324e7c475edc1f3cc06e927a78f739d74992fcb

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
content-type
text/html
content-length
624
x-cff
B
last-modified
Tue, 11 Jan 2022 17:16:33 GMT
etag
W/"61ddbb71-5f5"
expires
Sun, 10 Jan 2027 17:30:12 GMT
cache-control
max-age=157680000
access-control-allow-origin
*
x-cf-rand
58.812
x-cf3
M
cf4age
0
x-cf-tsc
1641922213
cf4ttl
157680000.000
content-encoding
gzip
x-cf2
H
accept-ranges
bytes
server
CFS 0215
x-cf1
29080:dA.waw1:co:1585621119:cacheN.waw1-01:D
/
onetag-sys.com/usync/ Frame 4B3B
2 KB
814 B
Document
General
Full URL
https://onetag-sys.com/usync/?pubId=5927d926323dc2c
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.222.39.187 , Canada, ASN16276 (OVH, FR),
Reverse DNS
ip187.ip-51-222-39.net
Software
/
Resource Hash
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/

Response headers

content-type
text/html
cache-control
no-transform, no-cache
content-encoding
gzip
content-length
731
strict-transport-security
max-age=15552000
/
spl.zeotap.com/ Frame 5B2B
6 KB
2 KB
Document
General
Full URL
https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e09291b4ed3a50ce545634d27630ae08ac32bebd493452802f3b74fa7050ded3

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
content-type
text/html
access-control-allow-credentials
true
access-control-allow-headers
*
access-control-allow-origin
https://ads.us.e-planning.net
vary
Origin
via
1.1 google
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6d41567a1ac17139-YUL
content-encoding
br
integrator.js
adservice.google.com/adsid/
107 B
549 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=dl-file.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js?31064551
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 27 Jan 2022 10:36:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/
51 KB
19 KB
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3684567239361497&correlator=3941422310487611&output=ldjh&impl=fifs&eid=31064551%2C44757101&vrg=2022011002&ptt=17&gdpr=0&addtl_consent=1~2090.2970.46.1375.66.70.7.1317.2526.1843.122.440.1703.1896.1097.1022.1799.184.196.202.89.2328.1998.1215.229.229.338.505.2135.2213.1799.326.1449.2993.1025.371.960.1024.1027.1902.1034.1127.1468.2567.486.2631.494.1033.585.1456&sc=1&sfv=1-0-38&ecs=20220127&iu_parts=6928793%2Cdl-file-61deae48ca228%2Cdl-file-LB2-61deb04e3ea83%2Cdl-file-LB1-61deb048709e3%2Cdl-file-LB3-61deb05c0f307&enc_prev_ius=0%2F1%2F2%2C0%2F1%2F3%2C0%2F1%2F4&prev_iu_szs=1x1%7C728x90%2C728x90%7C970x250%7C3x1%7C970x90%2C728x90%7C970x250%7C970x90&prev_scp=amznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2&eri=1&cust_params=url%3D%252Fg6zkpczghqdr%252FBanks_2012_Chevy131217.rar%26permutive%3D61374%252C79775%252C80197%252C80416%252Crts%26refresh%3D0&cookie_enabled=1&bc=31&abxe=1&dt=1643279763585&lmt=1643279763&dlt=1643279760705&idt=1088&frm=20&biw=1600&bih=1200&oid=2&adxs=436%2C436%2C436&adys=1110%2C522%2C723&adks=3545966803%2C207380197%2C2335164498&ucis=1%7C2%7C3&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&dmc=8&url=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&vis=1&scr_x=0&scr_y=0&psz=1600x-1%7C970x0%7C970x0&msz=728x-1%7C970x0%7C970x0&ga_vid=1624041702.1643279761&ga_sid=1643279764&ga_hid=546788133&ga_fc=true&fws=512%2C0%2C0&ohw=0%2C0%2C0&btvi=0%7C0%7C0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY8JDt2OkvRQAAAAA%3D&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js?31064551
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
cafe /
Resource Hash
5aab906419510af97903640c053ac9e0ff23db85945c5e81b7b881d40685a07d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:04 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19183
x-xss-protection
0
google-lineitem-id
-1,-1,-1
pragma
no-cache
server
cafe
google-creative-id
-1,-1,-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://dl-file.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/getconfig/
12 KB
9 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022011002&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js?31064551
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
dd2ef8c62f3685c02cbed3dd4fe6931182bba4aeb85ed0463c83d282b433825d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 27 Jan 2022 10:36:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9053
x-xss-protection
0
container.html
ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame C3C3
6 KB
4 KB
Document
General
Full URL
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js?31064551
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin
*
content-length
3108
date
Thu, 27 Jan 2022 10:36:03 GMT
expires
Fri, 27 Jan 2023 10:36:03 GMT
cache-control
public, immutable, max-age=31536000
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
user
ads3.admatic.com.tr/ Frame CBA8
53 B
420 B
XHR
General
Full URL
https://ads3.admatic.com.tr/user
Requested by
Host: cdn.admatic.com.tr
URL: https://cdn.admatic.com.tr/user/bundle.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
188.132.147.228 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
static-228-147-132-188.sadecehosting.net
Software
AdMatic / AdMatic
Resource Hash
fa34372cf8cce5c590a47479d567a2e084a257a7959cf89b3db44634df18cd2e

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://cdn.admatic.com.tr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 27 Jan 2022 10:36:04 GMT
content-encoding
br
server
AdMatic
x-powered-by
AdMatic
vary
Origin,Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
https://cdn.admatic.com.tr
cache-control
no-cache
access-control-allow-credentials
true
content-type
application/json; charset=utf-8
content-length
57
getuid
ib.adnxs.com/ Frame 5B2B
0
0
Image
General
Full URL
https://ib.adnxs.com/getuid?https://mwzeom.zeotap.com/mw?adnxs_uid=$UID&zpartnerid=2&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.161.208 New York, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
806.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pixel
cm.g.doubleclick.net/ Frame 5B2B
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.32.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:03 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
mw
mwzeom.zeotap.com/ Frame 5B2B
Redirect Chain
  • https://pixel.tapad.com/idsync/ex/push?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26...
  • https://dpm.demdex.net/ibs:dpid=540&dpuuid=d807e161-1268-48ea-b4cc-24025f67c8db&redir=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Freceive%3Fpartner_id%3DADB%26partner_device_id%3D%24%7BDD_UUID%7D...
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=ADB&partner_device_id=74739629937459372872527991058192254433&pt=d807e161-1268-48ea-b4cc-24025f67c8db%2Chttps%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fci...
  • https://mwzeom.zeotap.com/mw?cid=d807e161-1268-48ea-b4cc-24025f67c8db&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f...
95 B
153 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?cid=d807e161-1268-48ea-b4cc-24025f67c8db&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:04 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6d41567d3d107139-YUL
access-control-allow-headers
*
content-length
95

Redirect headers

location
https://mwzeom.zeotap.com/mw?cid=d807e161-1268-48ea-b4cc-24025f67c8db&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361
date
Thu, 27 Jan 2022 10:36:04 GMT
via
1.1 google
alt-svc
clear
content-length
0
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
/
dmp.adform.net/serving/cookie/match/ Frame 5B2B
0
330 B
Image
General
Full URL
https://dmp.adform.net/serving/cookie/match/?party=1105&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.167.164.51 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:03 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
mw
mwzeom.zeotap.com/ Frame 5B2B
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dbf8833df-0427-45d8-543c-55530debb000%26reqId%3De...
  • https://mwzeom.zeotap.com/mw?cid=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f...
95 B
153 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?cid=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6d41567c1c177139-YUL
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:03 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://mwzeom.zeotap.com/mw?cid=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
481
cm
trc.taboola.com/sg/zeotap/1/ Frame 5B2B
0
164 B
Image
General
Full URL
https://trc.taboola.com/sg/zeotap/1/cm?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::300 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-vcl-time-ms
10
date
Thu, 27 Jan 2022 10:36:03 GMT
via
1.1 varnish
server
nginx
x-timer
S1643279764.820369,VS0,VE10
x-cache
MISS
x-cache-hits
0
accept-ranges
bytes
content-length
0
x-served-by
cache-yul12833-YUL
u
dmp.v.fwmrm.net/ad/ Frame 5B2B
0
411 B
Image
General
Full URL
https://dmp.v.fwmrm.net/ad/u?mode=echo&cr=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1368%26env%3DmWeb%26cid%3D%23%7Buser.id%7D%26gdpr%3D%24%7BGDPR_ENFORCED%7D%26gdpr_consent%3D%24%7BGDPR_CONSENT%7D
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f16:e61:3f02:34e5:5cce:7c1d:e87a Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:03 GMT
P3P
policyref="https://www.freewheel.tv/w3c/p3p.xml",CP="ALL DSP COR NID"
Cache-Control
no-store
Connection
keep-alive
Content-Type
text/html
Keep-Alive
timeout=300
Content-Length
0
Expires
0
mw
mwzeom.zeotap.com/ Frame 5B2B
Redirect Chain
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?gdpr=0&gdpr_consent=&rd=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1384%26env%3DmWeb%26cid%3D%23PM_USER_ID%26env%3DmWeb%26eventType%3Dmap...
  • https://mwzeom.zeotap.com/mw?zpartnerid=1384&env=mWeb&cid=B09EB3C0-DC2F-4842-9351-62624B73CF07&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b...
95 B
170 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?zpartnerid=1384&env=mWeb&cid=B09EB3C0-DC2F-4842-9351-62624B73CF07&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6d41567c1c117139-YUL
access-control-allow-headers
*
content-length
95

Redirect headers

location
https://mwzeom.zeotap.com/mw?zpartnerid=1384&env=mWeb&cid=B09EB3C0-DC2F-4842-9351-62624B73CF07&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361
date
Thu, 27 Jan 2022 10:36:03 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
0
content-type
text/html; charset=UTF-8
mw
mwzeom.zeotap.com/ Frame 5B2B
Redirect Chain
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361
  • https://mwzeom.zeotap.com/mw?cid=a53dad5f-a643-470a-abef-c3c91d7cc37f&zpartnerid=317&gdpr=1&gdpr_consent=
95 B
153 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?cid=a53dad5f-a643-470a-abef-c3c91d7cc37f&zpartnerid=317&gdpr=1&gdpr_consent=
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6d41567c9c577139-YUL
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:03 GMT
server
Apache-Coyote/1.1
location
https://mwzeom.zeotap.com/mw?cid=a53dad5f-a643-470a-abef-c3c91d7cc37f&zpartnerid=317&gdpr=1&gdpr_consent=
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
0
x-xss-protection
1; mode=block
expires
0
mw
mwzeom.zeotap.com/ Frame 5B2B
Redirect Chain
  • https://dpm.demdex.net/ibs:dpid=199624&dpuuid=bf8833df-0427-45d8-543c-55530debb000&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3D...
  • https://mwzeom.zeotap.com/mw?cid=74739629937459372872527991058192254433&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-...
95 B
153 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?cid=74739629937459372872527991058192254433&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6d41567c4c2a7139-YUL
access-control-allow-headers
*
content-length
95

Redirect headers

DCS
dcs-prod-usw2-1-v024-0f80e6d76.edge-usw2.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
P+A/WoORRsg=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
https://mwzeom.zeotap.com/mw?cid=74739629937459372872527991058192254433&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 UTC
mw
mwzeom.zeotap.com/ Frame 5B2B
Redirect Chain
  • https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%25%25COOKIE%25%25%26env%3DmWeb%26zpartnerid%3D563%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_con...
  • https://mwzeom.zeotap.com/mw?cid=7057832844559251595&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-...
95 B
153 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?cid=7057832844559251595&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:04 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6d41567e2d8d7139-YUL
access-control-allow-headers
*
content-length
95

Redirect headers

Location
https://mwzeom.zeotap.com/mw?cid=7057832844559251595&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361
Date
Thu, 27 Jan 2022 10:36:04 GMT
Server
nginx
Connection
keep-alive
Transfer-Encoding
chunked
p3p
policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
mw
mwzeom.zeotap.com/ Frame 5B2B
Redirect Chain
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=bf8833df-0427-45d8-543c-55530debb000&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26...
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=bf8833df-0427-45d8-543c-55530debb000&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26...
  • https://mwzeom.zeotap.com/mw?webouuid=utrDC1EwqMtB5hjmvVUzn.&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c...
95 B
153 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?webouuid=utrDC1EwqMtB5hjmvVUzn.&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:04 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6d41567dad517139-YUL
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:04 GMT
via
1.1 google
last-modified
Thu, 27 Jan 2022 10:36:04 GMT
server
nginx/1.12.0
location
https://mwzeom.zeotap.com/mw?webouuid=utrDC1EwqMtB5hjmvVUzn.&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Tue, 03 Jul 2001 06:00:00 GMT
mw
mwzeom.zeotap.com/ Frame 5B2B
Redirect Chain
  • https://sync.smartadserver.com/getuid?gdpr=0&gdpr_consent=&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D[sas_uid]%26zpartnerid%3D592%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%...
  • https://sync.smartadserver.com/getuid?gdpr=0&gdpr_consent=&url=https://mwzeom.zeotap.com/mw?cid=[sas_uid]&zpartnerid=592&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c...
  • https://mwzeom.zeotap.com/mw?cid=5628564532996906156
95 B
153 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?cid=5628564532996906156
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:04 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6d41567e5da77139-YUL
access-control-allow-headers
*
content-length
95

Redirect headers

location
https://mwzeom.zeotap.com/mw?cid=5628564532996906156
pragma
no-cache
date
Thu, 27 Jan 2022 10:36:03 GMT
cache-control
no-cache,no-store
content-length
0
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
mw
mwzeom.zeotap.com/ Frame 5B2B
Redirect Chain
  • https://bcp.crwdcntrl.net/map/c=13620/tp=ZEOT/tpid=bf8833df-0427-45d8-543c-55530debb000?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_con...
  • https://mwzeom.zeotap.com/mw?pid=f298cfe6fb5a3a352a645b17c8f4641&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b39...
95 B
153 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?pid=f298cfe6fb5a3a352a645b17c8f4641&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6d41567c1c1a7139-YUL
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:03 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location
https://mwzeom.zeotap.com/mw?pid=f298cfe6fb5a3a352a645b17c8f4641&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361
cache-control
no-cache
x-server
10.40.15.171
content-length
0
expires
0
mw
mwzeom.zeotap.com/ Frame 5B2B
Redirect Chain
  • https://cms.analytics.yahoo.com/cms?partner_id=ZTAP
  • https://mwzeom.zeotap.com/mw?cid=y-9qSJNG9E2ook0Q9bJxtFsuqQiHmg6WIlpQ--~A&zpartnerid=570&env=mWeb
95 B
153 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?cid=y-9qSJNG9E2ook0Q9bJxtFsuqQiHmg6WIlpQ--~A&zpartnerid=570&env=mWeb
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6d41567c3c297139-YUL
access-control-allow-headers
*
content-length
95

Redirect headers

date
Thu, 27 Jan 2022 10:36:03 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
text/html;charset=utf-8
location
https://mwzeom.zeotap.com/mw?cid=y-9qSJNG9E2ook0Q9bJxtFsuqQiHmg6WIlpQ--~A&zpartnerid=570&env=mWeb
x-xss-protection
1; mode=block
strict-transport-security
max-age=31536000
content-length
0
x-content-type-options
nosniff
mw
mwzeom.zeotap.com/ Frame 5B2B
Redirect Chain
  • https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=CAN&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zd...
  • https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=CAN&zdid=1361&cid=uVzvTCTx3bfKGiLbFOZEJlnW7K9vn5d6%2BS41iYitP1U%3D
95 B
176 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=CAN&zdid=1361&cid=uVzvTCTx3bfKGiLbFOZEJlnW7K9vn5d6%2BS41iYitP1U%3D
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:04 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6d41567cdc897139-YUL
access-control-allow-headers
*
content-length
95

Redirect headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:03 GMT
Server
AAWebServer
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET, POST, OPTIONS
P3P
policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
Location
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=CAN&zdid=1361&cid=uVzvTCTx3bfKGiLbFOZEJlnW7K9vn5d6%2BS41iYitP1U%3D
Cache-Control
no-cache, no-store, must-revalidate
Connection
close
Access-Control-Allow-Headers
accept, cache-control, origin, x-requested-with, x-file-name, content-type
Expires
0
mw
mwzeom.zeotap.com/ Frame 5B2B
Redirect Chain
  • https://odr.mookie1.com/t/v2?tagid=V2_746632&src.visitorId=bf8833df-0427-45d8-543c-55530debb000&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19...
  • https://mwzeom.zeotap.com/mw?zpartnerid=993&env=mWeb&cid=10595703288584715056&zdid=1361&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&w_k=${w_k}&user_zi=${user_zi}&optin=${optin}&uc=${uc}&z_p=${z_p}&g...
95 B
152 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?zpartnerid=993&env=mWeb&cid=10595703288584715056&zdid=1361&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&w_k=${w_k}&user_zi=${user_zi}&optin=${optin}&uc=${uc}&z_p=${z_p}&gdpr=1&gdpr_consent=
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6d41567c4c2b7139-YUL
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:03 GMT
via
1.1 google
server
Apache
p3p
CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
location
https://mwzeom.zeotap.com/mw?zpartnerid=993&env=mWeb&cid=10595703288584715056&zdid=1361&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&w_k=${w_k}&user_zi=${user_zi}&optin=${optin}&uc=${uc}&z_p=${z_p}&gdpr=1&gdpr_consent=
cache-control
no-cache, no-store, must-revalidate
alt-svc
clear
content-length
0
x-application-context
application
expires
Thu, 01 Jan 1970 00:00:00 GMT
usermatch.gif
beacon.krxd.net/ Frame 5B2B
0
337 B
Image
General
Full URL
https://beacon.krxd.net/usermatch.gif?partner=zeotap&partner_uid=141838&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.211.161.228 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-211-161-228.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
cache-control
private, no-cache, no-store
x-request-time
D=76 t=1643279763
x-served-by
beacon-n015-ash-prod.krxd.net
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
mw
mwzeom.zeotap.com/ Frame 5B2B
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_co...
  • https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YfJ1kgABr3rv_ABH&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df...
95 B
153 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YfJ1kgABr3rv_ABH&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Server
2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6d41567c1c197139-YUL
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:03 GMT
via
1.1 varnish
server
Jetty(9.4.35.v20201120)
x-timer
S1643279764.782032,VS0,VE14
x-served-by
cache-yul12827-YUL
x-cache
MISS
p3p
CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
location
https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YfJ1kgABr3rv_ABH&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361
cache-control
no-cache
accept-ranges
bytes
access-control-allow-origin
*
content-length
0
x-cache-hits
0
usermatch.gif
beacon.krxd.net/ Frame 5B2B
Redirect Chain
  • https://usermatch.krxd.net/um/v2?partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361
  • https://mwzeom.zeotap.com/mw?zpartnerid=768&cid=OoGGK-mt&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361
  • https://beacon.krxd.net/usermatch.gif?partner=zeotap&partner_uid=bf8833df-0427-45d8-543c-55530debb000
0
337 B
Image
General
Full URL
https://beacon.krxd.net/usermatch.gif?partner=zeotap&partner_uid=bf8833df-0427-45d8-543c-55530debb000
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Server
54.211.161.228 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-211-161-228.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
cache-control
private, no-cache, no-store
x-request-time
D=29 t=1643279763
x-served-by
beacon-n009-ash-prod.krxd.net
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

date
Thu, 27 Jan 2022 10:36:03 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
location
https://beacon.krxd.net/usermatch.gif?partner=zeotap&partner_uid=bf8833df-0427-45d8-543c-55530debb000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
text/html; charset=utf-8
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6d41567c1c167139-YUL
access-control-allow-headers
*
dcm
s.amazon-adsystem.com/ Frame 5B2B
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=39af290e-e48a-466a-ba7d-77872fa636b5&id=bf8833df-0427-45d8-543c-55530debb000&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530...
  • https://s.amazon-adsystem.com/dcm?pid=39af290e-e48a-466a-ba7d-77872fa636b5&id=bf8833df-0427-45d8-543c-55530debb000&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530...
43 B
645 B
Image
General
Full URL
https://s.amazon-adsystem.com/dcm?pid=39af290e-e48a-466a-ba7d-77872fa636b5&id=bf8833df-0427-45d8-543c-55530debb000&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361&dcc=t
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
HTTP/1.1
Server
209.54.177.54 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:03 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
ETV9XXNYYY31PJVEN0QF
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:03 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
G6RFTRSJ15D6MBCRZPWW
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=39af290e-e48a-466a-ba7d-77872fa636b5&id=bf8833df-0427-45d8-543c-55530debb000&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
87734
tags.bluekai.com/site/ Frame 5B2B
0
225 B
Image
General
Full URL
https://tags.bluekai.com/site/87734?id=bf8833df-0427-45d8-543c-55530debb000&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1202%26env%3DmWeb%26cid%3D%24_BK_UUID%26BK_SWAP_DEST%3D87734&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
184.85.195.135 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-85-195-135.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 10:36:03 GMT
Connection
keep-alive
Content-Length
0
P3P
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
cc.js
tags.crwdcntrl.net/c/15238/ Frame 8038
38 KB
38 KB
Script
General
Full URL
https://tags.crwdcntrl.net/c/15238/cc.js?ns=_cc15238
Requested by
Host: s.e-planning.net
URL: https://s.e-planning.net/esb/4/1/3fb8/69b1486c74a3b7dc/lotame.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.230.162.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-230-162-121.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1844237c138bd410bc7fcfecd38156aa58aa2968d59889386b17de5c796e3c84

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Wed, 26 Jan 2022 22:20:49 GMT
via
1.1 3f6eb9ff07d4d2f572d4e8e6fb935a36.cloudfront.net (CloudFront)
last-modified
Thu, 02 Jul 2020 15:35:12 GMT
server
AmazonS3
age
44115
etag
"2b2f816f40499d384e118ce88a266e02"
x-cache
Hit from cloudfront
content-type
application/json
cache-control
max-age: 86400
x-amz-cf-pop
EWR53-C3
accept-ranges
bytes
content-length
38402
x-amz-cf-id
gX1IMnXL6402R8Rcugz6UCkUn1nJPFSltQi4MgGCFbqxvLx6c_rouw==
sirdata_03022021.html
s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/ Frame 071B
636 B
577 B
Document
General
Full URL
https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
172.98.26.122 Ashburn, United States, ASN399668 (E-PLANNING-, US),
Reverse DNS
s.e-planning.net
Software
openresty /
Resource Hash
14d79e2cf47df339b79d25ffc6d0136e5d2e70a96b75e6782198ea6bbda3ca0a

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/

Response headers

server
openresty
date
Thu, 27 Jan 2022 10:36:03 GMT
content-type
text/html
last-modified
Wed, 03 Feb 2021 21:18:20 GMT
etag
W/"601b131c-27c"
expires
Tue, 26 Jan 2027 10:36:03 GMT
cache-control
max-age=157680000
access-control-allow-origin
*
content-encoding
gzip
e-planning
sync.quantumdex.io/usersync/ Frame FF89
3 KB
1 KB
Document
General
Full URL
https://sync.quantumdex.io/usersync/e-planning
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:2560 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fb78fc3483b91ffbc1fb6ce89e3221ac5c33f5eea63a7da012096654e4253a27

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
content-type
text/html
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6d41567bcd604bd1-YUL
content-encoding
gzip
csync
sync.console.adtarget.com.tr/ Frame 5A92
0
403 B
Document
General
Full URL
https://sync.console.adtarget.com.tr/csync?t=a&ep=307442&extuid=AIvLaQZZ2AqDaJmF
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
23.227.139.243 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software
VertaMedia 1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/

Response headers

Server
VertaMedia 1.0
Date
Thu, 27 Jan 2022 10:36:02 GMT
Content-Length
0
Etag
7b95e55870966218
dcm
s.amazon-adsystem.com/ Frame 68C6
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YfJ1k4fAXGcl1AX3NhIYCAAAAHcAAAAB
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YfJ1k4fAXGcl1AX3NhIYCAAAAHcAAAAB&dcc=t
43 B
932 B
Image
General
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YfJ1k4fAXGcl1AX3NhIYCAAAAHcAAAAB&dcc=t
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D6ee78b0b29ddbac9%26uid%3D
Protocol
HTTP/1.1
Server
209.54.177.54 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:03 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
XHS7B5TT0MTFQVQ7JTPT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:03 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
SXKC7Y455TZW5HPDFDFC
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YfJ1k4fAXGcl1AX3NhIYCAAAAHcAAAAB&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame 68C6
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YfJ1k4fAXGcl1AX3NhIYCAAA
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESENl89Nifbqkoww5OOn8oRSY&google_cver=1
43 B
1017 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESENl89Nifbqkoww5OOn8oRSY&google_cver=1
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D6ee78b0b29ddbac9%26uid%3D
Protocol
HTTP/1.1
Server
23.54.68.240 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-54-68-240.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:03 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 27 Jan 2022 10:36:03 GMT

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:03 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESENl89Nifbqkoww5OOn8oRSY&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
314
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
usermatchredir
ssum-sec.casalemedia.com/ Frame 68C6
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YfJ1k4fAXGcl1AX3NhIYCAAAAHcAAAAB&gdpr_consent=&us_privacy=&gdpr=
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEAQvWdHZbeI-5_rpC_h2pMI&google_cver=1
43 B
315 B
Image
General
Full URL
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEAQvWdHZbeI-5_rpC_h2pMI&google_cver=1
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D6ee78b0b29ddbac9%26uid%3D
Protocol
HTTP/1.1
Server
23.54.68.240 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-54-68-240.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:03 GMT
Server
Apache
Vary
Is-Traffic-Usersync
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
43
Expires
Thu, 27 Jan 2022 10:36:03 GMT

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:03 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESEAQvWdHZbeI-5_rpC_h2pMI&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
342
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 68C6
Redirect Chain
  • https://match.adsrvr.org/track/cmf/casale
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9&expiration=1645871763&gdpr=0&gdpr_consent=
43 B
1007 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9&expiration=1645871763&gdpr=0&gdpr_consent=
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D6ee78b0b29ddbac9%26uid%3D
Protocol
HTTP/1.1
Server
23.54.68.240 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-54-68-240.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:03 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 27 Jan 2022 10:36:03 GMT

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:03 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9&expiration=1645871763&gdpr=0&gdpr_consent=
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
323
crum
dsum-sec.casalemedia.com/ Frame 68C6
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/ie
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AAD_kE7D5OsAAEZmLcoSJg&expiration=1644489363
43 B
993 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AAD_kE7D5OsAAEZmLcoSJg&expiration=1644489363
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D6ee78b0b29ddbac9%26uid%3D
Protocol
HTTP/1.1
Server
23.54.68.240 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-54-68-240.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:03 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 27 Jan 2022 10:36:03 GMT

Redirect headers

location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AAD_kE7D5OsAAEZmLcoSJg&expiration=1644489363
Date
Thu, 27 Jan 2022 10:36:03 GMT
Server
nginx
Connection
keep-alive
Content-Length
0
strict-transport-security
max-age=2592000; includeSubDomains
crum
dsum.casalemedia.com/ Frame 68C6
Redirect Chain
  • https://ib.adnxs.com/getuid?https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=$UID
  • https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=8076697769768775013
43 B
990 B
Image
General
Full URL
https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=8076697769768775013
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D6ee78b0b29ddbac9%26uid%3D
Protocol
HTTP/1.1
Server
23.54.68.240 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-54-68-240.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:03 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 27 Jan 2022 10:36:03 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:03 GMT
X-Proxy-Origin
149.56.153.184; 149.56.153.184; 806.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
3333c76a-4822-43bc-9cdf-1a7848c73219
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=8076697769768775013
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
ix
ad4m.at/ad/sim/ Frame 68C6
0
0
Image
General
Full URL
https://ad4m.at/ad/sim/ix
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D6ee78b0b29ddbac9%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:ad1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

YfJ1k4fAXGcl1AX3NhIYCAAAAHcAAAAB
pr-bh.ybp.yahoo.com/sync/casale/ Frame 68C6
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=YfJ1k4fAXGcl1AX3NhIYCAAAAHcAAAAB&gdpr_consent=&us_privacy=&gdpr=
  • https://pr-bh.ybp.yahoo.com/sync/casale/YfJ1k4fAXGcl1AX3NhIYCAAAAHcAAAAB
43 B
990 B
Image
General
Full URL
https://pr-bh.ybp.yahoo.com/sync/casale/YfJ1k4fAXGcl1AX3NhIYCAAAAHcAAAAB
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D6ee78b0b29ddbac9%26uid%3D
Protocol
H2
Server
2600:1f18:4e9:5a01:5d12:a26d:2c7b:2781 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff

Redirect headers

location
https://pr-bh.ybp.yahoo.com/sync/casale/YfJ1k4fAXGcl1AX3NhIYCAAAAHcAAAAB
date
Thu, 27 Jan 2022 10:36:03 GMT
server
ATS/9.1.0.33
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
um
u-iad04.e-planning.net/ Frame 68C6
42 B
103 B
Image
General
Full URL
https://u-iad04.e-planning.net/um?dc=99e41df815fd80b4&fi=6ee78b0b29ddbac9&uid=YfJ1k4fAXGcl1AX3NhIYCAAA%26119
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-iad04.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D6ee78b0b29ddbac9%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
172.98.26.125 Ashburn, United States, ASN399668 (E-PLANNING-, US),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
server
openresty
content-type
image/gif
sodar2.js
tpc.googlesyndication.com/sodar/
17 KB
7 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js?31064551
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:807::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 27 Jan 2022 10:36:03 GMT
usync.js
eus.rubiconproject.com/ Frame DC18
32 KB
10 KB
Script
General
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.57.136.222 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-57-136-222.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
929e9f0caaa492d99e6da866bd4c78b7d508bd277ce830138a45cd9871200371

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?&p=eplanning_east&endpoint=us-east
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
content-encoding
gzip
last-modified
Wed, 15 Dec 2021 23:04:16 GMT
server
Apache/2.2.15 (CentOS)
x-powered-by
PHP/5.3.3
vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
cache-control
max-age=56754
content-type
text/html; charset=UTF-8
content-length
9704
expires
Fri, 28 Jan 2022 02:21:57 GMT
config
c.amazon-adsystem.com/cdn/prod/ Frame FC14
0
308 B
XHR
General
Full URL
https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fdl-file.com&pubid=968a0f5c-e5ed-4ba9-bf43-8be1f5b68988
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.192.160.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-192-160-42.ewr53.r.cloudfront.net
Software
Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 09:51:01 GMT
via
1.1 48242c037992a87d34be1f3c114efc0a.cloudfront.net (CloudFront)
server
Server
age
2702
x-cache
Hit from cloudfront
access-control-allow-origin
https://dl-file.com
cache-control
max-age=21550, s-maxage=21600
access-control-allow-credentials
true
x-amz-cf-pop
EWR53-C3
x-amz-cf-id
vMX_ONEZo4FN5JHZVgZ3BM6VikInKJgCDHsVTbTri1PUJqbYPQvWDA==
cygnus
htlb.casalemedia.com/ Frame FC14
36 B
328 B
XHR
General
Full URL
https://htlb.casalemedia.com/cygnus?s=694665&v=8.1&ac=j&sd=1&nf=1&r=%7B%22id%22%3A%2258933fc39ec392%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A0%2C%22iu%22%3A1%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%225.18.0%22%2C%22userIds%22%3A%5B%5D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%226f64e146be9528%22%2C%22ext%22%3A%7B%22siteID%22%3A%22694665%22%2C%22dfp_ad_unit_code%22%3A%22%2F109741%22%2C%22sid%22%3A%22400x225%22%2C%22fl%22%3A%22x%22%7D%2C%22video%22%3A%7B%22playerSize%22%3A%5B%5B400%2C225%5D%5D%2C%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22application%2Fjavascript%22%5D%2C%22minduration%22%3A1%2C%22maxduration%22%3A200%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22placement%22%3A1%2C%22startdelay%22%3A0%2C%22skip%22%3A1%2C%22w%22%3A400%2C%22h%22%3A225%7D%2C%22bidfloor%22%3A2%2C%22bidfloorcur%22%3A%22USD%22%7D%5D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22network-n.com%22%2C%22sid%22%3A%22pa_f06496e7%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%7D
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_8.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.94.205.31 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-94-205-31.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
02e228e62c90dabe0bfd7da8cd361fe6c0bef22a5529774d2b63f62027d225d0

Request headers

Referer
https://dl-file.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:03 GMT
x-ak-initial-geo
CC:[CA], RC:[QC], CN:[NA], CIP:[149.56.153.184], XFF:[]
server
Apache
content-type
application/json
access-control-allow-origin
https://dl-file.com
x-cs-client-geo
19
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
36
x-ak-client-geo
19
expires
Thu, 27 Jan 2022 10:36:03 GMT
openrtb
ads.adaptv.advertising.com/rtb/ Frame FC14
0
212 B
XHR
General
Full URL
https://ads.adaptv.advertising.com/rtb/openrtb?ext_id=NetworkN
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_8.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.23.146.219 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-23-146-219.compute-1.amazonaws.com
Software
adaptv/1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://dl-file.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dl-file.com
access-control-allow-credentials
true
server
adaptv/1.0
Connection
keep-alive
content-length
0
content-type
application/json
auction
tlx.3lift.com/header/ Frame FC14
19 B
476 B
XHR
General
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=5.18.0&referrer=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&tmax=3000
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_8.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.224.175.57 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-224-175-57.compute-1.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://dl-file.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:04 GMT
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
access-control-allow-origin
https://dl-file.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-type
application/json; charset=utf-8
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
bid
c.amazon-adsystem.com/e/dtb/ Frame FC14
23 B
488 B
XHR
General
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&pid=grza2fEyTB2lv&cb=0&ws=1x1&v=7.72.0&t=2000&slots=%5B%7B%22id%22%3A%22videoSlot%22%2C%22mt%22%3A%22v%22%2C%22fc%22%3A%22USD%22%2C%22fp%22%3A200%7D%5D&schain=1.0%2C1!network-n.com%2Cpa_f06496e7%2C1%2C%2C%2C&pubid=968a0f5c-e5ed-4ba9-bf43-8be1f5b68988&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.192.160.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-192-160-42.ewr53.r.cloudfront.net
Software
Server /
Resource Hash
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:03 GMT
via
1.1 48242c037992a87d34be1f3c114efc0a.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
EWR53-C3
x-amz-rid
5Z05189SDH13VZ0M7EBT
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://dl-file.com
access-control-allow-credentials
true
permissions-policy
interest-cohort=()
strict-transport-security
max-age=47474747; includeSubDomains; preload
timing-allow-origin
*
content-length
23
x-amz-cf-id
2O6QQ3DPFHFy6Q8vUVAX0nzpgkK41GYIP8EDd0m8AHfRzLV-ikTQWw==
GS.d
js.cookieless-data.com/ Frame 071B
0
535 B
Script
General
Full URL
https://js.cookieless-data.com/GS.d?pa=24492&cmp=0&si=1&u=https%3A%2F%2Fs.e-planning.net%2Fesb%2F4%2F0%2F1992d%2Fbb6e7a161f794f56%2Fsirdata_03022021.html&r=https%3A%2F%2Fads.us.e-planning.net%2F&s=&rand=1643279763901
Requested by
Host: s.e-planning.net
URL: https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.129.3.112 Lignieres-Sonneville, France, ASN12876 (Online SAS, FR),
Reverse DNS
212-129-3-112.rev.poneytelecom.eu
Software
nginx/1.11.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains; preload
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://s.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:04 GMT
Server
nginx/1.11.3
Strict-Transport-Security
max-age=15724800; includeSubDomains; preload
P3p
CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
0
X-Xss-Protection
0
Expires
Tue, 01 Jan 2000 00:00:00 GMT
um
sync.e-planning.net/ Frame DC18
Redirect Chain
  • https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=eplanning_east&gdpr_consent=undefined&gdpr=0&khaos=KYWUCC1Q-A-1ZXB
  • https://sync.e-planning.net/um?uid=KYWUCC1Q-A-1ZXB&dc=9bcc91305985f0db&iss=1&gdpr=0&gdpr_consent=undefined
42 B
103 B
Image
General
Full URL
https://sync.e-planning.net/um?uid=KYWUCC1Q-A-1ZXB&dc=9bcc91305985f0db&iss=1&gdpr=0&gdpr_consent=undefined
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Server
172.98.26.126 Ashburn, United States, ASN399668 (E-PLANNING-, US),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:04 GMT
server
openresty
content-type
image/gif

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://sync.e-planning.net/um?uid=KYWUCC1Q-A-1ZXB&dc=9bcc91305985f0db&iss=1&gdpr=0&gdpr_consent=undefined
Cache-Control
no-cache,no-store,must-revalidate
Content-Type
text/html
content-length
0
X-RPHost
7d24643e640b7b50906469aa87bfb2ce
Expires
0
setuid
sync.quantumdex.io/ Frame FF89
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Danswermedia%26uid%3D%24UID
  • https://sync.quantumdex.io/setuid?bidder=answermedia&uid=8076697769768775013
43 B
95 B
Image
General
Full URL
https://sync.quantumdex.io/setuid?bidder=answermedia&uid=8076697769768775013
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol
H2
Server
2606:4700:10::6816:2560 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://sync.quantumdex.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:04 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
6d41567d6e594bd1-YUL
content-length
43
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/gif

Redirect headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:04 GMT
X-Proxy-Origin
149.56.153.184; 149.56.153.184; 806.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
5ebfde85-9f2c-4758-a847-a0ebfd921186
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://sync.quantumdex.io/setuid?bidder=answermedia&uid=8076697769768775013
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
setuid
sync.quantumdex.io/ Frame FF89
Redirect Chain
  • https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D
  • https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D&crf=1
  • https://sync.quantumdex.io/setuid?bidder=between&uid=c88b4441-6d17-531b-897e-6e78e88c1bec
43 B
95 B
Image
General
Full URL
https://sync.quantumdex.io/setuid?bidder=between&uid=c88b4441-6d17-531b-897e-6e78e88c1bec
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol
H2
Server
2606:4700:10::6816:2560 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://sync.quantumdex.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:04 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
6d41567e1ead4bd1-YUL
content-length
43
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/gif

Redirect headers

location
https://sync.quantumdex.io/setuid?bidder=between&uid=c88b4441-6d17-531b-897e-6e78e88c1bec
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
0
setuid
sync.quantumdex.io/ Frame FF89
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dappnexus%26uid%3D%24UID
  • https://sync.quantumdex.io/setuid?bidder=appnexus&uid=8076697769768775013
43 B
129 B
Image
General
Full URL
https://sync.quantumdex.io/setuid?bidder=appnexus&uid=8076697769768775013
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol
H2
Server
2606:4700:10::6816:2560 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://sync.quantumdex.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:04 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
6d41567d2e3c4bd1-YUL
content-length
43
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/gif

Redirect headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:04 GMT
X-Proxy-Origin
149.56.153.184; 149.56.153.184; 806.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
f18124c6-2a42-403c-8922-bcad99a507b8
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://sync.quantumdex.io/setuid?bidder=appnexus&uid=8076697769768775013
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
setuid
sync.quantumdex.io/ Frame FF89
Redirect Chain
  • https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsonobi%26uid%3D%5BUID%5D
  • https://sync.quantumdex.io/setuid?bidder=sonobi&uid=161ebbbc-52fa-4dfd-9dd6-69f8615e9eb5
43 B
95 B
Image
General
Full URL
https://sync.quantumdex.io/setuid?bidder=sonobi&uid=161ebbbc-52fa-4dfd-9dd6-69f8615e9eb5
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol
H2
Server
2606:4700:10::6816:2560 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://sync.quantumdex.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:04 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
6d41567d3e3f4bd1-YUL
content-length
43
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/gif

Redirect headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:04 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-26
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location
https://sync.quantumdex.io/setuid?bidder=sonobi&uid=161ebbbc-52fa-4dfd-9dd6-69f8615e9eb5
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
text/plain; charset=utf8
Content-Length
0
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
setuid
sync.quantumdex.io/ Frame FF89
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58424/occ
  • https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-wPVvR2dE2uGrSFIKdUNLy51fvJ0ghZ834cFl_nI-~A
43 B
95 B
Image
General
Full URL
https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-wPVvR2dE2uGrSFIKdUNLy51fvJ0ghZ834cFl_nI-~A
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol
H2
Server
2606:4700:10::6816:2560 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://sync.quantumdex.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:04 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
6d41567d4e4b4bd1-YUL
content-length
43
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/gif

Redirect headers

location
https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-wPVvR2dE2uGrSFIKdUNLy51fvJ0ghZ834cFl_nI-~A
date
Thu, 27 Jan 2022 10:36:04 GMT
server
ATS/9.1.0.33
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
setuid
sync.quantumdex.io/ Frame FF89
Redirect Chain
  • https://id5-sync.com/i/495/0.gif?callback=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dinmobi%26uid%3D%7BID5UID%7D
  • https://id5-sync.com/c/495/0/0/1.gif?gdpr=0&gdpr_consent=
  • https://sync.quantumdex.io/setuid?bidder=inmobi&uid=ID5-ZHMOlpCwfRQQhIJ1XQcvDYTOIADL-m-eMPwItfdl7w
43 B
95 B
Image
General
Full URL
https://sync.quantumdex.io/setuid?bidder=inmobi&uid=ID5-ZHMOlpCwfRQQhIJ1XQcvDYTOIADL-m-eMPwItfdl7w
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol
H2
Server
2606:4700:10::6816:2560 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://sync.quantumdex.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:04 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
6d41568108164bd1-YUL
content-length
43
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/gif

Redirect headers

Location
https://sync.quantumdex.io/setuid?bidder=inmobi&uid=ID5-ZHMOlpCwfRQQhIJ1XQcvDYTOIADL-m-eMPwItfdl7w
Date
Thu, 27 Jan 2022 10:36:04 GMT
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
P3P
CP="CAO PSA OUR"
/
s.ad.smaato.net/c/ Frame FF89
0
240 B
Image
General
Full URL
https://s.ad.smaato.net/c/?adExInit=p&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsmaato%26uid%3D%24UID
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21ea:f000:1b:5138:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://sync.quantumdex.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:04 GMT
via
1.1 7f59e30d6672b7ea91c10bca6108d29a.cloudfront.net (CloudFront)
server
CloudFront
cache-control
no-cache, must-revalidate
x-amz-cf-pop
EWR50-C1
x-amz-cf-id
BJg8X1Q95R0ZUk7QBQqsExdWWFKm_7bwC35tx_eWU65nz8h-ZqjJRg==
x-cache
FunctionGeneratedResponse from cloudfront
setuid
sync.quantumdex.io/ Frame FF89
Redirect Chain
  • https://match.sharethrough.com/FGMrCMMc/v1?redirectUri=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsharethrough%26uid%3D%24UID
  • https://sync.quantumdex.io/setuid?bidder=sharethrough&uid=ae19c55d-8c27-4ec5-a31c-b78feddde6ff
43 B
95 B
Image
General
Full URL
https://sync.quantumdex.io/setuid?bidder=sharethrough&uid=ae19c55d-8c27-4ec5-a31c-b78feddde6ff
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol
H2
Server
2606:4700:10::6816:2560 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://sync.quantumdex.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:04 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
6d41567e1eac4bd1-YUL
content-length
43
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/gif

Redirect headers

location
https://sync.quantumdex.io/setuid?bidder=sharethrough&uid=ae19c55d-8c27-4ec5-a31c-b78feddde6ff
date
Thu, 27 Jan 2022 10:36:04 GMT
content-length
0
um
sync.e-planning.net/ Frame FF89
42 B
104 B
Image
General
Full URL
https://sync.e-planning.net/um?dc=bcf310d1654d268f&iss=1&uid=05f15c8f-9222-46d4-a74c-8888796eaf30
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
172.98.26.126 Ashburn, United States, ASN399668 (E-PLANNING-, US),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://sync.quantumdex.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:04 GMT
server
openresty
content-type
image/gif
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame E960
13 KB
5 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length
5046
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
date
Wed, 26 Jan 2022 04:02:00 GMT
expires
Thu, 26 Jan 2023 04:02:00 GMT
cache-control
public, max-age=31536000
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
content-type
text/html
age
110044
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame EB14
783 B
536 B
Document
General
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:821::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
0720532dd6af8bc400f243904de4355a5cf8cdad9d608593d28613f5228387c9
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-8QLRjqa6tQvuR8c8XC5nAQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires
Thu, 27 Jan 2022 10:36:04 GMT
date
Thu, 27 Jan 2022 10:36:04 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-8QLRjqa6tQvuR8c8XC5nAQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
514
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
pbsync
usermatch.targeting.unrulymedia.com/ Frame A02E
0
0
Document
General
Full URL
https://usermatch.targeting.unrulymedia.com/pbsync?gdpr=${GDPR}&consent=${GDPR_CONSENT}&us_privacy=${US_PRIVACY}&rurl=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dunruly%26uid%3D%24UID
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
199.127.204.147 , United States, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software
Tengine /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://sync.quantumdex.io/

Response headers

Server
Tengine
Date
Thu, 27 Jan 2022 10:36:04 GMT
Connection
keep-alive
/
onetag-sys.com/usync/ Frame A4CE
2 KB
814 B
Document
General
Full URL
https://onetag-sys.com/usync/?pubId=2bb78272a859ca6
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.222.39.187 , Canada, ASN16276 (OVH, FR),
Reverse DNS
ip187.ip-51-222-39.net
Software
/
Resource Hash
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://sync.quantumdex.io/

Response headers

content-type
text/html
cache-control
no-transform, no-cache
content-encoding
gzip
content-length
731
strict-transport-security
max-age=15552000
uc.html
sync.go.sonobi.com/ Frame 3932
1 KB
3 KB
Document
General
Full URL
https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.166.1.10 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
a2d7112e4efea5c0a74bd9818260ae6438b4ac2611b957fedba45a1f387e668b
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://sync.quantumdex.io/

Response headers

Date
Thu, 27 Jan 2022 10:36:04 GMT
Content-Type
text/html
Content-Length
692
Expires
Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control
no-cache, no-store, private
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma
no-cache
Tcn
Choice
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-26
X-Xss-Protection
0
Content-Encoding
gzip
Server
sonobi-go
usermatch
ssum-sec.casalemedia.com/ Frame 8E91
2 KB
3 KB
Document
General
Full URL
https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.54.68.240 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-54-68-240.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
5ea078707f380bf9f07028f5e36945e8c36adc0c1e4bf209e456938f28cebb41

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://sync.quantumdex.io/

Response headers

Server
Apache
Content-Type
text/html
Dropped-Udsids
46|73|88|3|64|8|196|156
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary
Is-Traffic-Usersync
Expires
Thu, 27 Jan 2022 10:36:04 GMT
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:04 GMT
Content-Length
1548
Connection
keep-alive
userconnect.js
js.adscale.de/ Frame 2949
14 KB
5 KB
Script
General
Full URL
https://js.adscale.de/userconnect.js
Requested by
Host: js.adscale.de
URL: https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21da:ae00:f:4f64:8940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
58ed344732766704ee535508e3dcd8d4a8ec0c9c79d16adf02293adde110926c

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id
p9Ju1UWFMOrICQUKapanB03fet2uI24d
content-encoding
gzip
last-modified
Fri, 21 Jan 2022 03:53:43 GMT
server
AmazonS3
age
461
etag
W/"98f37b242862929d9aef4bde91abc8ad"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 ab3cd7cfdd9d5cf21e29b3ffd33aa170.cloudfront.net (CloudFront)
cache-control
max-age=7200
date
Thu, 27 Jan 2022 10:28:23 GMT
x-amz-cf-pop
EWR53-C1
x-amz-cf-id
IMA6kMid88TitZD__n-jQQn07FKWTifXAUbSNsvvRtxTVv2fnZmQ6g==
csync
sync.console.adtarget.com.tr/ Frame 2949
0
419 B
Image
General
Full URL
https://sync.console.adtarget.com.tr/csync?t=a&ep=307565&extuid=4a3494f4b38c4774a1502e08cfec66ee
Requested by
Host: js.adscale.de
URL: https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
23.227.139.243 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software
VertaMedia 1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://js.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 10:36:03 GMT
Server
VertaMedia 1.0
Etag
7b95e55870966218
Content-Length
0
state
api.permutive.com/v1.0/
0
34 B
XHR
General
Full URL
https://api.permutive.com/v1.0/state?fetch_unseen=true&k=77604859-ffe0-4bc9-9ccd-67044cad2410
Requested by
Host: 00917082-71e9-498e-8343-00c3df06b798.edge.permutive.app
URL: https://00917082-71e9-498e-8343-00c3df06b798.edge.permutive.app/00917082-71e9-498e-8343-00c3df06b798-web.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.254.252 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
252.254.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://dl-file.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
*
date
Thu, 27 Jan 2022 10:36:04 GMT
content-encoding
gzip
server
Permutive
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20
via
1.1 google
tap.php
pixel.rubiconproject.com/ Frame DC18
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1&gdpr=0
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/mj5sZLCEIkSthmoCuy1Vjg?csrc=&gdpr=0
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=7358308858084391727
42 B
766 B
Image
General
Full URL
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=7358308858084391727
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
HTTP/1.1
Server
8.43.72.97 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length
42
X-RPHost
ab995a74221271a8dc253760ec78ee1d
Content-Type
image/gif

Redirect headers

date
Thu, 27 Jan 2022 10:36:04 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=7358308858084391727
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
tap.php
pixel.rubiconproject.com/ Frame DC18
Redirect Chain
  • https://match.adsrvr.org/track/cmf/rubicon?gdpr=0
  • https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9&gdpr=0&gdpr_consent=&expires=30
42 B
766 B
Image
General
Full URL
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9&gdpr=0&gdpr_consent=&expires=30
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
HTTP/1.1
Server
8.43.72.97 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length
42
X-RPHost
ab995a74221271a8dc253760ec78ee1d
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:04 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9&gdpr=0&gdpr_consent=&expires=30
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
289
pixel
cm.g.doubleclick.net/ Frame DC18
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2249&pt=n&gdpr=0
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NmIyNDUwYTEyYWYxNjhlNDU2ZDUzZDIyMzIzMzRkZjEzZDYwOGNmZA&gdpr=0
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NmIyNDUwYTEyYWYxNjhlNDU2ZDUzZDIyMzIzMzRkZjEzZDYwOGNmZA&gdpr=0
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H3
Server
142.251.32.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:04 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NmIyNDUwYTEyYWYxNjhlNDU2ZDUzZDIyMzIzMzRkZjEzZDYwOGNmZA&gdpr=0
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
bd0f62a3fbacfef6a33ae6abaf6daf37
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
pixel
cm.g.doubleclick.net/ Frame DC18
Redirect Chain
  • https://token.rubiconproject.com/token?pid=25470&gdpr=0
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1lXVUNDMVEtQS0xWlhC&gdpr=0
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1lXVUNDMVEtQS0xWlhC&gdpr=0
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H3
Server
142.251.32.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:04 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1lXVUNDMVEtQS0xWlhC&gdpr=0
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
bd0f62a3fbacfef6a33ae6abaf6daf37
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
tap.php
pixel.rubiconproject.com/ Frame DC18
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&gdpr=0
  • https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YfJ1kgABr3rv_ABH&gdpr=0
42 B
766 B
Image
General
Full URL
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YfJ1kgABr3rv_ABH&gdpr=0
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
HTTP/1.1
Server
8.43.72.97 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length
42
X-RPHost
ab995a74221271a8dc253760ec78ee1d
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:04 GMT
via
1.1 varnish
server
Varnish
x-timer
S1643279764.060410,VS0,VE0
x-served-by
cache-yul12827-YUL
x-cache
HIT
location
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YfJ1kgABr3rv_ABH&gdpr=0
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
709414.gif
id.rlcdn.com/ Frame DC18
42 B
312 B
Image
General
Full URL
https://id.rlcdn.com/709414.gif?gdpr=0
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
146.60.190.35.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 27 Jan 2022 10:36:04 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
v1
ads.yahoo.com/cms/ Frame DC18
Redirect Chain
  • https://token.rubiconproject.com/token?pid=26594&gdpr=0
  • https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KYWUCC1Q-A-1ZXB&sigv=1&esig=2~83d1e1606763f314bd8a33c4ea9428ac894f893f&gdpr=0
0
194 B
Image
General
Full URL
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KYWUCC1Q-A-1ZXB&sigv=1&esig=2~83d1e1606763f314bd8a33c4ea9428ac894f893f&gdpr=0
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Server
2001:4998:14:800::1000 Ashburn, United States, ASN14777 (YAHOO, US),
Reverse DNS
Software
ATS /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:04 GMT
cache-control
no-store
x-content-type-options
nosniff
server
ATS
strict-transport-security
max-age=15552000
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection
1; mode=block

Redirect headers

Location
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KYWUCC1Q-A-1ZXB&sigv=1&esig=2~83d1e1606763f314bd8a33c4ea9428ac894f893f&gdpr=0
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
7d24643e640b7b50906469aa87bfb2ce
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
tap.php
pixel.rubiconproject.com/ Frame DC18
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D&gdpr=0
  • https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=ae5661f2-7593-4600-a67e-b76a480711f0&expires=28
42 B
766 B
Image
General
Full URL
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=ae5661f2-7593-4600-a67e-b76a480711f0&expires=28
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
HTTP/1.1
Server
8.43.72.97 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length
42
X-RPHost
ab995a74221271a8dc253760ec78ee1d
Content-Type
image/gif

Redirect headers

Date
Thu, 27 Jan 2022 10:36:04 GMT
Server
MT3 4133 baa842e master iad-pixel-x4 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=ae5661f2-7593-4600-a67e-b76a480711f0&expires=28
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Thu, 27 Jan 2022 10:36:03 GMT
userconnect
ih.adscale.de/ Frame 2949
149 B
224 B
Script
General
Full URL
https://ih.adscale.de/userconnect?ssl=1&sid=0&cbfn=stroeerCoreConnect&ts=1643279764052&umd=false&gdpr=0&gdpr_version=2&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F
Requested by
Host: js.adscale.de
URL: https://js.adscale.de/userconnect.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.196.233.14 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-233-14.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
3516496d97f72bf509cf5d6902b5deebf53355ccb21127dc777d265cd96ca2d8

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://js.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:04 GMT
content-length
149
content-type
application/javascript
crum
dsum-sec.casalemedia.com/ Frame 8E91
Redirect Chain
  • https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=8076697769768775013
43 B
1 KB
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=8076697769768775013
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol
HTTP/1.1
Server
23.54.68.240 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-54-68-240.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:04 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 27 Jan 2022 10:36:04 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:04 GMT
X-Proxy-Origin
149.56.153.184; 149.56.153.184; 564.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
4e293cc3-7189-48aa-8a65-3c4e9adb5c61
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=8076697769768775013
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
YfJ1k4fAXGcl1AX3NhIYCAAAAHcAAAAB
pr-bh.ybp.yahoo.com/sync/casale/ Frame 8E91
43 B
990 B
Image
General
Full URL
https://pr-bh.ybp.yahoo.com/sync/casale/YfJ1k4fAXGcl1AX3NhIYCAAAAHcAAAAB?gdpr_consent=&us_privacy=&gdpr=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:4e9:5a01:5d12:a26d:2c7b:2781 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:04 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
rum
dsum-sec.casalemedia.com/ Frame 8E91
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YfJ1kgABr3rv_ABH
43 B
1 KB
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YfJ1kgABr3rv_ABH
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol
HTTP/1.1
Server
23.54.68.240 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-54-68-240.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:04 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 27 Jan 2022 10:36:04 GMT

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:04 GMT
via
1.1 varnish
server
Varnish
x-timer
S1643279764.186881,VS0,VE0
x-served-by
cache-yul12827-YUL
x-cache
HIT
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YfJ1kgABr3rv_ABH
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
crum
dsum-sec.casalemedia.com/ Frame 8E91
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=ae5661f2-7593-4600-a67e-b76a480711f0
43 B
1 KB
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=ae5661f2-7593-4600-a67e-b76a480711f0
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol
HTTP/1.1
Server
23.54.68.240 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-54-68-240.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:04 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 27 Jan 2022 10:36:04 GMT

Redirect headers

Date
Thu, 27 Jan 2022 10:36:04 GMT
Server
MT3 4133 baa842e master iad-pixel-x30 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=ae5661f2-7593-4600-a67e-b76a480711f0
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Thu, 27 Jan 2022 10:36:03 GMT
rum
dsum-sec.casalemedia.com/ Frame 8E91
Redirect Chain
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=48
  • https://tags.bluekai.com/site/17724?id=97d4a6eb-c5a0-45bf-9f14-bc4cb64b87ff-61f27592-4341&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D64%26external_user_id%3D97d4a6eb-c5a0-45bf...
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=97d4a6eb-c5a0-45bf-9f14-bc4cb64b87ff-61f27592-4341&expiration=1645871764
43 B
1 KB
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=97d4a6eb-c5a0-45bf-9f14-bc4cb64b87ff-61f27592-4341&expiration=1645871764
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol
HTTP/1.1
Server
23.54.68.240 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-54-68-240.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:04 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 27 Jan 2022 10:36:04 GMT

Redirect headers

Location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=97d4a6eb-c5a0-45bf-9f14-bc4cb64b87ff-61f27592-4341&expiration=1645871764
Date
Thu, 27 Jan 2022 10:36:04 GMT
Connection
keep-alive
Content-Length
0
P3P
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
crum
dsum-sec.casalemedia.com/ Frame 8E91
Redirect Chain
  • https://beacon.lynx.cognitivlabs.com/ix.gif
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=3c02446a-e065-476e-b8c7-6b0dc5c40a95&expiration=1674815764
43 B
1 KB
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=3c02446a-e065-476e-b8c7-6b0dc5c40a95&expiration=1674815764
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol
HTTP/1.1
Server
23.54.68.240 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-54-68-240.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:04 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 27 Jan 2022 10:36:04 GMT

Redirect headers

location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=3c02446a-e065-476e-b8c7-6b0dc5c40a95&expiration=1674815764
date
Thu, 27 Jan 2022 10:36:04 GMT
server
Kestrel
content-length
0
crum
dsum-sec.casalemedia.com/ Frame 8E91
Redirect Chain
  • https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1
  • https://gu.dyntrk.com/adx/ie/us.php?dynk=1nd3xx6ch1&prevuid=03030001_61f2759466c92&knw=0
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=03030001_61f2759466c92
43 B
1 KB
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=03030001_61f2759466c92
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol
HTTP/1.1
Server
23.54.68.240 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-54-68-240.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:04 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 27 Jan 2022 10:36:04 GMT

Redirect headers

date
Thu, 27 Jan 2022 10:36:04 GMT
server
nginx
access-control-allow-origin
*
transfer-encoding
chunked
access-control-allow-methods
POST, GET, OPTIONS
p3p
CP="NOI DEV OUR BUS UNI"
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=196&external_user_id=03030001_61f2759466c92
cache-control
no-cache
content-type
text/html; charset=UTF-8
access-control-allow-headers
Origin
keep-alive
timeout=10
crum
dsum.casalemedia.com/ Frame 8E91
Redirect Chain
  • https://bttrack.com/pixel/cookiesync?source=67e94f23-25d6-4008-8236-375d1743c2e0&secure=1
  • https://dsum.casalemedia.com/crum?cm_dsp_id=156&external_user_id=2b5dd949-f357-4658-8c42-b132e993d1db
43 B
1 KB
Image
General
Full URL
https://dsum.casalemedia.com/crum?cm_dsp_id=156&external_user_id=2b5dd949-f357-4658-8c42-b132e993d1db
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol
HTTP/1.1
Server
23.54.68.240 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-54-68-240.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:04 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 27 Jan 2022 10:36:04 GMT

Redirect headers

X-ServerName
Track004-dc3
Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:04 GMT
X-AspNetMvc-Version
5.2
Server
Microsoft-IIS/8.5
X-AspNet-Version
4.0.30319
P3P
CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
Location
https://dsum.casalemedia.com/crum?cm_dsp_id=156&external_user_id=2b5dd949-f357-4658-8c42-b132e993d1db
Cache-Control
private,no-cache
Content-Type
text/html; charset=utf-8
Content-Length
222
Expires
-1
setuid
sync.quantumdex.io/ Frame 8E91
43 B
95 B
Image
General
Full URL
https://sync.quantumdex.io/setuid?bidder=ix&uid=YfJ1k4fAXGcl1AX3NhIYCAAAAHcAAAAB
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:2560 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:04 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
6d41567e3eb94bd1-YUL
content-length
43
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/gif
us.gif
sync.go.sonobi.com/ Frame 3932
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=4d443a3ea2&gdpr=0&gdpr_consent=
  • https://sync.go.sonobi.com/us.gif?nw=td&nuid=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9&pubid=4d443a3ea2
49 B
864 B
Image
General
Full URL
https://sync.go.sonobi.com/us.gif?nw=td&nuid=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9&pubid=4d443a3ea2
Requested by
Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
Protocol
HTTP/1.1
Server
69.166.1.10 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://sync.go.sonobi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:04 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-26
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
image/gif
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:04 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://sync.go.sonobi.com/us.gif?nw=td&nuid=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9&pubid=4d443a3ea2
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
227
us.gif
sync.go.sonobi.com/ Frame 3932
Redirect Chain
  • https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dmediamath%26nuid%3D[MM_UUID]
  • https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=ae5661f2-7593-4600-a67e-b76a480711f0
49 B
864 B
Image
General
Full URL
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=ae5661f2-7593-4600-a67e-b76a480711f0
Requested by
Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
Protocol
HTTP/1.1
Server
69.166.1.10 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://sync.go.sonobi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:04 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-26
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
image/gif
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date
Thu, 27 Jan 2022 10:36:04 GMT
Server
MT3 4133 baa842e master iad-pixel-x28 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://sync.go.sonobi.com/us.gif?nw=mediamath&nuid=ae5661f2-7593-4600-a67e-b76a480711f0
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Thu, 27 Jan 2022 10:36:03 GMT
us.gif
sync.go.sonobi.com/ Frame 3932
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=sonobi&gdpr=0&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=sonobi&bsw_param=c842ca48-ee24-4529-8afa-5d2f74bfe7d3&google_hm=Yzg0MmNhNDgtZWUyNC00NTI5LThhZmEtNWQyZjc0YmZlN2Qz
  • https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEPRQCaUiRTxIwdoJxnl1lQM&google_cver=1&ssp=sonobi&bsw_param=c842ca48-ee24-4529-8afa-5d2f74bfe7d3
  • https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=c842ca48-ee24-4529-8afa-5d2f74bfe7d3
49 B
864 B
Image
General
Full URL
https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=c842ca48-ee24-4529-8afa-5d2f74bfe7d3
Requested by
Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
Protocol
HTTP/1.1
Server
69.166.1.10 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://sync.go.sonobi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:04 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-26
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
image/gif
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location
//sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=c842ca48-ee24-4529-8afa-5d2f74bfe7d3
Date
Thu, 27 Jan 2022 10:36:04 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
us.gif
sync.go.sonobi.com/ Frame 3932
Redirect Chain
  • https://p.rfihub.com/cm?pub=35683&in=1
  • https://sync.go.sonobi.com/us.gif?nw=zt&nuid=970314628629171378
49 B
933 B
Image
General
Full URL
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=970314628629171378
Requested by
Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
Protocol
HTTP/1.1
Server
69.166.1.10 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://sync.go.sonobi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:04 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-26
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
image/gif
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=970314628629171378
Date
Thu, 27 Jan 2022 10:36:04 GMT
Server
Jetty(9.3.29.v20201019)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
us.gif
sync.go.sonobi.com/ Frame 3932
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=161ebbbc-52fa-4dfd-9dd6-69f8615e9eb5&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25
  • https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=WEtjM3JpR1R0X0k0MERjUEFsQmQtZw&gdpr=&gdpr_consent=
  • https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEGAzRHK7FY-PzqDnebGUt0w&google_cver=1
  • https://sync.go.sonobi.com/us.gif?nw=pp&nuid=kTygETMkxOsS
49 B
840 B
Image
General
Full URL
https://sync.go.sonobi.com/us.gif?nw=pp&nuid=kTygETMkxOsS
Requested by
Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
Protocol
HTTP/1.1
Server
69.166.1.10 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://sync.go.sonobi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:04 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-26
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
image/gif
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

strict-transport-security
max-age=15768000
server
Jetty(9.4.14.v20181114)
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language
en-CA
location
https://sync.go.sonobi.com/us.gif?nw=pp&nuid=kTygETMkxOsS
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-c97897cf6-klt8d
expires
-1
receive
pixel.tapad.com/idsync/ex/ Frame 3932
Redirect Chain
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=3061&partner_device_id=161ebbbc-52fa-4dfd-9dd6-69f8615e9eb5
  • https://sync.mathtag.com/sync/img?mt_exid=10072&redir=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Freceive%3Fpartner_id%3D2989%26partner_device_id%3D%5BMM_UUID%5D%26pt%3Dd807e161-1268-48ea-b4cc-24...
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=2989&partner_device_id=ae5661f2-7593-4600-a67e-b76a480711f0&pt=d807e161-1268-48ea-b4cc-24025f67c8db%2C
95 B
444 B
Image
General
Full URL
https://pixel.tapad.com/idsync/ex/receive?partner_id=2989&partner_device_id=ae5661f2-7593-4600-a67e-b76a480711f0&pt=d807e161-1268-48ea-b4cc-24025f67c8db%2C
Requested by
Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
Protocol
H2
Server
107.178.246.49 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
49.246.178.107.bc.googleusercontent.com
Software
/
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://sync.go.sonobi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:04 GMT
via
1.1 google
content-type
image/png
alt-svc
clear
content-length
95
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

Redirect headers

Date
Thu, 27 Jan 2022 10:36:04 GMT
Server
MT3 4133 baa842e master iad-pixel-x8 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://pixel.tapad.com/idsync/ex/receive?partner_id=2989&partner_device_id=ae5661f2-7593-4600-a67e-b76a480711f0&pt=d807e161-1268-48ea-b4cc-24025f67c8db%2C
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Thu, 27 Jan 2022 10:36:03 GMT
18.gif
id5-sync.com/qp/ Frame 3932
Redirect Chain
  • https://id5-sync.com/s/434/9.gif?puid=161ebbbc-52fa-4dfd-9dd6-69f8615e9eb5&gdpr=0&gdpr_consent=
  • https://id5-sync.com/c/434/434/9/1.gif?puid=161ebbbc-52fa-4dfd-9dd6-69f8615e9eb5&gdpr=0&gdpr_consent=
  • https://ib.adnxs.com/getuid?https://id5-sync.com/c/434/2/8/2.gif?puid=$UID&gdpr=0&gdpr_consent=
  • https://id5-sync.com/c/434/2/8/2.gif?puid=8076697769768775013&gdpr=0&gdpr_consent=
  • https://sync.mathtag.com/sync/img?mt_exid=10089&mt_exuid=ID5-ZHMOlm4AjjTxjY1E03qUIBORU9LdvHYjJSi6Q5AZXA&redir=https%3A%2F%2Fid5-sync.com%2Fc%2F434%2F3%2F7%2F3.gif%3Fpuid%3D%5BUUID%5D%26gdpr%3D0%26g...
  • https://id5-sync.com/c/434/3/7/3.gif?puid=ae5661f2-7593-4600-a67e-b76a480711f0&gdpr=0&gdpr_consent=
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=8h9u11h&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://id5-sync.com/k/264.gif?puid=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9&ttl=%%TTL%%
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fid5-sync.com%2Fc%2F434%2F429%2F5%2F5.gif%3Fpuid%3D%23PM_USER_ID%26gdpr%3D0%26gdpr_consent%3D&gdpr_consent=&gdpr=0
  • https://id5-sync.com/c/434/429/5/5.gif?puid=B09EB3C0-DC2F-4842-9351-62624B73CF07&gdpr=0&gdpr_consent=
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2922&partner_url=https%3A%2F%2Fid5-sync.com%2Fc%2F434%2F108%2F4%2F6.gif%3Fpuid%3D%24%7BTA_DEVICE_ID%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_con...
  • https://id5-sync.com/c/434/108/4/6.gif?puid=d807e161-1268-48ea-b4cc-24025f67c8db&gdpr=0&gdpr_consent=
  • https://rtd-tm.everesttech.net/upi/pid/dm4ha19W?redir=https%3A%2F%2Fid5-sync.com%2Fc%2F434%2F136%2F3%2F7.gif%3Fpuid%3D%24%7BTM_USER_ID%7D%26gdpr%3D0%26gdpr_consent%3D
  • https://id5-sync.com/c/434/136/3/7.gif?puid=YfJ1kgABr3rv_ABH&gdpr=0&gdpr_consent=
  • https://cookie-matching.mediarithmics.com/v1/get_user_agent_id?dom_token=id517&sd=Y2FzY2FkZXNSZW1haW5pbmc9MiZjYXNjYWRlc0RvbmU9OCZpbml0aWF0aW5nUGFydG5lcj00MzQmZm9ybWF0PWdpZiY
  • https://cookie-matching.mediarithmics.com/v1/get_or_create?sd=Y2FzY2FkZXNSZW1haW5pbmc9MiZjYXNjYWRlc0RvbmU9OCZpbml0aWF0aW5nUGFydG5lcj00MzQmZm9ybWF0PWdpZiY&domid=1033
  • https://cm.g.doubleclick.net/pixel?google_nid=medr&google_cm&key=GOO&sd=Y2FzY2FkZXNSZW1haW5pbmc9MiZjYXNjYWRlc0RvbmU9OCZpbml0aWF0aW5nUGFydG5lcj00MzQmZm9ybWF0PWdpZiY&action=GET_ID&opid=goo&etid=&domi...
  • https://cookie-matching.mediarithmics.com/input?key=GOO&key=GOO&sd=Y2FzY2FkZXNSZW1haW5pbmc9MiZjYXNjYWRlc0RvbmU9OCZpbml0aWF0aW5nUGFydG5lcj00MzQmZm9ybWF0PWdpZiY&action=GET_ID&opid=goo&etid=&domid=103...
  • https://ib.adnxs.com/getuid?https://cookie-matching.mediarithmics.com/input?key=APX&apx_uid=$UID&opid=apx&ops=&utidl=tech:goo:CAESEHeTh2Z2USnyOZQ4mcRMHLM&sd=Y2FzY2FkZXNSZW1haW5pbmc9MiZjYXNjYWRlc0Rv...
  • https://cookie-matching.mediarithmics.com/input?key=APX&apx_uid=8076697769768775013&opid=apx&ops=&utidl=tech:goo:CAESEHeTh2Z2USnyOZQ4mcRMHLM&sd=Y2FzY2FkZXNSZW1haW5pbmc9MiZjYXNjYWRlc0RvbmU9OCZpbml0a...
  • https://id5-sync.com/qp/18.gif?puid=vec%3A24784681701&sd=Y2FzY2FkZXNSZW1haW5pbmc9MiZjYXNjYWRlc0RvbmU9OCZpbml0aWF0aW5nUGFydG5lcj00MzQmZm9ybWF0PWdpZiY
0
0

tap.php
pixel.rubiconproject.com/ Frame 3932
Redirect Chain
  • https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=39&mi=10&dpi=570392714&pt=17&dpn=1&dpt=&trid=&pcid=161ebbbc-52fa-4dfd-9dd6-69f8615e9eb5
  • https://sync.1rx.io/usersync/intentiq/0?dspret=1&redir=https%3A%2F%2Fapi.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D541745869%26mi%3D10%26csh%3D570392714%26rnd%3D83754...
  • https://sync.targeting.unrulymedia.com/csync/RX-a90002de-8bb6-4b1f-b058-c4573ef93963-005?redir=https%3A%2F%2Fapi.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D541745869%2...
  • https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=541745869&mi=10&csh=570392714&rnd=837545206&pcid=RX-a90002de-8bb6-4b1f-b058-c4573ef93963-005
  • https://eb2.3lift.com/getuid?redir=https%3A%2F%2Fapi.intentiq.com%2Fprofiles_engine%2FProfilesEngineServlet%3Fat%3D20%26dpi%3D259151345%26mi%3D10%26csh%3D570392714%3B541745869%26rnd%3D-1186440715%2...
  • https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=259151345&mi=10&csh=570392714;541745869&rnd=-1186440715&pcid=3522455783818883563132
  • https://pixel.rubiconproject.com/tap.php?v=12218&nid=2528&put=PyhM2rLAGW&expires=1825&rnd=926842293
42 B
766 B
Image
General
Full URL
https://pixel.rubiconproject.com/tap.php?v=12218&nid=2528&put=PyhM2rLAGW&expires=1825&rnd=926842293
Requested by
Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
Protocol
HTTP/1.1
Server
8.43.72.97 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://sync.go.sonobi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length
42
X-RPHost
ab995a74221271a8dc253760ec78ee1d
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:04 GMT
via
1.1 b7d10369ae737ec35cf8d7faced56ef0.cloudfront.net (CloudFront)
server
Apache-Coyote/1.1
x-amz-cf-pop
EWR53-C2
x-cache
Miss from cloudfront
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
location
https://pixel.rubiconproject.com/tap.php?v=12218&nid=2528&put=PyhM2rLAGW&expires=1825&rnd=926842293
cache-control
no-cache, no-store, must-revalidate
patent
https://www.almondnet.com/ip
content-type
image/gif
content-length
43
x-amz-cf-id
jXTrDV9VlxATwUt-UdvoNwaKMhkuJ7HX2RIuZ_ho3oyJTpr2GYSOEg==
expires
Thu, 01 Jan 1970 00:00:00 GMT
usg.gif
sync.go.sonobi.com/ Frame 3932
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=MTYxZWJiYmMtNTJmYS00ZGZkLTlkZDYtNjlmODYxNWU5ZWI1
  • https://sync.go.sonobi.com/usg.gif?google_gid=CAESEGBUyAhjXA6y82w_3sKekK0&google_cver=1
49 B
858 B
Image
General
Full URL
https://sync.go.sonobi.com/usg.gif?google_gid=CAESEGBUyAhjXA6y82w_3sKekK0&google_cver=1
Requested by
Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
Protocol
HTTP/1.1
Server
69.166.1.10 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://sync.go.sonobi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:04 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-26
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
image/gif
Content-Length
49
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:04 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://sync.go.sonobi.com/usg.gif?google_gid=CAESEGBUyAhjXA6y82w_3sKekK0&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
288
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
map
ih.adscale.de/ Frame BFE3
3 KB
3 KB
Document
General
Full URL
https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Requested by
Host: js.adscale.de
URL: https://js.adscale.de/userconnect.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.196.233.14 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-233-14.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
c92e2aaa1d5e682d6bcc1a8a660b1bc276053b732310deac4f4baed8c095137b

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://js.adscale.de/

Response headers

date
Thu, 27 Jan 2022 10:36:04 GMT
content-type
text/html;charset=ISO-8859-1
content-length
2604
sodar
pagead2.googlesyndication.com/pagead/ Frame EB14
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022011002&jk=3684567239361497&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

qgJV3VdNHF0UKJqll0M35s3ByNUeqPDUArL6SI-1xSU.js
pagead2.googlesyndication.com/bg/ Frame E960
35 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/qgJV3VdNHF0UKJqll0M35s3ByNUeqPDUArL6SI-1xSU.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
aa0255dd574d1c5d14289aa5974337e6cdc1c8d51ea8f0d402b2fa488fb5c525
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Tue, 25 Jan 2022 15:41:55 GMT
content-encoding
br
x-content-type-options
nosniff
age
154449
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13761
x-xss-protection
0
last-modified
Mon, 24 Jan 2022 14:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 25 Jan 2023 15:41:55 GMT
ima3.js
imasdk.googleapis.com/js/sdkloader/ Frame FC14
376 KB
125 KB
Script
General
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032322D30312D32375F31327D7B7331373037383430307D7B4333317D7B535A4777745A6D6C735A53356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583634307D7B593434307D7B66317D7B4C31323636337DFEFE&userIpAddr=149.56.153.184&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F97.0.4692.71+Safari%2F537.36&debugInformation=&kv_enc_1=url%3D%252Fg6zkpczghqdr%252FBanks_2012_Chevy131217.rar&isWePassGdpr=1&schain=1.0%2C1%21network-n.com%2Cpa_f06496e7%2C1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&isSinglePageFloatSupport=0&csuuid=61f275927240c&debugInfo=17078400_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17078400&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2cafjgvulrox&secondaryContent=&x=640&y=440&pubUrl=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=0&flow_bottomOffset=90&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=0&gdprConsent=&contentFeedId=&geoLati=45.4995&geoLong=-73.5848&vpTemplate=12663&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=dl-file.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:824::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6fee8b4efec9b0317fa9c53cffbda34f21dace30ad3104e5af3cadf6217fc354
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
127062
x-xss-protection
0
expires
Thu, 27 Jan 2022 10:36:04 GMT
user
ads3.admatic.com.tr/ Frame
0
0
Preflight
General
Full URL
https://ads3.admatic.com.tr/user
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
188.132.147.228 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
static-228-147-132-188.sadecehosting.net
Software
AdMatic / AdMatic
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
if-none-match
Origin
https://cdn.admatic.com.tr
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

cache-control
no-cache
vary
Origin
server
AdMatic
access-control-allow-origin
https://cdn.admatic.com.tr
access-control-allow-credentials
true
access-control-allow-headers
if-none-match
x-powered-by
AdMatic
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
timing-allow-origin
*
date
Thu, 27 Jan 2022 10:36:04 GMT
new
ads3.admatic.com.tr/user/ Frame CBA8
147 B
436 B
XHR
General
Full URL
https://ads3.admatic.com.tr/user/new
Requested by
Host: cdn.admatic.com.tr
URL: https://cdn.admatic.com.tr/user/bundle.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
188.132.147.228 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
static-228-147-132-188.sadecehosting.net
Software
AdMatic / AdMatic
Resource Hash
102ef6a4e67829812902c3049d4ac309d12d4695fee82812560f5ce5c90c12c3

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://cdn.admatic.com.tr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 27 Jan 2022 10:36:04 GMT
content-encoding
br
etag
L4thFIu5ukyb_jGEAPzysesK_77Y_MB68_es9yvkzFnxF-NBfWTObWfOGHqv0IPk5XQxiiMXorLhLvuHXxpE3A
last-modified
Thu, 27 Jan 2022 11:36:04 GMT
server
AdMatic
x-powered-by
AdMatic
vary
Origin,Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
https://cdn.admatic.com.tr
cache-control
no-cache
access-control-allow-credentials
true
content-type
application/json; charset=utf-8
content-length
151
user
ads3.admatic.com.tr/ Frame CBA8
147 B
431 B
XHR
General
Full URL
https://ads3.admatic.com.tr/user
Requested by
Host: cdn.admatic.com.tr
URL: https://cdn.admatic.com.tr/user/bundle.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
188.132.147.228 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
static-228-147-132-188.sadecehosting.net
Software
AdMatic / AdMatic
Resource Hash
c7cfa81df0666280921ecd145b9db13714ddc16b425319debf138bf8b3edaff5

Request headers

Referer
https://cdn.admatic.com.tr/
If-None-Match
undefined
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 27 Jan 2022 10:36:05 GMT
content-encoding
br
etag
K1oG_CxrwzYJW2oJYanfQGZwBwz8x-JYsVP8_tkXqmJ2eMrRqV1kvttytpc5eg3iOFmW9Rd6tqD_2sOSErFYkQ
last-modified
Thu, 27 Jan 2022 11:36:04 GMT
server
AdMatic
x-powered-by
AdMatic
vary
Origin,Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
https://cdn.admatic.com.tr
cache-control
no-cache
access-control-allow-credentials
true
content-type
application/json; charset=utf-8
content-length
151
match.js
js.adscale.de/ Frame BFE3
4 KB
2 KB
Script
General
Full URL
https://js.adscale.de/match.js
Requested by
Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21da:ae00:f:4f64:8940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
91b4eb09154d5ebef46352e922194ec6dbb9547b63f9776ae10133fe1ca66879

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ih.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id
6yxz9P1E1EbZLbgeFdU76eOhgQ9O.Cr2
content-encoding
gzip
last-modified
Fri, 21 Jan 2022 03:53:43 GMT
server
AmazonS3
age
2534
etag
W/"b75124846aec28a28b7a3441813682d5"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 ab3cd7cfdd9d5cf21e29b3ffd33aa170.cloudfront.net (CloudFront)
cache-control
max-age=7200
date
Thu, 27 Jan 2022 09:53:51 GMT
x-amz-cf-pop
EWR53-C1
x-amz-cf-id
xYFkEZKKdHzlppYVPzQeJEykFo6iKyWTQ8q3LhtwFMNb-y3N4VYXZA==
bridge3.496.0_en.html
imasdk.googleapis.com/js/core/ Frame 0665
601 KB
195 KB
Document
General
Full URL
https://imasdk.googleapis.com/js/core/bridge3.496.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:824::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b67fad811e7e9b06f1bb367ae9204cbdd235b7de4d8b7131a4d4cb212ce6b298
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length
199641
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
date
Fri, 21 Jan 2022 22:04:45 GMT
expires
Sat, 21 Jan 2023 22:04:45 GMT
cache-control
public, max-age=31536000
last-modified
Fri, 21 Jan 2022 21:59:24 GMT
content-type
text/html
age
477079
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
client.js
s0.2mdn.net/instream/video/ Frame FC14
44 KB
17 KB
Script
General
Full URL
https://s0.2mdn.net/instream/video/client.js
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16746
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 27 Jan 2022 10:36:04 GMT
img
ih.adscale.de/sium/12c4aab3da0a4f36a6cbbd4aff29f584/1643279764267/0/ Frame BFE3
Redirect Chain
  • https://bbnaut.ibillboard.com/match/AdScale?partneruid=4a3494f4b38c4774a1502e08cfec66ee&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F12c4aab3da0a4f36a6cbbd4aff29f584%2F1643279764267%2F0%2Fimg%3Ftpid%...
  • https://ih.adscale.de/sium/12c4aab3da0a4f36a6cbbd4aff29f584/1643279764267/0/img?tpid=101&tpuid=BBID-01-03179937647534265-16510104
49 B
466 B
Image
General
Full URL
https://ih.adscale.de/sium/12c4aab3da0a4f36a6cbbd4aff29f584/1643279764267/0/img?tpid=101&tpuid=BBID-01-03179937647534265-16510104
Requested by
Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol
H2
Server
18.196.233.14 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-233-14.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ih.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:04 GMT
p3p
CP=NOI PSA OUR
content-length
49
content-type
image/gif

Redirect headers

Date
Thu, 27 Jan 2022 10:36:04 GMT
Server
nginx
Transfer-Encoding
chunked
p3p
CP="CUR ADM DEV OUR STP PRE DSP NOI COR NID"
Location
https://ih.adscale.de/sium/12c4aab3da0a4f36a6cbbd4aff29f584/1643279764267/0/img?tpid=101&tpuid=BBID-01-03179937647534265-16510104
Cache-Control
private, max-age=3600
Access-Control-Allow-Credentials
true
Connection
close
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 8FA0
37 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:35:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
22
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12861
x-xss-protection
0
last-modified
Tue, 26 Oct 2021 20:08:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Thu, 27 Jan 2022 11:35:42 GMT
integrator.js
adservice.google.com/adsid/ Frame FC14
107 B
122 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=dl-file.com
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 27 Jan 2022 10:36:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
user
ads3.admatic.com.tr/ Frame CBA8
147 B
411 B
XHR
General
Full URL
https://ads3.admatic.com.tr/user
Requested by
Host: cdn.admatic.com.tr
URL: https://cdn.admatic.com.tr/user/bundle.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
188.132.147.228 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
static-228-147-132-188.sadecehosting.net
Software
AdMatic / AdMatic
Resource Hash
82f6ea8127a33732040e649437889e9c518b803212460c2a6149cf6f6528713e

Request headers

Referer
https://cdn.admatic.com.tr/
If-None-Match
jDsRL5En_r3SG1bHCq7TlskdQ2kW3L2mh1I7B8uBy5MuG7FfODV3egpf7MpZADrAY8aW-TK-vw3a5jOEkTUULA
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 27 Jan 2022 10:36:05 GMT
content-encoding
br
etag
ak38ga80sTNgZez84VJhB6zApSF2STfXLQ-JfYao7UGlMGEWQHVmefD8DWBVVqmmUYeiweO3QF68RzQQbzXvuQ
last-modified
Thu, 27 Jan 2022 11:36:04 GMT
server
AdMatic
x-powered-by
AdMatic
vary
Origin,Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
https://cdn.admatic.com.tr
cache-control
no-cache
access-control-allow-credentials
true
content-type
application/json; charset=utf-8
content-length
151
csync
sync.console.adtarget.com.tr/ Frame CBA8
0
473 B
Image
General
Full URL
https://sync.console.adtarget.com.tr/csync?t=a&ep=314221&extuid=jDsRL5En_r3SG1bHCq7TlskdQ2kW3L2mh1I7B8uBy5MuG7FfODV3egpf7MpZADrAY8aW-TK-vw3a5jOEkTUULA
Requested by
Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
23.227.139.243 Piscataway, United States, ASN55081 (24SHELLS, US),
Reverse DNS
Software
VertaMedia 1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://cdn.admatic.com.tr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 10:36:03 GMT
Server
VertaMedia 1.0
Etag
7b95e55870966218
Content-Length
0
user
ads3.admatic.com.tr/ Frame
0
0
Preflight
General
Full URL
https://ads3.admatic.com.tr/user
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
188.132.147.228 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
static-228-147-132-188.sadecehosting.net
Software
AdMatic / AdMatic
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
if-none-match
Origin
https://cdn.admatic.com.tr
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

cache-control
no-cache
vary
Origin
server
AdMatic
access-control-allow-origin
https://cdn.admatic.com.tr
access-control-allow-credentials
true
access-control-allow-headers
if-none-match
x-powered-by
AdMatic
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
timing-allow-origin
*
date
Thu, 27 Jan 2022 10:36:04 GMT
generate_204
tpc.googlesyndication.com/ Frame E960
0
9 B
Image
General
Full URL
https://tpc.googlesyndication.com/generate_204?eK1Tuw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:04 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
container.html
ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 02E6
6 KB
3 KB
Document
General
Full URL
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js?31064551
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin
*
content-length
3108
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
date
Thu, 27 Jan 2022 10:36:03 GMT
expires
Fri, 27 Jan 2023 10:36:03 GMT
cache-control
public, immutable, max-age=31536000
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
content-type
text/html
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
container.html
ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 06BC
6 KB
3 KB
Document
General
Full URL
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js?31064551
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin
*
content-length
3108
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
date
Thu, 27 Jan 2022 10:36:03 GMT
expires
Fri, 27 Jan 2023 10:36:03 GMT
cache-control
public, immutable, max-age=31536000
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
content-type
text/html
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
container.html
ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 9EA9
6 KB
3 KB
Document
General
Full URL
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js?31064551
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin
*
content-length
3108
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
date
Thu, 27 Jan 2022 10:36:03 GMT
expires
Fri, 27 Jan 2023 10:36:03 GMT
cache-control
public, immutable, max-age=31536000
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
content-type
text/html
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
gen_204
pagead2.googlesyndication.com/pagead/
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022011002&jk=3684567239361497&bg=!TU6lTgrNAAY6OBv_Ojg7ACkAdvg8Wns__en6RBRBI8D2UYwWs1FMzrJsgjQ3fwLA3SyI-EfyhP1WlgIAAAEYUgAAAAJoAQcKAMQqB_PSGVzqk0PhYRkCZZb5CmNBDu6_pUZWWxelZP0j4Y1BTtoopdS3eE69uvGHl9rX9zqevfnTm5I4KIQUTfVkrGkSb1sUj-zGFV4Ps8Z-MciP8LXIPGOYNtoqi5aL05eK_Ou7SXFzdRh2cOuwqbYlmfTrhTXQeGbbO6elgyHVI2NEQcnKAJILbFKoLS4PLBpNcuTJiUw4XVVQtPkzmTTgZ8S6ubgX0Yooqr6QBARHD-1Z6fVMzEq34hyedLHlGSUX-OqQmQLBvTlG-Tk55Rud8bTER6kksk1-uNsSkxG4XgE1wnldFVDbfqGG0-70SWw1RarXr7zlFbAswVrarrckr9A0nrPnMDdIH4o81VJra6X7wjLuKihxwFbRLzzYuOoC_WHwkyR2phqLZRatgQmQNE9aSEsp3b3ZNxizWs2LBc2r0mBh2Jy-cL2LYNxRctv9FKt3kAOC2KUYjmreLcXWTLqgn44gZiO3N8hI-jaa4FK0Ne53_NZy2FUFZo-3FMr4tN1vFMURfX4JGPYEMETpjfVYtKu2Pge7X22iGHUNwI2StnaDn_sP2UnnXD96snpGY9lRqelriINl8inu9HqCMbNqtzxwaGJekOhTBm8QxfNl25WGWEINA5-1x6VFT0O_fwwh2OvWYLnfmsZ0P3eLtqtclhMVuLNYpcTA_p29h9Osam9iUUlkYy6PdvfVChuTQTFJ0iNkwIN-ufvW8Dg_GTLnZuN6t0xoDEhRT2-vfH73yve1ZRI_zSHSxzaNMvsOA13SBZqNDKLZLdA4Yy85OHFkgUvs887m_KRAzc8jdEIo3qHCQJSAoHDrw1rhB-jxd8kwtAHcoR63nD_NWjCDeru-GEx04EhXHUeYiNDiITswu-0pIjcWalPkaQh0nvUroUxtCVNYXLJOj4YELnQyCLkXRmpAmYycmrlXl6tMhvSzCb1mY41p46TKoZiSJt3QALljBjjMDACgcOvC23H9xs8KjwOsvw89NDshgBZQKy4yXASKLw7r5UQVZTKBoLEHb_pn8W0hHNn4klWH9fe-ILL_nk0h9dFzVTqjT7ZPq-g44INNRSXAF2ovjeIsle_xAeJI9rcenKfH_ealMtwuRbDWw96shCFk9pVETzXncN0pKDO9_i6v1Cd76Eyovf3DuY3mu0l0dwcjkC_nhS4rM-tCEPG-mapiRX6_XpcxxxCvo2dISFpC
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:04 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame FD86
645 B
349 B
Document
General
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxDOyFUYqtv-lwEwAQ&v=APEucNXPqp6tA6JWnm2P2S0MkIL7uRBqYuf_170lSz3eknW78D_-HtZkYPjvI9kbaUVl-wf7gH7eDmA6jsTRhFY_mzZDqmfzgFSnfC07TZ43WoTiV6lUsKw
Requested by
Host: ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
URL: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a08acd55bb001aa85ced7f4f93a4a1446ca18a17689e872b59a9da81ebe0cd45
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Thu, 27 Jan 2022 10:36:04 GMT
server
cafe
cache-control
private
content-length
285
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
ad
googleads.g.doubleclick.net/dbm/ Frame 02E6
71 KB
30 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BlhMEg9heF_vHgr72nl0VNWuLzGFOGFWYah7T0aOxHk1fop6EnzZ-B6BtAPmaLM6koFRr9nszhYNbub7nnE5rdtqxvNw61KPJE_csvmjT1tpRvP3vf9Vy3hxvue2NOAhIvFfHB3qM1qtOVN15vSHNIDTi6PA&dbm_d=AKAmf-C_jIQo1DkVtSR1-YHZj0boKdxqiRU0pvhdQeXuuCIpdFE12PiQ1o9yP-N2VvqBWnK8UBXQM_O_r7IOlTUr3Td65GzC5BfZHqzqWXgl_wOYWKPdO0CMAq8lDXH9g29D-hAo2tIQNgFoYrPEvgdEBYIPK8Z6BtpBdz_Erz_LYQti-WoRlty4tpLo4vR3EcBY4lgCn-QSVJRY4T8r93LDkOFHM3D1l76hRBNwA_3i3vdReVT4wgmlOF7snPsRVNg5MfE4Z5qgDSjROuqdsjmRqeQQFmRv6sSr7nxPZDZWvb4YURpw9HTz4Up03DyN0XkOuk9jR3KMrdRjZTylCY-I_Pr87TfPPsZWNS7L3wcNMkrRRkIzOv9iO8RlBtm-W_f8NFMwYo9lT51V2QxEg_jmcFE48d9hRafAqeNfaJgWEwir9_LQLcaedTyN0AfDd1DvBPQXqJhSpqNbb7aS1Xd6x_8xB8HOjAWuunBD2xq3DjPj3iwUpNdVRQ-ChVsPy5o5EucZg48dyx2l1joIfGHPCqiw0FWi6O30wTtb0DbqbYDFyMAnyMEq_A7B-a2dpc3tSxJGD_3um3GYIqhqM9nJqcgc-kRK1iw3LufNiVjgekxojjO2NuiMf14bpbF9Knl11udCwviHhHxaCxyIElL9xZEa9ImYuTN-KuqFETPev_JxmmfDBeu6FsnXI53K3u3t2AAy1QzSct-oVrMuODebOA-RBEs2duDC-MeoFP4OvcYULgk8FP2TYZ5fLjQU04WdbXX_8nzLT6HKNFPX6ye2Z18QqjPI1N_XAGXxOrrZJ-Y6e6DonhYV9Xt2xjqkbwVoSmqKV1-lxf7TIbhP3Z_qfkQe8GtDAzDThXblvC_Enh3aoVoon9nEZ3SVHAcrWuxiLJslQRpwIF6u3gOyetnvlFdQNmXuIwmMbNj5IklhfNPcai1bCwqduzU2J9UPJWKRwFbRqMzyUF-Jf8zlNEzkkYqmvNarg2TrWOjlLThywChCfAxrYoZXo3qWPZab6vbGYIsoUz9GV-xhN3lEg__vlPBDCTTP1ILqqj16zwGz7YcDcTw9AOZfUI3alNqTx-vca2RW7ae_O5ErQk7UIgJQPJ_YlwezRKWBE2yKiHX6mF76IDJ6P00h7WVY8aN-Z5ktSYHwFOYv_z2Df27vEmK0yt-bPaMj0oBE_r9AMgKPoTsa83SQwpUFFU6RZUQaBPnisItRU1qutezBEJZsfaO2BZlRHa_Rc5VtEeVX9nw4jwxKgrcu7hpsK-uOTXqDOek4gPAjovzg6jfT9pvJ8ervbfCToqya6z8uItvfHg8wkw-tr6LADGBHrIFwf_AmjmNctNmD-jLccSy3ypMi-W4Ipvfkk_CvOR4aZH1GX33LEKNc9Ntvhv3q2yQnq-WrfeN9Y0285heg4j5ziGqQ6jjqv7SeLaIEmYD9OYx5s92vCyX6yV1Kgyca2VFvxUMx-81CWRV8tN6DznkVOt07THRG4KjavWc16f2vjcH_HwAfG2xyJvr0bBy5o_6_tMpjMdwmQh7xk15rZ2OyzkFVr3VTeLKfkyO8VvQuzRxBokCh3W-bf9wwKOwGhUeSZ8t-3C-2yt7avY72NT87zJvtmnob7LEap2GKHjCWedM798BFxt0CYPryJJU7DGCbtBOGVy9jQBifOaG8oqeB7fsfxn2tSs06h4Z4qZddOLRc_HRXWq25YpoY56D1x0sqoXWAZ7Z7GjcvYy46MBqRIf6Dnrlv0d6s8yBfBroLgY0mOs8z5f2pvfm0zmX-tR6rxEA5LMs_o1FIHJX-Px2IR1kLvjuKnD8HgCY1jmGzcDVt7o5eIKu3_YXFX14VK0de7mB_b7kPXWoqVYASnTCVgaP2HPuT78U7LmHPJEflZ0MSghSDjRkuYZ2O8uXc-p32Um5ekjVYVtwKtFGklMWNJZAZndkyKosh0H0XzkiktbGavgxTPTX4mJJGhgvJLmdSjVxlXdp1seoJkZIX9O0xDLyhzUaiNG-V6kSTB8gZ19FNOgpSI7gAPm3eeqnYRZwd2231UlUTV831dLiaMHvuTtrkP9bsyD_VRG0rTCXEJn3wCyLkMJrMmyT_Jgrunv1Zu7Tryygwnwv5gn9BXBaZ3mL9JrLfRmumErG3-xdeWq88j99dTJAd1eKPQzNlIHYCu6VJDWYzWeBDQoSmcCuh1o4qiQPC7l0rdBFlFWfuQvtCjB4hJZ3N149J4NHQklVVgPJBuO4lnA7khnXN1qaxDF7yFYoqvqvkRNWHtwZmEIHPUBk1W1Pzj9dv4e-1LHJiEWguWFZp0KN7rWkQw_NGSe6v6dwrg7V8ZM41oO5qcPxfXHdnYMpt15gMRnyHsBWjE_6U1JGMSUqxRPFW1hPHC6iosm6reRQhdbZfzBAhWouPEZs7GeSmFyZQv8L_7m1ltKFovUBWLxU3uN73qG8g6mljfi92gbsCaClR7aF3WHIxwxaKxq5-tB-tn8sy-sGvta4U_jb2mWOSat1307gHeJmY1bNrVICCAkLVtix8gIwOHX3qvySBxdGPf_0nidz38GgpwLIzYE385T4o-r7BF1CTxNgM5_aKbkngn_u7oohm-26LmKP5n5TRZqjAVmQzUjGVW1eEYN6XOQMbhTLDlGE0IymI95erD3E6fDBFfPcsGoz1ov1WlHrwBRwwxnAEsvFv6fGVoORGUx0MkGBSmhCLY5yqkdBL2vQGhsuQb_YxrcZ9mtyOlVxXs0lrhbrmyZB9UCkHzFvpKLJq9V_aRUusOfBsaSdc8Edac94GICEhXhCG4A0Kh7-jW4u3PA2UAlZamxIWhcnONxxahqS0g_yQU6VUxDTAFBrwpmABAfhf9_agksfTD86ERYNLz2p8heyo4-7ViGlZ_lm6pTHErE1KjafRi6EOQxN7fMrarTuDqdtsNJqTXyWUL56q_p70lUNfJkIlq3vQZ7BZKZAtQtqJeVJBjkvwdFWuqRoGi4bXhe1CjNdt_RqUMGC7bWuYsWoLf0BcGlLp1DQdR2ZAg2vCUW7PvMPR2ebwQ7uXOcGz637IbRb2k05T8yvi-i5Z4_NA9caQztnr18Pm&cid=CAASEuRoi9TjJ5tQXl5rNVtOJcvo6Q&rfl=1%2Chttps%253A%252F%252Fdl-file.com%252F%240
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1710699023dfe730c6c88fcee7351ecf8c3a4bb0c805b96a5257e99694bdb893
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:04 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
31001
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 02E6
42 B
63 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DNBNI6j9-vd-gmGNNwDxLvZh8jxrIMOmUNU5KdET4WyH1x0icLMxkWAxNKD0VWfHPf3A3Hta2GjbzDb7mH3EG7IsmjIZWxOjFGYL1CmceKxE3JagE
Requested by
Host: ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
URL: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:04 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220125/r20110914/client/ Frame 02E6
2 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220125/r20110914/client/window_focus_fy2019.js
Requested by
Host: ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
URL: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:33:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
134
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1205
x-xss-protection
0
server
cafe
etag
18074202747124231361
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 10 Feb 2022 10:33:50 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 02E6
123 KB
38 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
URL: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:806::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
84bf5ffcfd8b3a1240721c90836f1167532b716566165a51ca920c9e657a75d4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38288
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1643200382015849"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 27 Jan 2022 10:36:04 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220125/r20110914/client/ Frame 02E6
14 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220125/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
URL: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9fa7f49e3a869a02c248c7c730f895951b3fc2f811e504d3ab30f72c1f74913c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:26:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
602
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6123
x-xss-protection
0
server
cafe
etag
1875255482418879373
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 10 Feb 2022 10:26:02 GMT
l
www.google.com/ads/measurement/ Frame 02E6
0
0
Image
General
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaSOMZIjxA99CwApzwncMvEqo2tVophDxZfxCUcR3faML5lHVXrPZYtRYFI0QAoEwr6M62xfeDX3W9v3R0JGkn-LfinGow
Requested by
Host: ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
URL: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:821::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pixel
googleads.g.doubleclick.net/xbbe/ Frame FB94
645 B
742 B
Document
General
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxDOyFUYwb2AmAEwAQ&v=APEucNXMYZOXTcdY7GWvxkNoiYlWJTEhnaWkWh1a2gepYKt99aMSBHpjZo42JyibToOpucuWSxiDkkcubmJ6OK_5eZq66ZznvqNNrnMOEjUcFXawgz4MrHQ
Requested by
Host: ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
URL: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a08acd55bb001aa85ced7f4f93a4a1446ca18a17689e872b59a9da81ebe0cd45
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Thu, 27 Jan 2022 10:36:04 GMT
server
cafe
cache-control
private
content-length
285
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
ad
googleads.g.doubleclick.net/dbm/ Frame 9EA9
71 KB
30 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BK98ShbjLoq7zkCyH8vFyyBXrposmLDTLqKFJKPugiDQQ5rSzvOfQ4f_WWf4hrgIpDHlCNLJZSr7Ou5NP1dnZpVFlWi8mNvawQ_JQaQ63QZwjKBk-2UTo2ZXHlGqpc1DgdszKytbVbWR4HOYu9b4VYRKRZoA&dbm_d=AKAmf-BJHg_DLGacZblaB-s8CJFmI0DasIggFw8M9j7cEA9vjHKrNw0Zkr7ARlTcDdMscRmfJHygE1twHwdtIhkU2BPWF61sAv-xG-lxasw72bNr_AMvKdpSqqVmWhcs60rtJEDo7UjyGW5wOsLOWqay0iRu13_4RIwlY6Yqy6WI9c7QNIWq8xE2ejKjMGPvh3W3qRZSzd55q_GMkbKIJMKi7SLrVoJgP6uNcXk9lBVg57tcz671Uoz9DGgXRhkcFt-7nV0x13kKZB0Cb4DwrTavcbSCckTERdViFP9j-EpFpR9KEhbsbT4XJNbKtZ209kT68nNvESXvAWMsm4mY8gnQj28IfnJmZZ8U15eEHt4S1b5jucKJE4CWTkla5JwhwIWuRTD9-BaXIIH5R9nfiRkw-YuFzjAsUqLehLxERNhfaDXE7lHPZqXJF_2uUlkqOm16MNpG4CeFw-7USrW5d3AHu1xqhbXjgMmlqaiuXZcFJQ6CnTQztI1B-B6VTj8xJLeK5uOOsCnkVt3Ypa8cPos1m3KF5ZW4odTE0xpW5t1gBforRP4BUPZqw83qBKJjJd7IGl3FU99RJ2vt9KUgzmkTTZdD6DMPBG4baIdSR136rf4qPBELyVb6u3ryHM7IbcVNl9seTUxFUVzjh_OwoVB864fgBMSGKlo_1qUoWpt-uiVCWxl14o1N4OR2vZ6qbFdjwutG01Wv7OH2kb3wNb7LnMnMoSb4ZkxCFHXDvLk3Ea5r5ARLWLsaMx3ctfiigHxZ7PIsp9MXmChViC6taJDle_z-FtMhFaKbn3tUoY4rT8KbCxlsshz4oCpWL0e9Z5ijAb27qQ2mHN5Q-qb3_1clndhJ6wu2hSw4dq6DU-POo2awiUGjDaUAcmCcc6-akrhB1MmaR4NxCmUCL07xvURSiTCqRkap0-vV5NywjIZSjTKGnxlbK4J_N0HJdKDUYvaWwKONRuF7krciCigqFHe-SEXzPr5CZ67_DmU_Bs9cma1U-TsX6AxFQBT4X5kt4-u2Kz0x_1f_nWJuJTmy2UUyVI8EA2-ygGPZNm5QaztrsbmyLNslEvKJvOaB35MYr0YtZg3-YGBmSxEY3JlNowlGcTvCqN_sMqNweGbVirqtCG1ktorX6FsqZ-XXxKamv4Z5xsEmfymlaEA3q6oyZNT3_N_hiaEbIf2HvxKZrgABdYJX66xf3tzB_A2g9L9fmhsSZm6_e7HbBDWSVYchAG8mtPygAfLtwYWPbNire3l9TjOQMPbiuRvLrmCeqlWdFad9epcq02XrBfwGiX50rHBhhGW0ArhnoWdjTKkbu_29ZKNQoKsR7iD7gQEMpaYz1oaRiJhGlX12dpRug7Odz6yJ4awAKQxdvCRFC-zHmow473unvPoLaIKPQCVO44HzZrmOKiJAPgmXQj8CUkfyBNA8E-Ht9bykIwvD05nm6yo8nYyQPuxMlUdjwdPGom3GBUevGmzldRqIR-b_e70Oo9i5uuW8knpAgowJTSKsFJBvGGz_kEssvGmiF-gwyV9QAY42x-uHKCIGhzLGA7Ugs0clD-8jx40_lRBEEf1VOVJKxgCjJ5yaaboA-FT-NSFTXmo6BcxgB6M1rFRL-kEgcuOY5k45MgY1rpd6dCC_299KMdh5sHQJahneWg9-lxNmfEmZunLZxzU6N1FPbjYiYaJEBTvTL26TCSNgjcH-x8cfGxQ537fs579ZIfdTYsIGXEFT8ayGXL_KXT2UP-9AZrEyOTtdPhFipeIzv3fXNua0KKRuI_1CBLOZkXK9XEVeT1ifV1qjcfVXwdql6LcvRMrU7YQM8jrEuQuSn9SvfVzsKta_J23KrjVAtsG6JCU4Nyleumaw6H0Q95WFcTk5TcNDP1RT3lG84FjXMn_9UkJZ-iP3DdyJWLTmqhEtlO8gAOsvSQZJEIJMZiFRCwHKt8VGrrxbV1Y5NY210tNv3MYm3cZHHuooCxYEzkZBt6ENGJj_iAXQ-FRmVYp3HCSV-eb51nY85r0EUn7f4sDWfP7H8hz9Cq3Z7dnUA6lUrOCosBwAYJGRBZDUPFCgHdsrbyD-NDbNqms5P7QZBYuxVus8NZqUVNSCo9PPko7GFoAv1SfUqi56i8tetAi-2OftwiO7GiqBkr-QcZ22uPalqKsy3aplwvP6gECMwsWJAtaXGLJ20-_fZzvuGJZa4caonVeq2UQc1isn_XTfslpkcLJieub15pYN64pjVRy7DlWGmvpRCgXXXtZRS5WtlZ064A47o0JNEsXdyQOaTV34CSNoD7-EWt95bfRv6wqgF7gcoCmUha3AiwkTN49txJuciJG14zCjURbmw14jKIBCSA0lRaO-a5foUFc5cvS5_5bo1qDdS6VcxtO2NjB5wQubxucuvFMfLcyS-Rj703lBY00UUcxiWTNS6N-97XguCSQkkVsxLEG4HbnFLdpYyLLgsU392Jn__HEOQ6_1wIszUo1IVs-pL4PsW7fAnVFqdnDxZ7KSYl6syIJM6RB3Ga_SJ688ScViuNOmqEuvRvcu8lU3Tv3dVbf9_6BWMj-rqgy3oMevfykxT2ujrKh7tk-ZymZJNgql5XUKkFMubSsQ17VGzL8bdHeft5nWsbgbjuOqkeJ6uNmZ3pFv_IoJvokrDnH_FjgFneEerMp8FbPN41TuSEbM-U7bjiWKWXGNH3uIRbwj-6E1QjXhQ39_UofP04aOhNkUjntnFs06eb7qZxQHcYbxwzmS8JF2aDSYmenMCr35MjCK5J3O3DaCkOpXkaKL-zEB5mPAVdLJoDzxEb5bs82B6BgGWWgn1w2f3fWz6SBBftf9FDkZvBK6vW5Ax5WIBqpOFyTP07hT7ssrOK8jLUUVOfsI6GPHIRwKZZLXDMMUDTVfFSVMfv0O4eqs7zQVnedA-nI2LAmhvQhF9NBLcVQ7gISLOSdrkZYvZKG8saO3gxuPg2rgFC1Be90VFpgGvTBEXJBmoEeCprdlW95aO-J8lHNbttpLiANWTbCztwiAJ-bena7Dk7uoVV_rzKHvBi9Q7a2HZ8vXyNDoHqTaLAeEpn1O6iV6kK8TzwUg_S1si8cezC-q9C_HVPo5VsTCjW9R2rFHng&cid=CAASEuRoBTQ5MpO6tYpk7ehPmPOW4g&rfl=1%2Chttps%253A%252F%252Fdl-file.com%252F%240
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3cd219dd9fb1d1466ddcdf4b51ba1952165c81840c5e1cd0b41b38ec55613b81
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:04 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30580
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 9EA9
42 B
63 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AiWlziSZC_TkpNYjr1XgAUXSbJLbICyckBA9o4viw-HuKTq4l6ChbxNlS91L49cNP8ysjYhhqwnzJcE18VAs1IWnBjK76mPhZ7b_y2DeJvaDnmohE
Requested by
Host: ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
URL: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:04 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220125/r20110914/client/ Frame 9EA9
2 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220125/r20110914/client/window_focus_fy2019.js
Requested by
Host: ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
URL: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:33:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
134
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1205
x-xss-protection
0
server
cafe
etag
18074202747124231361
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 10 Feb 2022 10:33:50 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 9EA9
123 KB
37 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
URL: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:806::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
84bf5ffcfd8b3a1240721c90836f1167532b716566165a51ca920c9e657a75d4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38288
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1643200382015849"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 27 Jan 2022 10:36:04 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220125/r20110914/client/ Frame 9EA9
14 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220125/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
URL: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9fa7f49e3a869a02c248c7c730f895951b3fc2f811e504d3ab30f72c1f74913c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:26:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
602
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6123
x-xss-protection
0
server
cafe
etag
1875255482418879373
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 10 Feb 2022 10:26:02 GMT
l
www.google.com/ads/measurement/ Frame 9EA9
0
0
Image
General
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaTTITK9gkxT_A3NRX6Dgu63vNRfGQO_SNbWchqI6kVdbkY-SqDJsmiEMPbF1p1cazOUs46MfOD2M73K2qOgkhQnJMDlYQ
Requested by
Host: ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
URL: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:821::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pixel
googleads.g.doubleclick.net/xbbe/ Frame 6B0B
668 B
372 B
Document
General
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxDOyFUYwb2AmAEwAQ&v=APEucNWTFHbiANL6APf_nVc0BitJ-_rkdgZ3JseZsUsmtLUJgMeOQh999ZvUc04E_JTN7YcS7xQwNUsilVfezBKdZiMkp6uLAxb67eXzsxyeR1-kznqCLyE
Requested by
Host: ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
URL: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8015a89c7e50b71a6597cfc7bc2be462212ae1f57c37e40878a79e7550768ccd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Thu, 27 Jan 2022 10:36:04 GMT
server
cafe
cache-control
private
content-length
304
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
ad
googleads.g.doubleclick.net/dbm/ Frame 06BC
71 KB
30 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AARikdhTb1k0Kb_U8ylLmWQKQMjpEt2rwbzXQxrplwToQfopmZKrLNFqGT9sxLhatPoOkEQwDl7rUHj0SZ3l2BxFwKLVjFpd3X3FxTtThnsKSF4Dp-EtcUMPW6kvgrQiQew0cs2EysdtZZQusF3h8BkDq25Q&dbm_d=AKAmf-BqR_5MfNWCDxwOhgOUetljz5JBFheMfkOH-cZrF2gOVkVmx2b2SYYfsQiXRkLGOhxm12bs8V89QgSekIvWyhNG4IOy-2mTekrf02Vr4Oz7fBYgxaZw5FFsfLxUdA42leXEQK6TLVPmvFvrMqd70Ey3jvkFatuStNyUkEo9eBKBtaZrPc2vJeJdCLdeEuxtHQ0-ZnxfEkHnvpshChEa3UrGroZePOWTCpE2ivkRDJaarm6IyMyZDd_gibJ9ShoXqMUh_XlT_-Dbb-qlsz3Z8PFO3q13DgHoE7_ifKO1TGaaLkrRxPdxq2PLNLvWwMTgsX5q2f715pm8ij_KsZpqy6na7VZyTGZSzeCgON7o6UegvP0s6m06_ELOuOpLKLNQUu-U8yI3TmezHoeMFbyrYItClj9BFnZvpL4U4T_lWbxPBArKgkx7Isjg6krkwUKgnxMibGBrDeWmjis3mGqeUyD4c7uuK3W6W8ZRiJ_Q84xHvHenwEKll9dM4bVKyR2X55ppGTrioeMIP97hqHLpX5VKCsPaCt5MgF-pawwWWrraw0vahvJYs4n0SoglnZsJTZC5_OmUgLPl7bmwEx0jtQ0dJJzhJ_-Ghi0_2uj4dtFypftxeztxb_WKK-vLBzvC3vYhnVdguFcOrNMZRYMjnatSoUmBxXJheT0ck2n_1DB__GwNeqqA7cn1sJBG6bcGh8qKC09ezBS4UcqBFJrgBOThqdAU7sQWkLFeUChuvcDl7kP-f43HIoLigrdefMveKKm6h1UMf2QYQ0qyMdL46ORGKhZw8cWLAZbEGxW5uD5FH5X2ebfe5Z0NKCJvyVsSN9zMvTBRH9VBzmmiKFlBXJpaur2vx5ZVUqe1AFFEsC01_jTT4Cn9nYbrikvgB86mbmKuJFFK7xRdk8l_PkmPvTKIhFtnwqY9bTMguqTPKWZwD-zUEUjY72on3dAQ0aQGlgctkhA93q2fefflBK7Sm0xYeWatEXzvolBESzVY3ynkD2IxSJqRvxZHXHZjDbgVHmKijpkWk9_EMsBj_x4DujYtsSRyCXyQ0zv-wK4GQ4xPiDC6IhTenaJV4zy91KC-xwTjisk_KUVMGpFjiyX4yw0moC3uiVDjgKpNvFChncPv_lU5Tgvpbifyz0Ble5SOEHMOGepHXd57t86-9xDuM3HAKWZU845i-ax9Dd3b-Vpc6HEHjB0ATMHumUj9nTjPC_fueMMJJXuWzd8Jiw78d15zwZ1O4LgjNrHFRVPYJpvify5AlN0M1wQbO7v5k-zdIDpI1Apxn-3XhnUw_TazPBpNq9ddq_G_Vvizdt3y2ZAlfs0hiWJpVK2bmK5in6TEDRhBQpY1entaeyjXbAQn-JfrnXisAD3Bk2OzBoGGDQxRNIiGSXOTaVmSBr_GVeJ7hcQjNdSjHHn3dutSxLbqkVQV55r9F1bj6aClU4IcXLIfXM3mRGyErswL3WGP8hf1ATk8nnSa1esLnXFRRVUwEhnOShYSV0hRnTY7TDacTytMP9RYz2ATj3XRix2Y8rESCGklVGLVoeotQ-akdMVXyxrTozVJ_-e4-MxkpTG007jcmGXepUV0BejTTy5BZq1jE2y7L6zbaXWgsPQieRMj6uYpJyZojy9i_R2EYYU1VzN-YpmWIwn54VVmyzXEyehMOUMVWBi2ykJm_14wYHPgSlFOcZPxv22GgpvCCIUKSrIBOpRaNQN5KqSp6Lz3ppsdOpaAEwKiO20KZW2EAmvaNBV6WhnKtMDal8ubdWMqd5FjjDXlJ5uPRAfMx0dRNZPLmTpTo9-Q8OT1mG5o2jdoYY3sq3pn9lnHvYwvbZxbLuI_4gYvyj21d_tOM5Ln6DRBv1hFm4e76CdHLlRfL7bX_j2rzZk4U_s3ha4bI-0Fz4K2nwVnroiKmz24XN56wXKLbI8_jemUcW4PbQxxz7ZqtqDKz3BhHiSiYxcxwTHzsCn3RQqu_4RsVTc4YJ9pdlTUKtIayonJdHcKXLofhq7eyZmUoIYfPy0l1_bhAM4O3nHvhHvLUn9ecEJQgXN_x2Ido-lcanGWvKfZLTA-8y8brCYO3vEsohRBbiJEkedO35SdWFAOfBrzmCQTAvwkcvOfn3c0D-fTf7ofEdhC_AgCbzuyh7AfrKM81rpjv2I-HBqXI7je7ya8eGRXODeuCdWb7YFmrhWJtojRGHnLjODw2SM1ZwqSa108TACBQaUIOHJKFsMhHeoW8S9Qw93G5UMzYkNNI0u3wMBryNIdUC38y96_NZ15mI7wp70kWIe_U4Rt0IcwuysWAEMGcwUz5gIfs_XBCSozipM8OvMXQCd8kL0BrvNm_91YPcj60XSvicczhZFJWja-vCUz86C-1gMwUo1IoDLqqD7yDjdMZdMYSNoX-DjbmqHut6S25FJDdW-jdhGNSGuH-HMykDHk3k9tVVQoDEyFlJfeQIzG3abbEWWnN-Dx3dqNEOFkiXZ-nzZTkQWzPeIWDiHjAvQHyb_GtowbLEM-35Xb_oWdu_KrQnuvn2PzK9a3dxxd8OR4UT0gFEzMmoCn97BbWWxP5np_gdU5BzZmqbZTy84F5YixctfXDp4ik_cP39jqRYbFWcRVN1wz6VKP5yM-tLC-zbc5P4UIa6O4CbXkgopRsQoqvVmzQpi_TnURDkzrQjzH1zv5SvZER2IqYiwV94w5NDwQCiweL4_0cNUKvt7rtPYj2plq7NleYIH7A_tCnzFje_4XDDw-DRvBLSM7VQm0YBlvsVbv0TFjqDybolno58L0N2RxCIfQrWje81apvJPWa1rEMfTPVqBAjVLiYRO_OOgvzP7wxDvr0YnUfixPvDcL6u-LBZsfjKWMtBuv1QMD06EpI1erIWBWZ5Fo8hy7rj7B5tr-JxsZlhSYkF1pwITdFR3OrylP0xirTBaJDKwOW3fZY1FrZnNoJSmdcao2yah0R87f2bGkX_dYOPhXtRzdKM46lGOVRTBuqJlJGNjQ3KBZ-YgGyT85xYTsXq98KcgfwhU9t5aWX-01mt2eCdZ-MMukmcIMZiwxYIZBZ5qRyXw1wgcH0GE6EHBZHoMiWLWBGygv5igPnmHqmqsmpmr4rGmm9gsuKg&cid=CAASEuRoej8iBzNhljOKGV52rM5-TQ&rfl=1%2Chttps%253A%252F%252Fdl-file.com%252F%240
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d668c483ae637f68747f098e2a245796b2928dba0e6d280a7dbfb6967cc33002
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:04 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30631
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 06BC
42 B
63 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DCQ_yHg9P6oRG6CfW1RH2hwiIMaEj4k--66j0sgm1DhqvEu98oifMsGB1oI2XcXO5OvP5_V73TbKtIWL_DT4UZMVwfDdEyWKNg9evt7lm9AOFU9Rs
Requested by
Host: ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
URL: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:04 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220125/r20110914/client/ Frame 06BC
2 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220125/r20110914/client/window_focus_fy2019.js
Requested by
Host: ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
URL: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:33:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
134
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1205
x-xss-protection
0
server
cafe
etag
18074202747124231361
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 10 Feb 2022 10:33:50 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 06BC
123 KB
37 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
URL: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:806::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
84bf5ffcfd8b3a1240721c90836f1167532b716566165a51ca920c9e657a75d4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38288
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1643200382015849"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Thu, 27 Jan 2022 10:36:04 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220125/r20110914/client/ Frame 06BC
14 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220125/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
URL: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9fa7f49e3a869a02c248c7c730f895951b3fc2f811e504d3ab30f72c1f74913c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:26:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
602
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6123
x-xss-protection
0
server
cafe
etag
1875255482418879373
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 10 Feb 2022 10:26:02 GMT
l
www.google.com/ads/measurement/ Frame 06BC
0
0
Image
General
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaQl3SwDkOOxE2uyCTFCQUb2wy8ZhhVlW873dQoHEyaRvnjbfjRgMn2g5CIj8z9qrP_BZoY1d3HBADtemIslDkWxot-LQQ
Requested by
Host: ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
URL: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:821::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

a.gif
t.sharethis.com/d/ Frame DAFC
0
289 B
Image
General
Full URL
https://t.sharethis.com/d/a.gif?cid=c010&cls=C&stid=ZGoABWHydZEAAAAIMeZBAw%253D%253D&tt=t.dhj&dhjLcy=1643279761538&lbl=pxcel&flbl=pxcel&ll=d&ver=1.825.22796&ell=d&cck=__stid&dmn=dl-file.com&pn=%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&qs=na&rdn=dl-file.com&rpn=%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&rqs=na&cc=CA&cont=NA&evid=RF0Gb6XAVLrtxRBQMKpH&urls=!1!433!b-13j,!1!432!b-13h,!1!432!b-14s,!1!0!b-14t,!1!413!b-150,!1!409!b-16f&rnd=1643279764817&cid=c010&version=1.825.22796&cc=CA&cont=NA&cls=C&repeat=0&htmLcy=97
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.106.245.174 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-106-245-174.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=2628000 ; includeSubDomains

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://t.sharethis.com/a/t_.htm?ver=1.825.22796&cid=c010&cls=C
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:04 GMT
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
X-Robots-Tag
noindex, nofollow
Strict-Transport-Security
max-age=2628000 ; includeSubDomains
Expires
Thu, 27 Jan 2022 10:36:04 GMT
ads
securepubads.g.doubleclick.net/gampad/ Frame 0665
156 B
142 B
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F6928793%2Fdl-file-61deae48ca228%2Fdl-file-Instream-Nova-Core1-61deb211dc4b8&description_url=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&env=vp&correlator=2274035693850761&tfcd=0&npa=0&gdfp_req=1&output=xml_vast4&sz=1x1%7C400x300%7C640x480&unviewed_position_start=1&cust_params=prmsig%3Dwypjsl&sdkv=h.3.496.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&u_so=l&ctv=0&gdpr=0&addtl_consent=1~2090.2970.46.1375.66.70.7.1317.2526.1843.122.440.1703.1896.1097.1022.1799.184.196.202.89.2328.1998.1215.229.229.338.505.2135.2213.1799.326.1449.2993.1025.371.960.1024.1027.1902.1034.1127.1468.2567.486.2631.494.1033.585.1456&sdki=44d&adk=434523329&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.496.0&sid=C4FE7F50-6A2A-4889-8810-3AA686529680&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY8JDt2OkvRQAAAAA%3D&nel=0&eid=44737475%2C44747319%2C44750824&top=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&url=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&dt=1643279764863&cookie_enabled=1&scor=828725119822835&ged=ve4_td2_tt0_pd2_la2000_er773.-1800.923.-1500_vi0.0.1200.1600_vp0_eb16491
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.496.0_en.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
cafe /
Resource Hash
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:04 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
113
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://imasdk.googleapis.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame FB94
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm&gdpr=0
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENl89Nifbqkoww5OOn8oRSY&google_cver=1&gdpr=0
43 B
1 KB
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENl89Nifbqkoww5OOn8oRSY&google_cver=1&gdpr=0
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxDOyFUYwb2AmAEwAQ&v=APEucNXMYZOXTcdY7GWvxkNoiYlWJTEhnaWkWh1a2gepYKt99aMSBHpjZo42JyibToOpucuWSxiDkkcubmJ6OK_5eZq66ZznvqNNrnMOEjUcFXawgz4MrHQ
Protocol
HTTP/1.1
Server
23.54.68.240 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-54-68-240.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:04 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 27 Jan 2022 10:36:04 GMT

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:04 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENl89Nifbqkoww5OOn8oRSY&google_cver=1&gdpr=0
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
324
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame FB94
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&gdpr=0&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YfJ1k4fAXGcl1AX3NhIYCAAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENl89Nifbqkoww5OOn8oRSY&google_cver=1
43 B
1 KB
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENl89Nifbqkoww5OOn8oRSY&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxDOyFUYwb2AmAEwAQ&v=APEucNXMYZOXTcdY7GWvxkNoiYlWJTEhnaWkWh1a2gepYKt99aMSBHpjZo42JyibToOpucuWSxiDkkcubmJ6OK_5eZq66ZznvqNNrnMOEjUcFXawgz4MrHQ
Protocol
HTTP/1.1
Server
23.54.68.240 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-54-68-240.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:05 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 27 Jan 2022 10:36:05 GMT

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:04 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENl89Nifbqkoww5OOn8oRSY&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame FB94
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm&gdpr=0
  • https://ib.adnxs.com/setuid?entity=101&gdpr=0&code=CAESEOeOtvfCxzVcHLgm2fXnX2Y&google_cver=1
43 B
1006 B
Image
General
Full URL
https://ib.adnxs.com/setuid?entity=101&gdpr=0&code=CAESEOeOtvfCxzVcHLgm2fXnX2Y&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxDOyFUYwb2AmAEwAQ&v=APEucNXMYZOXTcdY7GWvxkNoiYlWJTEhnaWkWh1a2gepYKt99aMSBHpjZo42JyibToOpucuWSxiDkkcubmJ6OK_5eZq66ZznvqNNrnMOEjUcFXawgz4MrHQ
Protocol
HTTP/1.1
Server
68.67.161.208 New York, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
806.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:05 GMT
X-Proxy-Origin
149.56.153.184; 149.56.153.184; 806.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
bf70fc67-3dec-4ad7-92ce-217775a5f1f8
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:04 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ib.adnxs.com/setuid?entity=101&gdpr=0&code=CAESEOeOtvfCxzVcHLgm2fXnX2Y&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
301
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame FB94
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODA3NjY5Nzc2OTc2ODc3NTAxMw%3D%3D
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODA3NjY5Nzc2OTc2ODc3NTAxMw%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxDOyFUYwb2AmAEwAQ&v=APEucNXMYZOXTcdY7GWvxkNoiYlWJTEhnaWkWh1a2gepYKt99aMSBHpjZo42JyibToOpucuWSxiDkkcubmJ6OK_5eZq66ZznvqNNrnMOEjUcFXawgz4MrHQ
Protocol
H3
Server
142.251.32.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:04 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:04 GMT
X-Proxy-Origin
149.56.153.184; 149.56.153.184; 806.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
9a9b1a97-ef34-4958-85c3-7d692f79fe57
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODA3NjY5Nzc2OTc2ODc3NTAxMw%3D%3D
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame FD86
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm&gdpr=0
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENl89Nifbqkoww5OOn8oRSY&google_cver=1&gdpr=0
43 B
1 KB
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENl89Nifbqkoww5OOn8oRSY&google_cver=1&gdpr=0
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxDOyFUYqtv-lwEwAQ&v=APEucNXPqp6tA6JWnm2P2S0MkIL7uRBqYuf_170lSz3eknW78D_-HtZkYPjvI9kbaUVl-wf7gH7eDmA6jsTRhFY_mzZDqmfzgFSnfC07TZ43WoTiV6lUsKw
Protocol
HTTP/1.1
Server
23.54.68.240 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-54-68-240.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:04 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 27 Jan 2022 10:36:04 GMT

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:04 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENl89Nifbqkoww5OOn8oRSY&google_cver=1&gdpr=0
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
324
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame FD86
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&gdpr=0&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YfJ1k4fAXGcl1AX3NhIYCAAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENl89Nifbqkoww5OOn8oRSY&google_cver=1
43 B
1 KB
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENl89Nifbqkoww5OOn8oRSY&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxDOyFUYqtv-lwEwAQ&v=APEucNXPqp6tA6JWnm2P2S0MkIL7uRBqYuf_170lSz3eknW78D_-HtZkYPjvI9kbaUVl-wf7gH7eDmA6jsTRhFY_mzZDqmfzgFSnfC07TZ43WoTiV6lUsKw
Protocol
HTTP/1.1
Server
23.54.68.240 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-54-68-240.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:05 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 27 Jan 2022 10:36:05 GMT

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:04 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENl89Nifbqkoww5OOn8oRSY&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame FD86
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm&gdpr=0
  • https://ib.adnxs.com/setuid?entity=101&gdpr=0&code=CAESEOeOtvfCxzVcHLgm2fXnX2Y&google_cver=1
43 B
1006 B
Image
General
Full URL
https://ib.adnxs.com/setuid?entity=101&gdpr=0&code=CAESEOeOtvfCxzVcHLgm2fXnX2Y&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxDOyFUYqtv-lwEwAQ&v=APEucNXPqp6tA6JWnm2P2S0MkIL7uRBqYuf_170lSz3eknW78D_-HtZkYPjvI9kbaUVl-wf7gH7eDmA6jsTRhFY_mzZDqmfzgFSnfC07TZ43WoTiV6lUsKw
Protocol
HTTP/1.1
Server
68.67.161.208 New York, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
806.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:04 GMT
X-Proxy-Origin
149.56.153.184; 149.56.153.184; 806.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
51617207-1b9a-47f0-9480-9e65c74bd504
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:04 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ib.adnxs.com/setuid?entity=101&gdpr=0&code=CAESEOeOtvfCxzVcHLgm2fXnX2Y&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
301
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame FD86
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODA3NjY5Nzc2OTc2ODc3NTAxMw%3D%3D
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODA3NjY5Nzc2OTc2ODc3NTAxMw%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxDOyFUYqtv-lwEwAQ&v=APEucNXPqp6tA6JWnm2P2S0MkIL7uRBqYuf_170lSz3eknW78D_-HtZkYPjvI9kbaUVl-wf7gH7eDmA6jsTRhFY_mzZDqmfzgFSnfC07TZ43WoTiV6lUsKw
Protocol
H3
Server
142.251.32.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:04 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:04 GMT
X-Proxy-Origin
149.56.153.184; 149.56.153.184; 806.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
15d7790c-334a-4eb5-9913-5ea4bd2472b0
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODA3NjY5Nzc2OTc2ODc3NTAxMw%3D%3D
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
express_html_inpage_rendering_lib_200_275.js
s0.2mdn.net/879366/ Frame 06BC
106 KB
37 KB
Script
General
Full URL
https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81f::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/
Origin
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 26 Jan 2022 23:00:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
41761
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37892
x-xss-protection
0
last-modified
Mon, 27 Sep 2021 18:44:52 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 27 Jan 2022 23:00:03 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20220125/r20110914/elements/html/ Frame 06BC
8 KB
3 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220125/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AARikdhTb1k0Kb_U8ylLmWQKQMjpEt2rwbzXQxrplwToQfopmZKrLNFqGT9sxLhatPoOkEQwDl7rUHj0SZ3l2BxFwKLVjFpd3X3FxTtThnsKSF4Dp-EtcUMPW6kvgrQiQew0cs2EysdtZZQusF3h8BkDq25Q&dbm_d=AKAmf-BqR_5MfNWCDxwOhgOUetljz5JBFheMfkOH-cZrF2gOVkVmx2b2SYYfsQiXRkLGOhxm12bs8V89QgSekIvWyhNG4IOy-2mTekrf02Vr4Oz7fBYgxaZw5FFsfLxUdA42leXEQK6TLVPmvFvrMqd70Ey3jvkFatuStNyUkEo9eBKBtaZrPc2vJeJdCLdeEuxtHQ0-ZnxfEkHnvpshChEa3UrGroZePOWTCpE2ivkRDJaarm6IyMyZDd_gibJ9ShoXqMUh_XlT_-Dbb-qlsz3Z8PFO3q13DgHoE7_ifKO1TGaaLkrRxPdxq2PLNLvWwMTgsX5q2f715pm8ij_KsZpqy6na7VZyTGZSzeCgON7o6UegvP0s6m06_ELOuOpLKLNQUu-U8yI3TmezHoeMFbyrYItClj9BFnZvpL4U4T_lWbxPBArKgkx7Isjg6krkwUKgnxMibGBrDeWmjis3mGqeUyD4c7uuK3W6W8ZRiJ_Q84xHvHenwEKll9dM4bVKyR2X55ppGTrioeMIP97hqHLpX5VKCsPaCt5MgF-pawwWWrraw0vahvJYs4n0SoglnZsJTZC5_OmUgLPl7bmwEx0jtQ0dJJzhJ_-Ghi0_2uj4dtFypftxeztxb_WKK-vLBzvC3vYhnVdguFcOrNMZRYMjnatSoUmBxXJheT0ck2n_1DB__GwNeqqA7cn1sJBG6bcGh8qKC09ezBS4UcqBFJrgBOThqdAU7sQWkLFeUChuvcDl7kP-f43HIoLigrdefMveKKm6h1UMf2QYQ0qyMdL46ORGKhZw8cWLAZbEGxW5uD5FH5X2ebfe5Z0NKCJvyVsSN9zMvTBRH9VBzmmiKFlBXJpaur2vx5ZVUqe1AFFEsC01_jTT4Cn9nYbrikvgB86mbmKuJFFK7xRdk8l_PkmPvTKIhFtnwqY9bTMguqTPKWZwD-zUEUjY72on3dAQ0aQGlgctkhA93q2fefflBK7Sm0xYeWatEXzvolBESzVY3ynkD2IxSJqRvxZHXHZjDbgVHmKijpkWk9_EMsBj_x4DujYtsSRyCXyQ0zv-wK4GQ4xPiDC6IhTenaJV4zy91KC-xwTjisk_KUVMGpFjiyX4yw0moC3uiVDjgKpNvFChncPv_lU5Tgvpbifyz0Ble5SOEHMOGepHXd57t86-9xDuM3HAKWZU845i-ax9Dd3b-Vpc6HEHjB0ATMHumUj9nTjPC_fueMMJJXuWzd8Jiw78d15zwZ1O4LgjNrHFRVPYJpvify5AlN0M1wQbO7v5k-zdIDpI1Apxn-3XhnUw_TazPBpNq9ddq_G_Vvizdt3y2ZAlfs0hiWJpVK2bmK5in6TEDRhBQpY1entaeyjXbAQn-JfrnXisAD3Bk2OzBoGGDQxRNIiGSXOTaVmSBr_GVeJ7hcQjNdSjHHn3dutSxLbqkVQV55r9F1bj6aClU4IcXLIfXM3mRGyErswL3WGP8hf1ATk8nnSa1esLnXFRRVUwEhnOShYSV0hRnTY7TDacTytMP9RYz2ATj3XRix2Y8rESCGklVGLVoeotQ-akdMVXyxrTozVJ_-e4-MxkpTG007jcmGXepUV0BejTTy5BZq1jE2y7L6zbaXWgsPQieRMj6uYpJyZojy9i_R2EYYU1VzN-YpmWIwn54VVmyzXEyehMOUMVWBi2ykJm_14wYHPgSlFOcZPxv22GgpvCCIUKSrIBOpRaNQN5KqSp6Lz3ppsdOpaAEwKiO20KZW2EAmvaNBV6WhnKtMDal8ubdWMqd5FjjDXlJ5uPRAfMx0dRNZPLmTpTo9-Q8OT1mG5o2jdoYY3sq3pn9lnHvYwvbZxbLuI_4gYvyj21d_tOM5Ln6DRBv1hFm4e76CdHLlRfL7bX_j2rzZk4U_s3ha4bI-0Fz4K2nwVnroiKmz24XN56wXKLbI8_jemUcW4PbQxxz7ZqtqDKz3BhHiSiYxcxwTHzsCn3RQqu_4RsVTc4YJ9pdlTUKtIayonJdHcKXLofhq7eyZmUoIYfPy0l1_bhAM4O3nHvhHvLUn9ecEJQgXN_x2Ido-lcanGWvKfZLTA-8y8brCYO3vEsohRBbiJEkedO35SdWFAOfBrzmCQTAvwkcvOfn3c0D-fTf7ofEdhC_AgCbzuyh7AfrKM81rpjv2I-HBqXI7je7ya8eGRXODeuCdWb7YFmrhWJtojRGHnLjODw2SM1ZwqSa108TACBQaUIOHJKFsMhHeoW8S9Qw93G5UMzYkNNI0u3wMBryNIdUC38y96_NZ15mI7wp70kWIe_U4Rt0IcwuysWAEMGcwUz5gIfs_XBCSozipM8OvMXQCd8kL0BrvNm_91YPcj60XSvicczhZFJWja-vCUz86C-1gMwUo1IoDLqqD7yDjdMZdMYSNoX-DjbmqHut6S25FJDdW-jdhGNSGuH-HMykDHk3k9tVVQoDEyFlJfeQIzG3abbEWWnN-Dx3dqNEOFkiXZ-nzZTkQWzPeIWDiHjAvQHyb_GtowbLEM-35Xb_oWdu_KrQnuvn2PzK9a3dxxd8OR4UT0gFEzMmoCn97BbWWxP5np_gdU5BzZmqbZTy84F5YixctfXDp4ik_cP39jqRYbFWcRVN1wz6VKP5yM-tLC-zbc5P4UIa6O4CbXkgopRsQoqvVmzQpi_TnURDkzrQjzH1zv5SvZER2IqYiwV94w5NDwQCiweL4_0cNUKvt7rtPYj2plq7NleYIH7A_tCnzFje_4XDDw-DRvBLSM7VQm0YBlvsVbv0TFjqDybolno58L0N2RxCIfQrWje81apvJPWa1rEMfTPVqBAjVLiYRO_OOgvzP7wxDvr0YnUfixPvDcL6u-LBZsfjKWMtBuv1QMD06EpI1erIWBWZ5Fo8hy7rj7B5tr-JxsZlhSYkF1pwITdFR3OrylP0xirTBaJDKwOW3fZY1FrZnNoJSmdcao2yah0R87f2bGkX_dYOPhXtRzdKM46lGOVRTBuqJlJGNjQ3KBZ-YgGyT85xYTsXq98KcgfwhU9t5aWX-01mt2eCdZ-MMukmcIMZiwxYIZBZ5qRyXw1wgcH0GE6EHBZHoMiWLWBGygv5igPnmHqmqsmpmr4rGmm9gsuKg&cid=CAASEuRoej8iBzNhljOKGV52rM5-TQ&rfl=1%2Chttps%253A%252F%252Fdl-file.com%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 09:44:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3114
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3159
x-xss-protection
0
server
cafe
etag
1394524276809619753
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 10 Feb 2022 09:44:10 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20220125/r20110914/ Frame 06BC
23 KB
9 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220125/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AARikdhTb1k0Kb_U8ylLmWQKQMjpEt2rwbzXQxrplwToQfopmZKrLNFqGT9sxLhatPoOkEQwDl7rUHj0SZ3l2BxFwKLVjFpd3X3FxTtThnsKSF4Dp-EtcUMPW6kvgrQiQew0cs2EysdtZZQusF3h8BkDq25Q&dbm_d=AKAmf-BqR_5MfNWCDxwOhgOUetljz5JBFheMfkOH-cZrF2gOVkVmx2b2SYYfsQiXRkLGOhxm12bs8V89QgSekIvWyhNG4IOy-2mTekrf02Vr4Oz7fBYgxaZw5FFsfLxUdA42leXEQK6TLVPmvFvrMqd70Ey3jvkFatuStNyUkEo9eBKBtaZrPc2vJeJdCLdeEuxtHQ0-ZnxfEkHnvpshChEa3UrGroZePOWTCpE2ivkRDJaarm6IyMyZDd_gibJ9ShoXqMUh_XlT_-Dbb-qlsz3Z8PFO3q13DgHoE7_ifKO1TGaaLkrRxPdxq2PLNLvWwMTgsX5q2f715pm8ij_KsZpqy6na7VZyTGZSzeCgON7o6UegvP0s6m06_ELOuOpLKLNQUu-U8yI3TmezHoeMFbyrYItClj9BFnZvpL4U4T_lWbxPBArKgkx7Isjg6krkwUKgnxMibGBrDeWmjis3mGqeUyD4c7uuK3W6W8ZRiJ_Q84xHvHenwEKll9dM4bVKyR2X55ppGTrioeMIP97hqHLpX5VKCsPaCt5MgF-pawwWWrraw0vahvJYs4n0SoglnZsJTZC5_OmUgLPl7bmwEx0jtQ0dJJzhJ_-Ghi0_2uj4dtFypftxeztxb_WKK-vLBzvC3vYhnVdguFcOrNMZRYMjnatSoUmBxXJheT0ck2n_1DB__GwNeqqA7cn1sJBG6bcGh8qKC09ezBS4UcqBFJrgBOThqdAU7sQWkLFeUChuvcDl7kP-f43HIoLigrdefMveKKm6h1UMf2QYQ0qyMdL46ORGKhZw8cWLAZbEGxW5uD5FH5X2ebfe5Z0NKCJvyVsSN9zMvTBRH9VBzmmiKFlBXJpaur2vx5ZVUqe1AFFEsC01_jTT4Cn9nYbrikvgB86mbmKuJFFK7xRdk8l_PkmPvTKIhFtnwqY9bTMguqTPKWZwD-zUEUjY72on3dAQ0aQGlgctkhA93q2fefflBK7Sm0xYeWatEXzvolBESzVY3ynkD2IxSJqRvxZHXHZjDbgVHmKijpkWk9_EMsBj_x4DujYtsSRyCXyQ0zv-wK4GQ4xPiDC6IhTenaJV4zy91KC-xwTjisk_KUVMGpFjiyX4yw0moC3uiVDjgKpNvFChncPv_lU5Tgvpbifyz0Ble5SOEHMOGepHXd57t86-9xDuM3HAKWZU845i-ax9Dd3b-Vpc6HEHjB0ATMHumUj9nTjPC_fueMMJJXuWzd8Jiw78d15zwZ1O4LgjNrHFRVPYJpvify5AlN0M1wQbO7v5k-zdIDpI1Apxn-3XhnUw_TazPBpNq9ddq_G_Vvizdt3y2ZAlfs0hiWJpVK2bmK5in6TEDRhBQpY1entaeyjXbAQn-JfrnXisAD3Bk2OzBoGGDQxRNIiGSXOTaVmSBr_GVeJ7hcQjNdSjHHn3dutSxLbqkVQV55r9F1bj6aClU4IcXLIfXM3mRGyErswL3WGP8hf1ATk8nnSa1esLnXFRRVUwEhnOShYSV0hRnTY7TDacTytMP9RYz2ATj3XRix2Y8rESCGklVGLVoeotQ-akdMVXyxrTozVJ_-e4-MxkpTG007jcmGXepUV0BejTTy5BZq1jE2y7L6zbaXWgsPQieRMj6uYpJyZojy9i_R2EYYU1VzN-YpmWIwn54VVmyzXEyehMOUMVWBi2ykJm_14wYHPgSlFOcZPxv22GgpvCCIUKSrIBOpRaNQN5KqSp6Lz3ppsdOpaAEwKiO20KZW2EAmvaNBV6WhnKtMDal8ubdWMqd5FjjDXlJ5uPRAfMx0dRNZPLmTpTo9-Q8OT1mG5o2jdoYY3sq3pn9lnHvYwvbZxbLuI_4gYvyj21d_tOM5Ln6DRBv1hFm4e76CdHLlRfL7bX_j2rzZk4U_s3ha4bI-0Fz4K2nwVnroiKmz24XN56wXKLbI8_jemUcW4PbQxxz7ZqtqDKz3BhHiSiYxcxwTHzsCn3RQqu_4RsVTc4YJ9pdlTUKtIayonJdHcKXLofhq7eyZmUoIYfPy0l1_bhAM4O3nHvhHvLUn9ecEJQgXN_x2Ido-lcanGWvKfZLTA-8y8brCYO3vEsohRBbiJEkedO35SdWFAOfBrzmCQTAvwkcvOfn3c0D-fTf7ofEdhC_AgCbzuyh7AfrKM81rpjv2I-HBqXI7je7ya8eGRXODeuCdWb7YFmrhWJtojRGHnLjODw2SM1ZwqSa108TACBQaUIOHJKFsMhHeoW8S9Qw93G5UMzYkNNI0u3wMBryNIdUC38y96_NZ15mI7wp70kWIe_U4Rt0IcwuysWAEMGcwUz5gIfs_XBCSozipM8OvMXQCd8kL0BrvNm_91YPcj60XSvicczhZFJWja-vCUz86C-1gMwUo1IoDLqqD7yDjdMZdMYSNoX-DjbmqHut6S25FJDdW-jdhGNSGuH-HMykDHk3k9tVVQoDEyFlJfeQIzG3abbEWWnN-Dx3dqNEOFkiXZ-nzZTkQWzPeIWDiHjAvQHyb_GtowbLEM-35Xb_oWdu_KrQnuvn2PzK9a3dxxd8OR4UT0gFEzMmoCn97BbWWxP5np_gdU5BzZmqbZTy84F5YixctfXDp4ik_cP39jqRYbFWcRVN1wz6VKP5yM-tLC-zbc5P4UIa6O4CbXkgopRsQoqvVmzQpi_TnURDkzrQjzH1zv5SvZER2IqYiwV94w5NDwQCiweL4_0cNUKvt7rtPYj2plq7NleYIH7A_tCnzFje_4XDDw-DRvBLSM7VQm0YBlvsVbv0TFjqDybolno58L0N2RxCIfQrWje81apvJPWa1rEMfTPVqBAjVLiYRO_OOgvzP7wxDvr0YnUfixPvDcL6u-LBZsfjKWMtBuv1QMD06EpI1erIWBWZ5Fo8hy7rj7B5tr-JxsZlhSYkF1pwITdFR3OrylP0xirTBaJDKwOW3fZY1FrZnNoJSmdcao2yah0R87f2bGkX_dYOPhXtRzdKM46lGOVRTBuqJlJGNjQ3KBZ-YgGyT85xYTsXq98KcgfwhU9t5aWX-01mt2eCdZ-MMukmcIMZiwxYIZBZ5qRyXw1wgcH0GE6EHBZHoMiWLWBGygv5igPnmHqmqsmpmr4rGmm9gsuKg&cid=CAASEuRoej8iBzNhljOKGV52rM5-TQ&rfl=1%2Chttps%253A%252F%252Fdl-file.com%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
afa00dedbe6d549e60e8d88516d437069d74af91f302b9c8f1f825d6bad511a4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:30:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
346
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9276
x-xss-protection
0
server
cafe
etag
18268840599439890861
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 10 Feb 2022 10:30:18 GMT
sd
us-u.openx.net/w/1.0/ Frame 6B0B
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEE09z7DORRr12gYTAcg_Z_s&google_cver=1&gdpr=0
43 B
61 B
Image
General
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEE09z7DORRr12gYTAcg_Z_s&google_cver=1&gdpr=0
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxDOyFUYwb2AmAEwAQ&v=APEucNWTFHbiANL6APf_nVc0BitJ-_rkdgZ3JseZsUsmtLUJgMeOQh999ZvUc04E_JTN7YcS7xQwNUsilVfezBKdZiMkp6uLAxb67eXzsxyeR1-kznqCLyE
Protocol
H3
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/17.1.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:04 GMT
via
1.1 google
server
OXGW/17.1.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:04 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEE09z7DORRr12gYTAcg_Z_s&google_cver=1&gdpr=0
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
306
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 6B0B
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&gdpr=0&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=Nzc5MDI0Y2EtOGM0MC0yNDk1LWZjYTEtYzMyYjE4ZDgxY2Ex
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=Nzc5MDI0Y2EtOGM0MC0yNDk1LWZjYTEtYzMyYjE4ZDgxY2Ex
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxDOyFUYwb2AmAEwAQ&v=APEucNWTFHbiANL6APf_nVc0BitJ-_rkdgZ3JseZsUsmtLUJgMeOQh999ZvUc04E_JTN7YcS7xQwNUsilVfezBKdZiMkp6uLAxb67eXzsxyeR1-kznqCLyE
Protocol
H3
Server
142.251.32.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:04 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Thu, 27 Jan 2022 10:36:04 GMT
content-encoding
gzip
server
OXGW/17.1.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=Nzc5MDI0Y2EtOGM0MC0yNDk1LWZjYTEtYzMyYjE4ZDgxY2Ex
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
via
1.1 google
um
sync.teads.tv/ Frame 6B0B
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm&gdpr=0
  • https://sync.teads.tv/um?eid=3&uid=CAESEPJPnBFf7_zJTldK-SOXL04&google_cver=1&gdpr=0
23 B
287 B
Image
General
Full URL
https://sync.teads.tv/um?eid=3&uid=CAESEPJPnBFf7_zJTldK-SOXL04&google_cver=1&gdpr=0
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxDOyFUYwb2AmAEwAQ&v=APEucNWTFHbiANL6APf_nVc0BitJ-_rkdgZ3JseZsUsmtLUJgMeOQh999ZvUc04E_JTN7YcS7xQwNUsilVfezBKdZiMkp6uLAxb67eXzsxyeR1-kznqCLyE
Protocol
H2
Server
23.200.197.46 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-200-197-46.deploy.static.akamaitechnologies.com
Software
akka-http/10.2.7 /
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:05 GMT
cache-control
max-age=0, no-cache, no-store
expires
Thu, 27 Jan 2022 10:36:05 GMT
server
akka-http/10.2.7
content-length
23
content-type
image/gif

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:04 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://sync.teads.tv/um?eid=3&uid=CAESEPJPnBFf7_zJTldK-SOXL04&google_cver=1&gdpr=0
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
292
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 6B0B
Redirect Chain
  • https://sync.teads.tv/um?eid=3&uid=&gdpr=0&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
  • https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=NjRjYzQ5ZWQtZWFjNC00MmM1LTllYzUtMzljM2Y3YzQ5ZWQw
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=NjRjYzQ5ZWQtZWFjNC00MmM1LTllYzUtMzljM2Y3YzQ5ZWQw
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxDOyFUYwb2AmAEwAQ&v=APEucNWTFHbiANL6APf_nVc0BitJ-_rkdgZ3JseZsUsmtLUJgMeOQh999ZvUc04E_JTN7YcS7xQwNUsilVfezBKdZiMkp6uLAxb67eXzsxyeR1-kznqCLyE
Protocol
H3
Server
142.251.32.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:05 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:05 GMT
server
akka-http/10.2.7
content-type
text/html; charset=UTF-8
location
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=NjRjYzQ5ZWQtZWFjNC00MmM1LTllYzUtMzljM2Y3YzQ5ZWQw
cache-control
max-age=0, no-cache, no-store
content-length
189
expires
Thu, 27 Jan 2022 10:36:05 GMT
json
gum.criteo.com/sid/ Frame
0
0
Preflight
General
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fdl-file.com%2F&domain=dl-file.com&bundle=FZGcuV9PT1hrVFVmWWsxUGp6Q3BwJTJGdU1LSk94Wnk4WnMlMkZpWmlLOUVpOXdPd2xPZEp2c1RZTXhwRnRBV2MwYVNWMnRjeEt5SEZNRE5GJTJCUVZOQmZkZUwxb2ZQUng3OE9zS0l0Q2hqVktLMlRqb2Nlalp1bGhIZmpxNXBoUExibTdhb21VNGM3a0g2dXZUWkRpbDlHdzVjbSUyQkFTUSUzRCUzRA&cw=1&lsw=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a001::c , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
content-type
Origin
https://dl-file.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
content-type
application/json; charset=utf-8
expires
0
access-control-allow-origin
https://dl-file.com
access-control-allow-headers
content-type
access-control-allow-credentials
true
access-control-allow-methods
GET
server-processing-duration-in-ticks
1899
date
Thu, 27 Jan 2022 10:36:04 GMT
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
vary
Accept-Encoding
sid
mug.criteo.com/ Frame FC14
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fdl-file.com%2F&domain=dl-file.com&bundle=FZGcuV9PT1hrVFVmWWsxUGp6Q3BwJTJGdU1LSk94Wnk4WnMlMkZpWmlLOUVpOXdPd2xPZEp2c1RZTXhwRnRBV2MwY...
  • https://mug.criteo.com/sid?cpp=pEshX3xtL3NRTWdWS1ZZRmQvRkV4V2dEakVTOFhOVFNQRENwRDBldi9JMERIY3VDaVBCcjhiN1lHVTNrT3lQMVlyYlJuRW0xV0w2M2hjV2lDdW5uV1lpMjdUY1BPV1VLQXZFNEVXaE9OYlhvcFZzQXBOYmJTMGpYTzdOdT...
406 B
660 B
XHR
General
Full URL
https://mug.criteo.com/sid?cpp=pEshX3xtL3NRTWdWS1ZZRmQvRkV4V2dEakVTOFhOVFNQRENwRDBldi9JMERIY3VDaVBCcjhiN1lHVTNrT3lQMVlyYlJuRW0xV0w2M2hjV2lDdW5uV1lpMjdUY1BPV1VLQXZFNEVXaE9OYlhvcFZzQXBOYmJTMGpYTzdOdTZTcWxhZEk1YUROTGcrQTRQMlRVUjRZdmRlcnVNeXpIUWIyQ0NmWU5MOHRMbFlOMzNlU0dXY2JiYmg2djVwd0lQRGV4U1JwUStvdjg0MGZIUzMwanlTNXVvaFhIVGlxZmJ6YUdNY3hjcU5xRFNETmFHaXV6YXdrUmVRUHpqaUR0L3FST2Y0bGgxdi9rOUppVVRlT0ZiY0oxY0ZPRi83dz09fA&cppv=2
Protocol
H2
Server
178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
97b000bf57361ea2628139bc8088d8301a2ed6bedeb95b1d0bc04b16bda48d12
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:05 GMT
content-encoding
gzip
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
2878
strict-transport-security
max-age=31536000; preload;
expires
0

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:04 GMT
location
https://mug.criteo.com/sid?cpp=pEshX3xtL3NRTWdWS1ZZRmQvRkV4V2dEakVTOFhOVFNQRENwRDBldi9JMERIY3VDaVBCcjhiN1lHVTNrT3lQMVlyYlJuRW0xV0w2M2hjV2lDdW5uV1lpMjdUY1BPV1VLQXZFNEVXaE9OYlhvcFZzQXBOYmJTMGpYTzdOdTZTcWxhZEk1YUROTGcrQTRQMlRVUjRZdmRlcnVNeXpIUWIyQ0NmWU5MOHRMbFlOMzNlU0dXY2JiYmg2djVwd0lQRGV4U1JwUStvdjg0MGZIUzMwanlTNXVvaFhIVGlxZmJ6YUdNY3hjcU5xRFNETmFHaXV6YXdrUmVRUHpqaUR0L3FST2Y0bGgxdi9rOUppVVRlT0ZiY0oxY0ZPRi83dz09fA&cppv=2
strict-transport-security
max-age=31536000; preload;
access-control-allow-methods
GET
content-type
text/html; charset=utf-8
access-control-allow-origin
https://dl-file.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
2731
content-length
541
expires
0
212.json
id5-sync.com/g/v2/ Frame FC14
1 KB
2 KB
XHR
General
Full URL
https://id5-sync.com/g/v2/212.json
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_8.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
141.95.34.105 , France, ASN16276 (OVH, FR),
Reverse DNS
p34.id5-sync.com
Software
/
Resource Hash
34a8d86451ea0a0e78f6172581d045ba1c09092926279a836d7f28a724be3f65
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://dl-file.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

Date
Thu, 27 Jan 2022 10:36:04 GMT
Vary
Origin
P3P
CP="CAO PSA OUR"
Access-Control-Allow-Origin
https://dl-file.com
Access-Control-Allow-Credentials
true
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Content-Type
application/json;charset=UTF-8
Transfer-Encoding
chunked
rid
match.adsrvr.org/track/ Frame FC14
108 B
760 B
XHR
General
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=j6w8ta9&fmt=json
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_8.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
11456219e7d23bb2aaed93685d2c3fdd9f41e32d464a141d4beabc106396f975

Request headers

Referer
https://dl-file.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 27 Jan 2022 10:36:04 GMT
x-aspnet-version
4.0.30319
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://dl-file.com
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length
108
expires
Sat, 26 Feb 2022 10:36:04 GMT
express_html_inpage_rendering_lib_200_275.js
s0.2mdn.net/879366/ Frame 9EA9
106 KB
37 KB
Script
General
Full URL
https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81f::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/
Origin
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 26 Jan 2022 23:00:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
41761
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37892
x-xss-protection
0
last-modified
Mon, 27 Sep 2021 18:44:52 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 27 Jan 2022 23:00:03 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20220125/r20110914/elements/html/ Frame 9EA9
8 KB
3 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220125/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BK98ShbjLoq7zkCyH8vFyyBXrposmLDTLqKFJKPugiDQQ5rSzvOfQ4f_WWf4hrgIpDHlCNLJZSr7Ou5NP1dnZpVFlWi8mNvawQ_JQaQ63QZwjKBk-2UTo2ZXHlGqpc1DgdszKytbVbWR4HOYu9b4VYRKRZoA&dbm_d=AKAmf-BJHg_DLGacZblaB-s8CJFmI0DasIggFw8M9j7cEA9vjHKrNw0Zkr7ARlTcDdMscRmfJHygE1twHwdtIhkU2BPWF61sAv-xG-lxasw72bNr_AMvKdpSqqVmWhcs60rtJEDo7UjyGW5wOsLOWqay0iRu13_4RIwlY6Yqy6WI9c7QNIWq8xE2ejKjMGPvh3W3qRZSzd55q_GMkbKIJMKi7SLrVoJgP6uNcXk9lBVg57tcz671Uoz9DGgXRhkcFt-7nV0x13kKZB0Cb4DwrTavcbSCckTERdViFP9j-EpFpR9KEhbsbT4XJNbKtZ209kT68nNvESXvAWMsm4mY8gnQj28IfnJmZZ8U15eEHt4S1b5jucKJE4CWTkla5JwhwIWuRTD9-BaXIIH5R9nfiRkw-YuFzjAsUqLehLxERNhfaDXE7lHPZqXJF_2uUlkqOm16MNpG4CeFw-7USrW5d3AHu1xqhbXjgMmlqaiuXZcFJQ6CnTQztI1B-B6VTj8xJLeK5uOOsCnkVt3Ypa8cPos1m3KF5ZW4odTE0xpW5t1gBforRP4BUPZqw83qBKJjJd7IGl3FU99RJ2vt9KUgzmkTTZdD6DMPBG4baIdSR136rf4qPBELyVb6u3ryHM7IbcVNl9seTUxFUVzjh_OwoVB864fgBMSGKlo_1qUoWpt-uiVCWxl14o1N4OR2vZ6qbFdjwutG01Wv7OH2kb3wNb7LnMnMoSb4ZkxCFHXDvLk3Ea5r5ARLWLsaMx3ctfiigHxZ7PIsp9MXmChViC6taJDle_z-FtMhFaKbn3tUoY4rT8KbCxlsshz4oCpWL0e9Z5ijAb27qQ2mHN5Q-qb3_1clndhJ6wu2hSw4dq6DU-POo2awiUGjDaUAcmCcc6-akrhB1MmaR4NxCmUCL07xvURSiTCqRkap0-vV5NywjIZSjTKGnxlbK4J_N0HJdKDUYvaWwKONRuF7krciCigqFHe-SEXzPr5CZ67_DmU_Bs9cma1U-TsX6AxFQBT4X5kt4-u2Kz0x_1f_nWJuJTmy2UUyVI8EA2-ygGPZNm5QaztrsbmyLNslEvKJvOaB35MYr0YtZg3-YGBmSxEY3JlNowlGcTvCqN_sMqNweGbVirqtCG1ktorX6FsqZ-XXxKamv4Z5xsEmfymlaEA3q6oyZNT3_N_hiaEbIf2HvxKZrgABdYJX66xf3tzB_A2g9L9fmhsSZm6_e7HbBDWSVYchAG8mtPygAfLtwYWPbNire3l9TjOQMPbiuRvLrmCeqlWdFad9epcq02XrBfwGiX50rHBhhGW0ArhnoWdjTKkbu_29ZKNQoKsR7iD7gQEMpaYz1oaRiJhGlX12dpRug7Odz6yJ4awAKQxdvCRFC-zHmow473unvPoLaIKPQCVO44HzZrmOKiJAPgmXQj8CUkfyBNA8E-Ht9bykIwvD05nm6yo8nYyQPuxMlUdjwdPGom3GBUevGmzldRqIR-b_e70Oo9i5uuW8knpAgowJTSKsFJBvGGz_kEssvGmiF-gwyV9QAY42x-uHKCIGhzLGA7Ugs0clD-8jx40_lRBEEf1VOVJKxgCjJ5yaaboA-FT-NSFTXmo6BcxgB6M1rFRL-kEgcuOY5k45MgY1rpd6dCC_299KMdh5sHQJahneWg9-lxNmfEmZunLZxzU6N1FPbjYiYaJEBTvTL26TCSNgjcH-x8cfGxQ537fs579ZIfdTYsIGXEFT8ayGXL_KXT2UP-9AZrEyOTtdPhFipeIzv3fXNua0KKRuI_1CBLOZkXK9XEVeT1ifV1qjcfVXwdql6LcvRMrU7YQM8jrEuQuSn9SvfVzsKta_J23KrjVAtsG6JCU4Nyleumaw6H0Q95WFcTk5TcNDP1RT3lG84FjXMn_9UkJZ-iP3DdyJWLTmqhEtlO8gAOsvSQZJEIJMZiFRCwHKt8VGrrxbV1Y5NY210tNv3MYm3cZHHuooCxYEzkZBt6ENGJj_iAXQ-FRmVYp3HCSV-eb51nY85r0EUn7f4sDWfP7H8hz9Cq3Z7dnUA6lUrOCosBwAYJGRBZDUPFCgHdsrbyD-NDbNqms5P7QZBYuxVus8NZqUVNSCo9PPko7GFoAv1SfUqi56i8tetAi-2OftwiO7GiqBkr-QcZ22uPalqKsy3aplwvP6gECMwsWJAtaXGLJ20-_fZzvuGJZa4caonVeq2UQc1isn_XTfslpkcLJieub15pYN64pjVRy7DlWGmvpRCgXXXtZRS5WtlZ064A47o0JNEsXdyQOaTV34CSNoD7-EWt95bfRv6wqgF7gcoCmUha3AiwkTN49txJuciJG14zCjURbmw14jKIBCSA0lRaO-a5foUFc5cvS5_5bo1qDdS6VcxtO2NjB5wQubxucuvFMfLcyS-Rj703lBY00UUcxiWTNS6N-97XguCSQkkVsxLEG4HbnFLdpYyLLgsU392Jn__HEOQ6_1wIszUo1IVs-pL4PsW7fAnVFqdnDxZ7KSYl6syIJM6RB3Ga_SJ688ScViuNOmqEuvRvcu8lU3Tv3dVbf9_6BWMj-rqgy3oMevfykxT2ujrKh7tk-ZymZJNgql5XUKkFMubSsQ17VGzL8bdHeft5nWsbgbjuOqkeJ6uNmZ3pFv_IoJvokrDnH_FjgFneEerMp8FbPN41TuSEbM-U7bjiWKWXGNH3uIRbwj-6E1QjXhQ39_UofP04aOhNkUjntnFs06eb7qZxQHcYbxwzmS8JF2aDSYmenMCr35MjCK5J3O3DaCkOpXkaKL-zEB5mPAVdLJoDzxEb5bs82B6BgGWWgn1w2f3fWz6SBBftf9FDkZvBK6vW5Ax5WIBqpOFyTP07hT7ssrOK8jLUUVOfsI6GPHIRwKZZLXDMMUDTVfFSVMfv0O4eqs7zQVnedA-nI2LAmhvQhF9NBLcVQ7gISLOSdrkZYvZKG8saO3gxuPg2rgFC1Be90VFpgGvTBEXJBmoEeCprdlW95aO-J8lHNbttpLiANWTbCztwiAJ-bena7Dk7uoVV_rzKHvBi9Q7a2HZ8vXyNDoHqTaLAeEpn1O6iV6kK8TzwUg_S1si8cezC-q9C_HVPo5VsTCjW9R2rFHng&cid=CAASEuRoBTQ5MpO6tYpk7ehPmPOW4g&rfl=1%2Chttps%253A%252F%252Fdl-file.com%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 09:44:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3114
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3159
x-xss-protection
0
server
cafe
etag
1394524276809619753
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 10 Feb 2022 09:44:10 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20220125/r20110914/ Frame 9EA9
23 KB
9 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220125/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BK98ShbjLoq7zkCyH8vFyyBXrposmLDTLqKFJKPugiDQQ5rSzvOfQ4f_WWf4hrgIpDHlCNLJZSr7Ou5NP1dnZpVFlWi8mNvawQ_JQaQ63QZwjKBk-2UTo2ZXHlGqpc1DgdszKytbVbWR4HOYu9b4VYRKRZoA&dbm_d=AKAmf-BJHg_DLGacZblaB-s8CJFmI0DasIggFw8M9j7cEA9vjHKrNw0Zkr7ARlTcDdMscRmfJHygE1twHwdtIhkU2BPWF61sAv-xG-lxasw72bNr_AMvKdpSqqVmWhcs60rtJEDo7UjyGW5wOsLOWqay0iRu13_4RIwlY6Yqy6WI9c7QNIWq8xE2ejKjMGPvh3W3qRZSzd55q_GMkbKIJMKi7SLrVoJgP6uNcXk9lBVg57tcz671Uoz9DGgXRhkcFt-7nV0x13kKZB0Cb4DwrTavcbSCckTERdViFP9j-EpFpR9KEhbsbT4XJNbKtZ209kT68nNvESXvAWMsm4mY8gnQj28IfnJmZZ8U15eEHt4S1b5jucKJE4CWTkla5JwhwIWuRTD9-BaXIIH5R9nfiRkw-YuFzjAsUqLehLxERNhfaDXE7lHPZqXJF_2uUlkqOm16MNpG4CeFw-7USrW5d3AHu1xqhbXjgMmlqaiuXZcFJQ6CnTQztI1B-B6VTj8xJLeK5uOOsCnkVt3Ypa8cPos1m3KF5ZW4odTE0xpW5t1gBforRP4BUPZqw83qBKJjJd7IGl3FU99RJ2vt9KUgzmkTTZdD6DMPBG4baIdSR136rf4qPBELyVb6u3ryHM7IbcVNl9seTUxFUVzjh_OwoVB864fgBMSGKlo_1qUoWpt-uiVCWxl14o1N4OR2vZ6qbFdjwutG01Wv7OH2kb3wNb7LnMnMoSb4ZkxCFHXDvLk3Ea5r5ARLWLsaMx3ctfiigHxZ7PIsp9MXmChViC6taJDle_z-FtMhFaKbn3tUoY4rT8KbCxlsshz4oCpWL0e9Z5ijAb27qQ2mHN5Q-qb3_1clndhJ6wu2hSw4dq6DU-POo2awiUGjDaUAcmCcc6-akrhB1MmaR4NxCmUCL07xvURSiTCqRkap0-vV5NywjIZSjTKGnxlbK4J_N0HJdKDUYvaWwKONRuF7krciCigqFHe-SEXzPr5CZ67_DmU_Bs9cma1U-TsX6AxFQBT4X5kt4-u2Kz0x_1f_nWJuJTmy2UUyVI8EA2-ygGPZNm5QaztrsbmyLNslEvKJvOaB35MYr0YtZg3-YGBmSxEY3JlNowlGcTvCqN_sMqNweGbVirqtCG1ktorX6FsqZ-XXxKamv4Z5xsEmfymlaEA3q6oyZNT3_N_hiaEbIf2HvxKZrgABdYJX66xf3tzB_A2g9L9fmhsSZm6_e7HbBDWSVYchAG8mtPygAfLtwYWPbNire3l9TjOQMPbiuRvLrmCeqlWdFad9epcq02XrBfwGiX50rHBhhGW0ArhnoWdjTKkbu_29ZKNQoKsR7iD7gQEMpaYz1oaRiJhGlX12dpRug7Odz6yJ4awAKQxdvCRFC-zHmow473unvPoLaIKPQCVO44HzZrmOKiJAPgmXQj8CUkfyBNA8E-Ht9bykIwvD05nm6yo8nYyQPuxMlUdjwdPGom3GBUevGmzldRqIR-b_e70Oo9i5uuW8knpAgowJTSKsFJBvGGz_kEssvGmiF-gwyV9QAY42x-uHKCIGhzLGA7Ugs0clD-8jx40_lRBEEf1VOVJKxgCjJ5yaaboA-FT-NSFTXmo6BcxgB6M1rFRL-kEgcuOY5k45MgY1rpd6dCC_299KMdh5sHQJahneWg9-lxNmfEmZunLZxzU6N1FPbjYiYaJEBTvTL26TCSNgjcH-x8cfGxQ537fs579ZIfdTYsIGXEFT8ayGXL_KXT2UP-9AZrEyOTtdPhFipeIzv3fXNua0KKRuI_1CBLOZkXK9XEVeT1ifV1qjcfVXwdql6LcvRMrU7YQM8jrEuQuSn9SvfVzsKta_J23KrjVAtsG6JCU4Nyleumaw6H0Q95WFcTk5TcNDP1RT3lG84FjXMn_9UkJZ-iP3DdyJWLTmqhEtlO8gAOsvSQZJEIJMZiFRCwHKt8VGrrxbV1Y5NY210tNv3MYm3cZHHuooCxYEzkZBt6ENGJj_iAXQ-FRmVYp3HCSV-eb51nY85r0EUn7f4sDWfP7H8hz9Cq3Z7dnUA6lUrOCosBwAYJGRBZDUPFCgHdsrbyD-NDbNqms5P7QZBYuxVus8NZqUVNSCo9PPko7GFoAv1SfUqi56i8tetAi-2OftwiO7GiqBkr-QcZ22uPalqKsy3aplwvP6gECMwsWJAtaXGLJ20-_fZzvuGJZa4caonVeq2UQc1isn_XTfslpkcLJieub15pYN64pjVRy7DlWGmvpRCgXXXtZRS5WtlZ064A47o0JNEsXdyQOaTV34CSNoD7-EWt95bfRv6wqgF7gcoCmUha3AiwkTN49txJuciJG14zCjURbmw14jKIBCSA0lRaO-a5foUFc5cvS5_5bo1qDdS6VcxtO2NjB5wQubxucuvFMfLcyS-Rj703lBY00UUcxiWTNS6N-97XguCSQkkVsxLEG4HbnFLdpYyLLgsU392Jn__HEOQ6_1wIszUo1IVs-pL4PsW7fAnVFqdnDxZ7KSYl6syIJM6RB3Ga_SJ688ScViuNOmqEuvRvcu8lU3Tv3dVbf9_6BWMj-rqgy3oMevfykxT2ujrKh7tk-ZymZJNgql5XUKkFMubSsQ17VGzL8bdHeft5nWsbgbjuOqkeJ6uNmZ3pFv_IoJvokrDnH_FjgFneEerMp8FbPN41TuSEbM-U7bjiWKWXGNH3uIRbwj-6E1QjXhQ39_UofP04aOhNkUjntnFs06eb7qZxQHcYbxwzmS8JF2aDSYmenMCr35MjCK5J3O3DaCkOpXkaKL-zEB5mPAVdLJoDzxEb5bs82B6BgGWWgn1w2f3fWz6SBBftf9FDkZvBK6vW5Ax5WIBqpOFyTP07hT7ssrOK8jLUUVOfsI6GPHIRwKZZLXDMMUDTVfFSVMfv0O4eqs7zQVnedA-nI2LAmhvQhF9NBLcVQ7gISLOSdrkZYvZKG8saO3gxuPg2rgFC1Be90VFpgGvTBEXJBmoEeCprdlW95aO-J8lHNbttpLiANWTbCztwiAJ-bena7Dk7uoVV_rzKHvBi9Q7a2HZ8vXyNDoHqTaLAeEpn1O6iV6kK8TzwUg_S1si8cezC-q9C_HVPo5VsTCjW9R2rFHng&cid=CAASEuRoBTQ5MpO6tYpk7ehPmPOW4g&rfl=1%2Chttps%253A%252F%252Fdl-file.com%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
afa00dedbe6d549e60e8d88516d437069d74af91f302b9c8f1f825d6bad511a4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:30:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
346
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9276
x-xss-protection
0
server
cafe
etag
18268840599439890861
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 10 Feb 2022 10:30:18 GMT
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame A5FD
14 KB
5 KB
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_8.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.54.68.197 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-54-68-197.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/

Response headers

last-modified
Tue, 15 Jun 2021 06:08:03 GMT
etag
"1300708-3945-5c4c7cc02bd56"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5054
content-type
text/html; charset=UTF-8
cache-control
max-age=84065
expires
Fri, 28 Jan 2022 09:57:09 GMT
date
Thu, 27 Jan 2022 10:36:04 GMT
vary
Accept-Encoding
ixmatch.html
js-sec.indexww.com/um/ Frame 389A
2 KB
1 KB
Document
General
Full URL
https://js-sec.indexww.com/um/ixmatch.html
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_8.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.54.68.240 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-54-68-240.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/

Response headers

Server
Apache
Last-Modified
Thu, 11 Feb 2021 16:12:45 GMT
ETag
"e20015-90b-5bb11ca420f07"
Accept-Ranges
bytes
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
text/html; charset=UTF-8
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
1151
Date
Thu, 27 Jan 2022 10:36:05 GMT
Connection
keep-alive
sync
eb2.3lift.com/ Frame 8FE5
1 KB
1 KB
Document
General
Full URL
https://eb2.3lift.com/sync?
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_8.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.139.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb83dd09526a6517.awsglobalaccelerator.com
Software
/
Resource Hash
69b179f513145123aea927bd4768efc97e381aa8ce07e407f66999420acd8e46

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/

Response headers

date
Thu, 27 Jan 2022 10:36:04 GMT
content-type
text/html; charset=utf-8
content-length
462
content-encoding
gzip
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control
no-cache, no-store, must-revalidate
sync
ups.analytics.yahoo.com/ups/55986/ Frame FC14
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/m7y5t93k?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55986%2Fsync%3Fuid%3D%24%7BUSER_ID%7D%26_origin%3D0&gdpr=0&gdpr_consent=
  • https://pixel.advertising.com/ups/55986/sync?uid=YfJ1kgABr3rv_ABH&_origin=0&gdpr=0&gdpr_consent=
  • https://pixel.advertising.com/ups/55986/sync?uid=YfJ1kgABr3rv_ABH&_origin=0&gdpr=0&gdpr_consent=&verify=true
  • https://ups.analytics.yahoo.com/ups/55986/sync?uid=YfJ1kgABr3rv_ABH&_origin=0&gdpr=0&gdpr_consent=&apid=UPee1e8926-7f5c-11ec-88c4-0ab41587ebe7
0
160 B
Image
General
Full URL
https://ups.analytics.yahoo.com/ups/55986/sync?uid=YfJ1kgABr3rv_ABH&_origin=0&gdpr=0&gdpr_consent=&apid=UPee1e8926-7f5c-11ec-88c4-0ab41587ebe7
Protocol
H2
Server
52.45.33.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-33-138.compute-1.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:05 GMT
server
ATS/9.1.0.33
age
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location
https://ups.analytics.yahoo.com/ups/55986/sync?uid=YfJ1kgABr3rv_ABH&_origin=0&gdpr=0&gdpr_consent=&apid=UPee1e8926-7f5c-11ec-88c4-0ab41587ebe7
date
Thu, 27 Jan 2022 10:36:05 GMT
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
sync
ups.analytics.yahoo.com/ups/57304/ Frame FC14
Redirect Chain
  • https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true
  • https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&verify=true
  • https://ups.analytics.yahoo.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&apid=UPee1e8926-7f5c-11ec-88c4-0ab41587ebe7
  • https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm&google_hm=VVBlZTFlODkyNi03ZjVjLTExZWMtODhjNC0wYWI0MTU4N2ViZTc%3D
  • https://pixel.advertising.com/ups/57304/sync?uid=CAESEJgotH3H1w7cP7gGvHrjC3c&google_cver=1
  • https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEJgotH3H1w7cP7gGvHrjC3c&google_cver=1&apid=UPee1e8926-7f5c-11ec-88c4-0ab41587ebe7
0
168 B
Image
General
Full URL
https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEJgotH3H1w7cP7gGvHrjC3c&google_cver=1&apid=UPee1e8926-7f5c-11ec-88c4-0ab41587ebe7
Protocol
H2
Server
52.45.33.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-33-138.compute-1.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:05 GMT
server
ATS/9.1.0.33
age
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location
https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEJgotH3H1w7cP7gGvHrjC3c&google_cver=1&apid=UPee1e8926-7f5c-11ec-88c4-0ab41587ebe7
date
Thu, 27 Jan 2022 10:36:05 GMT
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
sync
ups.analytics.yahoo.com/ups/55953/ Frame FC14
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adaptv&ttd_tpi=1
  • https://ups.analytics.yahoo.com/ups/55953/sync?uid=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9&_origin=1&gdpr=0&gdpr_consent=
0
423 B
Image
General
Full URL
https://ups.analytics.yahoo.com/ups/55953/sync?uid=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9&_origin=1&gdpr=0&gdpr_consent=
Protocol
H2
Server
52.45.33.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-33-138.compute-1.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:05 GMT
server
ATS/9.1.0.33
age
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:04 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://ups.analytics.yahoo.com/ups/55953/sync?uid=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9&_origin=1&gdpr=0&gdpr_consent=
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
267
user-registering
ads.stickyadstv.com/ Frame FC14
Redirect Chain
  • https://ads.stickyadstv.com/auto-user-sync
  • https://1f2e7.v.fwmrm.net/ad/u?_dv=2&dsp_user_mapping=true&127719=291176a43186b0efa326df3d4194d68&rdU=https%3A%2F%2Fads.stickyadstv.com%2Fuser-registering%3FdataProviderId%3D1169%26userId%3d%23%7bu...
  • https://ads.stickyadstv.com/user-registering?dataProviderId=1169&userId=o24fe_7057832840264562917
  • https://cm.g.doubleclick.net/pixel?google_nid=stickyxchange_dbm&google_cm=&google_sc&google_hm=MjkxMTc2YTQzMTg2YjBlZmEzMjZkZjNkNDE5NGQ2OA==&gdpr=0&gdpr_consent=
  • https://ads.stickyadstv.com/user-registering?dataProviderId=141&userId=CAESEIq-lr5_rTGrJlZit6LAqSc&google_cver=1&gdpr=0&gdpr_consent=
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=stickyads&ttd_tpi=1&gdpr=0&gdpr_consent=&gdpr=0&gdpr_consent=
  • https://ads.stickyadstv.com/user-registering?dataProviderId=208&userId=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9
  • https://pr-bh.ybp.yahoo.com/sync/stickyads/291176a43186b0efa326df3d4194d68?gdpr=0&gdpr_consent=
  • https://ads.stickyadstv.com/user-registering?dataProviderId=199&userId=y-tFVNkfBE2oPuil2ByJR.5h5aqrDWC9hAB_awH1mc~A
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fads.stickyadstv.com%2Fuser-registering%3FdataProviderId%3D209&gdpr=0&gdpr_consent=%26userId%3D$UID
  • https://ads.stickyadstv.com/user-registering?dataProviderId=209&gdpr=0&gdpr_consent=&userId=8076697769768775013
  • https://sync.mathtag.com/sync/img?mt_exid=44&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fads.stickyadstv.com%2Fuser-registering%3FdataProviderId%3D183%26userId%3D%5BMM_UUID%5D&gdpr=0&gdpr_consent=
  • https://ads.stickyadstv.com/user-registering?dataProviderId=183&userId=ae5661f2-7593-4600-a67e-b76a480711f0&gdpr=0&gdpr_consent=
  • https://pm.w55c.net/ping_match.gif?st=FREEWHEEL&rurl=https%3A%2F%2Fads.stickyadstv.com%2Fuser-registering%3FdataProviderId%3D593&userId=_wfivefivec_&gdpr=0&gdpr_consent=
  • https://ads.stickyadstv.com/user-registering?dataProviderId=593&userId=vv14SpX61Nd28j5&gdpr=0&gdpr_consent=
  • https://sync-tm.everesttech.net/upi/pid/wGbQAlJJ?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fads.stickyadstv.com%2Fuser-registering%3FdataProviderId%3D187%26userId%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_co...
  • https://ads.stickyadstv.com/user-registering?dataProviderId=187&userId=YfJ1kgABr3rv_ABH&gdpr=0&gdpr_consent=
  • https://match.prod.bidr.io/cookie-sync/stv?gdpr=0&gdpr_consent=&gdpr=0&gdpr_consent=
  • https://ads.stickyadstv.com/user-registering?dataProviderId=817&userId=AAD_kE7D5OsAAEZmLcoSJg&gdpr=0
  • https://c1.adform.net/serving/cookie/match/?party=18&gdpr=0
  • https://ads.stickyadstv.com/user-registering?dataProviderId=189&userId=3450203132156163805
0
0

express_html_inpage_rendering_lib_200_275.js
s0.2mdn.net/879366/ Frame 02E6
106 KB
37 KB
Script
General
Full URL
https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81f::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/
Origin
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Wed, 26 Jan 2022 23:00:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
41761
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37892
x-xss-protection
0
last-modified
Mon, 27 Sep 2021 18:44:52 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 27 Jan 2022 23:00:03 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20220125/r20110914/elements/html/ Frame 02E6
8 KB
3 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220125/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BlhMEg9heF_vHgr72nl0VNWuLzGFOGFWYah7T0aOxHk1fop6EnzZ-B6BtAPmaLM6koFRr9nszhYNbub7nnE5rdtqxvNw61KPJE_csvmjT1tpRvP3vf9Vy3hxvue2NOAhIvFfHB3qM1qtOVN15vSHNIDTi6PA&dbm_d=AKAmf-C_jIQo1DkVtSR1-YHZj0boKdxqiRU0pvhdQeXuuCIpdFE12PiQ1o9yP-N2VvqBWnK8UBXQM_O_r7IOlTUr3Td65GzC5BfZHqzqWXgl_wOYWKPdO0CMAq8lDXH9g29D-hAo2tIQNgFoYrPEvgdEBYIPK8Z6BtpBdz_Erz_LYQti-WoRlty4tpLo4vR3EcBY4lgCn-QSVJRY4T8r93LDkOFHM3D1l76hRBNwA_3i3vdReVT4wgmlOF7snPsRVNg5MfE4Z5qgDSjROuqdsjmRqeQQFmRv6sSr7nxPZDZWvb4YURpw9HTz4Up03DyN0XkOuk9jR3KMrdRjZTylCY-I_Pr87TfPPsZWNS7L3wcNMkrRRkIzOv9iO8RlBtm-W_f8NFMwYo9lT51V2QxEg_jmcFE48d9hRafAqeNfaJgWEwir9_LQLcaedTyN0AfDd1DvBPQXqJhSpqNbb7aS1Xd6x_8xB8HOjAWuunBD2xq3DjPj3iwUpNdVRQ-ChVsPy5o5EucZg48dyx2l1joIfGHPCqiw0FWi6O30wTtb0DbqbYDFyMAnyMEq_A7B-a2dpc3tSxJGD_3um3GYIqhqM9nJqcgc-kRK1iw3LufNiVjgekxojjO2NuiMf14bpbF9Knl11udCwviHhHxaCxyIElL9xZEa9ImYuTN-KuqFETPev_JxmmfDBeu6FsnXI53K3u3t2AAy1QzSct-oVrMuODebOA-RBEs2duDC-MeoFP4OvcYULgk8FP2TYZ5fLjQU04WdbXX_8nzLT6HKNFPX6ye2Z18QqjPI1N_XAGXxOrrZJ-Y6e6DonhYV9Xt2xjqkbwVoSmqKV1-lxf7TIbhP3Z_qfkQe8GtDAzDThXblvC_Enh3aoVoon9nEZ3SVHAcrWuxiLJslQRpwIF6u3gOyetnvlFdQNmXuIwmMbNj5IklhfNPcai1bCwqduzU2J9UPJWKRwFbRqMzyUF-Jf8zlNEzkkYqmvNarg2TrWOjlLThywChCfAxrYoZXo3qWPZab6vbGYIsoUz9GV-xhN3lEg__vlPBDCTTP1ILqqj16zwGz7YcDcTw9AOZfUI3alNqTx-vca2RW7ae_O5ErQk7UIgJQPJ_YlwezRKWBE2yKiHX6mF76IDJ6P00h7WVY8aN-Z5ktSYHwFOYv_z2Df27vEmK0yt-bPaMj0oBE_r9AMgKPoTsa83SQwpUFFU6RZUQaBPnisItRU1qutezBEJZsfaO2BZlRHa_Rc5VtEeVX9nw4jwxKgrcu7hpsK-uOTXqDOek4gPAjovzg6jfT9pvJ8ervbfCToqya6z8uItvfHg8wkw-tr6LADGBHrIFwf_AmjmNctNmD-jLccSy3ypMi-W4Ipvfkk_CvOR4aZH1GX33LEKNc9Ntvhv3q2yQnq-WrfeN9Y0285heg4j5ziGqQ6jjqv7SeLaIEmYD9OYx5s92vCyX6yV1Kgyca2VFvxUMx-81CWRV8tN6DznkVOt07THRG4KjavWc16f2vjcH_HwAfG2xyJvr0bBy5o_6_tMpjMdwmQh7xk15rZ2OyzkFVr3VTeLKfkyO8VvQuzRxBokCh3W-bf9wwKOwGhUeSZ8t-3C-2yt7avY72NT87zJvtmnob7LEap2GKHjCWedM798BFxt0CYPryJJU7DGCbtBOGVy9jQBifOaG8oqeB7fsfxn2tSs06h4Z4qZddOLRc_HRXWq25YpoY56D1x0sqoXWAZ7Z7GjcvYy46MBqRIf6Dnrlv0d6s8yBfBroLgY0mOs8z5f2pvfm0zmX-tR6rxEA5LMs_o1FIHJX-Px2IR1kLvjuKnD8HgCY1jmGzcDVt7o5eIKu3_YXFX14VK0de7mB_b7kPXWoqVYASnTCVgaP2HPuT78U7LmHPJEflZ0MSghSDjRkuYZ2O8uXc-p32Um5ekjVYVtwKtFGklMWNJZAZndkyKosh0H0XzkiktbGavgxTPTX4mJJGhgvJLmdSjVxlXdp1seoJkZIX9O0xDLyhzUaiNG-V6kSTB8gZ19FNOgpSI7gAPm3eeqnYRZwd2231UlUTV831dLiaMHvuTtrkP9bsyD_VRG0rTCXEJn3wCyLkMJrMmyT_Jgrunv1Zu7Tryygwnwv5gn9BXBaZ3mL9JrLfRmumErG3-xdeWq88j99dTJAd1eKPQzNlIHYCu6VJDWYzWeBDQoSmcCuh1o4qiQPC7l0rdBFlFWfuQvtCjB4hJZ3N149J4NHQklVVgPJBuO4lnA7khnXN1qaxDF7yFYoqvqvkRNWHtwZmEIHPUBk1W1Pzj9dv4e-1LHJiEWguWFZp0KN7rWkQw_NGSe6v6dwrg7V8ZM41oO5qcPxfXHdnYMpt15gMRnyHsBWjE_6U1JGMSUqxRPFW1hPHC6iosm6reRQhdbZfzBAhWouPEZs7GeSmFyZQv8L_7m1ltKFovUBWLxU3uN73qG8g6mljfi92gbsCaClR7aF3WHIxwxaKxq5-tB-tn8sy-sGvta4U_jb2mWOSat1307gHeJmY1bNrVICCAkLVtix8gIwOHX3qvySBxdGPf_0nidz38GgpwLIzYE385T4o-r7BF1CTxNgM5_aKbkngn_u7oohm-26LmKP5n5TRZqjAVmQzUjGVW1eEYN6XOQMbhTLDlGE0IymI95erD3E6fDBFfPcsGoz1ov1WlHrwBRwwxnAEsvFv6fGVoORGUx0MkGBSmhCLY5yqkdBL2vQGhsuQb_YxrcZ9mtyOlVxXs0lrhbrmyZB9UCkHzFvpKLJq9V_aRUusOfBsaSdc8Edac94GICEhXhCG4A0Kh7-jW4u3PA2UAlZamxIWhcnONxxahqS0g_yQU6VUxDTAFBrwpmABAfhf9_agksfTD86ERYNLz2p8heyo4-7ViGlZ_lm6pTHErE1KjafRi6EOQxN7fMrarTuDqdtsNJqTXyWUL56q_p70lUNfJkIlq3vQZ7BZKZAtQtqJeVJBjkvwdFWuqRoGi4bXhe1CjNdt_RqUMGC7bWuYsWoLf0BcGlLp1DQdR2ZAg2vCUW7PvMPR2ebwQ7uXOcGz637IbRb2k05T8yvi-i5Z4_NA9caQztnr18Pm&cid=CAASEuRoi9TjJ5tQXl5rNVtOJcvo6Q&rfl=1%2Chttps%253A%252F%252Fdl-file.com%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 09:44:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3114
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3159
x-xss-protection
0
server
cafe
etag
1394524276809619753
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 10 Feb 2022 09:44:10 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20220125/r20110914/ Frame 02E6
23 KB
9 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220125/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BlhMEg9heF_vHgr72nl0VNWuLzGFOGFWYah7T0aOxHk1fop6EnzZ-B6BtAPmaLM6koFRr9nszhYNbub7nnE5rdtqxvNw61KPJE_csvmjT1tpRvP3vf9Vy3hxvue2NOAhIvFfHB3qM1qtOVN15vSHNIDTi6PA&dbm_d=AKAmf-C_jIQo1DkVtSR1-YHZj0boKdxqiRU0pvhdQeXuuCIpdFE12PiQ1o9yP-N2VvqBWnK8UBXQM_O_r7IOlTUr3Td65GzC5BfZHqzqWXgl_wOYWKPdO0CMAq8lDXH9g29D-hAo2tIQNgFoYrPEvgdEBYIPK8Z6BtpBdz_Erz_LYQti-WoRlty4tpLo4vR3EcBY4lgCn-QSVJRY4T8r93LDkOFHM3D1l76hRBNwA_3i3vdReVT4wgmlOF7snPsRVNg5MfE4Z5qgDSjROuqdsjmRqeQQFmRv6sSr7nxPZDZWvb4YURpw9HTz4Up03DyN0XkOuk9jR3KMrdRjZTylCY-I_Pr87TfPPsZWNS7L3wcNMkrRRkIzOv9iO8RlBtm-W_f8NFMwYo9lT51V2QxEg_jmcFE48d9hRafAqeNfaJgWEwir9_LQLcaedTyN0AfDd1DvBPQXqJhSpqNbb7aS1Xd6x_8xB8HOjAWuunBD2xq3DjPj3iwUpNdVRQ-ChVsPy5o5EucZg48dyx2l1joIfGHPCqiw0FWi6O30wTtb0DbqbYDFyMAnyMEq_A7B-a2dpc3tSxJGD_3um3GYIqhqM9nJqcgc-kRK1iw3LufNiVjgekxojjO2NuiMf14bpbF9Knl11udCwviHhHxaCxyIElL9xZEa9ImYuTN-KuqFETPev_JxmmfDBeu6FsnXI53K3u3t2AAy1QzSct-oVrMuODebOA-RBEs2duDC-MeoFP4OvcYULgk8FP2TYZ5fLjQU04WdbXX_8nzLT6HKNFPX6ye2Z18QqjPI1N_XAGXxOrrZJ-Y6e6DonhYV9Xt2xjqkbwVoSmqKV1-lxf7TIbhP3Z_qfkQe8GtDAzDThXblvC_Enh3aoVoon9nEZ3SVHAcrWuxiLJslQRpwIF6u3gOyetnvlFdQNmXuIwmMbNj5IklhfNPcai1bCwqduzU2J9UPJWKRwFbRqMzyUF-Jf8zlNEzkkYqmvNarg2TrWOjlLThywChCfAxrYoZXo3qWPZab6vbGYIsoUz9GV-xhN3lEg__vlPBDCTTP1ILqqj16zwGz7YcDcTw9AOZfUI3alNqTx-vca2RW7ae_O5ErQk7UIgJQPJ_YlwezRKWBE2yKiHX6mF76IDJ6P00h7WVY8aN-Z5ktSYHwFOYv_z2Df27vEmK0yt-bPaMj0oBE_r9AMgKPoTsa83SQwpUFFU6RZUQaBPnisItRU1qutezBEJZsfaO2BZlRHa_Rc5VtEeVX9nw4jwxKgrcu7hpsK-uOTXqDOek4gPAjovzg6jfT9pvJ8ervbfCToqya6z8uItvfHg8wkw-tr6LADGBHrIFwf_AmjmNctNmD-jLccSy3ypMi-W4Ipvfkk_CvOR4aZH1GX33LEKNc9Ntvhv3q2yQnq-WrfeN9Y0285heg4j5ziGqQ6jjqv7SeLaIEmYD9OYx5s92vCyX6yV1Kgyca2VFvxUMx-81CWRV8tN6DznkVOt07THRG4KjavWc16f2vjcH_HwAfG2xyJvr0bBy5o_6_tMpjMdwmQh7xk15rZ2OyzkFVr3VTeLKfkyO8VvQuzRxBokCh3W-bf9wwKOwGhUeSZ8t-3C-2yt7avY72NT87zJvtmnob7LEap2GKHjCWedM798BFxt0CYPryJJU7DGCbtBOGVy9jQBifOaG8oqeB7fsfxn2tSs06h4Z4qZddOLRc_HRXWq25YpoY56D1x0sqoXWAZ7Z7GjcvYy46MBqRIf6Dnrlv0d6s8yBfBroLgY0mOs8z5f2pvfm0zmX-tR6rxEA5LMs_o1FIHJX-Px2IR1kLvjuKnD8HgCY1jmGzcDVt7o5eIKu3_YXFX14VK0de7mB_b7kPXWoqVYASnTCVgaP2HPuT78U7LmHPJEflZ0MSghSDjRkuYZ2O8uXc-p32Um5ekjVYVtwKtFGklMWNJZAZndkyKosh0H0XzkiktbGavgxTPTX4mJJGhgvJLmdSjVxlXdp1seoJkZIX9O0xDLyhzUaiNG-V6kSTB8gZ19FNOgpSI7gAPm3eeqnYRZwd2231UlUTV831dLiaMHvuTtrkP9bsyD_VRG0rTCXEJn3wCyLkMJrMmyT_Jgrunv1Zu7Tryygwnwv5gn9BXBaZ3mL9JrLfRmumErG3-xdeWq88j99dTJAd1eKPQzNlIHYCu6VJDWYzWeBDQoSmcCuh1o4qiQPC7l0rdBFlFWfuQvtCjB4hJZ3N149J4NHQklVVgPJBuO4lnA7khnXN1qaxDF7yFYoqvqvkRNWHtwZmEIHPUBk1W1Pzj9dv4e-1LHJiEWguWFZp0KN7rWkQw_NGSe6v6dwrg7V8ZM41oO5qcPxfXHdnYMpt15gMRnyHsBWjE_6U1JGMSUqxRPFW1hPHC6iosm6reRQhdbZfzBAhWouPEZs7GeSmFyZQv8L_7m1ltKFovUBWLxU3uN73qG8g6mljfi92gbsCaClR7aF3WHIxwxaKxq5-tB-tn8sy-sGvta4U_jb2mWOSat1307gHeJmY1bNrVICCAkLVtix8gIwOHX3qvySBxdGPf_0nidz38GgpwLIzYE385T4o-r7BF1CTxNgM5_aKbkngn_u7oohm-26LmKP5n5TRZqjAVmQzUjGVW1eEYN6XOQMbhTLDlGE0IymI95erD3E6fDBFfPcsGoz1ov1WlHrwBRwwxnAEsvFv6fGVoORGUx0MkGBSmhCLY5yqkdBL2vQGhsuQb_YxrcZ9mtyOlVxXs0lrhbrmyZB9UCkHzFvpKLJq9V_aRUusOfBsaSdc8Edac94GICEhXhCG4A0Kh7-jW4u3PA2UAlZamxIWhcnONxxahqS0g_yQU6VUxDTAFBrwpmABAfhf9_agksfTD86ERYNLz2p8heyo4-7ViGlZ_lm6pTHErE1KjafRi6EOQxN7fMrarTuDqdtsNJqTXyWUL56q_p70lUNfJkIlq3vQZ7BZKZAtQtqJeVJBjkvwdFWuqRoGi4bXhe1CjNdt_RqUMGC7bWuYsWoLf0BcGlLp1DQdR2ZAg2vCUW7PvMPR2ebwQ7uXOcGz637IbRb2k05T8yvi-i5Z4_NA9caQztnr18Pm&cid=CAASEuRoi9TjJ5tQXl5rNVtOJcvo6Q&rfl=1%2Chttps%253A%252F%252Fdl-file.com%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
afa00dedbe6d549e60e8d88516d437069d74af91f302b9c8f1f825d6bad511a4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:30:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
346
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9276
x-xss-protection
0
server
cafe
etag
18268840599439890861
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 10 Feb 2022 10:30:18 GMT
img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame BFE3
Redirect Chain
  • https://ssum.casalemedia.com/usermatchredir?s=183592&cb=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D63%26tpuid%3D__UID__&uid=b8bb9c6f169f6e2962a2d4f24...
  • https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=63&tpuid=YfJ1k4fAXGcl1AX3NhIYCAAA%26119
49 B
485 B
Image
General
Full URL
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=63&tpuid=YfJ1k4fAXGcl1AX3NhIYCAAA%26119
Requested by
Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol
H2
Server
18.196.233.14 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-233-14.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ih.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:05 GMT
p3p
CP=NOI PSA OUR
content-length
49
content-type
image/gif

Redirect headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:05 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=63&tpuid=YfJ1k4fAXGcl1AX3NhIYCAAA%26119
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Content-Length
298
Expires
Thu, 27 Jan 2022 10:36:05 GMT
index.html
s0.2mdn.net/sadbundle/10923079013338997224/ Frame 6022
90 KB
21 KB
Document
General
Full URL
https://s0.2mdn.net/sadbundle/10923079013338997224/index.html
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81f::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c3cca7f3905498eca3830d175d979513fa33c7e3b816c8c95178281766bba114
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin
*
x-content-type-options
nosniff
x-dns-prefetch-control
off
content-encoding
gzip
server
sffe
x-xss-protection
0
content-length
21584
date
Mon, 24 Jan 2022 11:57:05 GMT
expires
Tue, 24 Jan 2023 11:57:05 GMT
cache-control
public, max-age=31536000
age
254340
last-modified
Tue, 12 Jan 2021 05:34:57 GMT
content-type
text/html
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
view
googleads4.g.doubleclick.net/pcs/ Frame 06BC
0
61 B
Ping
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuTwlqCLYFuJFwpzAqkffBCQpeekBIm0AH04tPghKDXjh0-bVqfddIjdSKS7QyEl_eAnhzKLP418ZhXzueYe9jgybHP3LsIxSFfVe3g1Ys_WMo6jETVqvAHGqptiMhjZL_TRy7KeMmXIchDGwpxuSihTeHh9E2w3kaGVBCRolmnqlPhSLZgjdVRiKcvnAjv1bglR72rRJNpsuV1EUfvl1sX6RKZsFVf65BxFXYVEL6VA8CGn1ejPWVD31nXdEbeFIUoBWzd85WiNf501e7YdRc0BMPpZ1coo73SILG_O_K6xY2YVrK2s9tP28KBBWJ8m9T_h7m67qP30kykmTvq6JCPTjEUTOP8CwkAuSmvC6_HRBc2YUHS_kocaY9ucel1iM8uZP7bQr3qOK9Iag5CUOgaCq2-tXPqrmAkwva8gmhIPFIgSTVaFZzL9s1qoskcCBFiu6752pBnZ6kgQRz9rb8aVsEUKZqBxgRPNi8Dl1j3_wuWzdvt0Q9CgZM6K5WJ4KMZpITASOJbWgP-L9K5Q-RauGloMIh5nIH_Ip76dVODkHIYKAZ7jyG8D6bnyhHJhC1vgBAvmJ-dfGVNl2xxj_tDAOGkRBUN_Zv0UYun4ExUoVJICgJcjMMBMwlzFiiZE7LfA1-XjRdp3qbJXnV6DBMTRH4SmjkDPFFFekb4bfOVcrWfY5fwF1Tjqqh_YnDNc9wi34HjfgY_SByQ1lHYCNHUrBmNVNYJ0FLfNpXyR9s-d8GW_JhAOQ0XCI1xOqLE2zmxskTcXSRYC_QjvUtinzOxWqmMaGwO9U3a2zDr47j5upkynilkfxpZvDeWc4-Tl_0cSY62-ie1v49EMqLl2K_DehdchUBWfxvvNaeDSqJvxbftMjRpAtjKn7w1EzvQNDmIfJTSpqstaBLkn1fvioWX6BL5aUJ_t6fb4Vd2pHBWpY_j78b0UJ1Yr5w7gCfVASctize-dEqkFQUN6X5jqWecAleIvGL6UBSYnSH-f8cuCKzYyOtcF1KY0ps3UtRXH7GKb_4JqyhEX6SCbijrbdLThC7ZijC9L4NPvJ_ZA8y2KXc2uecC_Q6Twot9-OqGU1XsN45t0-2n3tPOY9JhpeaYhflRagrfqclKK1SVQEHK79IkoxuOsG3h5obemwdq3lndxMSBVjLwhYLO3AsYFxWveJMvlXgxBltW5xhQIE45fzZyitKLnnlp-nS-v7_SpefeOw9E1jCyWj_3&sai=AMfl-YTiS15ZCAK15faSTlb-ESHq9erzar2gVbwzEIw3K2_hRPPKhV5CqPCTPAkgVru4QhQwnXaf-T30fSkRRoGb0vaGp8LwzplSUppHFz6isMPLxtg7BYMkTTyLfNqcJCDqJRSK9fCtOunTIX1HjCUJh9MJKgGX_g-DpfqVcXUmKVLrfCmeokbn&sig=Cg0ArKJSzK0s1XV-TtbNEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=163&cbvp=1&cstd=159&cisv=r20220125.75289&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s38-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date
Thu, 27 Jan 2022 10:36:05 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 06BC
41 KB
15 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
URL: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Tue, 25 Jan 2022 04:37:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
194345
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 25 Jan 2023 04:37:00 GMT
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame AEF8
1 KB
749 B
Document
General
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
URL: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/

Response headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
724
x-xss-protection
0
date
Wed, 26 Jan 2022 19:21:13 GMT
expires
Thu, 27 Jan 2022 19:21:13 GMT
cache-control
public, max-age=86400
age
54892
etag
48472445140208031
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
truncated
/ Frame 06BC
212 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
dfe7dd0c42916253c8bf1e85a83cc72e5479bc2a73ab4e00fced2b4d8417c2d2

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type
image/png
bridge3.496.0_en.html
imasdk.googleapis.com/js/core/ Frame 00A9
601 KB
195 KB
Document
General
Full URL
https://imasdk.googleapis.com/js/core/bridge3.496.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:824::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b67fad811e7e9b06f1bb367ae9204cbdd235b7de4d8b7131a4d4cb212ce6b298
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length
199641
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
date
Fri, 21 Jan 2022 22:04:45 GMT
expires
Sat, 21 Jan 2023 22:04:45 GMT
cache-control
public, max-age=31536000
last-modified
Fri, 21 Jan 2022 21:59:24 GMT
content-type
text/html
age
477080
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
index.html
s0.2mdn.net/sadbundle/10923079013338997224/ Frame 031E
90 KB
21 KB
Document
General
Full URL
https://s0.2mdn.net/sadbundle/10923079013338997224/index.html
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81f::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c3cca7f3905498eca3830d175d979513fa33c7e3b816c8c95178281766bba114
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin
*
x-content-type-options
nosniff
x-dns-prefetch-control
off
content-encoding
gzip
server
sffe
x-xss-protection
0
content-length
21584
date
Mon, 24 Jan 2022 11:57:05 GMT
expires
Tue, 24 Jan 2023 11:57:05 GMT
cache-control
public, max-age=31536000
age
254340
last-modified
Tue, 12 Jan 2021 05:34:57 GMT
content-type
text/html
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
view
googleads4.g.doubleclick.net/pcs/ Frame 9EA9
0
571 B
Ping
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvX1gUYn54MYpBwjZZ7kJ-ZoYlsLCrlQ6MydUXe0kXEp3ztdCqbf5d7Z2mmrfQfZGydK2CKDjgBO-KHPHkJUE0DbIhwbC6juZ_bWrgFFs9fLxPnbY-C909sbjaKzd3h6K7mvzCwqf3ato5QUPnO8osOtkAjQTWGSYkqiBb2IOaSEW6BVAzkia15l5B7OL8gaT7dKmf9D3ZhxuFP_7As2_i0HoHcF_DYXizHpTR_t0QP1nbcJ1fyTYmhqqELuk1-PrGUcB_JCibu2puAnllSyZn-PgW8c0gqujWaz4qO4klw8WEQdHQKx7sqH3lg8V5-DKHsrI6OCWY4VDH-eulocmmY4LwlFIjvJl1RE4VoSnytFwfiH6EG0yYAFFBDkrCn-cOVcOfhp7BmXGNbTgfhLAfIXNm8yWW1d8tZExhTJozrEZ2pgd_BRye3Tz0DdO8H4JNofqPozm2UVkoqNFXmzolyxp020ZCqiepNnR2jRiwrF4YLWZaSsBlJ2qXCt--vZMw57QlhdQjNrdukQhU4oC0jlcq79-CZd5jwQcrpEo4CSyj0UaXHMcyr5EzurUWxmOBXa1qFtpY5i7cxxs4DHqvmefXEPc9drrBOZzB6gYu_WYVRnD8vw6i5CEzKsyA_dFCWd7YF6J1pdqQATXYzThElMJRlpoZ5uxSlaV8QRSqbZxlRxOckXnZ5bOyQwFVpWN67mmoNWO9n5cBB5ZEL67dcg4L6T-2hgknvMWPb-MhLgWwNe76utCS1QoDDGrbkHweoxCh_GQy-nYS7_wFeOKQdaciCaajd5aThf0_nR1ugTKqqeNL8eiGYclA314BY2cJetuqd7m05oK-ooBtpFDOJROe6zy12GixU4mYvP4z59mu4Lla6Q8k89VobMYaoZonv_3T6lMrTA00oZAF9uUEgR-G23ZCK0jqCmFUMDUBWAzJNZQsiY8sE0tCNJwp79AwxVsFPRGsQ7ZWMi65_J7TgXxP_d8bmoO8sHQFi7JqCT4FeKBuEBoOQlRiekZlSKRylhYIXtUTjTutZIZQy0pfKDhWYMIfwhxQzZXkNFB6dK7Tonlnjq2xDxxPp3N1BzyC8rCHCBMC8B7WdGP5PVlgWvvfcYopdVbA60rwMt1s43IhP8hGDK94Ln94AUGcFVJ2QA6fh32zLzy1ZmtUjpxurCL2j8B40twaOH6hnoiKwHX7nuUq3L4TLbAlpD42-fpACnd3cPP12S5Nz&sai=AMfl-YSiAD7IeTHg4j0MfAHAZW8yDRcLia1fAQtFah1jWyhjVuT3ZSUH3NBRtoytt77MgyePoDsmGZxHjGwdIiOfl0pvFHkqs0u5MC4Ur0EaUz1ie3LBGHamdWRvTyfe5KT063AlaiYaq0yzSZzf51VvmIvFSO1wCbRKBim62O5sB3flGQSRq8V4&sig=Cg0ArKJSzNRaTcXOiv4BEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=248&cbvp=1&cstd=245&cisv=r20220125.42635&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s38-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date
Thu, 27 Jan 2022 10:36:05 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
sid
mug.criteo.com/ Frame
0
0
Preflight
General
Full URL
https://mug.criteo.com/sid?cpp=pEshX3xtL3NRTWdWS1ZZRmQvRkV4V2dEakVTOFhOVFNQRENwRDBldi9JMERIY3VDaVBCcjhiN1lHVTNrT3lQMVlyYlJuRW0xV0w2M2hjV2lDdW5uV1lpMjdUY1BPV1VLQXZFNEVXaE9OYlhvcFZzQXBOYmJTMGpYTzdOdTZTcWxhZEk1YUROTGcrQTRQMlRVUjRZdmRlcnVNeXpIUWIyQ0NmWU5MOHRMbFlOMzNlU0dXY2JiYmg2djVwd0lQRGV4U1JwUStvdjg0MGZIUzMwanlTNXVvaFhIVGlxZmJ6YUdNY3hjcU5xRFNETmFHaXV6YXdrUmVRUHpqaUR0L3FST2Y0bGgxdi9rOUppVVRlT0ZiY0oxY0ZPRi83dz09fA&cppv=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
content-type
Origin
null
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
content-type
application/json; charset=utf-8
expires
0
access-control-allow-origin
null
access-control-allow-headers
content-type
access-control-allow-credentials
true
access-control-allow-methods
GET
server-processing-duration-in-ticks
1026
date
Thu, 27 Jan 2022 10:36:05 GMT
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
vary
Accept-Encoding
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 9EA9
41 KB
15 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
URL: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Tue, 25 Jan 2022 04:37:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
194345
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 25 Jan 2023 04:37:00 GMT
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 14D9
1 KB
749 B
Document
General
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
URL: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/

Response headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
724
x-xss-protection
0
date
Wed, 26 Jan 2022 19:21:13 GMT
expires
Thu, 27 Jan 2022 19:21:13 GMT
cache-control
public, max-age=86400
age
54892
etag
48472445140208031
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
truncated
/ Frame 9EA9
216 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c05fd30b575bdc14201b5ee024b8c13b473cb63bf23d8f334ebd4076441ac016

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type
image/png
liveView.php
live.primis.tech/live/
0
226 B
Image
General
Full URL
https://live.primis.tech/live/liveView.php?hash=ozcmPTEznXRiPTEzqzyxX2V2ZW50PTM2JaNypaZypyRcoWU9MTY0MmI3OTp2MvZ2nWRspGkurWVlVzVlPTMhMS4jJaM9MTA5NmQkJaN0YT0jJat9NwQjJax9NDQjJaZcZF9jYXNmRG9gYWyhPWRfLWZcoGUhY29gJaN1YxyxPWRfLWZcoGUhY29gJzRyYaVaSW5zo3JgYXRco249JzymQXBjPTAzqXNypxyjQWRxpw0kNDxhNTYhMTUmLwE4NCZ1p2VlVUE9TW96nWkfYSUlRwUhMCUlMCUlOFqcozRiq3MyMwBOVCUlMDEjLwAyM0IyMwBXnW42NCUmQvUlMHt2NCUlOSUlMEFjpGkyV2VvS2y0JTJGNTM3LwM2JTIjJTI4S0uUTUjyMxMyMwBfnWgyJTIjR2Vwn28yMwxyMwBDnHJioWUyMxY5Nl4jLwQ2OTIhNmEyMwBTYWZupzxyMxY1MmphMmYzY3N1qWyxPTYkZwI3NTxlNmI0MGMzY29hqGVhqEZcoGVJZD0jJz1yZGyuUGkurUkcp3RJZD0jJz1yZGyuTGymqEyxPTAzZ2Rjpw0jJzqxpHJDo25mZW50PSZcp1qyUGFmp0qxpHI9MSZwY3BuPTAzY2NjYUNioaNyoaQ9JzNvqXN0ZXI9MTY0MmI3OTp2NTI0NlZ1nWQ9U2VenW5xo1NQoGF5ZXI2MWYlNmU5Mwx0NWJyJaB1YyVloD1bqHRjplUmQSUlRvUlRzRfLWZcoGUhY29gJTJGZmZ6n3BwrzqbpWRlJTJGQzFhn3NsMwAkMy9DnGV2rTEmMTIkNl5lYXIhnHRgoCZzoG9uqFN0YXR1pm10paVyJzVcZHNjPWycpQ==
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.244.48.95 New York, United States, ASN36007 (KAMATERA, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:04 GMT
content-encoding
gzip
server
nginx
age
0
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin
*
cache-control
no-store
content-type
text/html; charset=UTF-8
index.html
s0.2mdn.net/sadbundle/16862631110216872732/ Frame 5BF7
93 KB
21 KB
Document
General
Full URL
https://s0.2mdn.net/sadbundle/16862631110216872732/index.html
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81f::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5e46484286c90cb4aea34abdd9b242b4e2ab985af692be837028b37296b2cd83
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin
*
x-content-type-options
nosniff
x-dns-prefetch-control
off
content-encoding
gzip
server
sffe
x-xss-protection
0
content-length
21683
date
Mon, 24 Jan 2022 15:16:03 GMT
expires
Tue, 24 Jan 2023 15:16:03 GMT
cache-control
public, max-age=31536000
age
242402
last-modified
Tue, 12 Jan 2021 05:34:56 GMT
content-type
text/html
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
view
googleads4.g.doubleclick.net/pcs/ Frame 02E6
0
24 B
Ping
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvl_XSollUx0a4eIdAY4sC80zrg9_d3u0nLQgVOTGCSxokqajH6asuPKDns8D7PZiXuU11797suOWimjBn1x1IsoCq-vBQLKg1TRSpM_2DtPkPq64KeR8T6Nq-cSqu8ezTrjIa8uQwwIeJWHKYJ27Hax-AAOvwi2VEICMQpIEDLZfhK8XhWr5nRi4YYav6pXrFuxDytrToOYII3hKEc4tzMTqDpyuiyX2xNfdpdnHxqPFywCRw9xt08NKSRyzZbeML3BARH3XysJMd5YhCDtsnFK1FD1dHwm9wqQUbZy350dIz8DFNLk74Kpm7vX0HyZxooCTvM2XlVpNHtLj2TFD9wvmiCjoIXxo6ZiZiS7GLFW0BvQGFVB2hw6qVvzj1U0OhkqNkGy578tMiaMl-dUQ618b8evksh-P5Wn5Dh5cvBYeNIYwJYqqzbSmvToe7q6OfuY_0HD0sogY0s1BSeBYZSxo5xDmbr2fdie7JirGB2cYk-wPFb4tzLoO4cmlZ1wdWSFFKMiwA59lyZHoqDz_EUZGkJbeWxHytHiNCOXQbL7gsjioi4jgZ0iO6XarEDPn1lFR45p39E-ymAHke2iaw364FIlhp2b0hIc9hPWXKRTEB4wKmEo-N29SY-9AK9S5mIe4CuPVEJWFnPeAjd9hnF1b0-gH1pgshWVqPSus61mqRPNo0dXCH3BFueaTMttVME5UqFJtW35CCUc-LJk9LUt2Fi4kOYkVliUAfS4kg6FOqz5eCScSMYJOXgi4zWU0O0dxOKpLT1K-_T9jrIeI_tJHdSEHuZBuoM1akjRSTWtGDdirdQKfNWfMcqd8JzHzOsuZ1LKlZ1PBy9AgcgAw9KHMu3yllp_R8OftE1lbXuoQ-ZeZxdFKo_xmfb6E2Hq1ZmqqFMgheC-AlQSrJZAalrGiDiw-JJVNaaneIAVLeGFPNNRuBrJ2XQcJABBmZzvG7df4GurPVxp3R4D6GbOXud_oG0kkeu-ivaKmuUvFwkeAvplta9kEHwjv1PwKLDlC04GKey0YT4YahgBe6lguNp3QuwJ6WJtHR3Lef4G1rQE8y2RV5GLWae-WOWrTpajmwVF1MmKqefvk2aMc_OteoZ60E8FhAsv3wLAeBWptEC-imH43dhEr_ht4nuJnpe0a_XA5CRLzuhPmS-ymeH669d2Yubws-djVDXQXRv_8EoxtKehBVohJvB6Y2RTCnHrNs-NvnGNyg&sai=AMfl-YQewbl12RuFoujZ-Q9B1ZDIhAcrjcqD93pJ_UrMEDHopCwPkP_1sYGd27SN1O0-bzIraqeCL-Xq04XvEfN3DVpB1lOKoQh8wc-m0Xl5fJuz33ofbuftqvLZin0jG9Jz6oAt49BHeuBXoC3ks6bn3F4oj0mg_3mjjcmMM05ksbAZWMBo0zp6&sig=Cg0ArKJSzCiqupy_-YBjEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=323&cbvp=1&cstd=321&cisv=r20220125.54385&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s38-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date
Thu, 27 Jan 2022 10:36:05 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
xuid
eb2.3lift.com/ Frame 8FE5
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=3658&xuid=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9&dongle=0cfd
37 B
354 B
Image
General
Full URL
https://eb2.3lift.com/xuid?mid=3658&xuid=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9&dongle=0cfd
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
35.71.139.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb83dd09526a6517.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:05 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:05 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://eb2.3lift.com/xuid?mid=3658&xuid=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9&dongle=0cfd
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
209
xuidmid=7976&xuid=Y_1yns54M&dongle=u6nf
eb2.3lift.com/ Frame 8FE5
Redirect Chain
  • https://ad.mrtnsvr.com/sync/triplelift
  • https://eb2.3lift.com/xuidmid=7976&xuid=Y_1yns54M&dongle=u6nf
37 B
155 B
Image
General
Full URL
https://eb2.3lift.com/xuidmid=7976&xuid=Y_1yns54M&dongle=u6nf
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
35.71.139.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb83dd09526a6517.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:05 GMT
cache-control
no-cache, no-store, must-revalidate
x-error
Not Found
content-length
37
content-type
image/gif

Redirect headers

location
https://eb2.3lift.com/xuidmid=7976&xuid=Y_1yns54M&dongle=u6nf
date
Thu, 27 Jan 2022 10:36:05 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
92
vary
Origin
content-type
text/html; charset=utf-8
xuid
eb2.3lift.com/ Frame 8FE5
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=0&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEFUR5WPh0gcGr6EpEfq3UiQ&dongle=c627&gdpr=0&gdpr_consent=&google_cver=1
37 B
354 B
Image
General
Full URL
https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEFUR5WPh0gcGr6EpEfq3UiQ&dongle=c627&gdpr=0&gdpr_consent=&google_cver=1
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
35.71.139.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb83dd09526a6517.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:05 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:05 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEFUR5WPh0gcGr6EpEfq3UiQ&dongle=c627&gdpr=0&gdpr_consent=&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
332
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 8FE5
Redirect Chain
  • https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=0&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=0&gdpr_consent=&us_privacy=&google_hm=MzUyMjQ1NTc4MzgxODg4MzU2MzEzMg%3D%3D
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=0&gdpr_consent=&us_privacy=&google_hm=MzUyMjQ1NTc4MzgxODg4MzU2MzEzMg%3D%3D
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H3
Server
142.251.32.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:05 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=0&gdpr_consent=&us_privacy=&google_hm=MzUyMjQ1NTc4MzgxODg4MzU2MzEzMg%3D%3D
date
Thu, 27 Jan 2022 10:36:05 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
/
p.adsymptotic.com/d/px/ Frame 8FE5
Redirect Chain
  • https://px.ads.linkedin.com/setuid?partner=tripleliftdbredirect&tlUid=3522455783818883563132&dbredirect=true&gdpr=0&consent=
  • https://px.ads.linkedin.com/setuid?partner=tripleliftdbredirect&tlUid=3522455783818883563132&dbredirect=true&gdpr=0&consent=&cookiesTest=true
  • https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=58300170-245d-47b4-ad2b-bcbd2fd95a74&_noobservation=1
43 B
132 B
Image
General
Full URL
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=58300170-245d-47b4-ad2b-bcbd2fd95a74&_noobservation=1
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
104.18.100.194 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:05 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray
6d415687daaf53dd-YYZ
p3p
CP='NON DSP COR CONi OUR BUS CNT'
content-type
image/gif
content-length
43

Redirect headers

date
Thu, 27 Jan 2022 10:36:05 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: 751990FD34904A769C5EA5E3DE9EB346 Ref B: YTO01EDGE0707 Ref C: 2022-01-27T10:36:05Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-ltx1
location
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=58300170-245d-47b4-ad2b-bcbd2fd95a74&_noobservation=1
x-li-proto
http/2
content-length
0
x-li-uuid
AAXWjeKyUcsqFSWuDK/F5g==
xuid
eb2.3lift.com/ Frame 8FE5
Redirect Chain
  • https://pr-bh.ybp.yahoo.com/sync/triplelift/3522455783818883563132?gdpr=0&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=2662&xuid=y-NKSHeHhE2oRTdx0X0Z1xn3v08zCVSVEfA2xqGqsdRQ--~A&dongle=0883
37 B
354 B
Image
General
Full URL
https://eb2.3lift.com/xuid?mid=2662&xuid=y-NKSHeHhE2oRTdx0X0Z1xn3v08zCVSVEfA2xqGqsdRQ--~A&dongle=0883
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
35.71.139.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb83dd09526a6517.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:05 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

date
Thu, 27 Jan 2022 10:36:05 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://eb2.3lift.com/xuid?mid=2662&xuid=y-NKSHeHhE2oRTdx0X0Z1xn3v08zCVSVEfA2xqGqsdRQ--~A&dongle=0883
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
xuid
eb2.3lift.com/ Frame 8FE5
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=triplelift&user_id=3522455783818883563132&gdpr=0&gdpr_consent=
  • https://cm.smadex.com/sync?sm_did=bds&bds_ssp_id=triplelift&bds_param=c842ca48-ee24-4529-8afa-5d2f74bfe7d3
  • https://x.bidswitch.net/sync?dsp_id=340&user_id=e4b40a9c-b3b4-45ad-a359-64731c063052&expires=10&ssp=triplelift&bsw_param=c842ca48-ee24-4529-8afa-5d2f74bfe7d3
  • https://eb2.3lift.com/xuid?mid=2409&xuid=c842ca48-ee24-4529-8afa-5d2f74bfe7d3&dongle=d3d3&gdpr=&gdpr_consent=&gdpr_pd=
37 B
354 B
Image
General
Full URL
https://eb2.3lift.com/xuid?mid=2409&xuid=c842ca48-ee24-4529-8afa-5d2f74bfe7d3&dongle=d3d3&gdpr=&gdpr_consent=&gdpr_pd=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
35.71.139.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb83dd09526a6517.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:05 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Location
//eb2.3lift.com/xuid?mid=2409&xuid=c842ca48-ee24-4529-8afa-5d2f74bfe7d3&dongle=d3d3&gdpr=&gdpr_consent=&gdpr_pd=
Date
Thu, 27 Jan 2022 10:36:05 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
c.gif
c.bing.com/ Frame 8FE5
42 B
667 B
Image
General
Full URL
https://c.bing.com/c.gif?xid=3522455783818883563132&Red3=TLMS_pd
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:05 GMT
etag
"89b446b6cf8d81:0"
last-modified
Thu, 13 Jan 2022 22:48:41 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 2FD2F928A825483C967FA2033EAD3FC4 Ref B: YTO01EDGE0819 Ref C: 2022-01-27T10:36:05Z
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-type
image/gif
content-length
42
757c0557066e95cfd4c7
s.amazon-adsystem.com/x/ Frame 8FE5
0
0
Image
General
Full URL
https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=0&gdpr_consent=&uid=3522455783818883563132
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.54.177.54 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

xuid
eb2.3lift.com/ Frame 8FE5
Redirect Chain
  • https://b1sync.zemanta.com/usersync/triplelift?gdpr=0&gdpr_consent=
  • https://stags.bluekai.com/site/23178?id=oVsUmNgT0LhHi9MYDApD&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS6ZLCGIXDG3DJMZ2C4Y3PNUXXQ5LJMQ7WI33OM5WGKPLE...
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS6ZLCGIXDG3DJMZ2C4Y3PNUXXQ5LJMQ7WI33OM5WGKPLEMJQTQJTFPBRWQYLOM5ST25DSNFYGYZLMNFTHIJTHMRYHEPJQEZWWSZB5GI2DMMBGPB2WSZB5N5LHGVLNJZTVI...
  • https://eb2.3lift.com/xuid?dongle=dba8&gdpr=0&mid=2460&xuid=oVsUmNgT0LhHi9MYDApD
37 B
354 B
Image
General
Full URL
https://eb2.3lift.com/xuid?dongle=dba8&gdpr=0&mid=2460&xuid=oVsUmNgT0LhHi9MYDApD
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol
H2
Server
35.71.139.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb83dd09526a6517.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:05 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:05 GMT
P3p
CP="We do not support P3P header."
Location
https://eb2.3lift.com/xuid?dongle=dba8&gdpr=0&mid=2460&xuid=oVsUmNgT0LhHi9MYDApD
Cache-Control
no-cache, no-store, must-revalidate
Content-Type
text/html; charset=utf-8
Content-Length
115
Expires
Thu, 01 Dec 1994 16:00:00 GMT
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame A0E8
37 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:35:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
23
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12861
x-xss-protection
0
last-modified
Tue, 26 Oct 2021 20:08:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Thu, 27 Jan 2022 11:35:42 GMT
integrator.js
adservice.google.com/adsid/ Frame FC14
107 B
122 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=dl-file.com
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 27 Jan 2022 10:36:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 02E6
41 KB
15 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
URL: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Tue, 25 Jan 2022 04:37:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
194345
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 25 Jan 2023 04:37:00 GMT
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 12CB
1 KB
749 B
Document
General
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
URL: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/

Response headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
724
x-xss-protection
0
date
Wed, 26 Jan 2022 19:21:13 GMT
expires
Thu, 27 Jan 2022 19:21:13 GMT
cache-control
public, max-age=86400
age
54892
etag
48472445140208031
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
truncated
/ Frame 02E6
214 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d1909839b23a61ccdfd249e342c5bf7e1c4a1b63afdb7d2ac524e4773540158d

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type
image/png
SPug
simage4.pubmatic.com/AdServer/ Frame 0AD5
0
260 B
Script
General
Full URL
https://simage4.pubmatic.com/AdServer/SPug?partnerID=159196&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D61f275927240c%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D0%26gdpr_consent%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
8.28.7.84 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 08:37:10 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
user
ads3.admatic.com.tr/ Frame CBA8
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=admatic
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=bidswitch&ttd_tpi=1&ttd_puid=admatic&gdpr=&gdpr_consent=
  • https://x.bidswitch.net/sync?dsp_id=93&user_id=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9&expires=30&ssp=admatic&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT_21}
  • https://ads4.admatic.com.tr/showad/px/ums/sync/bsw?bsw_uuid=c842ca48-ee24-4529-8afa-5d2f74bfe7d3&dsp_uuid=&dsp_id=
  • https://ads3.admatic.com.tr/user?bsw_uuid=c842ca48-ee24-4529-8afa-5d2f74bfe7d3&dsp_uuid=&dsp_id=
35 B
177 B
Image
General
Full URL
https://ads3.admatic.com.tr/user?bsw_uuid=c842ca48-ee24-4529-8afa-5d2f74bfe7d3&dsp_uuid=&dsp_id=
Requested by
Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol
H2
Server
188.132.147.228 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
static-228-147-132-188.sadecehosting.net
Software
AdMatic / AdMatic
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://cdn.admatic.com.tr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:06 GMT
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
server
AdMatic
x-powered-by
AdMatic
etag
dkUNzllSb3fXXk4TIncKSd_JFBioEORGWHGL1koOEsAHvW0jf2If1AMZnjYxlfzyQU1GYhRbkhqAjnYhseCnew
content-type
image/gif
cache-control
no-cache
timing-allow-origin
*
content-length
35

Redirect headers

timing-allow-origin
*
date
Thu, 27 Jan 2022 10:36:05 GMT
location
https://ads3.admatic.com.tr/user?bsw_uuid=c842ca48-ee24-4529-8afa-5d2f74bfe7d3&dsp_uuid=&dsp_id=
x-powered-by
AdMatic
access-control-max-age
86400
access-control-allow-methods
GET, POST
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
https://cdn.admatic.com.tr
cache-control
no-cache
access-control-allow-credentials
true
content-type
text/html; charset=utf-8
access-control-allow-headers
Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
content-length
221
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 80BE
22 KB
8 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin
*
content-length
8395
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
date
Mon, 24 Jan 2022 04:41:58 GMT
expires
Tue, 24 Jan 2023 04:41:58 GMT
cache-control
public, max-age=31536000
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
content-type
text/html
age
280447
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
css
fonts.googleapis.com/ Frame 6022
4 KB
619 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto:700,regular
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10923079013338997224/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:824::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
8aed12b8b95a1d49011f3e134dc8e71804a3576818d1d1334145aaa96d71aa5e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 27 Jan 2022 10:31:44 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 27 Jan 2022 10:36:05 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 27 Jan 2022 10:36:05 GMT
DcmEnabler_01_245.js
s0.2mdn.net/879366/ Frame 6022
28 KB
10 KB
Script
General
Full URL
https://s0.2mdn.net/879366/DcmEnabler_01_245.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10923079013338997224/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81f::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
18c864956bf2492c5c86e79b0fec65f0ecbb4b02bfdcfe854b2c5501857fecdb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/10923079013338997224/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 06:13:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
15744
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10285
x-xss-protection
0
last-modified
Wed, 14 Oct 2020 19:32:53 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 28 Jan 2022 06:13:41 GMT
img
ih.adscale.de/sium/12c4aab3da0a4f36a6cbbd4aff29f584/1643279764267/0/ Frame BFE3
Redirect Chain
  • https://track.adform.net/serving/cookie/match/?party=9&uid=f4d521b61d37f6bad999fa2b8081ce649195279e27aa8b0d447ce4fd8adc9930&tpid=42&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F12c4aab3da0a4f36a6cbbd...
  • https://ih.adscale.de/sium/12c4aab3da0a4f36a6cbbd4aff29f584/1643279764267/0/img?tpid=42&gdpr=0&tpuid=3450203132156163805
49 B
568 B
Image
General
Full URL
https://ih.adscale.de/sium/12c4aab3da0a4f36a6cbbd4aff29f584/1643279764267/0/img?tpid=42&gdpr=0&tpuid=3450203132156163805
Requested by
Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol
H2
Server
18.196.233.14 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-233-14.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ih.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:05 GMT
p3p
CP=NOI PSA OUR
content-length
49
content-type
image/gif

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:05 GMT
server
nginx
location
https://ih.adscale.de/sium/12c4aab3da0a4f36a6cbbd4aff29f584/1643279764267/0/img?tpid=42&gdpr=0&tpuid=3450203132156163805
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
css
fonts.googleapis.com/ Frame 031E
4 KB
619 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto:700,regular
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10923079013338997224/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:824::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
8aed12b8b95a1d49011f3e134dc8e71804a3576818d1d1334145aaa96d71aa5e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 27 Jan 2022 10:21:17 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 27 Jan 2022 10:36:05 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 27 Jan 2022 10:36:05 GMT
DcmEnabler_01_245.js
s0.2mdn.net/879366/ Frame 031E
28 KB
10 KB
Script
General
Full URL
https://s0.2mdn.net/879366/DcmEnabler_01_245.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10923079013338997224/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81f::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
18c864956bf2492c5c86e79b0fec65f0ecbb4b02bfdcfe854b2c5501857fecdb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/10923079013338997224/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 06:13:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
15744
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10285
x-xss-protection
0
last-modified
Wed, 14 Oct 2020 19:32:53 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 28 Jan 2022 06:13:41 GMT
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 1062
22 KB
8 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin
*
content-length
8395
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
date
Mon, 24 Jan 2022 04:41:58 GMT
expires
Tue, 24 Jan 2023 04:41:58 GMT
cache-control
public, max-age=31536000
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
content-type
text/html
age
280447
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
css
fonts.googleapis.com/ Frame 5BF7
6 KB
701 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto:700,regular,700italic
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16862631110216872732/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:824::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
872890c5623628fc32f2bfcacd96f0cbf2226304412a28475ef6567a784c4082
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 27 Jan 2022 09:48:30 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 27 Jan 2022 10:36:05 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 27 Jan 2022 10:36:05 GMT
DcmEnabler_01_245.js
s0.2mdn.net/879366/ Frame 5BF7
28 KB
10 KB
Script
General
Full URL
https://s0.2mdn.net/879366/DcmEnabler_01_245.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16862631110216872732/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81f::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
18c864956bf2492c5c86e79b0fec65f0ecbb4b02bfdcfe854b2c5501857fecdb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/16862631110216872732/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 06:13:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
15744
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10285
x-xss-protection
0
last-modified
Wed, 14 Oct 2020 19:32:53 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 28 Jan 2022 06:13:41 GMT
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 139D
22 KB
8 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin
*
content-length
8395
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
date
Mon, 24 Jan 2022 04:41:58 GMT
expires
Tue, 24 Jan 2023 04:41:58 GMT
cache-control
public, max-age=31536000
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
content-type
text/html
age
280447
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 6022
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,regular
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:820::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://s0.2mdn.net
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 08:30:30 GMT
x-content-type-options
nosniff
age
7535
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15828
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:28 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Fri, 27 Jan 2023 08:30:30 GMT
usermatch
ssum-sec.casalemedia.com/ Frame E973
1 KB
3 KB
Document
General
Full URL
https://ssum-sec.casalemedia.com/usermatch?gdpr=0&gdpr_consent=&d=https://dl-file.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.54.68.240 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-54-68-240.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
a7ca1133ea7397aaac5233d04ab48dde432c1e34828a57e21ecfd7e7964cbeb4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://js-sec.indexww.com/

Response headers

Server
Apache
Content-Type
text/html
Dropped-Udsids
4|65|81|90|3|188|191|40
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary
Is-Traffic-Usersync
Expires
Thu, 27 Jan 2022 10:36:05 GMT
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:05 GMT
Content-Length
1420
Connection
keep-alive
/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame AEF8
Redirect Chain
  • https://ad.turn.com/r/cs?pid=3&google_gid=CAESEMrBxY_KWfZaoYvR4HKgJ9c&google_cver=1&google_push=AYg5qPIq9tbWlPlSsjquhMznAvdDK6rYeARGuEppwDsicWv19F0KbfsE6quo7A5RMbAuUzQcAmk-F1OCpcpkK1zxLm7f2Qrad8yCX...
  • https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NDMzMTM3MDE4MjAxMDYzNTM3Nw==&gdpr=0&gdpr_consent=
  • https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=0&gdpr_consent=&google_gid=CAESEMrBxY_KWfZaoYvR4HKgJ9c&google_cver=1
43 B
407 B
Image
General
Full URL
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=0&gdpr_consent=&google_gid=CAESEMrBxY_KWfZaoYvR4HKgJ9c&google_cver=1
Protocol
H2
Server
2620:112:f002:bbbb::21 , United States, ASN6336 (TURN-US-ASN, US),
Reverse DNS
Software
/
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:05 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-type
image/gif
content-length
43
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:05 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=0&gdpr_consent=&google_gid=CAESEMrBxY_KWfZaoYvR4HKgJ9c&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
330
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame AEF8
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
  • https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WWZKMWtnQUJyM3J2X0FCSA==&google_gid=CAESEG8gxe9pMXm7_SoTkx77AXw&google_cver=1&google_push=AYg5qPLUkbTlCBitYDuWNxOGncjIombrtm...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WWZKMWtnQUJyM3J2X0FCSA==&google_gid=CAESEG8gxe9pMXm7_SoTkx77AXw&google_cver=1&google_push=AYg5qPLUkbTlCBitYDuWNxOGncjIombrtmDJn66FXhiKKeEmEbli0VhltIYz4xfPWuWlDfQ9TwFl8bhDTNWhtTtr2vjBy3mocbzHTG24TOiARkiJuN2A3Sqp7wCce5SKYlxOdoqLk0im3Y8
Requested by
Host: ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
URL: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.251.32.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:05 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:05 GMT
via
1.1 varnish
server
Varnish
x-timer
S1643279766.621273,VS0,VE0
x-served-by
cache-yul12827-YUL
x-cache
HIT
location
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WWZKMWtnQUJyM3J2X0FCSA==&google_gid=CAESEG8gxe9pMXm7_SoTkx77AXw&google_cver=1&google_push=AYg5qPLUkbTlCBitYDuWNxOGncjIombrtmDJn66FXhiKKeEmEbli0VhltIYz4xfPWuWlDfQ9TwFl8bhDTNWhtTtr2vjBy3mocbzHTG24TOiARkiJuN2A3Sqp7wCce5SKYlxOdoqLk0im3Y8
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
pixel
cm.g.doubleclick.net/ Frame AEF8
Redirect Chain
  • https://fksnk.com/cs/google?google_gid=CAESEPrQ0vsC4XikJOblzH7CAFY&google_cver=1&google_push=AYg5qPJ672hztLM0QYGlZGZlz7tyi5ADWewKwccF2a01hirgNjYoYGzwtVLvrF9ZGXuQCcViZKTvu35-4Xz1wtPErJ_KvLvYDoAgjl6B...
  • https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=ODYwMjk5OTM3NDdBQkFCMA==
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=ODYwMjk5OTM3NDdBQkFCMA==
Protocol
H3
Server
142.251.32.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:05 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=ODYwMjk5OTM3NDdBQkFCMA==
date
Thu, 27 Jan 2022 10:36:05 GMT
content-language
en-US
content-type
text/html;charset=ISO-8859-1
pixel
cm.g.doubleclick.net/ Frame AEF8
Redirect Chain
  • https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEK29qslJYrnkCDwMI64QuWc&google_cver=1&google_push=AYg5qPIJ3i9OjxIhGYzeAdJejOfOJn1bjnKOscscYec9mtU2magKGbhZEqzus6Cur4wsErX6zNJz24vUDdpcg...
  • https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AYg5qPIJ3i9OjxIhGYzeAdJejOfOJn1bjnKOscscYec9mtU2magKGbhZEqzus6Cur4wsErX6zNJz24vUDdpcg8pvR4Nz842XZdWaR9GZFKQOkEKG6uz1TgO6tRmWUMkm044...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AYg5qPIJ3i9OjxIhGYzeAdJejOfOJn1bjnKOscscYec9mtU2magKGbhZEqzus6Cur4wsErX6zNJz24vUDdpcg8pvR4Nz842XZdWaR9GZFKQOkEKG6uz1TgO6tRmWUMkm0445S3tWEG4IEfY&google_hm=b1ZzVW1OZ1QwTGhIaTlNWURBcEQ=
Requested by
Host: ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
URL: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.251.32.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:05 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:05 GMT
P3p
CP="We do not support P3P header."
Location
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AYg5qPIJ3i9OjxIhGYzeAdJejOfOJn1bjnKOscscYec9mtU2magKGbhZEqzus6Cur4wsErX6zNJz24vUDdpcg8pvR4Nz842XZdWaR9GZFKQOkEKG6uz1TgO6tRmWUMkm0445S3tWEG4IEfY&google_hm=b1ZzVW1OZ1QwTGhIaTlNWURBcEQ=
Cache-Control
no-cache, no-store, must-revalidate
Content-Type
text/html; charset=utf-8
Content-Length
279
Expires
Thu, 01 Dec 1994 16:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame AEF8
Redirect Chain
  • https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEKovoFi1oe6aFV5cCP9_MXQ&google_cver=1&google_push=AYg5qPIf43xRBCjiG0Z-VeWTnrLwMawpNxfjE5M5zPKBI6B72FXD9SN2vYjTUEkkizOtqMRDzQQov2-cmAxtt4i2...
  • https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPIf43xRBCjiG0Z-VeWTnrLwMawpNxfjE5M5zPKBI6B72FXD9SN2vYjTUEkkizOtqMRDzQQov2-cmAxtt4i2oUayfGHntdEaAUTF29Q4rMpPPM50s_cca7V7_NAkJ4BD...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPIf43xRBCjiG0Z-VeWTnrLwMawpNxfjE5M5zPKBI6B72FXD9SN2vYjTUEkkizOtqMRDzQQov2-cmAxtt4i2oUayfGHntdEaAUTF29Q4rMpPPM50s_cca7V7_NAkJ4BDr17fzbVQNNw
Requested by
Host: ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
URL: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.251.32.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:05 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Thu, 27 Jan 2022 10:36:05 GMT
via
1.1 7f59e30d6672b7ea91c10bca6108d29a.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
EWR50-C1
x-cache
FunctionGeneratedResponse from cloudfront
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPIf43xRBCjiG0Z-VeWTnrLwMawpNxfjE5M5zPKBI6B72FXD9SN2vYjTUEkkizOtqMRDzQQov2-cmAxtt4i2oUayfGHntdEaAUTF29Q4rMpPPM50s_cca7V7_NAkJ4BDr17fzbVQNNw
cache-control
no-cache, must-revalidate
content-length
0
x-amz-cf-id
S5vNtoGA75_VDBPK88S6Xn0QwORUN4rg6jjT0iIYdoPVaoegs5amTQ==
pixel
cm.g.doubleclick.net/ Frame AEF8
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEO9du5EHSTcr3Kkl3gLAwE8&google_cver=1&google_push=AYg5qPKALXy1U1n1HnMolYKBzvPKyRa_ZNrYGLBine0lcOArcziO0HdfnjLswoFUQILfabpZsH...
  • https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1OVVlfeE54RTJ1SGZJRk9Wd2FscFdkUWltTjE0VDIzWX5B&google_push=AYg5qPKALXy1U1n1HnMolYKBzvPKyRa_ZNrYGLBine0lcOArcziO0Hdfn...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1OVVlfeE54RTJ1SGZJRk9Wd2FscFdkUWltTjE0VDIzWX5B&google_push=AYg5qPKALXy1U1n1HnMolYKBzvPKyRa_ZNrYGLBine0lcOArcziO0HdfnjLswoFUQILfabpZsHi07D532RfDpeWwmbpqxyCFy3CNjqsE5fLXlJB1ZWq9zwaE1fvl6AYUDIZwBjwLfW_jZKc
Requested by
Host: ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
URL: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.251.32.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:05 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1OVVlfeE54RTJ1SGZJRk9Wd2FscFdkUWltTjE0VDIzWX5B&google_push=AYg5qPKALXy1U1n1HnMolYKBzvPKyRa_ZNrYGLBine0lcOArcziO0HdfnjLswoFUQILfabpZsHi07D532RfDpeWwmbpqxyCFy3CNjqsE5fLXlJB1ZWq9zwaE1fvl6AYUDIZwBjwLfW_jZKc
date
Thu, 27 Jan 2022 10:36:05 GMT
server
ATS/9.1.0.33
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
pixel
cm.g.doubleclick.net/ Frame AEF8
Redirect Chain
  • https://ius.ctnsnet.com/int/cm?exc=1&acc=crimtan_holdings_limited&google_gid=CAESEL1WMe6Qy_YXWt6izZNDXTw&google_cver=1&google_push=AYg5qPK5fQMv-Ep9tEKA9YIYJjVASFZaMR1u2tggChLDTYVNiExHaFwqyOaXSun2pH...
  • https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AYg5qPK5fQMv-Ep9tEKA9YIYJjVASFZaMR1u2tggChLDTYVNiExHaFwqyOaXSun2pH78nHn16WmPYFeHdxrlyJBsceZpCBaWm5T7yMxRYA7n9Oz3UK...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AYg5qPK5fQMv-Ep9tEKA9YIYJjVASFZaMR1u2tggChLDTYVNiExHaFwqyOaXSun2pH78nHn16WmPYFeHdxrlyJBsceZpCBaWm5T7yMxRYA7n9Oz3UKiJNKvHgQ6OrG3hGw0qiHvvrR8U9IPl&google_hm=RS3zP53zQfekDJNwSYRF0Lg
Protocol
H3
Server
142.251.32.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:05 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:05 GMT
via
1.1 google
server
Apache-Coyote/1.1
status
302
p3p
CP="NOI DSP COR NID CUR OUR NOR"
location
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AYg5qPK5fQMv-Ep9tEKA9YIYJjVASFZaMR1u2tggChLDTYVNiExHaFwqyOaXSun2pH78nHn16WmPYFeHdxrlyJBsceZpCBaWm5T7yMxRYA7n9Oz3UKiJNKvHgQ6OrG3hGw0qiHvvrR8U9IPl&google_hm=RS3zP53zQfekDJNwSYRF0Lg
cache-control
no-cache, must-revalidate
content-type
text/html;charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT
attr
cm.g.doubleclick.net/pixel/ Frame AEF8
0
12 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JJk2O6GhYkQWkexbcwexBGfgxavCvuYeX55j_DvzOlYTmh-JcVgCq_5oqk_IAQszc5UnxiqdY
Requested by
Host: ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
URL: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.32.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:05 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 031E
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,regular
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:820::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://s0.2mdn.net
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 08:30:30 GMT
x-content-type-options
nosniff
age
7535
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15828
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:28 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Fri, 27 Jan 2023 08:30:30 GMT
pixel
cm.g.doubleclick.net/ Frame 14D9
Redirect Chain
  • https://px.owneriq.net/ecmg?google_gid=CAESEObGCAPpXaUkhtjga0AaRfw&google_cver=1&google_push=AYg5qPJd7RwS5VcT9PGKcYHWyHPmb71ITaK_hQ2ldG6B5TBu15lC1t4-yf8H_Ic1avoeqxEKLNhmo5bkE3XMP6r_K6VfV4Jn0cB5Etq_...
  • https://cm.g.doubleclick.net/pixel?google_nid=owneriq1&google_sc&google_push=AYg5qPJd7RwS5VcT9PGKcYHWyHPmb71ITaK_hQ2ldG6B5TBu15lC1t4-yf8H_Ic1avoeqxEKLNhmo5bkE3XMP6r_K6VfV4Jn0cB5Etq_89YhWAaNXDYvXuwi...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=owneriq1&google_sc&google_push=AYg5qPJd7RwS5VcT9PGKcYHWyHPmb71ITaK_hQ2ldG6B5TBu15lC1t4-yf8H_Ic1avoeqxEKLNhmo5bkE3XMP6r_K6VfV4Jn0cB5Etq_89YhWAaNXDYvXuwisy6qJjotom-fVCka65PL8jp3&google_cver=1&google_gid=CAESEObGCAPpXaUkhtjga0AaRfw&google_hm=UTY5NjU2NjE2MzE2MDA5NzMyNjFQ
Requested by
Host: ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
URL: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.251.32.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:05 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date
Thu, 27 Jan 2022 10:36:05 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location
https://cm.g.doubleclick.net/pixel?google_nid=owneriq1&google_sc&google_push=AYg5qPJd7RwS5VcT9PGKcYHWyHPmb71ITaK_hQ2ldG6B5TBu15lC1t4-yf8H_Ic1avoeqxEKLNhmo5bkE3XMP6r_K6VfV4Jn0cB5Etq_89YhWAaNXDYvXuwisy6qJjotom-fVCka65PL8jp3&google_cver=1&google_gid=CAESEObGCAPpXaUkhtjga0AaRfw&google_hm=UTY5NjU2NjE2MzE2MDA5NzMyNjFQ
Cache-Control
max-age=83694
Connection
keep-alive
Content-Type
text/html
Content-Length
154
pixel
cm.g.doubleclick.net/ Frame 14D9
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESENodqvXvdNsAg-sV9GYdGUQ&google_cver=1&google_push=AYg5qPIw6Jl7mJ1MiZo9-pEfiYSKe9Wq_GCyyUNH8a2kPzLxMj7tbJlEvIB84G12cvXGGpntnoPHhtLc0y4Z-a3N...
  • https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=rlZh8nWTRgCmfrdqSAcR8A&google_push=AYg5qPIw6Jl7mJ1MiZo9-pEfiYSKe9Wq_GCyyUNH8a2kPzLxMj7tbJlEvIB84G12cvXGGpntnoPHhtLc0y4Z-a3NMmnpHHMk...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=rlZh8nWTRgCmfrdqSAcR8A&google_push=AYg5qPIw6Jl7mJ1MiZo9-pEfiYSKe9Wq_GCyyUNH8a2kPzLxMj7tbJlEvIB84G12cvXGGpntnoPHhtLc0y4Z-a3NMmnpHHMk6WNOM8wja6wRGqwK81D3biBxUsjAtjIirNQPqY45a7Zy37sF
Requested by
Host: ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
URL: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.251.32.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:05 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date
Thu, 27 Jan 2022 10:36:05 GMT
Server
MT3 4133 baa842e master iad-pixel-x8 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=rlZh8nWTRgCmfrdqSAcR8A&google_push=AYg5qPIw6Jl7mJ1MiZo9-pEfiYSKe9Wq_GCyyUNH8a2kPzLxMj7tbJlEvIB84G12cvXGGpntnoPHhtLc0y4Z-a3NMmnpHHMk6WNOM8wja6wRGqwK81D3biBxUsjAtjIirNQPqY45a7Zy37sF
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Thu, 27 Jan 2022 10:36:04 GMT
pixel
cm.g.doubleclick.net/ Frame 14D9
Redirect Chain
  • https://aep.mxptint.net/sn.ashx?google_gid=CAESEDpAegGB908Za1_9iEayVns&google_cver=1&google_push=AYg5qPK48OYlNPpEBs35bWJhqFC8uDiR7S5Gpr5QBE_0gWS5MIhu8SYn-W0x1o46PtSEGkivJqkPBvELcZVvcjNvskO7H01Xs1xM...
  • https://cm.g.doubleclick.net/pixel?google_nid=pf8b3zh4kyw&google_push=AYg5qPK48OYlNPpEBs35bWJhqFC8uDiR7S5Gpr5QBE_0gWS5MIhu8SYn-W0x1o46PtSEGkivJqkPBvELcZVvcjNvskO7H01Xs1xMGzQ83gQQ_Wfs9mEjZKRq_INQ8ut...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=pf8b3zh4kyw&google_push=AYg5qPK48OYlNPpEBs35bWJhqFC8uDiR7S5Gpr5QBE_0gWS5MIhu8SYn-W0x1o46PtSEGkivJqkPBvELcZVvcjNvskO7H01Xs1xMGzQ83gQQ_Wfs9mEjZKRq_INQ8utGnXHkeq4Y3GRxleM&google_hm=UjFCMzMwX0VBNThERDFDX0M0Rjc0MUI%3D
Protocol
H3
Server
142.251.32.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:06 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=pf8b3zh4kyw&google_push=AYg5qPK48OYlNPpEBs35bWJhqFC8uDiR7S5Gpr5QBE_0gWS5MIhu8SYn-W0x1o46PtSEGkivJqkPBvELcZVvcjNvskO7H01Xs1xMGzQ83gQQ_Wfs9mEjZKRq_INQ8utGnXHkeq4Y3GRxleM&google_hm=UjFCMzMwX0VBNThERDFDX0M0Rjc0MUI%3D
Date
Thu, 27 Jan 2022 10:36:05 GMT
Cache-Control
private
P3P
CP="NON CUR ADM DEVo PSAo PSDo OUR IND UNI COM NAV DEM STA PRE"
Content-Length
383
Strict-Transport-Security
max-age=-326266565; includeSubDomains
Content-Type
text/html; charset=utf-8
pixel
cm.g.doubleclick.net/ Frame 14D9
Redirect Chain
  • https://a.clickcertain.com/px/img/g/?google_gid=CAESEAg8OMOQHdVG7I7rUjN7KSA&google_cver=1&google_push=AYg5qPIc1hlSbjC0NwRcFZXqZrCjm_My5ug7xV8sXv5ww318doTl0JJBF31kK_rAtRrR6F9gWkrkNRLDYOsDokSPS9H6b3e...
  • https://i.liadm.com/s/56408?bidder_id=200441&bidder_uuid=5c178c8e-b9ee-4d6b-a60d-6cab3978d124&ccid=5c178c8e-b9ee-4d6b-a60d-6cab3978d124&redir=https%253a%252f%252fsecure%252eadnxs%252ecom%252fgetuid...
  • https://a.clickcertain.com/px/li/?ccid=5c178c8e-b9ee-4d6b-a60d-6cab3978d124&redir=https%3a%2f%2fsecure%2eadnxs%2ecom%2fgetuidu%3fhttps%3a%2f%2fa%2eclickcertain%2ecom%2fpx%2fimg%2fg%2f%3fdone%3dtrue...
  • https://secure.adnxs.com/getuidu?https://a.clickcertain.com/px/img/g/?done=true&google_gid=CAESEAg8OMOQHdVG7I7rUjN7KSA&google_cver=1&google_push=AYg5qPIc1hlSbjC0NwRcFZXqZrCjm_My5ug7xV8sXv5ww318doTl...
  • https://a.clickcertain.com/px/img/g/?done=true&google_gid=CAESEAg8OMOQHdVG7I7rUjN7KSA&google_cver=1&google_push=AYg5qPIc1hlSbjC0NwRcFZXqZrCjm_My5ug7xV8sXv5ww318doTl0JJBF31kK_rAtRrR6F9gWkrkNRLDYOsDo...
  • https://cm.g.doubleclick.net/pixel?google_nid=clickcertain&google_push=AYg5qPIc1hlSbjC0NwRcFZXqZrCjm_My5ug7xV8sXv5ww318doTl0JJBF31kK_rAtRrR6F9gWkrkNRLDYOsDokSPS9H6b3eWPwUo_1-et_LJqrcA9sgVvY5iFRy-4m...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=clickcertain&google_push=AYg5qPIc1hlSbjC0NwRcFZXqZrCjm_My5ug7xV8sXv5ww318doTl0JJBF31kK_rAtRrR6F9gWkrkNRLDYOsDokSPS9H6b3eWPwUo_1-et_LJqrcA9sgVvY5iFRy-4mx3aJ0hq80L9_GsiJfW&google_hm=NWMxNzhjOGUtYjllZS00ZDZiLWE2MGQtNmNhYjM5NzhkMTI0
Protocol
H3
Server
142.251.32.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:06 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Thu, 27 Jan 2022 10:36:06 GMT
x-frontend
cc-nginx-588445b6b9-v7ftb:cc-nginx-588445b6b9-v7ftb
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-requestid
5ecb61d9-0b6a-9bc7-b80c-34913a54da46
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3cnJs5lqClntBauDCuLP6pAwCrXzYni8%2FBf6vTD%2F8cjMV8whqvhz6hfPaCOh4GPt9TvEQYxLydsWelHgNdjt5nZTl70ydPmH67d8om%2BHTc0JlJeAiv8%2F1I98%2BM6XfGBDyDf%2Bc%2F5yVJhKaa6ArecmkA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html
location
https://cm.g.doubleclick.net/pixel?google_nid=clickcertain&google_push=AYg5qPIc1hlSbjC0NwRcFZXqZrCjm_My5ug7xV8sXv5ww318doTl0JJBF31kK_rAtRrR6F9gWkrkNRLDYOsDokSPS9H6b3eWPwUo_1-et_LJqrcA9sgVvY5iFRy-4mx3aJ0hq80L9_GsiJfW&google_hm=NWMxNzhjOGUtYjllZS00ZDZiLWE2MGQtNmNhYjM5NzhkMTI0
x-envoy-upstream-service-time
46
cf-ray
6d41568a3b31ca4f-YUL
pixel
cm.g.doubleclick.net/ Frame 14D9
Redirect Chain
  • https://match.360yield.com/match/ebda?google_gid=CAESEEOZpxzlcakwD1bzCQGE7d8&google_cver=1&google_push=AYg5qPIjbwa7IrQCMWfLiZ1iSuV_mN-dmzgvaaE82QzWtoenFfRQ2eJpUODIGPetpaiCpKCKxbxLO5gRA4Aal_kNSUsLU0...
  • https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEEOZpxzlcakwD1bzCQGE7d8&google_cver=1&google_push=AYg5qPIjbwa7IrQCMWfLiZ1iSuV_mN-dmzgvaaE82QzWtoenFfRQ2eJpUODIGPetpaiCpKCKxbxLO5gRA4Aal_kN...
  • https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=Fs92_2RHRueoY92QyRsbMA&google_push=AYg5qPIjbwa7IrQCMWfLiZ1iSuV_mN-dmzgvaaE82QzWtoenFfRQ2eJpUODIGPetpaiCpKCKxbxLO5gRA4Aal_k...
  • https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=Fs92_2RHRueoY92QyRsbMA&google_push=AYg5qPIjbwa7IrQCMWfLiZ1iSuV_mN-dmzgvaaE82QzWtoenFfRQ2eJpUODIGPetpaiCpKCKxbxLO5gRA4Aal_k...
  • https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=Fs92_2RHRueoY92QyRsbMA&google_push=AYg5qPIjbwa7IrQCMWfLiZ1iSuV_mN-dmzgvaaE82QzWtoenFfRQ2eJpUODIGPetpaiCpKCKxbxLO5gRA4Aal_k...
  • https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=Fs92_2RHRueoY92QyRsbMA&google_push=AYg5qPIjbwa7IrQCMWfLiZ1iSuV_mN-dmzgvaaE82QzWtoenFfRQ2eJpUODIGPetpaiCpKCKxbxLO5gRA4Aal_k...
  • https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=Fs92_2RHRueoY92QyRsbMA&google_push=AYg5qPIjbwa7IrQCMWfLiZ1iSuV_mN-dmzgvaaE82QzWtoenFfRQ2eJpUODIGPetpaiCpKCKxbxLO5gRA4Aal_k...
  • https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=Fs92_2RHRueoY92QyRsbMA&google_push=AYg5qPIjbwa7IrQCMWfLiZ1iSuV_mN-dmzgvaaE82QzWtoenFfRQ2eJpUODIGPetpaiCpKCKxbxLO5gRA4Aal_k...
  • https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=Fs92_2RHRueoY92QyRsbMA&google_push=AYg5qPIjbwa7IrQCMWfLiZ1iSuV_mN-dmzgvaaE82QzWtoenFfRQ2eJpUODIGPetpaiCpKCKxbxLO5gRA4Aal_k...
  • https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=Fs92_2RHRueoY92QyRsbMA&google_push=AYg5qPIjbwa7IrQCMWfLiZ1iSuV_mN-dmzgvaaE82QzWtoenFfRQ2eJpUODIGPetpaiCpKCKxbxLO5gRA4Aal_k...
  • https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=Fs92_2RHRueoY92QyRsbMA&google_push=AYg5qPIjbwa7IrQCMWfLiZ1iSuV_mN-dmzgvaaE82QzWtoenFfRQ2eJpUODIGPetpaiCpKCKxbxLO5gRA4Aal_k...
  • https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=Fs92_2RHRueoY92QyRsbMA&google_push=AYg5qPIjbwa7IrQCMWfLiZ1iSuV_mN-dmzgvaaE82QzWtoenFfRQ2eJpUODIGPetpaiCpKCKxbxLO5gRA4Aal_k...
  • https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=Fs92_2RHRueoY92QyRsbMA&google_push=AYg5qPIjbwa7IrQCMWfLiZ1iSuV_mN-dmzgvaaE82QzWtoenFfRQ2eJpUODIGPetpaiCpKCKxbxLO5gRA4Aal_k...
  • https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=Fs92_2RHRueoY92QyRsbMA&google_push=AYg5qPIjbwa7IrQCMWfLiZ1iSuV_mN-dmzgvaaE82QzWtoenFfRQ2eJpUODIGPetpaiCpKCKxbxLO5gRA4Aal_k...
  • https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=Fs92_2RHRueoY92QyRsbMA&google_push=AYg5qPIjbwa7IrQCMWfLiZ1iSuV_mN-dmzgvaaE82QzWtoenFfRQ2eJpUODIGPetpaiCpKCKxbxLO5gRA4Aal_k...
  • https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=Fs92_2RHRueoY92QyRsbMA&google_push=AYg5qPIjbwa7IrQCMWfLiZ1iSuV_mN-dmzgvaaE82QzWtoenFfRQ2eJpUODIGPetpaiCpKCKxbxLO5gRA4Aal_k...
  • https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=Fs92_2RHRueoY92QyRsbMA&google_push=AYg5qPIjbwa7IrQCMWfLiZ1iSuV_mN-dmzgvaaE82QzWtoenFfRQ2eJpUODIGPetpaiCpKCKxbxLO5gRA4Aal_k...
  • https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=Fs92_2RHRueoY92QyRsbMA&google_push=AYg5qPIjbwa7IrQCMWfLiZ1iSuV_mN-dmzgvaaE82QzWtoenFfRQ2eJpUODIGPetpaiCpKCKxbxLO5gRA4Aal_k...
  • https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=Fs92_2RHRueoY92QyRsbMA&google_push=AYg5qPIjbwa7IrQCMWfLiZ1iSuV_mN-dmzgvaaE82QzWtoenFfRQ2eJpUODIGPetpaiCpKCKxbxLO5gRA4Aal_k...
  • https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=Fs92_2RHRueoY92QyRsbMA&google_push=AYg5qPIjbwa7IrQCMWfLiZ1iSuV_mN-dmzgvaaE82QzWtoenFfRQ2eJpUODIGPetpaiCpKCKxbxLO5gRA4Aal_k...
  • https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=Fs92_2RHRueoY92QyRsbMA&google_push=AYg5qPIjbwa7IrQCMWfLiZ1iSuV_mN-dmzgvaaE82QzWtoenFfRQ2eJpUODIGPetpaiCpKCKxbxLO5gRA4Aal_k...
0
0

pixel
cm.g.doubleclick.net/ Frame 14D9
Redirect Chain
  • https://beacon.lynx.cognitivlabs.com/adx.gif?google_gid=CAESEEPbYc9DcQqBw9b4dsUBiLY&google_cver=1&google_push=AYg5qPKzN3Nvzbwc0JxXkWUCL95jgJE1Npf9CfaP7EWboide-1pjIJ3OdeQYZpwstWnaPFKf1lk7cZQ3gp5QnBJ...
  • https://cm.g.doubleclick.net/pixel?google_nid=cognitiv&google_hm=akQCPGXgbke4x2sNxcQKlQ&google_push=AYg5qPKzN3Nvzbwc0JxXkWUCL95jgJE1Npf9CfaP7EWboide-1pjIJ3OdeQYZpwstWnaPFKf1lk7cZQ3gp5QnBJkuHp-SJ6sS...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=cognitiv&google_hm=akQCPGXgbke4x2sNxcQKlQ&google_push=AYg5qPKzN3Nvzbwc0JxXkWUCL95jgJE1Npf9CfaP7EWboide-1pjIJ3OdeQYZpwstWnaPFKf1lk7cZQ3gp5QnBJkuHp-SJ6sSKEZNSEAU7rLVzSMUYcvwUFzYskSq4Hx4Kr_b2CgQqodoELE7w
Requested by
Host: ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
URL: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.251.32.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:05 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=cognitiv&google_hm=akQCPGXgbke4x2sNxcQKlQ&google_push=AYg5qPKzN3Nvzbwc0JxXkWUCL95jgJE1Npf9CfaP7EWboide-1pjIJ3OdeQYZpwstWnaPFKf1lk7cZQ3gp5QnBJkuHp-SJ6sSKEZNSEAU7rLVzSMUYcvwUFzYskSq4Hx4Kr_b2CgQqodoELE7w
date
Thu, 27 Jan 2022 10:36:05 GMT
server
Kestrel
content-length
0
pixel
cm.g.doubleclick.net/ Frame 14D9
Redirect Chain
  • https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEKG8orLl5AchsLgP9uFn6xM&google_cver=1&google_push=AYg5qPJweN1CmwM9zGVC7oLK9weBnTQvK8Bhr89rGZInWhUkaXeMw9qvDTe2SSxOdcqLS9cnB0CP2m4Eqg_...
  • https://cm.g.doubleclick.net/pixel?google_nid=onetag_eb&google_hm=google_push=AYg5qPJweN1CmwM9zGVC7oLK9weBnTQvK8Bhr89rGZInWhUkaXeMw9qvDTe2SSxOdcqLS9cnB0CP2m4Eqg_YF0iRjq_KrWUQAQ5XYsR8C-rMXpoojyDWi31...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=onetag_eb&google_hm=google_push=AYg5qPJweN1CmwM9zGVC7oLK9weBnTQvK8Bhr89rGZInWhUkaXeMw9qvDTe2SSxOdcqLS9cnB0CP2m4Eqg_YF0iRjq_KrWUQAQ5XYsR8C-rMXpoojyDWi318ysr-fRheitR4-2VbRwO8Ytf8
Requested by
Host: ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
URL: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.251.32.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:05 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=onetag_eb&google_hm=google_push=AYg5qPJweN1CmwM9zGVC7oLK9weBnTQvK8Bhr89rGZInWhUkaXeMw9qvDTe2SSxOdcqLS9cnB0CP2m4Eqg_YF0iRjq_KrWUQAQ5XYsR8C-rMXpoojyDWi318ysr-fRheitR4-2VbRwO8Ytf8
strict-transport-security
max-age=15552000
cache-control
no-transform, no-cache
content-length
0
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
attr
cm.g.doubleclick.net/pixel/ Frame 14D9
0
12 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IFOOrtaXlf5pnREAJhP8_G15NZW6wHKpBG0Hl9ou1JYwz3LUbzVJtmhiDKoSUz82pigqYrZFg
Requested by
Host: ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
URL: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.32.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:05 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 5BF7
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,regular,700italic
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:820::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://s0.2mdn.net
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 08:30:30 GMT
x-content-type-options
nosniff
age
7535
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15828
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:28 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Fri, 27 Jan 2023 08:30:30 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 06BC
0
23 B
Ping
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuTwlqCLYFuJFwpzAqkffBCQpeekBIm0AH04tPghKDXjh0-bVqfddIjdSKS7QyEl_eAnhzKLP418ZhXzueYe9jgybHP3LsIxSFfVe3g1Ys_WMo6jETVqvAHGqptiMhjZL_TRy7KeMmXIchDGwpxuSihTeHh9E2w3kaGVBCRolmnqlPhSLZgjdVRiKcvnAjv1bglR72rRJNpsuV1EUfvl1sX6RKZsFVf65BxFXYVEL6VA8CGn1ejPWVD31nXdEbeFIUoBWzd85WiNf501e7YdRc0BMPpZ1coo73SILG_O_K6xY2YVrK2s9tP28KBBWJ8m9T_h7m67qP30kykmTvq6JCPTjEUTOP8CwkAuSmvC6_HRBc2YUHS_kocaY9ucel1iM8uZP7bQr3qOK9Iag5CUOgaCq2-tXPqrmAkwva8gmhIPFIgSTVaFZzL9s1qoskcCBFiu6752pBnZ6kgQRz9rb8aVsEUKZqBxgRPNi8Dl1j3_wuWzdvt0Q9CgZM6K5WJ4KMZpITASOJbWgP-L9K5Q-RauGloMIh5nIH_Ip76dVODkHIYKAZ7jyG8D6bnyhHJhC1vgBAvmJ-dfGVNl2xxj_tDAOGkRBUN_Zv0UYun4ExUoVJICgJcjMMBMwlzFiiZE7LfA1-XjRdp3qbJXnV6DBMTRH4SmjkDPFFFekb4bfOVcrWfY5fwF1Tjqqh_YnDNc9wi34HjfgY_SByQ1lHYCNHUrBmNVNYJ0FLfNpXyR9s-d8GW_JhAOQ0XCI1xOqLE2zmxskTcXSRYC_QjvUtinzOxWqmMaGwO9U3a2zDr47j5upkynilkfxpZvDeWc4-Tl_0cSY62-ie1v49EMqLl2K_DehdchUBWfxvvNaeDSqJvxbftMjRpAtjKn7w1EzvQNDmIfJTSpqstaBLkn1fvioWX6BL5aUJ_t6fb4Vd2pHBWpY_j78b0UJ1Yr5w7gCfVASctize-dEqkFQUN6X5jqWecAleIvGL6UBSYnSH-f8cuCKzYyOtcF1KY0ps3UtRXH7GKb_4JqyhEX6SCbijrbdLThC7ZijC9L4NPvJ_ZA8y2KXc2uecC_Q6Twot9-OqGU1XsN45t0-2n3tPOY9JhpeaYhflRagrfqclKK1SVQEHK79IkoxuOsG3h5obemwdq3lndxMSBVjLwhYLO3AsYFxWveJMvlXgxBltW5xhQIE45fzZyitKLnnlp-nS-v7_SpefeOw9E1jCyWj_3&sai=AMfl-YTiS15ZCAK15faSTlb-ESHq9erzar2gVbwzEIw3K2_hRPPKhV5CqPCTPAkgVru4QhQwnXaf-T30fSkRRoGb0vaGp8LwzplSUppHFz6isMPLxtg7BYMkTTyLfNqcJCDqJRSK9fCtOunTIX1HjCUJh9MJKgGX_g-DpfqVcXUmKVLrfCmeokbn&sig=Cg0ArKJSzK0s1XV-TtbNEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=804&vt=11&dtpt=641&dett=3&cstd=159&cisv=r20220125.75289&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s38-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Thu, 27 Jan 2022 10:36:05 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
view
googleads4.g.doubleclick.net/pcs/ Frame 9EA9
0
23 B
Ping
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvX1gUYn54MYpBwjZZ7kJ-ZoYlsLCrlQ6MydUXe0kXEp3ztdCqbf5d7Z2mmrfQfZGydK2CKDjgBO-KHPHkJUE0DbIhwbC6juZ_bWrgFFs9fLxPnbY-C909sbjaKzd3h6K7mvzCwqf3ato5QUPnO8osOtkAjQTWGSYkqiBb2IOaSEW6BVAzkia15l5B7OL8gaT7dKmf9D3ZhxuFP_7As2_i0HoHcF_DYXizHpTR_t0QP1nbcJ1fyTYmhqqELuk1-PrGUcB_JCibu2puAnllSyZn-PgW8c0gqujWaz4qO4klw8WEQdHQKx7sqH3lg8V5-DKHsrI6OCWY4VDH-eulocmmY4LwlFIjvJl1RE4VoSnytFwfiH6EG0yYAFFBDkrCn-cOVcOfhp7BmXGNbTgfhLAfIXNm8yWW1d8tZExhTJozrEZ2pgd_BRye3Tz0DdO8H4JNofqPozm2UVkoqNFXmzolyxp020ZCqiepNnR2jRiwrF4YLWZaSsBlJ2qXCt--vZMw57QlhdQjNrdukQhU4oC0jlcq79-CZd5jwQcrpEo4CSyj0UaXHMcyr5EzurUWxmOBXa1qFtpY5i7cxxs4DHqvmefXEPc9drrBOZzB6gYu_WYVRnD8vw6i5CEzKsyA_dFCWd7YF6J1pdqQATXYzThElMJRlpoZ5uxSlaV8QRSqbZxlRxOckXnZ5bOyQwFVpWN67mmoNWO9n5cBB5ZEL67dcg4L6T-2hgknvMWPb-MhLgWwNe76utCS1QoDDGrbkHweoxCh_GQy-nYS7_wFeOKQdaciCaajd5aThf0_nR1ugTKqqeNL8eiGYclA314BY2cJetuqd7m05oK-ooBtpFDOJROe6zy12GixU4mYvP4z59mu4Lla6Q8k89VobMYaoZonv_3T6lMrTA00oZAF9uUEgR-G23ZCK0jqCmFUMDUBWAzJNZQsiY8sE0tCNJwp79AwxVsFPRGsQ7ZWMi65_J7TgXxP_d8bmoO8sHQFi7JqCT4FeKBuEBoOQlRiekZlSKRylhYIXtUTjTutZIZQy0pfKDhWYMIfwhxQzZXkNFB6dK7Tonlnjq2xDxxPp3N1BzyC8rCHCBMC8B7WdGP5PVlgWvvfcYopdVbA60rwMt1s43IhP8hGDK94Ln94AUGcFVJ2QA6fh32zLzy1ZmtUjpxurCL2j8B40twaOH6hnoiKwHX7nuUq3L4TLbAlpD42-fpACnd3cPP12S5Nz&sai=AMfl-YSiAD7IeTHg4j0MfAHAZW8yDRcLia1fAQtFah1jWyhjVuT3ZSUH3NBRtoytt77MgyePoDsmGZxHjGwdIiOfl0pvFHkqs0u5MC4Ur0EaUz1ie3LBGHamdWRvTyfe5KT063AlaiYaq0yzSZzf51VvmIvFSO1wCbRKBim62O5sB3flGQSRq8V4&sig=Cg0ArKJSzNRaTcXOiv4BEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=790&vt=11&dtpt=542&dett=3&cstd=245&cisv=r20220125.42635&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s38-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Thu, 27 Jan 2022 10:36:05 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
CookieSyncAdX
rtb.adentifi.com/ Frame 12CB
0
88 B
Image
General
Full URL
https://rtb.adentifi.com/CookieSyncAdX?google_gid=CAESEEsEaE14MHOL3w-ivtQqBDo&google_cver=1&google_push=AYg5qPKeX5yND_rlQDSGGrI6rjDmavziqKJ5LJoV3g11DloPYepQoEyoLryKzvPPZ1zKMLSiwUncvaX4pUae4jcqTR_SfsR-bsSt
Requested by
Host: ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
URL: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.208.70.15 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-208-70-15.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Connection
keep-alive
Content-Length
0
Content-Type
text/plain
pixel
cm.g.doubleclick.net/ Frame 12CB
Redirect Chain
  • https://rtb.openx.net/sync/dds?google_gid=CAESEF8UwjpbYSZODR9tt9a_NqI&google_cver=1&google_push=AYg5qPKTJ0WFTSadjH9ZqAjfNkKDT4h4kk1Od7ORpsHX1N5rtUNS8ejndHAtPbZKv335iKi3vK2kDwrmwSJyxxSTeUf-7KcnLDyR
  • https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPKTJ0WFTSadjH9ZqAjfNkKDT4h4kk1Od7ORpsHX1N5rtUNS8ejndHAtPbZKv335iKi3vK2kDwrmwSJyxxSTeUf-7KcnLDyR&google_hm=hKl9POyxwx8PNdUlASPoew==
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPKTJ0WFTSadjH9ZqAjfNkKDT4h4kk1Od7ORpsHX1N5rtUNS8ejndHAtPbZKv335iKi3vK2kDwrmwSJyxxSTeUf-7KcnLDyR&google_hm=hKl9POyxwx8PNdUlASPoew==
Protocol
H3
Server
142.251.32.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:05 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:05 GMT
via
1.1 google
server
Cowboy
access-control-allow-origin
null
vary
Origin
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPKTJ0WFTSadjH9ZqAjfNkKDT4h4kk1Od7ORpsHX1N5rtUNS8ejndHAtPbZKv335iKi3vK2kDwrmwSJyxxSTeUf-7KcnLDyR&google_hm=hKl9POyxwx8PNdUlASPoew==
access-control-expose-headers
cache-control
private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-request-id
8jd9itti5dd52u5u2pr3lo0v7s8lv0kv
pixel
cm.g.doubleclick.net/ Frame 12CB
Redirect Chain
  • https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEK29qslJYrnkCDwMI64QuWc&google_cver=1&google_push=AYg5qPIUWKaDN1BcGPj74A6MfT7nLZpLJ5gqmerXa9b6aLs8ORe64z2H6x-eBevgv2TpvBemzBPLpYvYzEg4m...
  • https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AYg5qPIUWKaDN1BcGPj74A6MfT7nLZpLJ5gqmerXa9b6aLs8ORe64z2H6x-eBevgv2TpvBemzBPLpYvYzEg4mfBsLlr3Iwy5_wjZ&google_hm=b1ZzVW1OZ1QwTGhIaTlN...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AYg5qPIUWKaDN1BcGPj74A6MfT7nLZpLJ5gqmerXa9b6aLs8ORe64z2H6x-eBevgv2TpvBemzBPLpYvYzEg4mfBsLlr3Iwy5_wjZ&google_hm=b1ZzVW1OZ1QwTGhIaTlNWURBcEQ=
Protocol
H3
Server
142.251.32.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:05 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:05 GMT
P3p
CP="We do not support P3P header."
Location
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AYg5qPIUWKaDN1BcGPj74A6MfT7nLZpLJ5gqmerXa9b6aLs8ORe64z2H6x-eBevgv2TpvBemzBPLpYvYzEg4mfBsLlr3Iwy5_wjZ&google_hm=b1ZzVW1OZ1QwTGhIaTlNWURBcEQ=
Cache-Control
no-cache, no-store, must-revalidate
Content-Type
text/html; charset=utf-8
Content-Length
236
Expires
Thu, 01 Dec 1994 16:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 12CB
Redirect Chain
  • https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEKovoFi1oe6aFV5cCP9_MXQ&google_cver=1&google_push=AYg5qPJeQvB_YkItTwDEsImJmEoOfZziE7A8GnyKQV90-rNG2kYURlxN5QD8KKIikWkCgG_pWHLuAcrQiRYWc03B...
  • https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPJeQvB_YkItTwDEsImJmEoOfZziE7A8GnyKQV90-rNG2kYURlxN5QD8KKIikWkCgG_pWHLuAcrQiRYWc03BMu8fVN6KoM_3
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPJeQvB_YkItTwDEsImJmEoOfZziE7A8GnyKQV90-rNG2kYURlxN5QD8KKIikWkCgG_pWHLuAcrQiRYWc03BMu8fVN6KoM_3
Requested by
Host: ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
URL: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.251.32.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:05 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Thu, 27 Jan 2022 10:36:05 GMT
via
1.1 7f59e30d6672b7ea91c10bca6108d29a.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
EWR50-C1
x-cache
FunctionGeneratedResponse from cloudfront
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPJeQvB_YkItTwDEsImJmEoOfZziE7A8GnyKQV90-rNG2kYURlxN5QD8KKIikWkCgG_pWHLuAcrQiRYWc03BMu8fVN6KoM_3
cache-control
no-cache, must-revalidate
content-length
0
x-amz-cf-id
etRAxWWQGj35zNEi8cK4l6f0G5aHZIcOX3zuyAYrOQmL_Nfj0UDt-g==
pixel
cm.g.doubleclick.net/ Frame 12CB
Redirect Chain
  • https://eb2.3lift.com/ebda?sync=1&google_gid=CAESEJ2lB0yMRtvFbZj1igR5_r8&google_cver=1&google_push=AYg5qPKK1tfbPH7yBKYahGTciEjEcsN1kjABYvmFa18IPxYHEBxHiACQbpiIgFhqLxPir19AHGn8hGNXtLjkhBFeo_p0MRz5RXz3
  • https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=0&gdpr_consent=&us_privacy=&google_hm=MzUyMjQ1NTc4MzgxODg4MzU2MzEzMg%3D%3D&google_push=AYg5qPKK1tfbPH7yBKYahGTciEjEcsN1kjABYvmFa18IPxYHEBxHiACQ...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=0&gdpr_consent=&us_privacy=&google_hm=MzUyMjQ1NTc4MzgxODg4MzU2MzEzMg%3D%3D&google_push=AYg5qPKK1tfbPH7yBKYahGTciEjEcsN1kjABYvmFa18IPxYHEBxHiACQbpiIgFhqLxPir19AHGn8hGNXtLjkhBFeo_p0MRz5RXz3
Requested by
Host: ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
URL: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.251.32.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:05 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=0&gdpr_consent=&us_privacy=&google_hm=MzUyMjQ1NTc4MzgxODg4MzU2MzEzMg%3D%3D&google_push=AYg5qPKK1tfbPH7yBKYahGTciEjEcsN1kjABYvmFa18IPxYHEBxHiACQbpiIgFhqLxPir19AHGn8hGNXtLjkhBFeo_p0MRz5RXz3
date
Thu, 27 Jan 2022 10:36:05 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
pixel
cm.g.doubleclick.net/ Frame 12CB
Redirect Chain
  • https://rtb2-useast.torchad.com/sync?exchange=309&google_gid=CAESEMKcF_ZkBAI2XS6KvHHN3y8&google_cver=1&google_push=AYg5qPLYUyJKfMejvXaWStPQRkES9_Nv0ua0vKiGhDwdgqfALMj3yW_E9h_L3brqjvFBOid2KTBO4LIGPv...
  • https://dsp.adkernel.com/adkuid?r=https%3A%2F%2Frtb2-useast.torchad.com%2Fsync%3Fexchange%3D309%26google_gid%3DCAESEMKcF_ZkBAI2XS6KvHHN3y8%26google_cver%3D1%26google_push%3DAYg5qPLYUyJKfMejvXaWStPQ...
  • https://rtb2-useast.torchad.com/sync?adkuid=A8550707361343690447&exchange=309&google_gid=CAESEMKcF_ZkBAI2XS6KvHHN3y8&google_cver=1&google_push=AYg5qPLYUyJKfMejvXaWStPQRkES9_Nv0ua0vKiGhDwdgqfALMj3yW...
  • https://cm.g.doubleclick.net/pixel?google_nid=unmatched_solutions_ltd&google_hm=QTg1NTA3MDczNjEzNDM2OTA0NDc&google_push=AYg5qPLYUyJKfMejvXaWStPQRkES9_Nv0ua0vKiGhDwdgqfALMj3yW_E9h_L3brqjvFBOid2KTBO4...
  • https://cm.g.doubleclick.net/pixel?google_nid=unmatched_solutions_ltd&google_hm=QTg1NTA3MDczNjEzNDM2OTA0NDc&google_push=AYg5qPLYUyJKfMejvXaWStPQRkES9_Nv0ua0vKiGhDwdgqfALMj3yW_E9h_L3brqjvFBOid2KTBO4...
  • https://cm.g.doubleclick.net/pixel?google_nid=unmatched_solutions_ltd&google_hm=QTg1NTA3MDczNjEzNDM2OTA0NDc&google_push=AYg5qPLYUyJKfMejvXaWStPQRkES9_Nv0ua0vKiGhDwdgqfALMj3yW_E9h_L3brqjvFBOid2KTBO4...
  • https://cm.g.doubleclick.net/pixel?google_nid=unmatched_solutions_ltd&google_hm=QTg1NTA3MDczNjEzNDM2OTA0NDc&google_push=AYg5qPLYUyJKfMejvXaWStPQRkES9_Nv0ua0vKiGhDwdgqfALMj3yW_E9h_L3brqjvFBOid2KTBO4...
  • https://cm.g.doubleclick.net/pixel?google_nid=unmatched_solutions_ltd&google_hm=QTg1NTA3MDczNjEzNDM2OTA0NDc&google_push=AYg5qPLYUyJKfMejvXaWStPQRkES9_Nv0ua0vKiGhDwdgqfALMj3yW_E9h_L3brqjvFBOid2KTBO4...
  • https://cm.g.doubleclick.net/pixel?google_nid=unmatched_solutions_ltd&google_hm=QTg1NTA3MDczNjEzNDM2OTA0NDc&google_push=AYg5qPLYUyJKfMejvXaWStPQRkES9_Nv0ua0vKiGhDwdgqfALMj3yW_E9h_L3brqjvFBOid2KTBO4...
  • https://cm.g.doubleclick.net/pixel?google_nid=unmatched_solutions_ltd&google_hm=QTg1NTA3MDczNjEzNDM2OTA0NDc&google_push=AYg5qPLYUyJKfMejvXaWStPQRkES9_Nv0ua0vKiGhDwdgqfALMj3yW_E9h_L3brqjvFBOid2KTBO4...
  • https://cm.g.doubleclick.net/pixel?google_nid=unmatched_solutions_ltd&google_hm=QTg1NTA3MDczNjEzNDM2OTA0NDc&google_push=AYg5qPLYUyJKfMejvXaWStPQRkES9_Nv0ua0vKiGhDwdgqfALMj3yW_E9h_L3brqjvFBOid2KTBO4...
  • https://cm.g.doubleclick.net/pixel?google_nid=unmatched_solutions_ltd&google_hm=QTg1NTA3MDczNjEzNDM2OTA0NDc&google_push=AYg5qPLYUyJKfMejvXaWStPQRkES9_Nv0ua0vKiGhDwdgqfALMj3yW_E9h_L3brqjvFBOid2KTBO4...
  • https://cm.g.doubleclick.net/pixel?google_nid=unmatched_solutions_ltd&google_hm=QTg1NTA3MDczNjEzNDM2OTA0NDc&google_push=AYg5qPLYUyJKfMejvXaWStPQRkES9_Nv0ua0vKiGhDwdgqfALMj3yW_E9h_L3brqjvFBOid2KTBO4...
  • https://cm.g.doubleclick.net/pixel?google_nid=unmatched_solutions_ltd&google_hm=QTg1NTA3MDczNjEzNDM2OTA0NDc&google_push=AYg5qPLYUyJKfMejvXaWStPQRkES9_Nv0ua0vKiGhDwdgqfALMj3yW_E9h_L3brqjvFBOid2KTBO4...
  • https://cm.g.doubleclick.net/pixel?google_nid=unmatched_solutions_ltd&google_hm=QTg1NTA3MDczNjEzNDM2OTA0NDc&google_push=AYg5qPLYUyJKfMejvXaWStPQRkES9_Nv0ua0vKiGhDwdgqfALMj3yW_E9h_L3brqjvFBOid2KTBO4...
  • https://cm.g.doubleclick.net/pixel?google_nid=unmatched_solutions_ltd&google_hm=QTg1NTA3MDczNjEzNDM2OTA0NDc&google_push=AYg5qPLYUyJKfMejvXaWStPQRkES9_Nv0ua0vKiGhDwdgqfALMj3yW_E9h_L3brqjvFBOid2KTBO4...
  • https://cm.g.doubleclick.net/pixel?google_nid=unmatched_solutions_ltd&google_hm=QTg1NTA3MDczNjEzNDM2OTA0NDc&google_push=AYg5qPLYUyJKfMejvXaWStPQRkES9_Nv0ua0vKiGhDwdgqfALMj3yW_E9h_L3brqjvFBOid2KTBO4...
  • https://cm.g.doubleclick.net/pixel?google_nid=unmatched_solutions_ltd&google_hm=QTg1NTA3MDczNjEzNDM2OTA0NDc&google_push=AYg5qPLYUyJKfMejvXaWStPQRkES9_Nv0ua0vKiGhDwdgqfALMj3yW_E9h_L3brqjvFBOid2KTBO4...
  • https://cm.g.doubleclick.net/pixel?google_nid=unmatched_solutions_ltd&google_hm=QTg1NTA3MDczNjEzNDM2OTA0NDc&google_push=AYg5qPLYUyJKfMejvXaWStPQRkES9_Nv0ua0vKiGhDwdgqfALMj3yW_E9h_L3brqjvFBOid2KTBO4...
  • https://cm.g.doubleclick.net/pixel?google_nid=unmatched_solutions_ltd&google_hm=QTg1NTA3MDczNjEzNDM2OTA0NDc&google_push=AYg5qPLYUyJKfMejvXaWStPQRkES9_Nv0ua0vKiGhDwdgqfALMj3yW_E9h_L3brqjvFBOid2KTBO4...
  • https://cm.g.doubleclick.net/pixel?google_nid=unmatched_solutions_ltd&google_hm=QTg1NTA3MDczNjEzNDM2OTA0NDc&google_push=AYg5qPLYUyJKfMejvXaWStPQRkES9_Nv0ua0vKiGhDwdgqfALMj3yW_E9h_L3brqjvFBOid2KTBO4...
0
0

pixel
cm.g.doubleclick.net/ Frame 12CB
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEO9du5EHSTcr3Kkl3gLAwE8&google_cver=1&google_push=AYg5qPKyO-m0ItnldvCREfyDq4Q36nIwL-9aS_ol17-bJ20p-Y6Cz19p29nS7RT65k84AtVHgB...
  • https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1OVVlfeE54RTJ1SGZJRk9Wd2FscFdkUWltTjE0VDIzWX5B&google_push=AYg5qPKyO-m0ItnldvCREfyDq4Q36nIwL-9aS_ol17-bJ20p-Y6Cz19p2...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1OVVlfeE54RTJ1SGZJRk9Wd2FscFdkUWltTjE0VDIzWX5B&google_push=AYg5qPKyO-m0ItnldvCREfyDq4Q36nIwL-9aS_ol17-bJ20p-Y6Cz19p29nS7RT65k84AtVHgBgt50NeO9Qn9nUZ7fiUR6KqV7U7hw
Requested by
Host: ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
URL: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.251.32.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:05 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1OVVlfeE54RTJ1SGZJRk9Wd2FscFdkUWltTjE0VDIzWX5B&google_push=AYg5qPKyO-m0ItnldvCREfyDq4Q36nIwL-9aS_ol17-bJ20p-Y6Cz19p29nS7RT65k84AtVHgBgt50NeO9Qn9nUZ7fiUR6KqV7U7hw
date
Thu, 27 Jan 2022 10:36:05 GMT
server
ATS/9.1.0.33
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
attr
cm.g.doubleclick.net/pixel/ Frame 12CB
0
12 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JUT40VxWrfHjG1VJNdTRNlkrQOc43KVrv6Bts3i2Kx57iqk8OVtMdtPlQlckJgCFBL7hYXxA
Requested by
Host: ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
URL: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.32.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:05 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
TS-Online-EN.png
s0.2mdn.net/sadbundle/10923079013338997224/ Frame 6022
628 KB
629 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/10923079013338997224/TS-Online-EN.png
Requested by
Host: ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
URL: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81f::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1459a4c2d036e9bf1a897002f1e18a3b502c9661bacd06e616bd08d422058dd9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/10923079013338997224/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 24 Jan 2022 11:57:06 GMT
x-content-type-options
nosniff
age
254339
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
643563
x-xss-protection
0
last-modified
Tue, 12 Jan 2021 05:34:57 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 24 Jan 2023 11:57:06 GMT
BitdefenderLogo_white-_2_.png
s0.2mdn.net/sadbundle/10923079013338997224/ Frame 6022
28 KB
28 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/10923079013338997224/BitdefenderLogo_white-_2_.png
Requested by
Host: ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
URL: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81f::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
09390420931de1a5876504eb4ebc8af93bd0464e7837af05c971b8afd33f6dbf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/10923079013338997224/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 24 Jan 2022 11:57:05 GMT
x-content-type-options
nosniff
age
254340
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28426
x-xss-protection
0
last-modified
Tue, 12 Jan 2021 05:34:57 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 24 Jan 2023 11:57:05 GMT
BD2020-SOY-970x250.jpg
s0.2mdn.net/sadbundle/10923079013338997224/ Frame 6022
85 KB
85 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/10923079013338997224/BD2020-SOY-970x250.jpg
Requested by
Host: ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
URL: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81f::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5763acf105aac9c009e2684790d445d1d8c69ffe7c8acf203ea660cf9db94427
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/10923079013338997224/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 24 Jan 2022 11:57:06 GMT
x-content-type-options
nosniff
age
254339
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
87231
x-xss-protection
0
last-modified
Tue, 12 Jan 2021 05:34:57 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 24 Jan 2023 11:57:06 GMT
TS-Online-EN.png
s0.2mdn.net/sadbundle/10923079013338997224/ Frame 031E
628 KB
629 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/10923079013338997224/TS-Online-EN.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10923079013338997224/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81f::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1459a4c2d036e9bf1a897002f1e18a3b502c9661bacd06e616bd08d422058dd9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/10923079013338997224/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 24 Jan 2022 11:57:06 GMT
x-content-type-options
nosniff
age
254339
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
643563
x-xss-protection
0
last-modified
Tue, 12 Jan 2021 05:34:57 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 24 Jan 2023 11:57:06 GMT
BitdefenderLogo_white-_2_.png
s0.2mdn.net/sadbundle/10923079013338997224/ Frame 031E
28 KB
28 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/10923079013338997224/BitdefenderLogo_white-_2_.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10923079013338997224/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81f::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
09390420931de1a5876504eb4ebc8af93bd0464e7837af05c971b8afd33f6dbf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/10923079013338997224/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 24 Jan 2022 11:57:05 GMT
x-content-type-options
nosniff
age
254340
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28426
x-xss-protection
0
last-modified
Tue, 12 Jan 2021 05:34:57 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 24 Jan 2023 11:57:05 GMT
BD2020-SOY-970x250.jpg
s0.2mdn.net/sadbundle/10923079013338997224/ Frame 031E
85 KB
85 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/10923079013338997224/BD2020-SOY-970x250.jpg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10923079013338997224/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81f::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5763acf105aac9c009e2684790d445d1d8c69ffe7c8acf203ea660cf9db94427
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/10923079013338997224/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 24 Jan 2022 11:57:06 GMT
x-content-type-options
nosniff
age
254339
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
87231
x-xss-protection
0
last-modified
Tue, 12 Jan 2021 05:34:57 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 24 Jan 2023 11:57:06 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 02E6
0
23 B
Ping
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvl_XSollUx0a4eIdAY4sC80zrg9_d3u0nLQgVOTGCSxokqajH6asuPKDns8D7PZiXuU11797suOWimjBn1x1IsoCq-vBQLKg1TRSpM_2DtPkPq64KeR8T6Nq-cSqu8ezTrjIa8uQwwIeJWHKYJ27Hax-AAOvwi2VEICMQpIEDLZfhK8XhWr5nRi4YYav6pXrFuxDytrToOYII3hKEc4tzMTqDpyuiyX2xNfdpdnHxqPFywCRw9xt08NKSRyzZbeML3BARH3XysJMd5YhCDtsnFK1FD1dHwm9wqQUbZy350dIz8DFNLk74Kpm7vX0HyZxooCTvM2XlVpNHtLj2TFD9wvmiCjoIXxo6ZiZiS7GLFW0BvQGFVB2hw6qVvzj1U0OhkqNkGy578tMiaMl-dUQ618b8evksh-P5Wn5Dh5cvBYeNIYwJYqqzbSmvToe7q6OfuY_0HD0sogY0s1BSeBYZSxo5xDmbr2fdie7JirGB2cYk-wPFb4tzLoO4cmlZ1wdWSFFKMiwA59lyZHoqDz_EUZGkJbeWxHytHiNCOXQbL7gsjioi4jgZ0iO6XarEDPn1lFR45p39E-ymAHke2iaw364FIlhp2b0hIc9hPWXKRTEB4wKmEo-N29SY-9AK9S5mIe4CuPVEJWFnPeAjd9hnF1b0-gH1pgshWVqPSus61mqRPNo0dXCH3BFueaTMttVME5UqFJtW35CCUc-LJk9LUt2Fi4kOYkVliUAfS4kg6FOqz5eCScSMYJOXgi4zWU0O0dxOKpLT1K-_T9jrIeI_tJHdSEHuZBuoM1akjRSTWtGDdirdQKfNWfMcqd8JzHzOsuZ1LKlZ1PBy9AgcgAw9KHMu3yllp_R8OftE1lbXuoQ-ZeZxdFKo_xmfb6E2Hq1ZmqqFMgheC-AlQSrJZAalrGiDiw-JJVNaaneIAVLeGFPNNRuBrJ2XQcJABBmZzvG7df4GurPVxp3R4D6GbOXud_oG0kkeu-ivaKmuUvFwkeAvplta9kEHwjv1PwKLDlC04GKey0YT4YahgBe6lguNp3QuwJ6WJtHR3Lef4G1rQE8y2RV5GLWae-WOWrTpajmwVF1MmKqefvk2aMc_OteoZ60E8FhAsv3wLAeBWptEC-imH43dhEr_ht4nuJnpe0a_XA5CRLzuhPmS-ymeH669d2Yubws-djVDXQXRv_8EoxtKehBVohJvB6Y2RTCnHrNs-NvnGNyg&sai=AMfl-YQewbl12RuFoujZ-Q9B1ZDIhAcrjcqD93pJ_UrMEDHopCwPkP_1sYGd27SN1O0-bzIraqeCL-Xq04XvEfN3DVpB1lOKoQh8wc-m0Xl5fJuz33ofbuftqvLZin0jG9Jz6oAt49BHeuBXoC3ks6bn3F4oj0mg_3mjjcmMM05ksbAZWMBo0zp6&sig=Cg0ArKJSzCiqupy_-YBjEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=789&vt=11&dtpt=466&dett=3&cstd=321&cisv=r20220125.54385&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=
Requested by
Host: dl-file.com
URL: https://dl-file.com/g6zkpczghqdr/Banks_2012_Chevy131217.rar.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s38-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Thu, 27 Jan 2022 10:36:05 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
rum
dsum-sec.casalemedia.com/ Frame E973
Redirect Chain
  • https://ad.turn.com/r/cs?pid=21
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=4331370182010635377
43 B
1 KB
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=4331370182010635377
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?gdpr=0&gdpr_consent=&d=https://dl-file.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
23.54.68.240 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-54-68-240.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:05 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 27 Jan 2022 10:36:05 GMT

Redirect headers

location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=4331370182010635377
pragma
no-cache
date
Thu, 27 Jan 2022 10:36:05 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
rum
dsum.casalemedia.com/ Frame E973
Redirect Chain
  • https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1
  • https://casale-match.dotomi.com/match/bounce/current?DotomiTest=12394d381ea608f0&is_secure=true&networkId=19998&version=1
  • https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=AAADLIc50Ls_9gN1T4xLAAAAAAA&expiration=1643366166&is_secure=true
43 B
2 KB
Image
General
Full URL
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=AAADLIc50Ls_9gN1T4xLAAAAAAA&expiration=1643366166&is_secure=true
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?gdpr=0&gdpr_consent=&d=https://dl-file.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
23.54.68.240 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-54-68-240.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:06 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 27 Jan 2022 10:36:06 GMT

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:06 GMT
server
nginx
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
location
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=AAADLIc50Ls_9gN1T4xLAAAAAAA&expiration=1643366166&is_secure=true
cache-control
no-cache, private, max-age=0, no-store
content-length
0
expires
0
rum
dsum-sec.casalemedia.com/ Frame E973
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-Z8PuJEk6U7Hyq.gif?idmatch=0
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=0&external_user_id=aujW0WvsidBx6YnVP7udh2W909Zx7oDbP70qjCXw
43 B
1 KB
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=0&external_user_id=aujW0WvsidBx6YnVP7udh2W909Zx7oDbP70qjCXw
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?gdpr=0&gdpr_consent=&d=https://dl-file.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
23.54.68.240 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-54-68-240.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:05 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 27 Jan 2022 10:36:05 GMT

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:05 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=0&external_user_id=aujW0WvsidBx6YnVP7udh2W909Zx7oDbP70qjCXw
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame E973
Redirect Chain
  • https://um.simpli.fi/pm_match?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=$UID
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=40B9F463736C486D959A5DD2CDD1535E
43 B
1 KB
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=40B9F463736C486D959A5DD2CDD1535E
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?gdpr=0&gdpr_consent=&d=https://dl-file.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
23.54.68.240 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-54-68-240.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:05 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 27 Jan 2022 10:36:05 GMT

Redirect headers

date
Thu, 27 Jan 2022 10:36:05 GMT
x-content-type-options
nosniff
server
nginx
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=40B9F463736C486D959A5DD2CDD1535E
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
138
expires
Wed, 26 Jan 2022 10:36:05 GMT
crum
dsum-sec.casalemedia.com/ Frame E973
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=ae5661f2-7593-4600-a67e-b76a480711f0
43 B
1 KB
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=ae5661f2-7593-4600-a67e-b76a480711f0
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?gdpr=0&gdpr_consent=&d=https://dl-file.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
23.54.68.240 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-54-68-240.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:05 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 27 Jan 2022 10:36:05 GMT

Redirect headers

Date
Thu, 27 Jan 2022 10:36:05 GMT
Server
MT3 4133 baa842e master iad-pixel-x32 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=ae5661f2-7593-4600-a67e-b76a480711f0
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Thu, 27 Jan 2022 10:36:04 GMT
CookieIndex
rtb.adentifi.com/ Frame E973
0
88 B
Image
General
Full URL
https://rtb.adentifi.com/CookieIndex
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?gdpr=0&gdpr_consent=&d=https://dl-file.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.208.70.15 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-208-70-15.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Connection
keep-alive
Content-Length
0
Content-Type
text/plain
rum
dsum-sec.casalemedia.com/ Frame E973
Redirect Chain
  • https://dmp.brand-display.com/cm/api/index?cm_dsp_id=191&cm_user_id=%3CIndex_user_id%3E
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=191&expiration=63072000&external_user_id=b4341328-7fd7-d81d-2845065f
43 B
2 KB
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=191&expiration=63072000&external_user_id=b4341328-7fd7-d81d-2845065f
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?gdpr=0&gdpr_consent=&d=https://dl-file.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
23.54.68.240 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-54-68-240.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:06 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 27 Jan 2022 10:36:06 GMT

Redirect headers

date
Thu, 27 Jan 2022 10:36:05 GMT
server
nginx/1.20.2
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=191&expiration=63072000&external_user_id=b4341328-7fd7-d81d-2845065f
p3p
CP='This is not a P3P policy!'
access-control-allow-origin
*
cache-control
max-age=3600
content-type
text/html; charset=utf-8
content-length
146
htw-pixel.gif
js-sec.indexww.com/ht/ Frame E973
43 B
425 B
Image
General
Full URL
https://js-sec.indexww.com/ht/htw-pixel.gif?YfJ1k4fAXGcl1AX3NhIYCAAA%26119
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?gdpr=0&gdpr_consent=&d=https://dl-file.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.54.68.240 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-54-68-240.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 10:36:05 GMT
Last-Modified
Tue, 24 Jan 2017 19:36:04 GMT
Server
Apache
ETag
"902a3d-2b-546dc3a097100"
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=2802
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
image/gif
Content-Length
43
Expires
Thu, 27 Jan 2022 11:22:47 GMT
qgJV3VdNHF0UKJqll0M35s3ByNUeqPDUArL6SI-1xSU.js
pagead2.googlesyndication.com/bg/ Frame 80BE
35 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/qgJV3VdNHF0UKJqll0M35s3ByNUeqPDUArL6SI-1xSU.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
aa0255dd574d1c5d14289aa5974337e6cdc1c8d51ea8f0d402b2fa488fb5c525
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Tue, 25 Jan 2022 15:41:55 GMT
content-encoding
br
x-content-type-options
nosniff
age
154450
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13761
x-xss-protection
0
last-modified
Mon, 24 Jan 2022 14:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 25 Jan 2023 15:41:55 GMT
qgJV3VdNHF0UKJqll0M35s3ByNUeqPDUArL6SI-1xSU.js
pagead2.googlesyndication.com/bg/ Frame 1062
35 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/qgJV3VdNHF0UKJqll0M35s3ByNUeqPDUArL6SI-1xSU.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
aa0255dd574d1c5d14289aa5974337e6cdc1c8d51ea8f0d402b2fa488fb5c525
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Tue, 25 Jan 2022 15:41:55 GMT
content-encoding
br
x-content-type-options
nosniff
age
154450
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13761
x-xss-protection
0
last-modified
Mon, 24 Jan 2022 14:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 25 Jan 2023 15:41:55 GMT
TS-Online-EN.png
s0.2mdn.net/sadbundle/16862631110216872732/ Frame 5BF7
628 KB
629 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/16862631110216872732/TS-Online-EN.png
Requested by
Host: ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
URL: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81f::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1459a4c2d036e9bf1a897002f1e18a3b502c9661bacd06e616bd08d422058dd9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/16862631110216872732/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 24 Jan 2022 15:16:03 GMT
x-content-type-options
nosniff
age
242402
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
643563
x-xss-protection
0
last-modified
Tue, 12 Jan 2021 05:34:56 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 24 Jan 2023 15:16:03 GMT
BitdefenderLogo_white-_2_.png
s0.2mdn.net/sadbundle/16862631110216872732/ Frame 5BF7
28 KB
28 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/16862631110216872732/BitdefenderLogo_white-_2_.png
Requested by
Host: ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
URL: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81f::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
09390420931de1a5876504eb4ebc8af93bd0464e7837af05c971b8afd33f6dbf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/16862631110216872732/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 24 Jan 2022 15:16:03 GMT
x-content-type-options
nosniff
age
242402
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28426
x-xss-protection
0
last-modified
Tue, 12 Jan 2021 05:34:56 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 24 Jan 2023 15:16:03 GMT
BD2020-SOY-728x90.jpg
s0.2mdn.net/sadbundle/16862631110216872732/ Frame 5BF7
24 KB
24 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/16862631110216872732/BD2020-SOY-728x90.jpg
Requested by
Host: ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
URL: https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81f::2006 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
00de3a8b534ab3f1eb3e62ef737340a791f5c4408cf651563d441ccb62d6d3da
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://s0.2mdn.net/sadbundle/16862631110216872732/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Mon, 24 Jan 2022 15:16:03 GMT
x-content-type-options
nosniff
age
242402
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24679
x-xss-protection
0
last-modified
Tue, 12 Jan 2021 05:34:56 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 24 Jan 2023 15:16:03 GMT
cs&eq_cc=1
um2.eqads.com/um/ Frame 05DD
Redirect Chain
  • https://um2.eqads.com/um/cs
  • https://um2.eqads.com/um/cs&eq_cc=1
186 B
370 B
Document
General
Full URL
https://um2.eqads.com/um/cs&eq_cc=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?gdpr=0&gdpr_consent=&d=https://dl-file.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.45.237.203 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-237-203.compute-1.amazonaws.com
Software
/
Resource Hash
bd41a6f17c801b2b45b08f96d3548a9168d9179d67f409142a349467978e59b1

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/

Response headers

date
Thu, 27 Jan 2022 10:36:05 GMT
content-type
text/html; charset=utf-8
content-length
186
cache-control
no-cache, must-revalidate
expires
Sat, 6 May 1995 12:00:00 GMT
last-modified
Thu, 27 Jan 2022 10:36:05 GMT
pragma
no-cache

Redirect headers

date
Thu, 27 Jan 2022 10:36:05 GMT
content-type
text/html; charset=utf-8
content-length
41
location
/um/cs&eq_cc=1
qgJV3VdNHF0UKJqll0M35s3ByNUeqPDUArL6SI-1xSU.js
pagead2.googlesyndication.com/bg/ Frame 139D
35 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/qgJV3VdNHF0UKJqll0M35s3ByNUeqPDUArL6SI-1xSU.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
aa0255dd574d1c5d14289aa5974337e6cdc1c8d51ea8f0d402b2fa488fb5c525
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Tue, 25 Jan 2022 15:41:55 GMT
content-encoding
br
x-content-type-options
nosniff
age
154450
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13761
x-xss-protection
0
last-modified
Mon, 24 Jan 2022 14:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 25 Jan 2023 15:41:55 GMT
img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame BFE3
Redirect Chain
  • https://dis.criteo.com/dis/usersync.aspx?r=17&p=32&cp=adscale&url=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D40%26tpuid%3D%40%40CRITEO_USERID%40%40&u...
  • https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=f095fa86-630b-46c9-a5e8-a56131072114&gdpr=0
49 B
590 B
Image
General
Full URL
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=f095fa86-630b-46c9-a5e8-a56131072114&gdpr=0
Requested by
Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol
H2
Server
18.196.233.14 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-233-14.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ih.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:06 GMT
p3p
CP=NOI PSA OUR
content-length
49
content-type
image/gif

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:05 GMT
server
Kestrel
x-errorlevel
0
strict-transport-security
max-age=31536000; preload;
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=f095fa86-630b-46c9-a5e8-a56131072114&gdpr=0
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
1622781
content-length
0
expires
Thu, 27 Jan 2022 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ Frame 00A9
156 B
142 B
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F6928793%2Fdl-file-61deae48ca228%2Fdl-file-Instream-Nova1-61deb1e5bceba&description_url=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&env=vp&correlator=310684725591374&tfcd=0&npa=0&gdfp_req=1&output=xml_vast4&sz=1x1%7C400x300%7C640x480&unviewed_position_start=1&cust_params=prmsig%3Dwypjsl&sdkv=h.3.496.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&u_so=l&ctv=0&gdpr=0&addtl_consent=1~2090.2970.46.1375.66.70.7.1317.2526.1843.122.440.1703.1896.1097.1022.1799.184.196.202.89.2328.1998.1215.229.229.338.505.2135.2213.1799.326.1449.2993.1025.371.960.1024.1027.1902.1034.1127.1468.2567.486.2631.494.1033.585.1456&sdki=44d&adk=434523329&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.496.0&sid=C4FE7F50-6A2A-4889-8810-3AA686529680&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY8JDt2OkvRQAAAAA%3D&nel=0&eid=44737475%2C44747319%2C44750824&top=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&url=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&dt=1643279765981&cookie=ID%3Dccc26834f13feb65%3AT%3D1643279763%3AS%3DALNI_MYGs94k2eBDjNrPy-3gUCftsVfnbA&scor=1705084118361780&ged=ve4_td3_tt1_pd3_la3000_er773.-1800.923.-1500_vi0.0.1200.1600_vp0_ts1_eb16491
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.496.0_en.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
cafe /
Resource Hash
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:06 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
113
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://imasdk.googleapis.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame 05DD
43 B
1 KB
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=40&external_user_id=b558985a-6ce2-4141-a6ec-eebbd6308878&expiration=1651055765
Requested by
Host: um2.eqads.com
URL: https://um2.eqads.com/um/cs&eq_cc=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.54.68.240 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-54-68-240.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://um2.eqads.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:06 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 27 Jan 2022 10:36:06 GMT
img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame BFE3
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=26&redir=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D39%26tpuid%3D%5BMM_UUID%5D&uid=d56c572e0d5f0689792f842d...
  • https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=ae5661f2-7593-4600-a67e-b76a480711f0&gdpr=0&gdpr_consent=
49 B
611 B
Image
General
Full URL
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=ae5661f2-7593-4600-a67e-b76a480711f0&gdpr=0&gdpr_consent=
Requested by
Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol
H2
Server
18.196.233.14 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-233-14.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ih.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:06 GMT
p3p
CP=NOI PSA OUR
content-length
49
content-type
image/gif

Redirect headers

Date
Thu, 27 Jan 2022 10:36:06 GMT
Server
MT3 4133 baa842e master iad-pixel-x29 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=ae5661f2-7593-4600-a67e-b76a480711f0&gdpr=0&gdpr_consent=
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Thu, 27 Jan 2022 10:36:05 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 06BC
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvkmKSqFLGGveYZPkw87ZlY5KY_kOPsYg3S7G8jw9lxPaLzSEuYrs4czIcfa-hXO5nytSh50Bs7x34huCwknk7UCU6d5H1zSLMO_dj9t0KP6TmuOsw&sai=AMfl-YQWe3l8CDk35L0gQaYwJNeepize_2FgJ_2oSoLExVd13czkYFiWaTbXjcbgHAMc5y30kEDI00ZxxfWYgTSDQmrlbcIJix8avHzcowq8Z3tCIpeYWIpDiWFv8Zml&sig=Cg0ArKJSzMsnCXq7wk7gEAE&cid=CAASEuRoej8iBzNhljOKGV52rM5-TQ&id=lidar2&mcvt=1016&p=522,315,772,1285&mtos=1016,1016,1016,1016,1016&tos=1016,0,0,0,0&v=20220126&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=207380197&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1643279764597&rpt=515&isd=0&lsd=0&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:06 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 9EA9
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuweHPe2pJB1h74gjXkYElOh1_n7diLAAIUgBKNoAONiHViiWLd1C9wS8Z2If4-3CVltP0sy4SzY6vS6Hq4PlCTBqUkzw19l_s6sHuoVNZQmkRkTIk&sai=AMfl-YRX53DT1plvGTfQeuHJd5bEJk2SiBk3ZAlarDr00ykItTXL6-PTC0HABVKmgdeele36N26cQMXXTxHv8-1Mz8_Fs5GuGtq3hgYCSH69ryu-dLG83FuLO0PzJ2jb&sig=Cg0ArKJSzNf6mxnE3W5vEAE&cid=CAASEuRoBTQ5MpO6tYpk7ehPmPOW4g&id=lidar2&mcvt=1046&p=1003,315,1253,1285&mtos=0,1046,1046,1046,1046&tos=0,1046,0,0,0&v=20220126&bin=7&avms=nio&bs=0,0&mc=0.79&if=1&app=0&itpl=20&adk=2335164498&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1643279764607&rpt=579&isd=0&lsd=0&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:06 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
img
ih.adscale.de/sium/12c4aab3da0a4f36a6cbbd4aff29f584/1643279764267/0/ Frame BFE3
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_sc&uid=ddc7a76ba96ed0b365c1599160272d5e2631dc373fa5f0014f95d8b6f422fdb9&tpid=38&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F12c...
  • https://ih.adscale.de/sium/12c4aab3da0a4f36a6cbbd4aff29f584/1643279764267/0/img?uid=ddc7a76ba96ed0b365c1599160272d5e2631dc373fa5f0014f95d8b6f422fdb9&tpid=38&gdpr=0&tpuid=CAESEAXJpR-r_xPRLil-2qhwYn0...
49 B
630 B
Image
General
Full URL
https://ih.adscale.de/sium/12c4aab3da0a4f36a6cbbd4aff29f584/1643279764267/0/img?uid=ddc7a76ba96ed0b365c1599160272d5e2631dc373fa5f0014f95d8b6f422fdb9&tpid=38&gdpr=0&tpuid=CAESEAXJpR-r_xPRLil-2qhwYn0&google_cver=1
Requested by
Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol
H2
Server
18.196.233.14 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-233-14.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ih.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:06 GMT
p3p
CP=NOI PSA OUR
content-length
49
content-type
image/gif

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:06 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ih.adscale.de/sium/12c4aab3da0a4f36a6cbbd4aff29f584/1643279764267/0/img?uid=ddc7a76ba96ed0b365c1599160272d5e2631dc373fa5f0014f95d8b6f422fdb9&tpid=38&gdpr=0&tpuid=CAESEAXJpR-r_xPRLil-2qhwYn0&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
424
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 02E6
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssoZF5H5QNEHPCFSTsWMzVIgYqgMCyBonoXyvkgwTYzRJj--EgHfc26l6lEC6JZ7WC8gx2cVvkh0iOgtujFhQ9T9nFA74rgYrK_ybOtuv6cTkt59AQ&sai=AMfl-YQmpPurqE2cVXL5NNHQjh81Yum3ZOUUWyFSvuDRvF4NYcaV8zCyGCDMjbfq2vnsxxI90EbVVfwIwsyttx_ogPv51rQHs3eTTnqCxkJPycF3699fkoGsLrk5bjot&sig=Cg0ArKJSzKjP5meiHwmUEAE&cid=CAASEuRoi9TjJ5tQXl5rNVtOJcvo6Q&id=lidar2&mcvt=1032&p=1110,436,1200,1164&mtos=1032,1032,1032,1032,1032&tos=1032,0,0,0,0&v=20220126&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=3545966803&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1643279764592&rpt=785&isd=0&lsd=0&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:06 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 80BE
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BC85ElHXyYZ7JMMnEzgX_yZ2QBwAAAAA4AeAEAg&bg=!AgGlAUXNAAY6OBv_Ojg7ACkAdvg8WmEvUcwwzTzffbjYs0m3-MdJH79GhAG4CPxk3eFetJ8g5RH9uwIAAAHgUgAAAAloAQeZAveMX2axPVOmfo4Mcd_ufEyoWx_jAXUWa9tnvhqRbYp0tEolxXw6sn3ntEak3oN-JdbsUz-N4DRv0ADXcrJGwqZi--8nbAvxLHGVirzM2BjapO9H3HNpO4FsBXVIRFpAIWs1Z5GyR0bxCXB22LzGu5AGjo1DjMnUGzivfv6FGyfK7NsQgw2Sjc7bra8w2Xw5yD7lpvEpqj8Pw5V_fd7GITjFKZOfSalorXT3lzyu3xf78vngAQgq3KuAERWSdhGZV2lvQATpYfaoC6rzM2yen7QjG64lIwVfRL0legIUtQY4pUeh5K7tq1NKyasM9nbKOGsRFWNJEpQfWoi7qdxICqoQiIgM6MR1SLTH8pvNju0VJV7I1dkFB1_RrATjEaUoo15fJvh7BTjsd8zF_D_gnqTQlM7T7ZfRKwGKnHeg0DI4FEB4VYW2hy4-SADV7zcyKzS_QB55ghWXEjcVwXuxrDla2XwdZ6ZcyoWyDPAnpB_MP7vPdSWwhLUyLe1vxjG95QJzdQtm158aDSQzpAvLaqvAItkpo_nKegnue1Qdma4eLfKUn4_xmzHMO45QLJb_aGJYqrEiL3Pe6YH9n-UD7ctJt3a-xQgAeOXlT3D-Deoa5uNMc2WpWaNc_nu-GGbsZy92MIA_6qM4eD8mQSd0IxtTJ2UyjP4R397EQ4Zamg19p4DccigpOf8Eukhcgylicg3oUQM8os_HYXPEv316gt0RHNHZjrUkxj6P6QdduIUaCuiI3HvKC6B0nVao_LB249AaDWIsa96SsH5hE9a9vx2vZwQx0kfoJ7uHXrpR_pmIlQUL3tRCOTzGxl-0LrrdUGG3wziqK8T_ezvj1vicuKLUEuWgpypc6hcsonZH4PctZJ9VjfRKVyjmKlmWbIMGvxKk1wsPqq5k50eJrXyWExSdNpbiu8ukqD2QMJtIXBjTSgXWM0gWI_hoelGeVCqZNaPFelkGtz5aYmyVju6zmvndcw4Xkz-6A2pOxXsTU6nDXXfAyFQXq2s
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:06 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 139D
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bu9pvlHXyYbyBMtmToPMPq6KM6AgAAAAAOAHgBAI&bg=!g4ClgMTNAAY6OBv_Ojg7ACkAdvg8WkVBcVDTI0dx-En3vsU3n2Qnmrznu-qz5gp6RVP6y_r09ZbSXAIAAAHlUgAAAApoAQcKAAf3FexJlFL3mQM9L-34AMfRJRKbiBsNNUGek6Mw5AgSON4ZSoUYM2BC1vC3C_njSowdsI4kfDxWEizuieQ52Z0k8ZkBHORAc7LtUgEjua7PRBBnb6dzwrpxt9LU9mh_73b2p0XLZeDhYNPm7NENSFOft1PMVsbTSPPQvWr459v7qcscJNIZYbjMRYOLSO0hCfQ1DG9mmlUsaZzhU17eMi91E8fknKgwugpaUfr_vQUG1FRXXW0kwZHsoWtBzvPdz3lPoj8aIEYeaBsaF_3-kItSgRwFHVZyDD1Xe3zdtvyXDE58m6TwueVpMFJ3MdlPxfd71eIl29ymSlnS1kqaDZ7FTKKmUSHOyyhUVxPjZRtVXCFAuXtwUZTxXqfQZD6zoYWAqELNNq1WjwXAydTxWhJmz_OKCoQ7mgqzYLNqFeP8adcdPL9d4hDujgmlbOK9e-e4recsL4hKt11wId_fekc-2aKriF0P9Pk0BZ31AhC2buDZAPGRnD8e4QELEZRvV-9Iw_z8vSCvg9GEcQbiRft2cLu4sIgUlH8SBjrNaHoxsk9x2FstTvj3kl55AUoVsnbvgO7_6bEjL1tBXpdRbE0c_Nd5LhiwJm-lf-bIjKlvKAr3fx2MqzrE4R69bR50LlFkH9yWYT-7Q5vozCNmJspa72eSJu6WnYvbTM9w1byXX9K0jjC80kbksY36YOLpApslp6JjYg6eyfqZXU1w4g26C2ot4nsDCAr_frWM0XfdDGcmwsHniTxYXTV5sXDS3U94I8QZDQK1jwx1qvs94FYWOa4EwxIqJgdfl1axPIGzKdmyqikIDdouIvcDiiMztsLAE5ZFuGOi9Dh81s5wlWVWp8AT94i71yh4HIIaXOrYkU--F8qe4zhLgF8z1dToH4Q60WTIuwFWbDWW-x7fUUTqCph6-9Goh-Ny9VvpGkDGV0wUTH_L6CT7BYbjdNXBKOUWCaO8B1dktPWKa_-YVjD9PkJQe2WnfoyF-Ja7Jz6E0Krh3MpxIuAZngGRcf5XNApJw2bFjFEx2XvrawbcBwpgkRBZ1DXAniePdm7yARJRCdcyZxdTEmlUJutD3FPp-3W20Qtf8HhKzKj8qXK_Y0hPb6lxhEENkQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:06 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 1062
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BEY4GlHXyYZrxMPaKoPwPqJmrwAoAAAAAOAHgBAI&bg=!1tWl1ZHNAAY6OBv_Ojg7ACkAdvg8WthtQY46Y47N9EZZMofGisy11UGVgNhEsMc_4Ijm2_vy8YnfOwIAAAHRUgAAAAloAQeZAxTXcZdIfWf7VJMQPHe2Qgo7bpUWkGZ0yfjidtLyQPxg-pvLPLl_KOktB7_2lqr26BoFnJrIo2R-BrnUBW0v64ZDn1ydpY0OxIZn_irjGB0WtZPGRAsvF6gxCB7nTjpwmAVkZNosSUKhMgSF5kWN2MvTXJcHly-REwYEwdskmmp6CvQ68HMyb3wKVFnKZfq7DGl_z4nSYkRIrWDnTSuMhwhDzNwUd5lHSZJZqV0d_ATaCbRhKRVVljcw7bLPXK1LoraRc2aG3cqRANxL-pqeZd73LgE877zrMZlH-Yoarqih3m1E5mS4BoH3XdAub3e-b5n2Rw_MI28hn-7ZnN0nNz2OgaxC8yizg9sxkJ8EMsTfTX9KIVbikwLh8PtMat8ytHSEDJnVspl_i436DuJhDJZddSZMSaV7jAIUqwMq401mnEr9nnAMeKvvQpoALDSsMPMNp5GfpVaiNJBwt0QPepmCi-MA7n9TeYwZNnMalTD0C3CXTedF5H3L2TQt_dFOZRSmP9lNSUkDjVHv3fkv6Mq0aMYe8BAET-Q_vhrWUxUsT0ZJMcudUtYO0BGLewaiXQAnG-2o0_zFhmIWVPyWVaWE8n3j3JouB5BuchswfU_W_uxTOQwf-c7U8s8BX_4UoYTsJeWmkPNQJUPbHKi176T1Hmj4vtxhw_QoJE9jBkDmdTKdjXDqczVcMz5ZlxYzPOAnt1wlED3rXUEO7C6LMSzZ8bICrYQ_Z1xwzk3KC-ZMLHcJei55kjF7MpdLtWkTog5f0UMvjy4-icZ54449IeiLV1oPWsd5QTdv6BQCgwR7XpAa2HvrbRm9vI33degiYOi0bdZDSQiKZ4I2dS6CCdLqV4kOQ1Tp3tOtMer1J5qWd7FJfvYHD3NTxnut28OF2mR7WcUVUP2p3fKODhj5k4k8-G75mGJkbGYTCNvAMsGA6SpQU0i5mNawWpmkRvmf444Q7kwjE6kn8tP3tUK98bPbrZCHRe0Ew6zhQ1FbBmfktmfTMrGvm6-bnce-RuypZNU06pu8iVszlywLszExpTf9c3kT2g
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:06 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
img
ih.adscale.de/sium/12c4aab3da0a4f36a6cbbd4aff29f584/1643279764267/0/ Frame BFE3
Redirect Chain
  • https://adscale-emea.adnxs.com/getuid?https%3A%2F%2Fih.adscale.de%2Fsium%2F12c4aab3da0a4f36a6cbbd4aff29f584%2F1643279764267%2F0%2Fimg%3Ftpid%3D75%26tpuid%3D%24UID&gdpr=0
  • https://ih.adscale.de/sium/12c4aab3da0a4f36a6cbbd4aff29f584/1643279764267/0/img?tpid=75&tpuid=8076697769768775013&gdpr=0
49 B
640 B
Image
General
Full URL
https://ih.adscale.de/sium/12c4aab3da0a4f36a6cbbd4aff29f584/1643279764267/0/img?tpid=75&tpuid=8076697769768775013&gdpr=0
Requested by
Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol
H2
Server
18.196.233.14 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-233-14.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ih.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:07 GMT
p3p
CP=NOI PSA OUR
content-length
49
content-type
image/gif

Redirect headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:06 GMT
X-Proxy-Origin
149.56.153.184; 149.56.153.184; 864.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
95b765aa-7194-4c01-9fe6-9b766c625a6d
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://ih.adscale.de/sium/12c4aab3da0a4f36a6cbbd4aff29f584/1643279764267/0/img?tpid=75&tpuid=8076697769768775013&gdpr=0
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
ptrack
a.audrte.com/ Frame 8038
368 B
881 B
XHR
General
Full URL
https://a.audrte.com/ptrack?arlocation=149.56.153.184&p=M1353665098&artime=2022-01-27T10:36:06.909Z&arlocation=YWRzLnVzLmUtcGxhbm5pbmcubmV0L3VzcGQvMT9jdD0xJmR1PWh0dHBzJTNBJTJGJTJGc3luYy5jb25zb2xlLmFkdGFyZ2V0LmNvbS50ciUyRmNzeW5jJTNGdCUzRGElMjZlcCUzRDMwNzQ0MiUyNmV4dHVpZCUzRCUyNFVJRA==&gdpr=0&gdpr_consent=null&gdpr_version=1&arreferer=cy5jb25zb2xlLmFkdGFyZ2V0LmNvbS50ci8=
Requested by
Host: a.audrte.com
URL: https://a.audrte.com/ptag?p=M1353665098
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.192.120.237 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-192-120-237.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
24de11cbfde55aba747f7542f665faa0ac83bfbf145f6130d7a22857f49bbe59

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 10:36:06 GMT
Content-Encoding
gzip
Server
nginx/1.18.0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
text/plain;charset=UTF-8
Access-Control-Allow-Origin
https://ads.us.e-planning.net
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
264
rt=ifr
bcp.crwdcntrl.net/5/c=15238/rand=872860876/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20s.console.adtarget.com.tr/ Frame 00F5
972 B
2 KB
Document
General
Full URL
https://bcp.crwdcntrl.net/5/c=15238/rand=872860876/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20s.console.adtarget.com.tr/rt=ifr
Requested by
Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/c/15238/cc.js?ns=_cc15238
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.20.97.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-20-97-150.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
8bbe35fc8ed9ca183f10b258feef1e5cb45b4e2f972e2055f766b1bb51a69d24

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/

Response headers

date
Thu, 27 Jan 2022 10:36:06 GMT
content-type
text/html;charset=utf-8
content-length
972
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
cache-control
no-cache
pragma
no-cache
expires
0
x-server
10.40.8.180
access-control-allow-origin
*
server
Jetty(9.4.38.v20210224)
tpid=0-42b25b48-8d64-4dd8-6357-2f670179e085$ip$149.56.153.184
bcp.crwdcntrl.net/map/c=6569/tp=STKA/ Frame 00F5
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=lotame
  • https://bcp.crwdcntrl.net/map/c=6569/tp=STKA/tpid=0-42b25b48-8d64-4dd8-6357-2f670179e085$ip$149.56.153.184
49 B
265 B
Image
General
Full URL
https://bcp.crwdcntrl.net/map/c=6569/tp=STKA/tpid=0-42b25b48-8d64-4dd8-6357-2f670179e085$ip$149.56.153.184
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/c=15238/rand=872860876/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20s.console.adtarget.com.tr/rt=ifr
Protocol
H2
Server
52.20.97.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-20-97-150.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:07 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.40.47.186
content-type
image/gif
content-length
49
expires
0

Redirect headers

Location
https://bcp.crwdcntrl.net/map/c=6569/tp=STKA/tpid=0-42b25b48-8d64-4dd8-6357-2f670179e085$ip$149.56.153.184
Date
Thu, 27 Jan 2022 10:36:06 GMT
Connection
keep-alive
Content-Length
129
Content-Type
text/html; charset=utf-8
tpid=ed229770-7f5c-11ec-b8cd-a176aed107ee
sync.crwdcntrl.net/map/c=363/tp=ADGR/ Frame 00F5
Redirect Chain
  • https://cm.adgrx.com/bridge?AG_SETCOOKIE&AG_PID=lotame&AG_REDIR=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D363%2Ftp%3DADGR%2Ftpid%3D__AG_UID__
  • https://sync.crwdcntrl.net/map/c=363/tp=ADGR/tpid=ed229770-7f5c-11ec-b8cd-a176aed107ee
49 B
265 B
Image
General
Full URL
https://sync.crwdcntrl.net/map/c=363/tp=ADGR/tpid=ed229770-7f5c-11ec-b8cd-a176aed107ee
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/c=15238/rand=872860876/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20s.console.adtarget.com.tr/rt=ifr
Protocol
H2
Server
52.20.97.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-20-97-150.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:07 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.40.43.111
content-type
image/gif
content-length
49
expires
0

Redirect headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:06 GMT
server
Cowboy
Location
https://sync.crwdcntrl.net/map/c=363/tp=ADGR/tpid=ed229770-7f5c-11ec-b8cd-a176aed107ee
P3P
CP="NOI OTC OTP OUR NOR"
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate, proxy-revalidate
Connection
keep-alive
Content-Type
image/gif
X-RealServer-NX
lga-delivery-7
Content-Length
0
Expires
Thu, 23 Sep 2004 17:42:04 GMT
tpid=vv14SpX61Nd28j5
sync.crwdcntrl.net/map/c=1818/tp=DTXU/ Frame 00F5
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?st=lotame&rurl=https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc%3D1818%2Ftp%3DDTXU%2Ftpid%3D_wfivefivec_
  • https://sync.crwdcntrl.net/map/c=1818/tp=DTXU/tpid=vv14SpX61Nd28j5
49 B
265 B
Image
General
Full URL
https://sync.crwdcntrl.net/map/c=1818/tp=DTXU/tpid=vv14SpX61Nd28j5
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/c=15238/rand=872860876/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20s.console.adtarget.com.tr/rt=ifr
Protocol
H2
Server
52.20.97.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-20-97-150.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:07 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.40.43.121
content-type
image/gif
content-length
49
expires
0

Redirect headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:06 GMT
Server
PingMatch/v2.0.30-700-g8d321aa#rel-ec2-master i-0d76f912b48832f5c@us-east-1d@dxedge-app-us-east-1-prod-asg
Strict-Transport-Security
max-age=2592000; includeSubDomains
Location
https://sync.crwdcntrl.net/map/c=1818/tp=DTXU/tpid=vv14SpX61Nd28j5
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
tp=ANXS
sync.crwdcntrl.net/map/c=281/rand=929654170/tpid=8076697769768775013/ Frame 00F5
Redirect Chain
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fsync.crwdcntrl.net%2Fmap%2Fc=281%2Frand=929654170%2Ftpid%3D%24UID%2Ftp%3DANXS
  • https://sync.crwdcntrl.net/map/c=281/rand=929654170/tpid=8076697769768775013/tp=ANXS
49 B
264 B
Image
General
Full URL
https://sync.crwdcntrl.net/map/c=281/rand=929654170/tpid=8076697769768775013/tp=ANXS
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/c=15238/rand=872860876/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20s.console.adtarget.com.tr/rt=ifr
Protocol
H2
Server
52.20.97.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-20-97-150.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:07 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.40.3.43
content-type
image/gif
content-length
49
expires
0

Redirect headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:06 GMT
X-Proxy-Origin
149.56.153.184; 149.56.153.184; 564.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
3ce395b3-fc30-42f3-a01d-079bc31c08cd
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://sync.crwdcntrl.net/map/c=281/rand=929654170/tpid=8076697769768775013/tp=ANXS
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
tpid=09e2ffd2-fcd8-b831-38ba-667be3ca5278
bcp.crwdcntrl.net/map/c=10098/tp=SRVT/ Frame 00F5
Redirect Chain
  • https://px.surveywall-api.survata.com/t
  • https://bcp.crwdcntrl.net/map/c=10098/tp=SRVT/tpid=09e2ffd2-fcd8-b831-38ba-667be3ca5278
49 B
265 B
Image
General
Full URL
https://bcp.crwdcntrl.net/map/c=10098/tp=SRVT/tpid=09e2ffd2-fcd8-b831-38ba-667be3ca5278
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/c=15238/rand=872860876/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20s.console.adtarget.com.tr/rt=ifr
Protocol
H2
Server
52.20.97.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-20-97-150.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:07 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.40.11.161
content-type
image/gif
content-length
49
expires
0

Redirect headers

Date
Thu, 27 Jan 2022 10:36:07 GMT
ETag
W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
Server
nginx/1.19.2
X-Powered-By
Express
Content-Type
image/gif; charset=utf-8
Location
https://bcp.crwdcntrl.net/map/c=10098/tp=SRVT/tpid=09e2ffd2-fcd8-b831-38ba-667be3ca5278
Referer
px.surveywall-api.survata.com, px.surveywall-api.survata.com, px.surveywall-api.survata.com
Connection
keep-alive
Content-Length
0
/
loadm.exelator.com/load/ Frame 00F5
0
604 B
Image
General
Full URL
https://loadm.exelator.com/load/?p=204&g=260&buid=f298cfe6fb5a3a352a645b17c8f4641&j=0
Requested by
Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/c=15238/rand=872860876/pv=y/amskip=Y/pltfrm=%23OpR%2399944%23ads.us.e-planning.net%20%3A%20Referral%20Site%20%3A%20s.console.adtarget.com.tr/rt=ifr
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.229.3.43 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-229-3-43.compute-1.amazonaws.com
Software
nginx / Undertow/1
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://bcp.crwdcntrl.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:06 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
x-powered-by
Undertow/1
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
p
a.audrte.com/ Frame 8038
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_cm&red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=8dfOTNl12jiSUGOvzUx3lxk7Q&gdpr=0&gdpr_consent=
  • https://a.audrte.com/g?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&ar_id=8dfOTNl12jiSUGOvzUx3lxk7Q&gdpr=0&gdpr_consent=&google_gid=CAESEDtXk6Dn6ioQIPgRkQjQBSs&google_cver=1
  • https://a.audrte.com/p
68 B
617 B
Image
General
Full URL
https://a.audrte.com/p
Requested by
Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol
HTTP/1.1
Server
34.192.120.237 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-192-120-237.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 10:36:07 GMT
Server
nginx/1.18.0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
68

Redirect headers

Date
Thu, 27 Jan 2022 10:36:07 GMT
Server
nginx/1.18.0
Access-Control-Allow-Origin
*
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Location
https://a.audrte.com:443/p
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
match
ps.eyeota.net/ Frame 8038
Redirect Chain
  • https://dmp.adform.net/serving/cookie/match/?party=1003&gdpr=0&gdpr_consent=
  • https://a.audrte.com/a?adform_uid=3450203132156163805
  • https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_cm&red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbeyJuYW1lIjoiZXllb3RhIn1dfQ%3D%3D&gdpr=0&gdpr_consent=
  • https://a.audrte.com/g?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbeyJuYW1lIjoiZXllb3RhIn1dfQ%3D%3D&gdpr=0&gdpr_consent=&google_gid=CAESEDtXk6Dn6ioQIPgRkQjQBSs&google_cver=1
  • https://ps.eyeota.net/match?bid=kh51m51&uid=8dfOTNl12jiSUGOvzUx3lxk7Q&gdpr=0&gdpr_consent=
70 B
440 B
Image
General
Full URL
https://ps.eyeota.net/match?bid=kh51m51&uid=8dfOTNl12jiSUGOvzUx3lxk7Q&gdpr=0&gdpr_consent=
Requested by
Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol
HTTP/1.1
Server
52.55.144.0 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-55-144-0.compute-1.amazonaws.com
Software
/
Resource Hash
de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 10:36:07 GMT
Content-Type
image/gif
Content-Length
70
P3P
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

Redirect headers

Date
Thu, 27 Jan 2022 10:36:07 GMT
Server
nginx/1.18.0
Access-Control-Allow-Origin
*
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Location
https://ps.eyeota.net/match?bid=kh51m51&uid=8dfOTNl12jiSUGOvzUx3lxk7Q&gdpr=0&gdpr_consent=
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
pixel
ps.eyeota.net/ Frame 8038
1 KB
1 KB
Image
General
Full URL
https://ps.eyeota.net/pixel?pid=kh51m51&t=ajs&uid=8dfOTNl12jiSUGOvzUx3lxk7Q&gdpr=0&gdpr_consent=
Requested by
Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.55.144.0 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-55-144-0.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 10:36:07 GMT
Content-Type
application/javascript
Content-Length
1168
P3P
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
js
ih.adscale.de/sium/12c4aab3da0a4f36a6cbbd4aff29f584/1643279764267/0/ Frame BFE3
Redirect Chain
  • https://tracking.m6r.eu/sync/adscaleRedirect?gdprFallback=true&uid=df8838e9993030c13121536ced3a33cb19b7c5dcf0fef3c5558423a9b3ab60e9&tpid=48&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F12c4aab3da0a4f...
  • https://tracking.m6r.eu/sync/adscaleRedirect?gdprFallback=true&uid=df8838e9993030c13121536ced3a33cb19b7c5dcf0fef3c5558423a9b3ab60e9&tpid=48&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F12c4aab3da0a4f...
  • https://ih.adscale.de/sium/12c4aab3da0a4f36a6cbbd4aff29f584/1643279764267/0/js?tpid=48&tpuid=4646c54dea09729b49cbdd16934e7bdf
44 B
585 B
Script
General
Full URL
https://ih.adscale.de/sium/12c4aab3da0a4f36a6cbbd4aff29f584/1643279764267/0/js?tpid=48&tpuid=4646c54dea09729b49cbdd16934e7bdf
Requested by
Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol
H2
Server
18.196.233.14 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-233-14.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
698cd179b740652017505b8f1c8d7510166f80273e6b2c9c69103f868b6e3b1a

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ih.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:07 GMT
p3p
CP=NOI PSA OUR
content-length
44
content-type
text/javascript

Redirect headers

Date
Thu, 27 Jan 2022 10:36:07 GMT
Server
nginx
Vary
Accept
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://ih.adscale.de/sium/12c4aab3da0a4f36a6cbbd4aff29f584/1643279764267/0/js?tpid=48&tpuid=4646c54dea09729b49cbdd16934e7bdf
Connection
close
Content-Type
text/plain; charset=utf-8
Content-Length
147
events
api.permutive.com/v2.0/batch/
301 B
184 B
XHR
General
Full URL
https://api.permutive.com/v2.0/batch/events?enrich=false&sdkp=true&k=77604859-ffe0-4bc9-9ccd-67044cad2410
Requested by
Host: 00917082-71e9-498e-8343-00c3df06b798.edge.permutive.app
URL: https://00917082-71e9-498e-8343-00c3df06b798.edge.permutive.app/00917082-71e9-498e-8343-00c3df06b798-web.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.254.252 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
252.254.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
f6603b783a5c209c39bca7e4885e3d02f2ad5ed7f2b30fa19362cde598b2c46c

Request headers

Referer
https://dl-file.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
content-type
text/plain

Response headers

date
Thu, 27 Jan 2022 10:36:07 GMT
content-encoding
gzip
server
Permutive
vary
Origin,Access-Control-Request-Method
access-control-allow-methods
POST
content-type
application/json
access-control-allow-origin
https://dl-file.com
access-control-expose-headers
*
access-control-allow-credentials
true
access-control-max-age
86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
163
via
1.1 google
liveMatching.php
live.primis.tech/live/ Frame FC14
0
282 B
XHR
General
Full URL
https://live.primis.tech/live/liveMatching.php
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032322D30312D32375F31327D7B7331373037383430307D7B4333317D7B535A4777745A6D6C735A53356A6232303D7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583634307D7B593434307D7B66317D7B4C31323636337DFEFE&userIpAddr=149.56.153.184&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F97.0.4692.71+Safari%2F537.36&debugInformation=&kv_enc_1=url%3D%252Fg6zkpczghqdr%252FBanks_2012_Chevy131217.rar&isWePassGdpr=1&schain=1.0%2C1%21network-n.com%2Cpa_f06496e7%2C1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&isSinglePageFloatSupport=0&csuuid=61f275927240c&debugInfo=17078400_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17078400&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2cafjgvulrox&secondaryContent=&x=640&y=440&pubUrl=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=0&flow_bottomOffset=90&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=0&gdprConsent=&contentFeedId=&geoLati=45.4995&geoLong=-73.5848&vpTemplate=12663&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=&subId=dl-file.com
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.244.48.95 New York, United States, ASN36007 (KAMATERA, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://dl-file.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:07 GMT
content-encoding
gzip
server
nginx
age
0
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-store
state
api.permutive.com/v1.0/
0
34 B
XHR
General
Full URL
https://api.permutive.com/v1.0/state?fetch_unseen=false&k=77604859-ffe0-4bc9-9ccd-67044cad2410
Requested by
Host: 00917082-71e9-498e-8343-00c3df06b798.edge.permutive.app
URL: https://00917082-71e9-498e-8343-00c3df06b798.edge.permutive.app/00917082-71e9-498e-8343-00c3df06b798-web.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.254.252 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
252.254.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://dl-file.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
*
date
Thu, 27 Jan 2022 10:36:07 GMT
content-encoding
gzip
server
Permutive
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20
via
1.1 google
sium
ih.adscale.de/ Frame BFE3
0
190 B
XHR
General
Full URL
https://ih.adscale.de/sium
Requested by
Host: js.adscale.de
URL: https://js.adscale.de/match.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.196.233.14 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-233-14.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://ih.adscale.de
date
Thu, 27 Jan 2022 10:36:07 GMT
access-control-allow-credentials
true
access-control-allow-headers
x-openrtb-version
content-length
0
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
user
ads3.admatic.com.tr/ Frame CBA8
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=admatic
  • https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=admatic
  • https://x.bidswitch.net/sync?dsp_id=70&user_id=3450203132156163805&ssp=admatic
  • https://ads4.admatic.com.tr/showad/px/ums/sync/bsw?bsw_uuid=c842ca48-ee24-4529-8afa-5d2f74bfe7d3&dsp_uuid=&dsp_id=
  • https://ads3.admatic.com.tr/user?bsw_uuid=c842ca48-ee24-4529-8afa-5d2f74bfe7d3&dsp_uuid=&dsp_id=
35 B
141 B
Image
General
Full URL
https://ads3.admatic.com.tr/user?bsw_uuid=c842ca48-ee24-4529-8afa-5d2f74bfe7d3&dsp_uuid=&dsp_id=
Protocol
H2
Server
188.132.147.228 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
static-228-147-132-188.sadecehosting.net
Software
AdMatic / AdMatic
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://cdn.admatic.com.tr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:10 GMT
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
server
AdMatic
x-powered-by
AdMatic
etag
rJl80KECnY0wEm_mA5P_t01ZZA9AcTEGJoDdsh1GAD35OZ2Z5rox85kQV7md6QmTKrXx4d0IMU864AaiPHsLgQ
content-type
image/gif
cache-control
no-cache
timing-allow-origin
*
content-length
35

Redirect headers

timing-allow-origin
*
date
Thu, 27 Jan 2022 10:36:10 GMT
location
https://ads3.admatic.com.tr/user?bsw_uuid=c842ca48-ee24-4529-8afa-5d2f74bfe7d3&dsp_uuid=&dsp_id=
x-powered-by
AdMatic
access-control-max-age
86400
access-control-allow-methods
GET, POST
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
https://cdn.admatic.com.tr
cache-control
no-cache
access-control-allow-credentials
true
content-type
text/html; charset=utf-8
access-control-allow-headers
Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
content-length
221
liveView.php
live.primis.tech/live/
0
226 B
Image
General
Full URL
https://live.primis.tech/live/liveView.php?hash=ozcmPTEznXRiPTEzqzyxX2V2ZW50PTI1JaNypaZypyRcoWU9MTY0MmI3OTp2MvZ2nWRspGkurWVlVzVlPTMhMS4jJaM9MTA5NmQkJaN0YT0jJat9NwQjJax9NDQjJaZcZF9jYXNmRG9gYWyhPWRfLWZcoGUhY29gJaN1YxyxPWRfLWZcoGUhY29gJzRyYaVaSW5zo3JgYXRco249JzymQXBjPTAzqXNypxyjQWRxpw0kNDxhNTYhMTUmLwE4NCZ1p2VlVUE9TW96nWkfYSUlRwUhMCUlMCUlOFqcozRiq3MyMwBOVCUlMDEjLwAyM0IyMwBXnW42NCUmQvUlMHt2NCUlOSUlMEFjpGkyV2VvS2y0JTJGNTM3LwM2JTIjJTI4S0uUTUjyMxMyMwBfnWgyJTIjR2Vwn28yMwxyMwBDnHJioWUyMxY5Nl4jLwQ2OTIhNmEyMwBTYWZupzxyMxY1MmphMmYzY3N1qWyxPTYkZwI3NTxlNmI0MGMzY29hqGVhqEZcoGVJZD0jJz1yZGyuUGkurUkcp3RJZD0jJz1yZGyuTGymqEyxPTAzZHVlPTtjMCZaZHBlPTAzZ2RjpxNioaNyoaQ9JzymV2VQYXNmR2Rjpw0kJzNwpGE9MCZwY3BuQ29hp2VhqD0zY2J1p3Rypw0kNwQmMwp5NmpjOTU5JaVcZD1TZWgcozRiU1BfYXyypwYkZwI3NTxlOTQ1YzUzpHVvVXJfPWu0qHBmJTNBJTJGJTJGZGjgZzyfZS5wo20yMxZaNacepGN6Z2ukZHIyMxZCYW5ep18lMDElX0NbZXZ5MTMkMwE3LaJupv5bqG1fJzZfo2F0U3RuqHVmPXRlqWUzZWyxp3A9nWyk
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.244.48.95 New York, United States, ASN36007 (KAMATERA, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:10 GMT
content-encoding
gzip
server
nginx
age
0
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin
*
cache-control
no-store
content-type
text/html; charset=UTF-8
liveView.php
live.primis.tech/live/
0
226 B
Image
General
Full URL
https://live.primis.tech/live/liveView.php?hash=ozcmPTEznXRiPTEzqzyxX2V2ZW50PTQlJaNypaZypyRcoWU9MTY0MmI3OTp2MvZ2nWRspGkurWVlVzVlPTMhMS4jJaM9MTA5NmQkJaN0YT0jJat9NwQjJax9NDQjJaZcZF9jYXNmRG9gYWyhPWRfLWZcoGUhY29gJaN1YxyxPWRfLWZcoGUhY29gJzRyYaVaSW5zo3JgYXRco249JzymQXBjPTAzqXNypxyjQWRxpw0kNDxhNTYhMTUmLwE4NCZ1p2VlVUE9TW96nWkfYSUlRwUhMCUlMCUlOFqcozRiq3MyMwBOVCUlMDEjLwAyM0IyMwBXnW42NCUmQvUlMHt2NCUlOSUlMEFjpGkyV2VvS2y0JTJGNTM3LwM2JTIjJTI4S0uUTUjyMxMyMwBfnWgyJTIjR2Vwn28yMwxyMwBDnHJioWUyMxY5Nl4jLwQ2OTIhNmEyMwBTYWZupzxyMxY1MmphMmYzY3N1qWyxPTYkZwI3NTxlNmI0MGMzY29hqGVhqEZcoGVJZD0jJz1yZGyuUGkurUkcp3RJZD0jJz1yZGyuTGymqEyxPTAzZHVlPTtjMCZaZHBlPTAzZ2RjpxNioaNyoaQ9JzymV2VQYXNmR2Rjpw0kJzNwpGE9MCZwY3BuQ29hp2VhqD0zY2J1p3Rypw0kNwQmMwp5NmpkMTA0JaVcZD1TZWgcozRiU1BfYXyypwYkZwI3NTxlOTQ1YzUzpHVvVXJfPWu0qHBmJTNBJTJGJTJGZGjgZzyfZS5wo20yMxZaNacepGN6Z2ukZHIyMxZCYW5ep18lMDElX0NbZXZ5MTMkMwE3LaJupv5bqG1fJzZfo2F0U3RuqHVmPXRlqWUzZWyxp3A9nWyk
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.244.48.95 New York, United States, ASN36007 (KAMATERA, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:10 GMT
content-encoding
gzip
server
nginx
age
0
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin
*
cache-control
no-store
content-type
text/html; charset=UTF-8
metrics
connect-metrics-collector.s-onetag.com/
0
73 B
Ping
General
Full URL
https://connect-metrics-collector.s-onetag.com/metrics
Requested by
Host: get.s-onetag.com
URL: https://get.s-onetag.com/f0c84061-4182-4398-8e37-5ff5b5698a6f/tag.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
75.2.13.80 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://dl-file.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Thu, 27 Jan 2022 10:36:12 GMT
content-length
0
vary
Origin
swfIndex.php
ads.stickyadstv.com/www/delivery/ Frame FC14
67 B
673 B
XHR
General
Full URL
https://ads.stickyadstv.com/www/delivery/swfIndex.php?reqType=AdsSetup&protocolVersion=2.0&zoneId=14000367&componentId=prebid&componentSubId=mustang&timestamp=1643279773135&pKey=183030345&loc=https%3A%2F%2Fdl-file.com%2F&playerSize=400x225&schain=1.0%2C1!network-n.com%2Cpa_f06496e7%2C1%2C%2C%2C!primis.tech%2C28588%2C1%2C%2C%2C
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_8.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
63.251.28.218 , United States, ASN13789 (INTERNAP-BLK3, US),
Reverse DNS
Software
nginx /
Resource Hash
291437ea71e62b1c35d4ec5d3c5ad02cfa930343b41b1472fba70243089c8bbe

Request headers

Referer
https://dl-file.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 27 Jan 2022 10:36:13 GMT
Server
nginx
Transfer-Encoding
chunked
Content-Type
application/xml;charset=UTF-8
Access-Control-Allow-Origin
https://dl-file.com
Cache-Control
no-cache
Access-Control-Allow-Credentials
true
Connection
keep-alive
x-sticky-vk
1643279773066078-146
translator
hbopenbid.pubmatic.com/ Frame FC14
0
57 B
XHR
General
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_8.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.111 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://dl-file.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dl-file.com
date
Thu, 27 Jan 2022 10:36:13 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cygnus
htlb.casalemedia.com/ Frame FC14
37 B
329 B
XHR
General
Full URL
https://htlb.casalemedia.com/cygnus?s=694665&v=8.1&ac=j&sd=1&nf=1&r=%7B%22id%22%3A%22187904fdca4569f%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A0%2C%22iu%22%3A1%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%225.18.0%22%2C%22userIds%22%3A%5B%22id5id%22%2C%22criteoId%22%5D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2219716d22e7fd206%22%2C%22ext%22%3A%7B%22siteID%22%3A%22694665%22%2C%22dfp_ad_unit_code%22%3A%22%2F109741%22%2C%22sid%22%3A%22400x225%22%2C%22fl%22%3A%22x%22%7D%2C%22video%22%3A%7B%22playerSize%22%3A%5B%5B400%2C225%5D%5D%2C%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22application%2Fjavascript%22%5D%2C%22minduration%22%3A1%2C%22maxduration%22%3A200%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22placement%22%3A1%2C%22startdelay%22%3A0%2C%22skip%22%3A1%2C%22w%22%3A400%2C%22h%22%3A225%7D%2C%22bidfloor%22%3A2%2C%22bidfloorcur%22%3A%22USD%22%7D%5D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22network-n.com%22%2C%22sid%22%3A%22pa_f06496e7%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%22eids%22%3A%5B%7B%22source%22%3A%22adserver.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9%22%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID%22%7D%7D%5D%7D%5D%7D%7D
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_8.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.94.205.31 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-94-205-31.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
6705617f3415ef40a24ee4814f2fdeac8aac82a09e6acf3d7b3d5d2129110fd7

Request headers

Referer
https://dl-file.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:13 GMT
x-ak-initial-geo
CC:[CA], RC:[QC], CN:[NA], CIP:[149.56.153.184], XFF:[]
server
Apache
content-type
application/json
access-control-allow-origin
https://dl-file.com
x-cs-client-geo
19
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
37
x-ak-client-geo
19
expires
Thu, 27 Jan 2022 10:36:13 GMT
openrtb
ads.adaptv.advertising.com/rtb/ Frame FC14
0
212 B
XHR
General
Full URL
https://ads.adaptv.advertising.com/rtb/openrtb?ext_id=NetworkN
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_8.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.23.146.219 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-23-146-219.compute-1.amazonaws.com
Software
adaptv/1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://dl-file.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://dl-file.com
access-control-allow-credentials
true
server
adaptv/1.0
Connection
keep-alive
content-length
0
content-type
application/json
auction
tlx.3lift.com/header/ Frame FC14
19 B
475 B
XHR
General
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=5.18.0&referrer=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&tmax=3000
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_8.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.224.175.57 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-224-175-57.compute-1.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://dl-file.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:13 GMT
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
access-control-allow-origin
https://dl-file.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-type
application/json; charset=utf-8
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
bid
c.amazon-adsystem.com/e/dtb/ Frame FC14
23 B
489 B
XHR
General
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&pid=grza2fEyTB2lv&cb=1&ws=1x1&v=7.72.0&t=2000&slots=%5B%7B%22id%22%3A%22videoSlot%22%2C%22mt%22%3A%22v%22%2C%22fc%22%3A%22USD%22%2C%22fp%22%3A200%7D%5D&schain=1.0%2C1!network-n.com%2Cpa_f06496e7%2C1%2C%2C%2C&pubid=968a0f5c-e5ed-4ba9-bf43-8be1f5b68988&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.192.160.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-192-160-42.ewr53.r.cloudfront.net
Software
Server /
Resource Hash
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:13 GMT
via
1.1 48242c037992a87d34be1f3c114efc0a.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
EWR53-C3
x-amz-rid
YTSB5SV0CJDFCZMY45M6
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://dl-file.com
access-control-allow-credentials
true
permissions-policy
interest-cohort=()
strict-transport-security
max-age=47474747; includeSubDomains; preload
timing-allow-origin
*
content-length
23
x-amz-cf-id
DRjpd3cZEeUwabUgyM4wSKEdSPaD9wSJIKjoO-4vT3-EeC2ZINb08Q==
bridge3.496.0_en.html
imasdk.googleapis.com/js/core/ Frame BDC5
601 KB
195 KB
Document
General
Full URL
https://imasdk.googleapis.com/js/core/bridge3.496.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:824::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b67fad811e7e9b06f1bb367ae9204cbdd235b7de4d8b7131a4d4cb212ce6b298
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length
199641
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
date
Fri, 21 Jan 2022 22:04:45 GMT
expires
Sat, 21 Jan 2023 22:04:45 GMT
cache-control
public, max-age=31536000
last-modified
Fri, 21 Jan 2022 21:59:24 GMT
content-type
text/html
age
477088
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
liveView.php
live.primis.tech/live/
0
226 B
Image
General
Full URL
https://live.primis.tech/live/liveView.php?hash=ozcmPTEznXRiPTEzqzyxX2V2ZW50PTQ5JaNypaZypyRcoWU9MTY0MmI3OTp2MvZ2nWRspGkurWVlVzVlPTMhMS4jJaM9MTA5NmQkJaN0YT0jJat9NwQjJax9NDQjJaZcZF9jYXNmRG9gYWyhPWRfLWZcoGUhY29gJaN1YxyxPWRfLWZcoGUhY29gJzRyYaVaSW5zo3JgYXRco249JzymQXBjPTAzqXNypxyjQWRxpw0kNDxhNTYhMTUmLwE4NCZ1p2VlVUE9TW96nWkfYSUlRwUhMCUlMCUlOFqcozRiq3MyMwBOVCUlMDEjLwAyM0IyMwBXnW42NCUmQvUlMHt2NCUlOSUlMEFjpGkyV2VvS2y0JTJGNTM3LwM2JTIjJTI4S0uUTUjyMxMyMwBfnWgyJTIjR2Vwn28yMwxyMwBDnHJioWUyMxY5Nl4jLwQ2OTIhNmEyMwBTYWZupzxyMxY1MmphMmYzY3N1qWyxPTYkZwI3NTxlNmI0MGMzqxygpE9jpG9lqHVhnXR5TXVfqGyjoGyypw01JzNioaRyoaRGnWkySWQ9MCZgZWRcYVBfYXyMnXN0SWQ9MCZgZWRcYUkcp3RJZD0jJzqxpHI9MCZaZHBlQ29hp2VhqD0znXNXZVBup3NHZHBlPTEzY2NjYT0jJzNwpGFDo25mZW50PSZwYaVmqGVlPTE2NDMlNmx3NmM0ODtzqWyxPVNyn2yhZG9TUGkurWVlNwFzMwp1OTI5NDVvZSZjqWJVpzj9nHR0pHMyM0EyMxYyMxZxoC1znWkyLzNioSUlRzp2rzgjY3canHFxpvUlRxJuozgmXmIjMTJsQ2uyqaxkMmElMTphpzFlLzu0oWjzZzkiYXRTqGF0qXM9qHJ1ZSZynWRmpD1cnXE=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.244.48.95 New York, United States, ASN36007 (KAMATERA, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:13 GMT
content-encoding
gzip
server
nginx
age
0
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin
*
cache-control
no-store
content-type
text/html; charset=UTF-8
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 58BF
37 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:35:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
31
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12861
x-xss-protection
0
last-modified
Tue, 26 Oct 2021 20:08:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Thu, 27 Jan 2022 11:35:42 GMT
integrator.js
adservice.google.com/adsid/ Frame FC14
107 B
122 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=dl-file.com
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 27 Jan 2022 10:36:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ Frame BDC5
156 B
142 B
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F6928793%2Fdl-file-61deae48ca228%2Fdl-file-Instream-Nova-Core1-61deb211dc4b8&description_url=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&env=vp&correlator=2268440445229773&tfcd=0&npa=0&gdfp_req=1&output=xml_vast4&sz=1x1%7C400x300%7C640x480&unviewed_position_start=1&cust_params=prmsig%3Dwypjsl&sdkv=h.3.496.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&u_so=l&ctv=0&gdpr=0&addtl_consent=1~2090.2970.46.1375.66.70.7.1317.2526.1843.122.440.1703.1896.1097.1022.1799.184.196.202.89.2328.1998.1215.229.229.338.505.2135.2213.1799.326.1449.2993.1025.371.960.1024.1027.1902.1034.1127.1468.2567.486.2631.494.1033.585.1456&sdki=44d&adk=434523329&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.496.0&sid=C4FE7F50-6A2A-4889-8810-3AA686529680&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY8JDt2OkvRQAAAAA%3D&nel=0&eid=44737475%2C44747319%2C44750824&top=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&url=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&dt=1643279773745&cookie=ID%3Dccc26834f13feb65%3AT%3D1643279763%3AS%3DALNI_MYGs94k2eBDjNrPy-3gUCftsVfnbA&scor=1093413626945255&ged=ve4_td11_tt9_pd11_la11000_er773.-1800.923.-1500_vi0.0.1200.1600_vp0_ts8_eb16491
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.496.0_en.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
cafe /
Resource Hash
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:13 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
113
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://imasdk.googleapis.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
bridge3.496.0_en.html
imasdk.googleapis.com/js/core/ Frame 2EFE
601 KB
195 KB
Document
General
Full URL
https://imasdk.googleapis.com/js/core/bridge3.496.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:824::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b67fad811e7e9b06f1bb367ae9204cbdd235b7de4d8b7131a4d4cb212ce6b298
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length
199641
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
date
Fri, 21 Jan 2022 22:04:45 GMT
expires
Sat, 21 Jan 2023 22:04:45 GMT
cache-control
public, max-age=31536000
last-modified
Fri, 21 Jan 2022 21:59:24 GMT
content-type
text/html
age
477088
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame A246
37 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:35:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
31
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12861
x-xss-protection
0
last-modified
Tue, 26 Oct 2021 20:08:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Thu, 27 Jan 2022 11:35:42 GMT
integrator.js
adservice.google.com/adsid/ Frame FC14
107 B
122 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=dl-file.com
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 27 Jan 2022 10:36:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ Frame 2EFE
156 B
142 B
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F6928793%2Fdl-file-61deae48ca228%2Fdl-file-Instream-Nova1-61deb1e5bceba&description_url=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&env=vp&correlator=4351536195333272&tfcd=0&npa=0&gdfp_req=1&output=xml_vast4&sz=1x1%7C400x300%7C640x480&unviewed_position_start=1&cust_params=prmsig%3Dwypjsl&sdkv=h.3.496.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&u_so=l&ctv=0&gdpr=0&addtl_consent=1~2090.2970.46.1375.66.70.7.1317.2526.1843.122.440.1703.1896.1097.1022.1799.184.196.202.89.2328.1998.1215.229.229.338.505.2135.2213.1799.326.1449.2993.1025.371.960.1024.1027.1902.1034.1127.1468.2567.486.2631.494.1033.585.1456&sdki=44d&adk=434523329&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.496.0&sid=C4FE7F50-6A2A-4889-8810-3AA686529680&a3p=Eh4KDmVzcC5jcml0ZW8uY29tEgAY8JDt2OkvRQAAAAA%3D&nel=0&eid=44737475%2C44747319%2C44750824&top=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&url=https%3A%2F%2Fdl-file.com%2Fg6zkpczghqdr%2FBanks_2012_Chevy131217.rar.html&dt=1643279773993&cookie=ID%3Dccc26834f13feb65%3AT%3D1643279763%3AS%3DALNI_MYGs94k2eBDjNrPy-3gUCftsVfnbA&scor=3223614886697660&ged=ve4_td11_tt9_pd11_la11000_er773.-1800.923.-1500_vi0.0.1200.1600_vp0_ts0_eb16491
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.496.0_en.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
cafe /
Resource Hash
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:14 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
113
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://imasdk.googleapis.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
json
gum.criteo.com/sid/ Frame
0
0
Preflight
General
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fdl-file.com%2F&domain=dl-file.com&bundle=FZGcuV9PT1hrVFVmWWsxUGp6Q3BwJTJGdU1LSk94Wnk4WnMlMkZpWmlLOUVpOXdPd2xPZEp2c1RZTXhwRnRBV2MwYVNWMnRjeEt5SEZNRE5GJTJCUVZOQmZkZUwxb2ZQUng3OE9zS0l0Q2hqVktLMlRqb2Nlalp1bGhIZmpxNXBoUExibTdhb21VNGM3a0g2dXZUWkRpbDlHdzVjbSUyQkFTUSUzRCUzRA&cw=1&lsw=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a001::c , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
content-type
Origin
https://dl-file.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
content-type
application/json; charset=utf-8
expires
0
access-control-allow-origin
https://dl-file.com
access-control-allow-headers
content-type
access-control-allow-credentials
true
access-control-allow-methods
GET
server-processing-duration-in-ticks
1619
date
Thu, 27 Jan 2022 10:36:13 GMT
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
vary
Accept-Encoding
sid
mug.criteo.com/ Frame FC14
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fdl-file.com%2F&domain=dl-file.com&bundle=FZGcuV9PT1hrVFVmWWsxUGp6Q3BwJTJGdU1LSk94Wnk4WnMlMkZpWmlLOUVpOXdPd2xPZEp2c1RZTXhwRnRBV2MwY...
  • https://mug.criteo.com/sid?cpp=JPB6eXxNTWZjTjRReURZOGlCckpNV0N1UWNiVHpBMVM2azNSYjhCc1ZrdXplSzQwZDJIOVUrNnJBWVBaODdSTmdCUit6OFFreHhOSEFMSTBORGY5WHNxRE5jY0RaSTVRZUt1Y2IyelRtNEMycWhuSEZ2N1NKZ1V3RTQ1NX...
408 B
659 B
XHR
General
Full URL
https://mug.criteo.com/sid?cpp=JPB6eXxNTWZjTjRReURZOGlCckpNV0N1UWNiVHpBMVM2azNSYjhCc1ZrdXplSzQwZDJIOVUrNnJBWVBaODdSTmdCUit6OFFreHhOSEFMSTBORGY5WHNxRE5jY0RaSTVRZUt1Y2IyelRtNEMycWhuSEZ2N1NKZ1V3RTQ1NXFCM25HL01lMFBzejBwc0ltSTFEbVhtMTdVNy9Zc2lnVjQ4TlVwYWYxSGhQMWY4L21wRk9VZ3dxTHBsM2V2UENjTTI3YnJWSldQUVFqbkQ5SGVrR2V5RmVnSG9CeHNCd3FqT3RZVkZDZ1g1L0NoY1daS3F4dExoc1dUL1d0Rmx5U3RCd3J6Ykc0Y3hYcC9tVk9zdUU0RHFJOTlEM2lCUT09fA&cppv=2
Protocol
H2
Server
178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
73e067aa23fe7abf9c5ac4cbe50f5678a0c0c4c4943a55fb3127c6e6503cd18b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:14 GMT
content-encoding
gzip
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
2866
strict-transport-security
max-age=31536000; preload;
expires
0

Redirect headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:13 GMT
location
https://mug.criteo.com/sid?cpp=JPB6eXxNTWZjTjRReURZOGlCckpNV0N1UWNiVHpBMVM2azNSYjhCc1ZrdXplSzQwZDJIOVUrNnJBWVBaODdSTmdCUit6OFFreHhOSEFMSTBORGY5WHNxRE5jY0RaSTVRZUt1Y2IyelRtNEMycWhuSEZ2N1NKZ1V3RTQ1NXFCM25HL01lMFBzejBwc0ltSTFEbVhtMTdVNy9Zc2lnVjQ4TlVwYWYxSGhQMWY4L21wRk9VZ3dxTHBsM2V2UENjTTI3YnJWSldQUVFqbkQ5SGVrR2V5RmVnSG9CeHNCd3FqT3RZVkZDZ1g1L0NoY1daS3F4dExoc1dUL1d0Rmx5U3RCd3J6Ykc0Y3hYcC9tVk9zdUU0RHFJOTlEM2lCUT09fA&cppv=2
strict-transport-security
max-age=31536000; preload;
access-control-allow-methods
GET
content-type
text/html; charset=utf-8
access-control-allow-origin
https://dl-file.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
1984
content-length
541
expires
0
sid
mug.criteo.com/ Frame
0
0
Preflight
General
Full URL
https://mug.criteo.com/sid?cpp=JPB6eXxNTWZjTjRReURZOGlCckpNV0N1UWNiVHpBMVM2azNSYjhCc1ZrdXplSzQwZDJIOVUrNnJBWVBaODdSTmdCUit6OFFreHhOSEFMSTBORGY5WHNxRE5jY0RaSTVRZUt1Y2IyelRtNEMycWhuSEZ2N1NKZ1V3RTQ1NXFCM25HL01lMFBzejBwc0ltSTFEbVhtMTdVNy9Zc2lnVjQ4TlVwYWYxSGhQMWY4L21wRk9VZ3dxTHBsM2V2UENjTTI3YnJWSldQUVFqbkQ5SGVrR2V5RmVnSG9CeHNCd3FqT3RZVkZDZ1g1L0NoY1daS3F4dExoc1dUL1d0Rmx5U3RCd3J6Ykc0Y3hYcC9tVk9zdUU0RHFJOTlEM2lCUT09fA&cppv=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
content-type
Origin
null
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
content-type
application/json; charset=utf-8
expires
0
access-control-allow-origin
null
access-control-allow-headers
content-type
access-control-allow-credentials
true
access-control-allow-methods
GET
server-processing-duration-in-ticks
1060
date
Thu, 27 Jan 2022 10:36:14 GMT
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
vary
Accept-Encoding
chunklist_480.m3u8
video.primis.tech/uploads/cn18/video/users/hls/28588/video_609bae6a84e18530638482/vid61eac353815ce248375380.mp4/
443 B
877 B
XHR
General
Full URL
https://video.primis.tech/uploads/cn18/video/users/hls/28588/video_609bae6a84e18530638482/vid61eac353815ce248375380.mp4/chunklist_480.m3u8
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.238.215.60 New York, United States, ASN36007 (KAMATERA, US),
Reverse DNS
Software
Tengine /
Resource Hash
9429156707c30311196dec2fa5e76185faeb690771e69e61b45adcbfa66c61bb

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:14 GMT
via
1.1 2ba01a121d51ee735a8dde7a86ed73b6.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-P1
content-length
443
last-modified
Fri, 21 Jan 2022 14:37:59 GMT
server
Tengine
etag
"00b8bfcb52a7d808d1045715394eaf81"
access-control-max-age
604800
access-control-allow-methods
GET, HEAD
content-type
application/vnd.apple.mpegurl
access-control-allow-origin
*
cache-control
max-age=1209600
x-proxy-cache
HIT
accept-ranges
bytes
x-amz-cf-id
KKsZ1wDXnqEkV6zuuVS3Bz9XZ265LRCl5wkeoGviaANW-D_a2UxwoA==
expires
Thu, 10 Feb 2022 10:36:14 GMT
w_480_00000.ts
video.primis.tech/uploads/cn18/video/users/hls/28588/video_609bae6a84e18530638482/vid61eac353815ce248375380.mp4/
336 KB
337 KB
XHR
General
Full URL
https://video.primis.tech/uploads/cn18/video/users/hls/28588/video_609bae6a84e18530638482/vid61eac353815ce248375380.mp4/w_480_00000.ts
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.238.215.60 New York, United States, ASN36007 (KAMATERA, US),
Reverse DNS
Software
Tengine /
Resource Hash
2912d7ae4297f510d282537ffa9d8d54c36eb990050ff61d9694b6ce67d7d9aa

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:14 GMT
via
1.1 19e58616339f974c22a3a07f8f637718.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-P1
content-length
344040
last-modified
Fri, 21 Jan 2022 14:38:00 GMT
server
Tengine
etag
"5b6031852372fb0f06db5ad6a3236b33"
access-control-max-age
604800
access-control-allow-methods
GET, HEAD
content-type
video/mp2t
access-control-allow-origin
*
cache-control
max-age=1209600
x-proxy-cache
HIT
accept-ranges
bytes
x-amz-cf-id
gwyxfAPg_JAvbbv-RXBp5gXw48gDiuG__bXjmHIH9AkGS5hZ7BU7Aw==
expires
Thu, 10 Feb 2022 10:36:14 GMT
16cd3930-87e6-488c-b6be-9e8f51f675e6
https://dl-file.com/
65 KB
0
Other
General
Full URL
blob:https://dl-file.com/16cd3930-87e6-488c-b6be-9e8f51f675e6
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d2dffba8a31eb663c59a5494783cbf197c182104edc58f0c0a17b7992429d7af

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Length
66258
Content-Type
text/javascript
w_480_00001.ts
video.primis.tech/uploads/cn18/video/users/hls/28588/video_609bae6a84e18530638482/vid61eac353815ce248375380.mp4/
448 KB
449 KB
XHR
General
Full URL
https://video.primis.tech/uploads/cn18/video/users/hls/28588/video_609bae6a84e18530638482/vid61eac353815ce248375380.mp4/w_480_00001.ts
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.238.215.60 New York, United States, ASN36007 (KAMATERA, US),
Reverse DNS
Software
Tengine /
Resource Hash
429eaaec7001737dfa40f33045ecd28911b189f7d287d72b3571ed3a74c540c0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:14 GMT
via
1.1 560ae23eb11e8a754d4876989783ad5e.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-P1
content-length
458720
last-modified
Fri, 21 Jan 2022 14:38:00 GMT
server
Tengine
etag
"3b35b9cd2fb3274099885a11200cb83d"
access-control-max-age
604800
access-control-allow-methods
GET, HEAD
content-type
video/mp2t
access-control-allow-origin
*
cache-control
max-age=1209600
x-proxy-cache
HIT
accept-ranges
bytes
x-amz-cf-id
5iIk-KY6joFa5lhikXOWax9lWxFIvoOmatT8yQueZXHzvVKSAUH6sQ==
expires
Thu, 10 Feb 2022 10:36:14 GMT
liveView.php
live.primis.tech/live/
0
226 B
Image
General
Full URL
https://live.primis.tech/live/liveView.php?hash=ozcmPTEznXRiPTEzqzyxX2V2ZW50PTE2JaNypaZypyRcoWU9MTY0MmI3OTp2MvZ2nWRspGkurWVlVzVlPTMhMS4jJaM9MCZmqGE9MTpjNmt0MDAzrD00MDAzrT0lMwUzqzyxX3Bup3NEo21unW49ZGjgZzyfZS5wo20zp3VvSWQ9ZGjgZzyfZS5wo20zZGVvqWqJozZipz1uqGyiow0znXNBpHA9MCZ1p2VlSXBBZGRlPTE0OS41Nv4kNTMhMTt0JaVmZXJVQT1No3ccoGkuJTJGNS4jJTIjJTI4V2yhZG93plUlME5UJTIjMTAhMCUmQvUlMFqcowY0JTNCJTIjrDY0JTI5JTIjQXBjoGVXZWJLnXQyMxY1MmphMmYyMwAyMwuLSFRNTCUlQlUlMGkcn2UyMwBHZWNeolUlOSUlMENbpz9gZSUlRwx3LwAhNDY5Mv43MSUlMFNuZzFlnSUlRwUmNl4mNvZwp3V1nWQ9NwFzMwp1OTI3MwQjYlZwo250ZW50RzyfZUyxPTIjNDp4NwUzoWVxnWFQoGF5TGymqEyxPTEkNDM5Jz1yZGyuTGymqEyxPTI2MTEjJzNioaRyoaRNYXRwnFR5pGU9JzymRXuwoHVxZUZlo21PpHQ9MCZaZHBlPTAzZ2RjpxNioaNyoaQ9JzymV2VQYXNmR2Rjpw0kJzNwpGE9MCZwY3BuQ29hp2VhqD0zY2J1p3Rypw0kNwQmMwp5Nmp0Nwp0JaVcZD1TZWgcozRiU1BfYXyypwYkZwI3NTxlOTQ1YzUzpHVvVXJfPWu0qHBmJTNBJTJGJTJGZGjgZzyfZS5wo20yMxZaNacepGN6Z2ukZHIyMxZCYW5ep18lMDElX0NbZXZ5MTMkMwE3LaJupv5bqG1fJzZfo2F0U3RuqHVmPXRlqWUzZWyxp3A9nWyk
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.244.48.95 New York, United States, ASN36007 (KAMATERA, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Jan 2022 10:36:14 GMT
content-encoding
gzip
server
nginx
age
0
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin
*
cache-control
no-store
content-type
text/html; charset=UTF-8
w_480_00002.ts
video.primis.tech/uploads/cn18/video/users/hls/28588/video_609bae6a84e18530638482/vid61eac353815ce248375380.mp4/
451 KB
451 KB
XHR
General
Full URL
https://video.primis.tech/uploads/cn18/video/users/hls/28588/video_609bae6a84e18530638482/vid61eac353815ce248375380.mp4/w_480_00002.ts
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.238.215.60 New York, United States, ASN36007 (KAMATERA, US),
Reverse DNS
Software
Tengine /
Resource Hash
c9bc9599b9a7a5cde8f3a105eb1a0914b06d5033584ff612bb1e0c9ec3d36dcb

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:14 GMT
via
1.1 ae9634deb2e9d6f8d396fc6f1e0586fa.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-P1
content-length
461352
last-modified
Fri, 21 Jan 2022 14:38:00 GMT
server
Tengine
etag
"989918bc04607bb91333f8de00b8b960"
access-control-max-age
604800
access-control-allow-methods
GET, HEAD
content-type
video/mp2t
access-control-allow-origin
*
cache-control
max-age=1209600
x-proxy-cache
HIT
accept-ranges
bytes
x-amz-cf-id
gO-o2XtbDuFGnEPmdW2yeKVQn1Ee_1u8FDjOH74UXuMlXxe0XUX9LQ==
expires
Thu, 10 Feb 2022 10:36:14 GMT
w_480_00003.ts
video.primis.tech/uploads/cn18/video/users/hls/28588/video_609bae6a84e18530638482/vid61eac353815ce248375380.mp4/
501 KB
502 KB
XHR
General
Full URL
https://video.primis.tech/uploads/cn18/video/users/hls/28588/video_609bae6a84e18530638482/vid61eac353815ce248375380.mp4/w_480_00003.ts
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.238.215.60 New York, United States, ASN36007 (KAMATERA, US),
Reverse DNS
Software
Tengine /
Resource Hash
f1925611e81e7f75c8ca7bdd55e640339b5cdad099212a698ca77b97da420e66

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:14 GMT
via
1.1 b8d8693cc4ac05b6a9cebe2651a2c8b8.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-P1
content-length
512676
last-modified
Fri, 21 Jan 2022 14:38:00 GMT
server
Tengine
etag
"b409ab22429d560000758428aac8ee17"
access-control-max-age
604800
access-control-allow-methods
GET, HEAD
content-type
video/mp2t
access-control-allow-origin
*
cache-control
max-age=1209600
x-proxy-cache
HIT
accept-ranges
bytes
x-amz-cf-id
RkhxjNmsUUUFBfJFTKGqCp_3bLE5XGio8Sqbt9vvXdkHmH16ygATSQ==
expires
Thu, 10 Feb 2022 10:36:14 GMT
w_480_00004.ts
video.primis.tech/uploads/cn18/video/users/hls/28588/video_609bae6a84e18530638482/vid61eac353815ce248375380.mp4/
497 KB
498 KB
XHR
General
Full URL
https://video.primis.tech/uploads/cn18/video/users/hls/28588/video_609bae6a84e18530638482/vid61eac353815ce248375380.mp4/w_480_00004.ts
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.238.215.60 New York, United States, ASN36007 (KAMATERA, US),
Reverse DNS
Software
Tengine /
Resource Hash
1f017650885ae36c859e56c2f32317777caf8d606c6ae8b4ded3aed07ce19e25

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:15 GMT
via
1.1 3c7ef4fe3f4a27b69b8df486fc6210e4.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD50-C2
content-length
509292
last-modified
Fri, 21 Jan 2022 14:38:00 GMT
server
Tengine
etag
"7d9779a4107f7394f1cfadf81e105c6d"
access-control-max-age
604800
access-control-allow-methods
GET, HEAD
content-type
video/mp2t
access-control-allow-origin
*
cache-control
max-age=1209600
x-proxy-cache
HIT
accept-ranges
bytes
x-amz-cf-id
TGXYO8-bqftIJzeeGcHEUMU9X1kB0kXJRJhrn8QgXxmJouS4BJdBQQ==
expires
Thu, 10 Feb 2022 10:36:15 GMT
w_480_00005.ts
video.primis.tech/uploads/cn18/video/users/hls/28588/video_609bae6a84e18530638482/vid61eac353815ce248375380.mp4/
480 KB
481 KB
XHR
General
Full URL
https://video.primis.tech/uploads/cn18/video/users/hls/28588/video_609bae6a84e18530638482/vid61eac353815ce248375380.mp4/w_480_00005.ts
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.238.215.60 New York, United States, ASN36007 (KAMATERA, US),
Reverse DNS
Software
Tengine /
Resource Hash
97e32a12a5ea3871849c9adbc397f38de73563d82c6bab62cbfb1f36537cccd8

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://dl-file.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:15 GMT
via
1.1 35c803afef083002d824403342d4c62e.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-P1
content-length
491620
last-modified
Fri, 21 Jan 2022 14:38:00 GMT
server
Tengine
etag
"9696a18e46796135c77ceb235e5b2310"
access-control-max-age
604800
access-control-allow-methods
GET, HEAD
content-type
video/mp2t
access-control-allow-origin
*
cache-control
max-age=1209600
x-proxy-cache
HIT
accept-ranges
bytes
x-amz-cf-id
6eYSUtE5Lmj28DfyWl2XXrHrjOcFm0oQMHcMv0A1G7ZKACXaIl30HA==
expires
Thu, 10 Feb 2022 10:36:15 GMT
user
ads3.admatic.com.tr/ Frame CBA8
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=admatic
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=bidswitch&ttd_tpi=1&ttd_puid=admatic&gdpr=&gdpr_consent=
  • https://x.bidswitch.net/sync?dsp_id=93&user_id=a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9&expires=30&ssp=admatic&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT_21}
  • https://ads4.admatic.com.tr/showad/px/ums/sync/bsw?bsw_uuid=c842ca48-ee24-4529-8afa-5d2f74bfe7d3&dsp_uuid=&dsp_id=
  • https://ads3.admatic.com.tr/user?bsw_uuid=c842ca48-ee24-4529-8afa-5d2f74bfe7d3&dsp_uuid=&dsp_id=
35 B
141 B
Image
General
Full URL
https://ads3.admatic.com.tr/user?bsw_uuid=c842ca48-ee24-4529-8afa-5d2f74bfe7d3&dsp_uuid=&dsp_id=
Protocol
H2
Server
188.132.147.228 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
static-228-147-132-188.sadecehosting.net
Software
AdMatic / AdMatic
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://cdn.admatic.com.tr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Thu, 27 Jan 2022 10:36:15 GMT
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
server
AdMatic
x-powered-by
AdMatic
etag
jFhp8NAgAXX18q4t9Q8weIy5TAZPlfFUDurx75xQfjbTL-riL2o88WGGaHR6CJ3puonsQm05Fw4zdcggoz_rNQ
content-type
image/gif
cache-control
no-cache
timing-allow-origin
*
content-length
35

Redirect headers

timing-allow-origin
*
date
Thu, 27 Jan 2022 10:36:15 GMT
location
https://ads3.admatic.com.tr/user?bsw_uuid=c842ca48-ee24-4529-8afa-5d2f74bfe7d3&dsp_uuid=&dsp_id=
x-powered-by
AdMatic
access-control-max-age
86400
access-control-allow-methods
GET, POST
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
https://cdn.admatic.com.tr
cache-control
no-cache
access-control-allow-credentials
true
content-type
text/html; charset=utf-8
access-control-allow-headers
Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
content-length
221
dc_oe=ChMInuOWld7R9QIVSaKzCh3_ZAdyEAAYACD5teBEQhMI_ZPRlN7R9QIVQ6ifCh2ETQ71;met=1;&timestamp=1643279775722;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame 06BC
42 B
108 B
Image
General
Full URL
https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMInuOWld7R9QIVSaKzCh3_ZAdyEAAYACD5teBEQhMI_ZPRlN7R9QIVQ6ifCh2ETQ71;met=1;&timestamp=1643279775722;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.72.98 -, , ASN (),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Thu, 27 Jan 2022 10:36:15 GMT
content-type
image/gif
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dc_oe=ChMImouXld7R9QIVdgWICR2ozAqoEAAYACD5teBEQhMI_pPRlN7R9QIVQ6ifCh2ETQ71;met=1;&timestamp=1643279775739;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame 9EA9
42 B
541 B
Image
General
Full URL
https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMImouXld7R9QIVdgWICR2ozAqoEAAYACD5teBEQhMI_pPRlN7R9QIVQ6ifCh2ETQ71;met=1;&timestamp=1643279775739;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.72.98 -, , ASN (),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Thu, 27 Jan 2022 10:36:15 GMT
content-type
image/gif
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dc_oe=ChMIvJuYld7R9QIV2QloCB0rEQONEAAYACCi7OJEQhMI_JPRlN7R9QIVQ6ifCh2ETQ71;met=1;&timestamp=1643279775774;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame 02E6
42 B
108 B
Image
General
Full URL
https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIvJuYld7R9QIV2QloCB0rEQONEAAYACCi7OJEQhMI_JPRlN7R9QIVQ6ifCh2ETQ71;met=1;&timestamp=1643279775774;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.72.98 -, , ASN (),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma
no-cache
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Thu, 27 Jan 2022 10:36:15 GMT
content-type
image/gif
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
id5-sync.com
URL
https://id5-sync.com/qp/18.gif?puid=vec%3A24784681701&sd=Y2FzY2FkZXNSZW1haW5pbmc9MiZjYXNjYWRlc0RvbmU9OCZpbml0aWF0aW5nUGFydG5lcj00MzQmZm9ybWF0PWdpZiY
Domain
ads.stickyadstv.com
URL
https://ads.stickyadstv.com/user-registering?dataProviderId=189&userId=3450203132156163805
Domain
cm.g.doubleclick.net
URL
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=Fs92_2RHRueoY92QyRsbMA&google_push=AYg5qPIjbwa7IrQCMWfLiZ1iSuV_mN-dmzgvaaE82QzWtoenFfRQ2eJpUODIGPetpaiCpKCKxbxLO5gRA4Aal_kNSUsLU0QH_XO-vuc1Ff5u2wTGpRDkF-LB6x2DUCg5w3lIaNXigG56Yv2c
Domain
cm.g.doubleclick.net
URL
https://cm.g.doubleclick.net/pixel?google_nid=unmatched_solutions_ltd&google_hm=QTg1NTA3MDczNjEzNDM2OTA0NDc&google_push=AYg5qPLYUyJKfMejvXaWStPQRkES9_Nv0ua0vKiGhDwdgqfALMj3yW_E9h_L3brqjvFBOid2KTBO4LIGPvNILac1Efavm_KEtlQR

Verdicts & Comments Add Verdict or Comment

371 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| 18 object| 19 function| gtag object| dataLayer function| $ function| jQuery object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| _Hasync function| setPagination object| Criteo number| bgcount function| changebg function| openNav function| closeNav object| criteo_syncframe_state object| googletag object| criteo_pubtag object| criteo_pubtag_118 object| Criteo_118 function| chfh function| chfh2 string| _HST_cntval object| Histats object| gaplugins object| gaGlobal object| gaData object| recaptcha object| nnads object| AdSlots object| _HistatsCounterGraphics_0_setValues object| a object| cv object| Tynt object| _dtspv object| lotame_3825 number| char object| __connect object| _33Across function| __uspapi boolean| enableSingleRequest function| generateAdSlot function| refreshAdSlots function| destroyAdSlots function| excludeAdSlots function| getAdSlotsInView function| getEmptyAdSlots function| getSlots object| pbjs function| lotameIsCompatible function| lt3825_ba function| lt3825_b undefined| lt3825_c undefined| lt3825_ca undefined| lt3825_da function| lt3825_ea object| lt3825_fa function| lt3825_ga function| lt3825_ha object| lt3825_ object| lt3825_6 function| lt3825_aa function| lt3825_a function| lt3825_d function| lt3825_e function| lt3825_f function| lt3825_g function| lt3825_h function| lt3825_i function| lt3825_j function| lt3825_ja function| lt3825_ia function| lt3825_k function| lt3825_l function| lt3825_ka function| lt3825_m function| lt3825_n function| lt3825_o function| lt3825_p function| lt3825_q function| lt3825_oa function| lt3825_la function| lt3825_ma function| lt3825_s function| lt3825_na function| lt3825_t function| lt3825_u function| lt3825_v function| lt3825_r function| lt3825_w function| lt3825_x function| lt3825_y function| lt3825_z function| lt3825_pa function| lt3825_A function| lt3825_B function| lt3825_qa function| lt3825_C function| lt3825_D function| lt3825_E function| lt3825_ra function| lt3825_G function| lt3825_H function| lt3825_F function| lt3825_sa function| lt3825_I function| lt3825_J function| lt3825_ta function| lt3825_ua function| lt3825_K function| lt3825_va function| lt3825_wa function| lt3825_xa function| lt3825_Ba function| lt3825_ya function| lt3825_za function| lt3825_Aa function| lt3825_Ca function| lt3825_Ea function| lt3825_Da function| lt3825_L function| lt3825_Fa function| lt3825_Ga function| lt3825_Ha function| lt3825_Ia function| lt3825_Ja function| lt3825_Ka function| lt3825_La function| lt3825_Ma function| lt3825_Na function| lt3825_M function| lt3825_N function| lt3825_O function| lt3825_P function| lt3825_Q function| lt3825_R function| lt3825_S function| lt3825_T function| lt3825_U function| lt3825_V function| lt3825_W function| lt3825_X function| lt3825_Y function| lt3825_Z function| lt3825__ function| lt3825_0 function| lt3825_2 function| lt3825_Oa function| lt3825_Qa function| lt3825_Pa function| lt3825_3 function| lt3825_Ra function| lt3825_1 function| lt3825_Sa function| lt3825_Ta function| lt3825_Ua function| lt3825_Va function| lt3825_Wa function| lt3825_Xa function| lt3825_4 function| lt3825_5 function| lt3825_Ya function| lt3825_Za function| lt3825__a function| lt3825_0a function| lt3825_1a function| lt3825_2a function| lt3825_3a function| lt3825_4a function| lt3825_5a function| lt3825_7 function| lt3825_8 function| lt3825_8a function| lt3825_9a function| lt3825_7a function| lt3825_6a function| lt3825_ab function| lt3825_$a function| lt3825_cb function| lt3825_bb function| lt3825_db function| lt3825_eb function| lt3825_fb function| lt3825_gb function| lt3825_hb function| lt3825_ib function| lt3825_kb function| lt3825_nb function| lt3825_mb function| lt3825_jb function| lt3825_qb function| lt3825_lb function| lt3825_ob function| lt3825_sb function| lt3825_rb function| lt3825_tb function| lt3825_pb function| lt3825_ub function| lt3825_vb function| lt3825_wb function| lt3825_9 function| lt3825_xb function| lt3825_yb function| lt3825_zb function| lt3825_Ab function| lt3825_Bb function| lt3825_$ function| lt3825_Cb function| lt3825_Db function| lt3825_Eb function| lt3825_Fb function| lt3825_Gb function| lt3825_Ib function| lt3825_Jb function| lt3825_Kb function| lt3825_Hb function| primisTriggerSPATag function| refreshLabels function| refreshBids function| refreshAllBids object| refreshAds function| refreshAdsClass function| pbjsChunk object| _pbjsGlobals object| ADAGIO object| ggeac object| google_js_reporting_queue boolean| gdprAppliesGlobally number| cmp_id string| cmp_params string| cmp_host string| cmp_cdn function| cmp_addFrame function| cmp_rc function| cmp_stub function| cmp_msghandler function| cmp_setStub function| __cmp function| __tcfapi object| permutive object| apstag undefined| google_measure_js_timing object| AdEvents function| bfaDestroy boolean| apstagLOADED object| __bt_tag_d object| __bt_intrnl object| __underground object| regeneratorRuntime object| pbstck object| pbstckQ object| Pubstack function| cmp_loadCS function| cmp_append_script function| cmp_append_script2 string| cmp_config_data_cs object| cmp_config_data object| cmp_scripts object| cmp_scripturls string| cmp_proto string| cmp_warn function| cmp_reader function| cmp_writer function| cmp_cs function| cmp_lang function| cmp_affiliatedomains function| cmp_purpose function| cmp_stack function| cmp_vendor function| cmp_utils function| cmp_storage function| cmp_api function| cmp_contentblocking function| cmp_behavior function| cmp_amp function| cmp_eventwrapper function| cmp_html function| cmp_wcagdialog function| cmp_display function| cmp_display_age function| cmp_display_background function| cmp_display_cookielist function| cmp_display_images function| cmp_display_langchoice function| cmp_display_policy function| cmpsource function| cmpmngr_queryfile string| cmpccsversionbuild number| cmpccsversion function| btoa2 function| atob2 function| cmp_loadconsole function| cmp_regulations function| cmp_getregulation function| cmp_getsupportedLangs function| cmp_getRTLLangs function| cmp_getlang function| cmp_getcss object| cmpmngr function| __cmapi object| cmp_timer function| cmp_svg_no function| cmp_svg_yes function| cmp_svg_yesorange function| cmp_svg_noorange function| cmp_svg_multi function| cmp_svg_nodisabled function| cmp_svg_yesdisabled number| cmpGDPR number| cmpCCPA string| cmpRegulation string| cmpConsentString string| cmpCurrentStatus string| cmpLastStatus string| cmpLastTCFStatus string| cmpVendorsConsent string| cmpCustomVendorsConsent string| cmpGoogleVendorsConsent string| cmpPurposesConsent string| cmpCustomPurposeConsent string| cmpConsentVendors string| cmpConsentPurposes string| cmpLIVendors string| cmpLIPurposes string| cmpIABUSP object| utag_data object| paramMatch object| viewPortSize object| debugIp object| debugId number| sekindoDisplayedPlacement function| constructsekindoParent502 object| sas object| apntag object| _ADAGIO boolean| sekindoFlowingPlayerOn object| googleToken object| googleIMState function| processGoogleToken number| google_unique_id object| GoogleGcLKhOms object| freewheelssp_cache number| google_global_correlator object| ampInaboxIframes object| ampInaboxPendingMessages object| closure_lm_836163 object| google_image_requests

335 Cookies

Domain/Path Name / Value
map.go.affec.tv/map/an Name: oo
Value: 1
.resetdigital.co/csync Name: ckbk
Value: 000000985FFA0FE8
.3lift.com/sync Name: sync
Value: CgoIgQIQ7Jvt2OkvCgoI4gEQ7Jvt2OkvCgoI5gEQ7Jvt2OkvCgoIhwIQ7Jvt2OkvCgkICRDsm-3Y6S8KCQg6EOyb7djpLwoJCAsQ7Jvt2OkvCgoIjAIQ7Jvt2OkvCgoIngIQ7Jvt2OkvCgkIXxDsm-3Y6S8=
.mrtnsvr.com/sync Name: userId
Value: Y_1yns54M
i.liadm.com/s Name: _li_ss
Value: MgkI_____wcQuREyBgiSARCqEQ
.dl-file.com/ Name: lang
Value: english
dl-file.com/ Name: _gvst
Value: 2
dl-file.com/ Name: HstCfa4533243
Value: 1643279761145
dl-file.com/ Name: HstCla4533243
Value: 1643279761145
dl-file.com/ Name: HstCmu4533243
Value: 1643279761145
dl-file.com/ Name: HstPn4533243
Value: 1
dl-file.com/ Name: HstPt4533243
Value: 1
dl-file.com/ Name: HstCnv4533243
Value: 1
dl-file.com/ Name: HstCns4533243
Value: 1
.dl-file.com/ Name: _ga
Value: GA1.2.1624041702.1643279761
.dl-file.com/ Name: _gid
Value: GA1.2.1379691550.1643279761
.dl-file.com/ Name: _gat_gtag_UA_75596034_1
Value: 1
.dtscout.com/ Name: m
Value: 1
.dtscout.com/ Name: b
Value: 1
.dtscout.com/ Name: st
Value: 1
.dtscout.com/ Name: oa
Value: 1
.dtscout.com/ Name: df
Value: 1643279761
.dtscout.com/ Name: l
Value: 4C301643279761416951F781EEC0871E
.dl-file.com/ Name: __dtsu
Value: 4C301643279761416951F781EEC0871E
.sharethis.com/ Name: __stid
Value: ZGoABWHydZEAAAAIMeZBAw==
.sharethis.com/ Name: __stidv
Value: 2
.dtscdn.com/ Name: uid
Value: 4C301643279761416951F781EEC0871E
.tynt.com/ Name: uid
Value: CoIKSWHydZGg9vowA0FsAg==
.tynt.com/ Name: pids
Value: %5B%7B%22p%22%3A%22fcb82aaae3%22%2C%22f%22%3A1%2C%22ts%22%3A1643279761569%7D%2C%7B%22p%22%3A%221d819f216e%22%2C%22f%22%3A1%2C%22ts%22%3A1643279761569%7D%2C%7B%22p%22%3A%224bbb341d17%22%2C%22f%22%3A1%2C%22ts%22%3A1643279761569%7D%2C%7B%22p%22%3A%22002f98d420%22%2C%22f%22%3A1%2C%22ts%22%3A1643279761569%7D%2C%7B%22p%22%3A%22d9fe068602%22%2C%22f%22%3A1%2C%22ts%22%3A1643279761569%7D%2C%7B%22p%22%3A%226361f7f203%22%2C%22f%22%3A1%2C%22ts%22%3A1643279761569%7D%2C%7B%22p%22%3A%22e32a9fc66e%22%2C%22f%22%3A1%2C%22ts%22%3A1643279761569%7D%5D
.onaudience.com/ Name: cookie
Value: 1bc82e6f133e95f9
.onaudience.com/ Name: done_redirects109
Value: 1
.t.sharethis.com/ Name: pxcelPage_default_c010_C
Value: 1_0_1643279761771
.tapad.com/ Name: TapAd_TS
Value: 1643279761796
.tapad.com/ Name: TapAd_DID
Value: d807e161-1268-48ea-b4cc-24025f67c8db
.exelator.com/ Name: EE
Value: "b4f2b14df122fcd774d406d6e8fdf8f2"
.adsrvr.org/ Name: TDID
Value: a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9
.go.affec.tv/ Name: ck
Value: 61f27591bea1e300012d9a96
.go.affec.tv/ Name: oo
Value: 1
.exelator.com/ Name: ud
Value: "eJxrXxzq6XKLQSHJJM0oydAkJc3QyCgtOcXc3CTFxMAsxSzVIi0lzSLNaHFZatGCpaXFqSlJh5ZU5JTkNK0uiw91jHdz9PX0iVzmnFGUn5u6AiwU5hq0yNJ8SX5RZvoiZ8fFRSlpDItKik8F7%252FftAwCvPiqZ"
.ml314.com/ Name: pi
Value: 3624714392487067690
.zeotap.com/ Name: zc
Value: bf8833df-0427-45d8-543c-55530debb000
.eyeota.net/ Name: mako_uid
Value: 17e9b1b4214-5d0b0000010a5d46
.eyeota.net/ Name: SERVERID
Value: 23878~DM
.adnxs.com/ Name: uuid2
Value: 8076697769768775013
.33across.com/ Name: 33x_ps
Value: u%3D118925965971079%3As1%3D1643279761712%3Ats%3D1643279761712
.crwdcntrl.net/ Name: _cc_dc
Value: 0
.crwdcntrl.net/ Name: _cc_id
Value: f298cfe6fb5a3a352a645b17c8f4641
.go.affec.tv/ Name: pt
Value: eyJhbiI6eyJkdCI6MTY0MzI3OTc2MiwiaWQiOiI4MDc2Njk3NzY5NzY4Nzc1MDEzIiwibHMiOjE2NDMyNzk3NjJ9LCJ0dCI6eyJkdCI6MTY0MzI3OTc2MSwiaWQiOiJDb0lLU1dIeWRaR2c5dm93QTBGc0FnPT0iLCJscyI6MTY0MzI3OTc2MX0sInYiOjB9|1643279762|e6a0f0149715af249067ad9259898a5928bd34cc
.krxd.net/ Name: _kuid_
Value: OoGGK-mt
.doubleclick.net/ Name: IDE
Value: AHWqTUkgzZITLeP6SjrZ8xl0t8tnR_ZFAMwhxT6DM9BwQRLbyyQ3K9asr3g50jL0xzs
.lijit.com/ Name: ljt_reader
Value: ea8da53a8382297d947cc829
.dl-file.com/ Name: permutive-id
Value: 8a0fcc96-4271-4120-b88c-3694eb446e79
.criteo.com/ Name: uid
Value: f095fa86-630b-46c9-a5e8-a56131072114
.primis.tech/ Name: csuuid
Value: 61f275927240c
.dl-file.com/ Name: _cc_id
Value: f298cfe6fb5a3a352a645b17c8f4641
.dl-file.com/ Name: panoramaId_expiry
Value: 1643366162468
.intentiq.com/ Name: IQver
Value: 1.9
.rqtrk.eu/ Name: browser_id
Value: 1:f144d061-d559-46d6-b751-a194e8b396c8
.truoptik.com/ Name: to_master_s
Value: 4d0691e82daf92e47b5f5eca908a6495
.truoptik.com/ Name: to_version_s
Value: b2
.liadm.com/ Name: lidid
Value: 97601ab4-a06e-40d4-ae26-b18337ccb6db
.simpli.fi/ Name: suid
Value: 40B9F463736C486D959A5DD2CDD1535E
.intentiq.com/ Name: intentIQ
Value: PyhM2rLAGW
.mathtag.com/ Name: uuid
Value: ae5661f2-7593-4600-a67e-b76a480711f0
.adsymptotic.com/ Name: U
Value: 3784fd3971cf773ccba62daea795a47c
.sitescout.com/ Name: ssi
Value: 97d4a6eb-c5a0-45bf-9f14-bc4cb64b87ff#1643279762784
.dl-file.com/ Name: cto_bundle
Value: FZGcuV9PT1hrVFVmWWsxUGp6Q3BwJTJGdU1LSk94Wnk4WnMlMkZpWmlLOUVpOXdPd2xPZEp2c1RZTXhwRnRBV2MwYVNWMnRjeEt5SEZNRE5GJTJCUVZOQmZkZUwxb2ZQUng3OE9zS0l0Q2hqVktLMlRqb2Nlalp1bGhIZmpxNXBoUExibTdhb21VNGM3a0g2dXZUWkRpbDlHdzVjbSUyQkFTUSUzRCUzRA
ads.avct.cloud/ Name: uuid
Value: 0c0728a9-d8ef-4ebe-8748-08595262fc4b
.intentiq.com/ Name: intentIQCDate
Value: 1643279762843
.agkn.com/ Name: ab
Value: 0001%3AALdkD0o63Z231qDcN9a8YaelCWtDhVL0
.bidswitch.net/ Name: tuuid
Value: c842ca48-ee24-4529-8afa-5d2f74bfe7d3
.bidswitch.net/ Name: c
Value: 1643279762
.rubiconproject.com/ Name: khaos
Value: KYWUCC1Q-A-1ZXB
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~YfJ1kgABr3rv_ABH
.demdex.net/ Name: demdex
Value: 74739629937459372872527991058192254433
global.ib-ibi.com/ Name: ASP.NET_SessionId
Value: dgxrauumzmpdvtfcq2whwauu
.openx.net/ Name: i
Value: 8853c859-ecb0-45c6-b397-517ab61de13c|1643279762
.c.cintnetworks.com/ Name: TiPMix
Value: 58.0307159377405
.c.cintnetworks.com/ Name: x-ms-routing-name
Value: self
.bidswitch.net/ Name: tuuid_lu
Value: 1643279763
.turn.com/ Name: uid
Value: 4331370182010635377
.quantserve.com/ Name: mc
Value: 61f27593-096cb-d9dc5-708cd
.spotxchange.com/ Name: audience
Value: ecee3721-7f5c-11ec-b664-12d4f2240203
dl-file.com/ Name: _pbjs_userid_consent_data
Value: 3524755945110770
.lijit.com/ Name: _ljtrtb_2
Value: 40B9F463736C486D959A5DD2CDD1535E
.3lift.com/ Name: tluid
Value: 3522455783818883563132
.tidaltv.com/ Name: tidal_ttid
Value: a53dad5f-a643-470a-abef-c3c91d7cc37f
.dpm.demdex.net/ Name: dpm
Value: 74739629937459372872527991058192254433
.casalemedia.com/ Name: CMID
Value: YfJ1k4fAXGcl1AX3NhIYCAAA
.casalemedia.com/ Name: CMPS
Value: 466
.lijit.com/ Name: _ljtrtb_5014
Value: 3784fd3971cf773ccba62daea795a47c
.casalemedia.com/ Name: CMPRO
Value: 119
.adstanding.com/ Name: _adstanding_id
Value: 0da4a144dfa05de443ae9e5bd7f6b02d
.pubmatic.com/ Name: KADUSERCOOKIE
Value: B09EB3C0-DC2F-4842-9351-62624B73CF07
.pubmatic.com/ Name: DPSync3
Value: 1644451200%3A201_197%7C1643846400%3A164%7C1643328000%3A174
.intentiq.com/ Name: ASDT
Value: 0
.intentiq.com/ Name: IQRubiconPrimisCookieSync
Value: 1643279763270
ads.us.e-planning.net/ Name: CT
Value: 1
.console.adtarget.com.tr/ Name: vmuid
Value: 7b95e55870966218
.console.adtarget.com.tr/ Name: a544989
Value: ${USER_ID}
.console.adtarget.com.tr/ Name: a306708
Value: ${USER_ID}
.console.adtarget.com.tr/ Name: a502624
Value: ${USER_ID}
.rlcdn.com/ Name: pxrc
Value: CJLryY8GEgUI6AcQABIFCOhHEAESBQjbThAA
.e-planning.net/ Name: E
Value: AIvLaQZZ2AqDaJmF
.pubmatic.com/ Name: KRTBCOOKIE_218
Value: 4056-YfJ1kgABr3rv_ABH&KRTB&22978-YfJ1kgABr3rv_ABH&KRTB&23194-YfJ1kgABr3rv_ABH&KRTB&23209-YfJ1kgABr3rv_ABH
.pubmatic.com/ Name: KRTBCOOKIE_27
Value: 16735-uid:ae5661f2-7593-4600-a67e-b76a480711f0&KRTB&16736-uid:ae5661f2-7593-4600-a67e-b76a480711f0&KRTB&23019-uid:ae5661f2-7593-4600-a67e-b76a480711f0&KRTB&23208-uid:ae5661f2-7593-4600-a67e-b76a480711f0
.pubmatic.com/ Name: KRTBCOOKIE_377
Value: 6810-a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9&KRTB&22918-a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9&KRTB&23031-a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9
.deepintent.com/ Name: CDIUSER
Value: di_f0acc10e2f354e23ac09d
.adgrx.com/ Name: ADGRX_UID
Value: ed229770-7f5c-11ec-b8cd-a176aed107ee
.owneriq.net/ Name: si
Value: Q6965661631600973261P
.owneriq.net/ Name: pmc
Value: 1
.bnmla.com/ Name: rx_sspurl_10738
Value: https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw%26piggybackCookie%3Df8d06313-9395-4c25-87ce-6f8ce6901e87
.bnmla.com/ Name: rx_uuid
Value: f8d06313-9395-4c25-87ce-6f8ce6901e87
.bnmla.com/ Name: rx_maxage_10738
Value: 1644575763
sync.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-42b25b48-8d64-4dd8-6357-2f670179e085.hNhhPDdY7iFc0jaELFOyhHyNcbYIDXgUuK8pqTXqJlc
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3A0-42b25b48-8d64-4dd8-6357-2f670179e085%24ip%24149.56.153.184.JKGzwmTmcm2uQMjD5c47HQGMuzjkl9Ltgls48LFCjn4
.yahoo.com/ Name: A3
Value: d=AQABBJN18mECEHj5z22GplMH3jZO5WZ2bRwFEgEBAQHH82H8YQAAAAAA_eMAAA&S=AQAAAvt3fnwGp5tNGYAjW0sABPg
.adgrx.com/ Name: ADGRX_CM_PUBMATIC_BRIDGED
Value: 1
.acuityplatform.com/ Name: auid
Value: 642939852354
.acuityplatform.com/ Name: aum
Value: "OikKAfqbdXNlck1hdGNoQnlVc2VyTWF0Y2hpbmdJZE1hcPqANvqNdXNlck1hdGNoaW5nSWTMkWxhc3REcm9wVGltZU1pbGxpcyUBPyZjND6emGxhc3RTdWNjZXNzZnVsTWF0Y2hNaWxsaXMlAT8mYzQ+no90aGlyZFBhcnR5VXNlcklkIfv7hnZlcnNpb27C+w=="
.w55c.net/ Name: wfivefivec
Value: vv14SpX61Nd28j5
.pubmatic.com/ Name: KRTBCOOKIE_1278
Value: 23329-a9a074dc-98b5-4181-8327-6aa57c315c4d
.pubmatic.com/ Name: KRTBCOOKIE_860
Value: 16335-QrJbSI1kTdhjVy9nAXnghZU4mbg
.ipredictive.com/ Name: cu
Value: ed29ef90-7f5c-11ec-8a96-67f41156c3d5|1643279763431
.pubmatic.com/ Name: KRTBCOOKIE_469
Value: 8273-642939852354
.pubmatic.com/ Name: KRTBCOOKIE_1003
Value: 22761-ed229770-7f5c-11ec-b8cd-a176aed107ee
ib.mookie1.com/ Name: ASP.NET_SessionId
Value: ufgz2u2wqzcf1c22zpsejocs
.ib.mookie1.com/ Name: ibkukiuno
Value: s=cca32f42-1e2f-4fe0-ad09-3d2dcf4b7053&h=&v=7619132178&l=-8585583271220902682&op=&hl=0&vlu=3&tcs=1&dcc=-8585583271220902682
.ib.mookie1.com/ Name: ibkukinet
Value: 2503514552=-8585583271220902682
.w55c.net/ Name: matchpubmatic
Value: 5
beacon.lynx.cognitivlabs.com/ Name: UID
Value: 3c02446a-e065-476e-b8c7-6b0dc5c40a95
.bidr.io/ Name: bito
Value: AAD_kE7D5OsAAEZmLcoSJg
.bidr.io/ Name: bitoIsSecure
Value: ok
.admixer.net/ Name: am-uid
Value: 60a09d9a6c55480d8ef596ea357329d2
.pippio.com/ Name: did
Value: lcN3xTlK2Mxuu5my
.pippio.com/ Name: didts
Value: 1643279763
.pippio.com/ Name: nnls
Value:
.adform.net/ Name: C
Value: 1
.pubmatic.com/ Name: KRTBCOOKIE_107
Value: 1471-uid:vv14SpX61Nd28j5
.pubmatic.com/ Name: KRTBCOOKIE_286
Value: 5193-Q6965661631600973261&KRTB&22521-Q6965661631600973261
.bnmla.com/ Name: rx_sspid_10738
Value: 170
.adform.net/ Name: uid
Value: 3450203132156163805
.inmobi.com/ Name: idsp_c
Value: 94084a27-cd62-4568-8595-1c9383506ae6
.pubmatic.com/ Name: KRTBCOOKIE_279
Value: 22890-ed29ef90-7f5c-11ec-8a96-67f41156c3d5&KRTB&23011-ed29ef90-7f5c-11ec-8a96-67f41156c3d5
.pubmatic.com/ Name: pi
Value: 0:3
.creativecdn.com/ Name: u
Value: ZugxgMfMSiDFdMdGSo7L
.creativecdn.com/ Name: ts
Value: 1643279763
.intentiq.com/ Name: IQPubmaticCookieSync
Value: 1643279763522
ads.playground.xyz/ Name: connect.sid
Value: s%3AOYpScAbAhGLfW0QVao3xwzLouIVxtSyO.51zTK%2Fit8Rg5zYj1VxXVbIpiw%2BpfZqJl%2B0b178OtUSQ
.pubmatic.com/ Name: KRTBCOOKIE_391
Value: 22924-3450203132156163805&KRTB&23263-3450203132156163805
.tribalfusion.com/ Name: ANON_ID
Value: aXnseFOZb3VhUEjUAvMif9qCaQECncFMnS2vsmhgsNnI7r94av2ZdUodxlS7k3TppqVAnmQ7Tj7K0IPBlaGur7
.zeotap.com/ Name: zsc
Value: _%00%BEBx%B5%C9%2CZm%3F%1C%9E%D4%A5%E6%EC%25%8Eb%E3%2BG~%EE%3F%02%19%2A%97%0A%9F%95%E3T%05%FA%8ED%BE%22%C9%EF%F6F%0803%3E%EBsL%A3%A3O5Y%06u%B6%EC4%A9%88e%A9%02%E8%93%AE%0B%B4%E6K%D4%D9%F5P%24%A2%AD%9B%B7%87i%7F%E5%1B%E0%C2%18%12%BAf%88%D7d%8A%13%E6%E2p%16%15D%08%8At%B4%15%EE%A3%25%87%EB3l2L%BA%E6l%9D%1E%8A%23%D1%8A%D9%228%09%13%FBe%A6%96%A7%8E7%BDu%9D%83%D8%90TS%13%12%87%ADv%BD%AC
.pubmatic.com/ Name: KRTBCOOKIE_57
Value: 22776-8076697769768775013&KRTB&23339-8076697769768775013
.pubmatic.com/ Name: KRTBCOOKIE_188
Value: 3189-97d4a6eb-c5a0-45bf-9f14-bc4cb64b87ff-61f27592-4341
.pubmatic.com/ Name: KRTBCOOKIE_148
Value: 19421-uid:40B9F463736C486D959A5DD2CDD1535E
.pubmatic.com/ Name: KRTBCOOKIE_153
Value: 1923-a-OvoWrn8KBw4vClPrDk92S2qqZw5fmrPrZ5UFSh&KRTB&19420-a-OvoWrn8KBw4vClPrDk92S2qqZw5fmrPrZ5UFSh&KRTB&22979-a-OvoWrn8KBw4vClPrDk92S2qqZw5fmrPrZ5UFSh
.pubmatic.com/ Name: KRTBCOOKIE_1233
Value: 23223-94084a27-cd62-4568-8595-1c9383506ae6&KRTB&23266-94084a27-cd62-4568-8595-1c9383506ae6&KRTB&23285-94084a27-cd62-4568-8595-1c9383506ae6
.technoratimedia.com/ Name: tads_uid_cd
Value: 20220127053603-0500
.technoratimedia.com/ Name: tads_zora
Value: 2
.technoratimedia.com/ Name: tads_uid
Value: EFF50E357C0A478D8EEC03F6818642C3
.technoratimedia.com/ Name: tads_uidp_73
Value: AAD_kE7D5OsAAEZmLcoSJg
.pubmatic.com/ Name: KRTBCOOKIE_32
Value: 11175-AAADLZgTBhVIdANrckugAAAAAAA&KRTB&22713-AAADLZgTBhVIdANrckugAAAAAAA&KRTB&22715-AAADLZgTBhVIdANrckugAAAAAAA
.pubmatic.com/ Name: KRTBCOOKIE_1199
Value: 23175-000000985FFA0FE8
.pubmatic.com/ Name: KRTBCOOKIE_52
Value: 22772-R1B330_EA58DD1C_C4F741B&KRTB&23092-R1B330_EA58DD1C_C4F741B
.pubmatic.com/ Name: KRTBCOOKIE_466
Value: 16530-c842ca48-ee24-4529-8afa-5d2f74bfe7d3
.emxdgt.com/ Name: uid
Value: 64351643279763639134b5
.pubmatic.com/ Name: SyncRTB3
Value: 1643673600%3A216%7C1644537600%3A35%7C1645833600%3A224%7C1643846400%3A38_15_223_2%7C1644451200%3A54_56_21_8_233_220_176_57_5_81_104_3_240_189_71_13_7_165_166_178_55_239_22_231_204_48%7C1644105600%3A63
.console.adtarget.com.tr/ Name: a307080
Value: ZugxgMfMSiDFdMdGSo7L
.intentiq.com/ Name: IQAppnexusCookieSync
Value: 1643279763654
.pippio.com/ Name: pxrc
Value: CJPryY8GEgQIAhAAEgYI7OsBEAA=
.pubmatic.com/ Name: KRTBCOOKIE_308
Value: 22925-f8d06313-9395-4c25-87ce-6f8ce6901e87
.go.sonobi.com/ Name: __uis
Value: 161ebbbc-52fa-4dfd-9dd6-69f8615e9eb5
.intentiq.com/ Name: IQOpenxPrimisCookieSync
Value: 1643279763721
.pubmatic.com/ Name: KRTBCOOKIE_22
Value: 14911-4331370182010635377
.pubmatic.com/ Name: PugT
Value: 1643279763
.pubmatic.com/ Name: KRTBCOOKIE_699
Value: 22727-AAD_kE7D5OsAAEZmLcoSJg
.emxdgt.com/ Name: apn_id
Value: 8076697769768775013
.console.adtarget.com.tr/ Name: a307442
Value: AIvLaQZZ2AqDaJmF
.pubmatic.com/ Name: chkChromeAb67Sec
Value: 9
.linksynergy.com/ Name: rmuid
Value: 4c2c312e-e822-455d-a6bd-696ed236160a
.linksynergy.com/ Name: icts
Value: 2022-01-27T10:36:03Z
.intentiq.com/ Name: IQSpotXPrimisCookieSync
Value: 1643279763799
.adscale.de/ Name: uu
Value: 4a3494f4b38c4774a1502e08cfec66ee
.mookie1.com/ Name: id
Value: 10595703288584715056
.mookie1.com/ Name: mdata
Value: 1|10595703288584715056|1643279763840
.mookie1.com/ Name: ov
Value: 10fd1c03f986a5db217380d3d89478a1
ads.stickyadstv.com/ Name: UID
Value: 291176a43186b0efa326df3d4194d68
.quantumdex.io/ Name: uid
Value: 05f15c8f-9222-46d4-a74c-8888796eaf30
.pubmatic.com/ Name: PUBMDCID
Value: 2
.intentiq.com/ Name: IQMediaMathCookieSync
Value: 1643279763867
.tidaltv.com/ Name: sync-his
Value: H4sIAAAAAAAAADM0NjA0sDK0MNI1NDQAADu04okNAAAA
.adsby.bidtheatre.com/ Name: __kuid
Value: acc014df-3d8c-451a-8877-463a39727408.412493763
.weborama.fr/ Name: AFFICHE_W
Value: CYdgWw-EdhAJ34
.amazon-adsystem.com/ Name: ad-id
Value: A35jtkxk-E8qm9Mfca2ejWQ
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.fwmrm.net/ Name: _uid
Value: "o24fe_7057832840264562917"
.lijit.com/ Name: ljtrtb
Value: eJwNyrsVgCAMAMBdUlsA%2BRE7JbpHBFnC5%2B569T1QYAVKu50kqCiNqrixbexemntm5AMW4JTpn6iV5kDT3Kcq9n6FlBF3qHGQdng%2FBzwUEw%3D%3D
.lijit.com/ Name: _ljtrtb_8101
Value: PyhM2rLAGW
.richaudience.com/ Name: pdid
Value: 67b29881-9cab-4fec-a3ec-1zz1643279763
.console.adtarget.com.tr/ Name: a307565
Value: 4a3494f4b38c4774a1502e08cfec66ee
.betweendigital.com/ Name: dc
Value: was1
.betweendigital.com/ Name: tuuid
Value: c88b4441-6d17-531b-897e-6e78e88c1bec
.betweendigital.com/ Name: ss
Value: 1
.go.sonobi.com/ Name: __uqc
Value: 1
.go.sonobi.com/ Name: __uir_td
Value: 1
.go.sonobi.com/ Name: __uir_mm
Value: 1
.go.sonobi.com/ Name: __uir_bw
Value: 1
.go.sonobi.com/ Name: __uir_zt
Value: 1
.go.sonobi.com/ Name: __uir_pp
Value: 1
.go.sonobi.com/ Name: __uin_tp
Value: 1
.go.sonobi.com/ Name: __uir_tp
Value: 1
.go.sonobi.com/ Name: __uin_i5
Value: 1
.go.sonobi.com/ Name: __uir_i5
Value: 1
.go.sonobi.com/ Name: __uin_iq
Value: 1
.go.sonobi.com/ Name: __uir_iq
Value: 1
.go.sonobi.com/ Name: __uir_eb
Value: 1
.intentiq.com/ Name: IQSovernCookieSync
Value: 1643279764050
.intentiq.com/ Name: IQadv
Value: 1643279764050
.smartadserver.com/ Name: TestIfCookieP
Value: ok
.smartadserver.com/ Name: pbw
Value: %24b%3d16970%3b%24o%3d11100
.sharethrough.com/ Name: stx_user_id
Value: ae19c55d-8c27-4ec5-a31c-b78feddde6ff
.betweendigital.com/ Name: ut
Value: YfJ1lAABbzAf7CfjD7US9MKPycKDwPtTgzva9A==
.rlcdn.com/ Name: rlas3
Value: Ua6bVl1sqpBbprzNh4/abXjKP99MiD6WJcTIsS6VZQQ=
.adfarm1.adition.com/ Name: UserID1
Value: 7057832844559251595
.1rx.io/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-a90002de-8bb6-4b1f-b058-c4573ef93963-005%22%7D
.smartadserver.com/ Name: pid
Value: 5628564532996906156
.smartadserver.com/ Name: pdomid
Value: 9
.sitescout.com/ Name: _ssuma
Value: eyI0NSI6MTY0MzI3OTc2MzMyOSwiMjQiOjE2NDMyNzk3NjQyMDIsIjMiOjE2NDMyNzk3NjQyMDIsIjQiOjE2NDMyNzk3NjM2MDksIjM5IjoxNjQzMjc5NzYzNjA5LCI3IjoxNjQzMjc5NzYyODIwfQ
.intentiq.com/ Name: IQSonobiCookieSync
Value: 1643279764221
.go.sonobi.com/ Name: __uin_td
Value: a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9
.go.sonobi.com/ Name: __uin_mm
Value: ae5661f2-7593-4600-a67e-b76a480711f0
.rfihub.com/ Name: ruds
Value: H4sIAAAAAAAAAOMSsjQ3MDY0MTOyMDOyNDQ3NDa3EOIz1PWMTIoqKStxzEjLNQAA72kRNCQAAAA
.rfihub.com/ Name: eud
Value: H4sIAAAAAAAAAFslymtoZmJsZG5pbmZiZG4EALoXBSwQAAAA
.rfihub.com/ Name: rud
Value: H4sIAAAAAAAAAOMSsjQ3MDY0MTOyMDOyNDQ3NDa3EOIz1PWMTIoqKStxzEjLNZDiNTQzMTYytzQ3MzEyNwIAuMSQ-DMAAAA
.go.sonobi.com/ Name: __uin_eb
Value: CAESEGBUyAhjXA6y82w_3sKekK0||1
.targeting.unrulymedia.com/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-a90002de-8bb6-4b1f-b058-c4573ef93963-005%22%7D
.contextweb.com/ Name: V
Value: kTygETMkxOsS
bh.contextweb.com/ Name: INGRESSCOOKIE
Value: 032863f55a5f3c52
.bttrack.com/ Name: GLOBALID
Value: 2uKlc8-sIBd987FnJ33EY5l_AY8CX1X9dXc4nQkzILtyPz5ucIjGqYRMZBuq4YpTImr2UgM3XJQC4TM1
.ads3.admatic.com.tr/ Name: ARRAffinity
Value: a3afa4c7d8a1717c24f9e5c055497ba8e77c70734474352b729f4d8ad64748ce
.tapad.com/ Name: TapAd_3WAY_SYNCS
Value: 1!658-2!658-3!658-6!658
.go.sonobi.com/ Name: __uin_zt
Value: 970314628629171378
.go.sonobi.com/ Name: HAPLB8S
Value: s8526|YfJ1l
.intentiq.com/ Name: IQTremorCookieSync
Value: 1643279764351
.go.sonobi.com/ Name: __uin_bw
Value: c842ca48-ee24-4529-8afa-5d2f74bfe7d3
.contextweb.com/ Name: pb_rtb_ev
Value: 3-1bu5|7LJ.0.161ebbbc-52fa-4dfd-9dd6-69f8615e9eb5|4is.0.CAESEGAzRHK7FY-PzqDnebGUt0w
.go.sonobi.com/ Name: __uin_pp
Value: kTygETMkxOsS
.intentiq.com/ Name: IQRubiconCookieSync
Value: 1643279764452
.intentiq.com/ Name: IQTripleLiftCookieSync
Value: 1643279764452
.intentiq.com/ Name: CSDT
Value: UEQ6MTUxMjBfMCZTdmlFUUJMIzEwMjExXzAmU3ZpRVFLRiMxNTA0NF8wJlN2aUVRTHMjMjNfMCZTdmlFUUZPIzI0XzAmU3ZpRVE2cyMxNTEzMV8wJlN2aUVRM3MjMTAxMzlfMCZTdmlFUTkwIzE1MTE1XzAmU3ZpRVFBNSMxMDE0MF8wJlN2aUVRQ1IjMTUxMTlfMCZTdmlFUTJv
.intentiq.com/ Name: IQPData
Value: 2503514552#1643279764451#0#1643279763265
.dyntrk.com/ Name: dyn_u
Value: 03030001_61f2759466c92
.console.adtarget.com.tr/ Name: a314221
Value: jDsRL5En_r3SG1bHCq7TlskdQ2kW3L2mh1I7B8uBy5MuG7FfODV3egpf7MpZADrAY8aW-TK-vw3a5jOEkTUULA
.rubiconproject.com/ Name: audit
Value: 1|/LdxJmr+MGO3WbGHvOg0OOViMU8jVdgjMgDcwZ45PG/WaDs14xzbSGlrKMgemksQmHZx/NPgx5PyUhTWCqUS/D1eMj+H8dOHqx2+P+FnCtZsBKQyXmpckWcoB4Ejx1h3J/sJI8kkbC46la8EbO2o1X2NFdeBSG8D3LANzchc6Qe3EU1ox3HlVA==
.id5-sync.com/ Name: callback
Value:
.dl-file.com/ Name: __gads
Value: ID=ccc26834f13feb65:T=1643279763:S=ALNI_MYGs94k2eBDjNrPy-3gUCftsVfnbA
.ibillboard.com/ Name: ibbid
Value: BBID-01-03179937647534265-16510104
.t.sharethis.com/ Name: pxcelBcnLcy
Value: 60
.admatic.com.tr/ Name: __adm_ui
Value: qyWNnC4FQBieyMK843jNZyJHo2yciTqn1pHF2U8H7Lc4py9PQ6HUaEwhg8r4qISfyoEwRbX5ZILom3_U1XMXtA
dl-file.com/ Name: pbjs-unifiedid
Value: %7B%22TDID%22%3A%22a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9%22%2C%22TDID_LOOKUP%22%3A%22TRUE%22%2C%22TDID_CREATED_AT%22%3A%222021-12-27T10%3A36%3A04%22%7D
dl-file.com/ Name: pbjs-unifiedid_last
Value: Thu%2C%2027%20Jan%202022%2010%3A36%3A04%20GMT
ads.stickyadstv.com/ Name: sessionId
Value: f48f287b8f1ef2ecaf4886dccc32bf60
.id5-sync.com/ Name: id5
Value: 51896772-3707-45df-9a35-028ad967f391#1643279764954#1
.adnxs.com/ Name: anj
Value: dTM7k!M41.D>6NRF']wIg2GVKlBw(q!]tcF8i_iqf!oN/@E'zz<*Z0Qx(F$b_<Gf'[o%#IXGhFe`#zD$YMbx<^BApz<QG=%9sk@3@'s>T48%I/
.advertising.com/ Name: APID
Value: UPee1e8926-7f5c-11ec-88c4-0ab41587ebe7
.teads.tv/ Name: tt_viewer
Value: d3dcc871-005c-4431-85df-02c90331da28
.id5-sync.com/ Name: cf
Value:
.id5-sync.com/ Name: cip
Value:
.id5-sync.com/ Name: cnac
Value:
.id5-sync.com/ Name: car
Value:
.id5-sync.com/ Name: gdpr
Value:
.yahoo.com/ Name: APID
Value: UPee1e8926-7f5c-11ec-88c4-0ab41587ebe7
.yahoo.com/ Name: APIDTS
Value: 1643279765
ads.stickyadstv.com/ Name: uid-bp-36033
Value: o24fe_7057832840264562917
ads.stickyadstv.com/ Name: MRM_UID
Value: o24fe_7057832840264562917
.bing.com/ Name: MUID
Value: 2208E344ADD56FB92B7AF27DACFF6E55
.c.bing.com/ Name: MR
Value: 0
.zemanta.com/ Name: zuid
Value: oVsUmNgT0LhHi9MYDApD
.pubmatic.com/ Name: SPugT
Value: 1643272630
.linkedin.com/ Name: li_sugr
Value: 58300170-245d-47b4-ad2b-bcbd2fd95a74
.ads.linkedin.com/ Name: lang
Value: v=2&lang=en-us
.linkedin.com/ Name: bcookie
Value: "v=2&9853ab1a-9b54-49ae-8c09-3f7b0c9ddad8"
.linkedin.com/ Name: lidc
Value: "b=TGST01:s=T:r=T:a=T:p=T:g=2742:u=1:x=1:i=1643279765:t=1643366165:v=2:sig=AQElKt8gG4vEyPpF84N4YEpY7dI6kOzt"
ads.stickyadstv.com/ Name: uid-bp-159
Value: CAESEIq-lr5_rTGrJlZit6LAqSc
dl-file.com/ Name: cto_bundle
Value: aw4SqV9PT1hrVFVmWWsxUGp6Q3BwJTJGdU1LSkZrbXQ0ejh5MTd2ZG96YkVVVUhZSmJ1OGVjZzRnUTFZck5wSGRPcGtaZnV6ZDFuVkx0QW9mVW5oNlR5a0VEWDRHd2pIeHlxNFNHJTJCR1l3M2xTcSUyQmNnSmx1WWFTZnZLdFAlMkZCZTRBNmZhclhBc1l6Q1NIUkVVZjdVc3N4eHpPM0x2USUzRCUzRA
dl-file.com/ Name: cto_bidid
Value: Aim8ZF82UEZReUVYUjRkQTZsWmJyVHpKSnFmZ29VREJkRVFjNHppZFZoOE5uWnJiZUF1MENqT09mM3RQcnExSER4RSUyQmp5VnllY0t5eFJPOEIxalhYOHBUYlpPdmE4dWFpdnR1QnBxU3dVbDQwampNJTNE
.smadex.com/ Name: smxtrack
Value: e4b40a9c-b3b4-45ad-a359-64731c063052
.adsrvr.org/ Name: TDCPM
Value: CAESFAoFdGFwYWQSCwjo0bWM2-KwOhAFEhcKCHB1Ym1hdGljEgsImpHDmtvisDoQBRIVCgZjYXNhbGUSCwjappye2-KwOhAFEhYKB3J1Ymljb24SCwjA-tqg2-KwOhAFEhYKB3N2eDl0NTASCwiUl7Gs2-KwOhAFEhgKCWJpZHN3aXRjaBILCLa-ha_b4rA6EAUYASABKAIyCwjY2frc8eKwOhAFOAFaCXN0aWNreWFkc2AC
.mathtag.com/ Name: mt_mop
Value: 9:1643279764|4:1643279765
beacon.lynx.cognitivlabs.com/ Name: ss
Value: Hr4RvzABJJ%2BfLig8iwfFEksKwouQMihdF5AYGXnaoN8YBG35hk66G6ESmVrfGx33N%2FiHqnvQpNQJnTBjfHn9Zq9kqxYQS8Bu6MDK%2BoZmV6w%3D
fksnk.com/ Name: AWSALBCORS
Value: JAnvMsn6/WJJvXKMBb50XeN+XDWBoh1PJubNFwZXFMlg/M9QlmpygDZ3noeCKq+SHgHXuWY7Mj9d4ZsuEwlS0cyKbF4tFpB9si/kUw4DqFV4PY++F7NZUvJ8qQG+
.fksnk.com/ Name: f_001
Value: 86029993747ABAB0
.fksnk.com/ Name: g_001
Value: 1
.ctnsnet.com/ Name: cid_452df33f9df341f7a40c9370498445d0
Value: 1
.owneriq.net/ Name: p2
Value: gguuid
.owneriq.net/ Name: gguuid
Value: 1
ads.stickyadstv.com/ Name: uid-bp-892
Value: a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9
.analytics.yahoo.com/ Name: IDSYNC
Value: "18z8~22wa:175w~22wa:192w~22wa:1769~22wa:1776~22wa:187s~22wa:18yx~22wa"
.360yield.com/ Name: tuuid
Value: 16cf76ff-6447-46e7-a863-dd90c91b1b30
.360yield.com/ Name: tuuid_lu
Value: 1643279765
a.clickcertain.com/ Name: _ccpx_u
Value: 5c178c8e%2db9ee%2d4d6b%2da60d%2d6cab3978d124
.quantserve.com/ Name: d
Value: EPEBEgGmJfijC_vLEA
.eqads.com/ Name: EQUser
Value: UID=b558985a-6ce2-4141-a6ec-eebbd6308878
.ads4.admatic.com.tr/ Name: ARRAffinity
Value: 246c22416533f7fb8911ae5cc1b92b8cd91dfd60009d60c5da315963493dc92b
.mxptint.net/ Name: mxpim
Value: R1B330_EA58DD1C_C4F741B.1.61F275950000000061F27593
ads.stickyadstv.com/ Name: uid-bp-717
Value: y-tFVNkfBE2oPuil2ByJR.5h5aqrDWC9hAB_awH1mc~A
.dotomi.com/ Name: DotomiTest
Value: 12394d381ea608f0
.adkernel.com/ Name: ADKUID
Value: A8550707361343690447
.torchad.com/ Name: ADK_EX_309
Value: 1
.torchad.com/ Name: ADKUID
Value: A8550707361343690447
.brand-display.com/ Name: _knxq_
Value: b4341328-7fd7-d81d-2845065f.1643279765.0.1643279765.1643279765
.casalemedia.com/ Name: CMST
Value: YfJ1k2HydZYA
ads.stickyadstv.com/ Name: uid-bp-951
Value: 8076697769768775013
.casalemedia.com/ Name: CMRUM3
Value: 5a61f27595276040B9F463736C486D959A5DD2CDD1535E&8261f27593a8c0&c461f27594276003030001_61f2759466c92&0861f2759427603c02446a-e065-476e-b8c7-6b0dc5c40a95&2861f275962760b558985a-6ce2-4141-a6ec-eebbd6308878&4161f2759505a0&9c61f2759405a0&ce61f2759305a0&bc61f2759505a0&2d61f275952760CAESENl89Nifbqkoww5OOn8oRSY&2761f275930b40&5861f2759405a0&2e61f2759427608076697769768775013&0461f2759505a0&e661f275932760&5161f2759505a0&0361f2759505a0&be61f2759327608076697769768775013&0561f2759305a00&4961f2759405a0&f161f2759305a0&bf61f275960001b4341328-7fd7-d81d-2845065f&4061f27594276097d4a6eb-c5a0-45bf-9f14-bc4cb64b87ff-61f27592-4341
ads.stickyadstv.com/ Name: uid-bp-529
Value: ae5661f2-7593-4600-a67e-b76a480711f0
.w55c.net/ Name: matchfreewheel
Value: 5
ads.stickyadstv.com/ Name: uid-bp-23329
Value: vv14SpX61Nd28j5
ads.stickyadstv.com/ Name: uid-bp-45
Value: YfJ1kgABr3rv_ABH
ads.stickyadstv.com/ Name: uid-bp-26913
Value: AAD_kE7D5OsAAEZmLcoSJg
ads.stickyadstv.com/ Name: uid-bp-617
Value: 3450203132156163805
.mediarithmics.com/ Name: mics_vid
Value: 24784681701
.mediarithmics.com/ Name: mics_uaid
Value: web:1:41355d42-f17f-41d5-ba6d-dfed89142b75
.mediarithmics.com/ Name: mics_lts
Value: 1643279766728
.id5-sync.com/ Name: 3pi
Value: 434#1643279764578#-1940474158|2#1643279764751#1778456185#8076697769768775013|18#1643279766856#-399505228|3#1643279764924#1115393448#ae5661f2-7593-4600-a67e-b76a480711f0|264#1643279765254#570020617#a9d2dfbb-2d9d-449c-8bdb-43b23ead44a9|136#1643279766057#523805086|108#1643279765771#145163318|429#1643279765554#-1678356483
.crwdcntrl.net/ Name: _cc_cc
Value: "ACZ4XmOQTzOytEhOSzVLSzJNNE40NjVKNDMxTTI0T7ZIMzEzMWQAgsRPpdP%2B%2FP%2F%2Fnx%2FEAQP%2BzfP2aTF%2BlGX4z8jIcHzTFBZmCHt7PUjkAxNYfNOfQmzCzxbPYWFCUXju6CFmbCp377ssgE38Q8N9ASaIhVCrDgPNxKZy9fqn3NjEJ59Qxyb8bgl2Y3qxK9%2F50RKbKTOuXdLBJn7p1CM2WJgBAFaggAQ%3D"
.crwdcntrl.net/ Name: _cc_aud
Value: "ABR4XmNgYGBI%2FFQ6DUhBACsDw6JWMJNrBpgSZAdTxnNBJOPDeiAJALfyBnY%3D"
.adgrx.com/ Name: ADGRX_CM_LOTAME_BRIDGED
Value: 1
.w55c.net/ Name: matchlotame
Value: 5
.adscale.de/ Name: cct
Value: 1643279767000
.audrte.com/ Name: arcki2
Value: 8dfOTNl12jiSUGOvzUx3lxk7Q!20210804!1643279766968
.surveywall-api.survata.com/ Name: svResp
Value: 09e2ffd2-fcd8-b831-38ba-667be3ca5278
.m6r.eu/ Name: test
Value: true
.m6r.eu/ Name: cct
Value: 1643279767753
.m6r.eu/ Name: id
Value: 4646c54dea09729b49cbdd16934e7bdf
.ih.adscale.de/ Name: tu
Value: 4#4265528599#48~4646c54dea09729b49cbdd16934e7bdf~456466~0~0#101~BBID-01-03179937647534265-16510104~456466~0~0#38~CAESEAXJpR-r_xPRLil-2qhwYn0~456466~0~0#39~ae5661f2-7593-4600-a67e-b76a480711f0~456466~0~0#40~f095fa86-630b-46c9-a5e8-a56131072114~456466~0~0#42~3450203132156163805~456466~0~0#75~8076697769768775013~456466~0~0#63~YfJ1k4fAXGcl1AX3NhIYCAAA&119~456466~0~0

10 Console Messages

Source Level URL
Text
network error URL: https://sync.crwdcntrl.net/map/c=10492/tp=AVCT/tpid=0c0728a9-d8ef-4ebe-8748-08595262fc4b
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEDcASlNj9LjEWEWrsWick5c&google_cver=1
Message:
Failed to load resource: the server responded with a status of 502 ()
network error URL: https://ib.adnxs.com/getuid?https://mwzeom.zeotap.com/mw?adnxs_uid=$UID&zpartnerid=2&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361
Message:
Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)
network error URL: https://dmp.adform.net/serving/cookie/match/?party=1105&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://tags.bluekai.com/site/87734?id=bf8833df-0427-45d8-543c-55530debb000&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1202%26env%3DmWeb%26cid%3D%24_BK_UUID%26BK_SWAP_DEST%3D87734&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=bf8833df-0427-45d8-543c-55530debb000&reqId=e1d19b4a-b394-4c6f-4490-0df57c0a8958&zdid=1361
Message:
Failed to load resource: the server responded with a status of 400 (Bad Request)
network error URL: https://eb2.3lift.com/xuidmid=7976&xuid=Y_1yns54M&dongle=u6nf
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://ads.stickyadstv.com/user-registering?dataProviderId=189&userId=3450203132156163805
Message:
Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network error URL: https://id5-sync.com/qp/18.gif?puid=vec%3A24784681701&sd=Y2FzY2FkZXNSZW1haW5pbmc9MiZjYXNjYWRlc0RvbmU9OCZpbml0aWF0aW5nUGFydG5lcj00MzQmZm9ybWF0PWdpZiY
Message:
Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network error URL: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=Fs92_2RHRueoY92QyRsbMA&google_push=AYg5qPIjbwa7IrQCMWfLiZ1iSuV_mN-dmzgvaaE82QzWtoenFfRQ2eJpUODIGPetpaiCpKCKxbxLO5gRA4Aal_kNSUsLU0QH_XO-vuc1Ff5u2wTGpRDkF-LB6x2DUCg5w3lIaNXigG56Yv2c
Message:
Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network error URL: https://cm.g.doubleclick.net/pixel?google_nid=unmatched_solutions_ltd&google_hm=QTg1NTA3MDczNjEzNDM2OTA0NDc&google_push=AYg5qPLYUyJKfMejvXaWStPQRkES9_Nv0ua0vKiGhDwdgqfALMj3yW_E9h_L3brqjvFBOid2KTBO4LIGPvNILac1Efavm_KEtlQR
Message:
Failed to load resource: net::ERR_TOO_MANY_REDIRECTS

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

00917082-71e9-498e-8343-00c3df06b798.edge.permutive.app
00917082-71e9-498e-8343-00c3df06b798.prmutv.co
a.audrte.com
a.clickcertain.com
a.dtssrv.com
a.tribalfusion.com
aa.agkn.com
ad.mrtnsvr.com
ad.turn.com
ad4m.at
ade.googlesyndication.com
ads.adaptv.advertising.com
ads.avct.cloud
ads.avocet.io
ads.betweendigital.com
ads.playground.xyz
ads.pubmatic.com
ads.stickyadstv.com
ads.us.e-planning.net
ads.yahoo.com
ads3.admatic.com.tr
ads4.admatic.com.tr
adscale-emea.adnxs.com
adservice.google.com
aep.mxptint.net
ap.lijit.com
api.btloader.com
api.intentiq.com
api.permutive.com
audex.userreport.com
b1sync.zemanta.com
bbnaut.ibillboard.com
bcp.crwdcntrl.net
beacon.krxd.net
beacon.lynx.cognitivlabs.com
bh.contextweb.com
boot.pbstck.com
btloader.com
bttrack.com
c.amazon-adsystem.com
c.bing.com
c.cintnetworks.com
c1.adform.net
casale-match.dotomi.com
cdn-tc.33across.com
cdn.admatic.com.tr
cdn.consentmanager.mgr.consensu.org
cdn.jsdelivr.net
cdn.pbstck.com
cdn.permutive.com
cdn.tynt.com
ce.lijit.com
cm.adform.net
cm.adgrx.com
cm.g.doubleclick.net
cm.smadex.com
cms.analytics.yahoo.com
connect-metrics-collector.s-onetag.com
consentmanager.mgr.consensu.org
creativecdn.com
cs.emxdgt.com
csync.loopme.me
d.turn.com
data-beacons.s-onetag.com
de.tynt.com
dis.criteo.com
dl-file.com
dmp.adform.net
dmp.brand-display.com
dmp.truoptik.com
dmp.v.fwmrm.net
dp1.33across.com
dp2.33across.com
dpm.demdex.net
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
dsum.casalemedia.com
e.dtscout.com
eb2.3lift.com
eus.rubiconproject.com
ff0e7d05694685aa02cf231afa1135a0.safeframe.googlesyndication.com
fksnk.com
fonts.googleapis.com
fonts.gstatic.com
get.s-onetag.com
global.ib-ibi.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gu.dyntrk.com
gum.criteo.com
hbopenbid.pubmatic.com
htlb.casalemedia.com
i.e-planning.net
i.liadm.com
i6.liadm.com
ib.adnxs.com
ib.mookie1.com
ic.tynt.com
id.rlcdn.com
id5-sync.com
idsync.frontend.weborama.fr
idsync.rlcdn.com
ih.adscale.de
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
image8.pubmatic.com
imasdk.googleapis.com
inv-nets.admixer.net
ius.ctnsnet.com
js-sec.indexww.com
js.adscale.de
js.cookieless-data.com
kumo.network-n.com
live.primis.tech
loadm.exelator.com
loadus.exelator.com
map.go.affec.tv
match.adsby.bidtheatre.com
match.adsrvr.org
match.bnmla.com
match.deepintent.com
match.prod.bidr.io
match.sharethrough.com
maxcdn.bootstrapcdn.com
ml314.com
mug.criteo.com
mweb.ck.inmobi.com
mwzeom.zeotap.com
network-n-com.videoplayerhub.com
odr.mookie1.com
onetag-geo-grouping.s-onetag.com
onetag-geo.s-onetag.com
onetag-sys.com
p.adsymptotic.com
p.rfihub.com
pagead2.googlesyndication.com
pd.sharethis.com
pippio.com
pixel-sync.sitescout.com
pixel-us-east.rubiconproject.com
pixel.advertising.com
pixel.onaudience.com
pixel.quantserve.com
pixel.rubiconproject.com
pixel.sitescout.com
pixel.tapad.com
pm.w55c.net
pmp.mxptint.net
pr-bh.ybp.yahoo.com
ps.eyeota.net
pubmatic-match.dotomi.com
px.ads.linkedin.com
px.owneriq.net
px.surveywall-api.survata.com
r.turn.com
rtb.adentifi.com
rtb.adstanding.com
rtb.gumgum.com
rtb.openx.net
s.ad.smaato.net
s.amazon-adsystem.com
s.console.adtarget.com.tr
s.e-planning.net
s.tribalfusion.com
s0.2mdn.net
s10.histats.com
s4.histats.com
script.4dex.io
secure-assets.rubiconproject.com
secure.adnxs.com
securepubads.g.doubleclick.net
simage2.pubmatic.com
simage4.pubmatic.com
spl.zeotap.com
ssum-sec.casalemedia.com
ssum.casalemedia.com
stags.bluekai.com
static.criteo.net
sync-tm.everesttech.net
sync.1rx.io
sync.console.adtarget.com.tr
sync.crwdcntrl.net
sync.e-planning.net
sync.go.sonobi.com
sync.intentiq.com
sync.ipredictive.com
sync.mathtag.com
sync.quantumdex.io
sync.resetdigital.co
sync.richaudience.com
sync.search.spotxchange.com
sync.sharethis.com
sync.smartadserver.com
sync.srv.stackadapt.com
sync.targeting.unrulymedia.com
sync.teads.tv
sync.technoratimedia.com
sync.tidaltv.com
t.dtscdn.com
t.dtscout.com
t.sharethis.com
tags.bkrtx.com
tags.bluekai.com
tags.crwdcntrl.net
tags.rd.linksynergy.com
tlx.3lift.com
token.rubiconproject.com
tpc.googlesyndication.com
track.adform.net
tracking.m6r.eu
trc.taboola.com
u-iad04.e-planning.net
u.openx.net
um.simpli.fi
um2.eqads.com
ums.acuityplatform.com
ups.analytics.yahoo.com
us-u.openx.net
usermatch.krxd.net
usermatch.targeting.unrulymedia.com
video.primis.tech
wt.rqtrk.eu
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
ads.stickyadstv.com
cm.g.doubleclick.net
id5-sync.com
104.106.245.174
104.107.15.75
104.16.108.154
104.18.100.194
104.18.15.222
104.18.28.199
104.19.150.54
104.238.215.60
104.36.113.17
104.36.115.109
104.36.115.111
104.36.115.113
104.36.115.114
104.45.178.220
104.94.205.31
107.178.246.49
107.178.254.65
13.225.214.37
13.225.214.96
13.225.63.125
13.226.31.11
13.226.31.29
13.226.31.35
13.226.31.74
130.211.23.194
141.95.34.105
142.250.65.162
142.250.72.98
142.251.32.98
142.251.40.194
144.217.183.17
146.59.148.16
15.197.193.217
15.235.11.24
151.101.2.49
156.154.202.36
158.69.139.230
162.248.18.11
168.119.79.223
172.98.26.122
172.98.26.125
172.98.26.126
173.231.178.115
178.250.2.146
178.62.202.251
18.196.233.14
18.233.161.105
184.85.195.135
185.167.164.51
185.184.8.65
185.86.137.131
188.132.147.228
192.132.33.46
192.35.249.120
192.99.13.63
193.122.130.38
194.213.62.37
195.181.168.47
198.148.27.139
199.127.204.142
199.127.204.147
199.244.48.95
199.38.167.129
2001:4998:14:800::1000
204.2.255.224
204.2.255.233
204.62.13.72
205.234.175.175
207.198.113.176
209.54.177.54
212.129.3.112
216.152.140.210
216.52.2.48
23.200.197.46
23.227.139.243
23.5.229.102
23.54.68.197
23.54.68.240
23.57.136.222
23.88.75.188
2600:1f16:e61:3f02:34e5:5cce:7c1d:e87a
2600:1f18:444a:4602:9c05:7f25:f6a5:7205
2600:1f18:4e9:5a01:5d12:a26d:2c7b:2781
2600:9000:21da:ae00:f:4f64:8940:93a1
2600:9000:21ea:f000:1b:5138:8a40:93a1
2606:4700:10::6816:1957
2606:4700:10::6816:2560
2606:4700:10::6816:5d
2606:4700:20::681a:68b
2606:4700:20::681a:ad1
2606:4700:20::ac43:4bf1
2606:4700:3030::6815:4e62
2606:4700:3039::6815:c074
2606:4700:3039::6815:c077
2606:4700::6810:5514
2606:4700::6812:551
2606:4700::6812:acf
2606:4700::6812:d05
2606:ae80:1471:18::1400
2607:f8b0:4006:806::2002
2607:f8b0:4006:807::2001
2607:f8b0:4006:80d::2002
2607:f8b0:4006:816::2002
2607:f8b0:4006:816::2003
2607:f8b0:4006:81e::2008
2607:f8b0:4006:81f::2006
2607:f8b0:4006:820::2003
2607:f8b0:4006:821::2004
2607:f8b0:4006:822::2001
2607:f8b0:4006:822::2002
2607:f8b0:4006:823::200e
2607:f8b0:4006:824::200a
2620:100:a001::4
2620:100:a001::c
2620:112:f002:bbbb::21
2620:112:f002:bbbb::23
2620:116:800b:21:2c95:6313:4150:7f7c
2620:1ec:21::14
2620:1ec:c11::200
2a02:6ea0:ca00::4
2a04:4e42:200::300
2a05:d018:24:b002:aede:f4e4:326c:edc4
2a06:8640:852:0:ec4:7aff:fe91:19a
3.129.242.122
3.140.12.176
3.208.70.15
3.224.175.57
3.227.93.166
3.228.133.61
3.237.58.105
34.102.163.6
34.102.253.54
34.107.254.252
34.192.120.237
34.205.181.35
34.206.33.80
34.229.3.43
34.233.103.61
34.236.79.15
34.98.67.3
35.165.247.237
35.172.159.73
35.186.193.173
35.186.253.211
35.190.60.146
35.190.90.30
35.201.81.244
35.211.178.172
35.241.9.51
35.244.159.8
35.71.139.29
37.157.4.25
37.252.173.213
38.27.122.101
38.91.45.7
40.71.11.141
44.194.225.67
45.35.192.162
45.55.96.63
46.105.201.240
51.178.20.140
51.222.39.187
52.0.156.250
52.20.97.150
52.201.141.91
52.23.146.219
52.3.54.123
52.45.237.203
52.45.242.235
52.45.33.138
52.55.144.0
54.175.36.162
54.192.160.42
54.211.161.228
54.230.162.121
54.230.162.14
54.230.162.76
54.234.88.163
54.236.200.174
54.71.47.92
63.251.28.218
64.202.112.159
64.58.232.177
64.58.232.179
67.202.105.21
67.202.105.32
67.202.105.33
68.67.161.208
68.67.179.113
69.166.1.10
69.90.254.78
72.251.244.141
74.119.119.150
74.121.140.14
75.126.248.142
75.2.13.80
76.13.32.147
8.28.7.84
8.43.72.97
8.43.72.98
85.114.159.93
87.230.98.74
96.46.186.58
00de3a8b534ab3f1eb3e62ef737340a791f5c4408cf651563d441ccb62d6d3da
0206c8e52782162dac5c192d01296a82c0aa40e89e26bc729417001ee03c44af
02e228e62c90dabe0bfd7da8cd361fe6c0bef22a5529774d2b63f62027d225d0
039e116c9eac66f48a135dd8b99954b57bf7443e5e2caecc8e6fe0336d6275ce
03cc80b72954259a734b4beca35fca811c57ee695756eb84270f5e36ad6263d4
051668900f3f9c5235992fcebe36b4af3290b7d8cd274ec7b10821dd961c50e0
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
0607b5f2817edf03fcc5627f365fd21f6daa0adf074389eeffcecb3a90597918
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
0720532dd6af8bc400f243904de4355a5cf8cdad9d608593d28613f5228387c9
0787e30d6145bc8b8b92ed329f664bcc3012162ccba9ef943d7ada480afb74e9
09390420931de1a5876504eb4ebc8af93bd0464e7837af05c971b8afd33f6dbf
09604fca2527b5184d15d530220a39108b5630efb5821a69c688e5bfcf09270f
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
0b1b3945a211fc6571364c238e76ed74f574f03eaebb5a411a8e4fd08b4c7faf
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0be6916731a201c80f67f69252819473e0909e287df3ee18087cd3300be2965a
0ced9e4fe5ecdba11a20821ace67179d99b6ddd8ac6f10c0126e419df09fc2f5
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
102ef6a4e67829812902c3049d4ac309d12d4695fee82812560f5ce5c90c12c3
10921a7b0c969559e7be0fefffd09058e7105033bc0da803e417c27b30c2aa70
11456219e7d23bb2aaed93685d2c3fdd9f41e32d464a141d4beabc106396f975
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
12d9d71d8c07e3b32e6922a03a1d0c0183f6dee780a3229305f3b0f3c4aea4b4
13ab06913444b6e3b4139e5487813073f11e082878ae8a5bf5213fdc6f95f5e0
144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8
1459a4c2d036e9bf1a897002f1e18a3b502c9661bacd06e616bd08d422058dd9
14d79e2cf47df339b79d25ffc6d0136e5d2e70a96b75e6782198ea6bbda3ca0a
163aab8fdd4b7cfa854101763984a802120bf13a82d6f841c33ee9cd201f28c4
164316fc9aa82c62a47c69004d092269dbef83bf57624a0a8bae1704e3c5e511
1710699023dfe730c6c88fcee7351ecf8c3a4bb0c805b96a5257e99694bdb893
1844237c138bd410bc7fcfecd38156aa58aa2968d59889386b17de5c796e3c84
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
18c864956bf2492c5c86e79b0fec65f0ecbb4b02bfdcfe854b2c5501857fecdb
1eadc253aa14701ab7ee3d2126ffd9ee8edd6cfb9f3c98284511c392740bcc57
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4
1f017650885ae36c859e56c2f32317777caf8d606c6ae8b4ded3aed07ce19e25
1f5f85c03b32c29914eb1d136fcfea793078788bce67c236dbdcf57f997e6b70
2093fcda80c5a060493b2458948666ada367e5e88a4b583db2b574d3c921e2eb
22485626e9e949550c5ac01eef006c927a37ec908872549a50f64f0ad0235e04
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba
24ceee16d95794d1757253f7e6451854f15832340267b9397039df550bb0cb50
24de11cbfde55aba747f7542f665faa0ac83bfbf145f6130d7a22857f49bbe59
256833f504c0139360ba10d6909baebaf9cba322ecb8d62a41d1abf93527d136
2715ff30bbe123604043f90778f457b0f1c98bd32b4a63ad423cae69450fa3d5
28be5230e473e643d3f0c493727e45e5135bfde203fa78fc0975383c98368d6b
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
2912d7ae4297f510d282537ffa9d8d54c36eb990050ff61d9694b6ce67d7d9aa
291437ea71e62b1c35d4ec5d3c5ad02cfa930343b41b1472fba70243089c8bbe
2a8a118789b192ee7c07041b55e6c890268fc2d2d22be5cd509300a40e0baa00
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2d0d70bdd33a5d857dd6e01b3b1cad840d3496d2023ffe1b4f521a02ffdffc46
2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f20d7bb7ae7ea856b18e405ae48bd85335e673710f5072b316a18c7c4ecc08c
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
2f9b14165a3e311b57bd26c2d8674da402e61ce992d039cc25350b388d5f659f
31e12a7a30e633b99dc01daa1c2064b8b78098f5d9cccfe3aad2d2904125a775
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
338dacde17883d60c2dfd00e56dd18d04bcebe147e818315978f530e19397009
33dee7fa45081df914f1fba121163e094867f79a774f90baad1c57350a1e1ed3
34a8d86451ea0a0e78f6172581d045ba1c09092926279a836d7f28a724be3f65
3516496d97f72bf509cf5d6902b5deebf53355ccb21127dc777d265cd96ca2d8
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
38eba31327475bf6d3b177561a8a2a5cadfa16ed7efab885684acafdb0bd0bfe
3b8e930a763cf5255cad67d12a944f0f6c9697056c41e51dcb011929ad35a415
3b92fd57682bb7613f88077272e0020c5f2cdf808b7e6f39e6d5ef765a1d5717
3cd219dd9fb1d1466ddcdf4b51ba1952165c81840c5e1cd0b41b38ec55613b81
3e0b14f2f363c1ad90b2dba6e32363ae9be1a7c8a7c4c4e43e5bc9f4d722c8b3
3e3f2e8bbe849b0347807d99ca453bf933cd684ac6a4bfea069ed1f8d519a173
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
429eaaec7001737dfa40f33045ecd28911b189f7d287d72b3571ed3a74c540c0
42b601bc0d93dfca6e350b46d113bf8e7ff9e40a87a0c57ab9b3c9c219062423
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
473595be27a04c9ffac4f825cab8e1ecf296c706df387525350144d55e91c200
481d77f5d1a9c24f102bb6af246ecbff595011e0d73e70b652c39d702565d47d
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4a1441716cf00cd1b32779c84dff048f0f590a76beb4d97466d789a6a8c704e6
4acf4136b03b7954122a580eae0f47a316d9c7100dfbd764ef23b4bcdbfce6f1
4b18489a165f8e7d49245c82d9c21fd3697adbd1df29fc367e233c6b6cfb63c9
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0
4f7cd55655bafca4db9b67255125ed52cd91d21b1727e9f28f71219aa1341de5
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
51867d40da35c11a8ccd02403bc3cb7cba45abebf9c700b805e538f50445556f
5225e165e735eb5976fc276ee97ccc63d7c3bb65f6daaf49b1d050b3d54a4972
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
543b6e4a6bf28975c7bd66745da8a59d803e8cb4ab398489f6e75652243b1812
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5640e2177d8a24c6aef1d923c981591689205237b9c2fcba5215d10aa7bcf52e
5704a2e9f2f7ce43a79f9b407f1aedcfd50223cbe8bd2f71ff8c5c819e469cbc
5763acf105aac9c009e2684790d445d1d8c69ffe7c8acf203ea660cf9db94427
58ed344732766704ee535508e3dcd8d4a8ec0c9c79d16adf02293adde110926c
5aab906419510af97903640c053ac9e0ff23db85945c5e81b7b881d40685a07d
5b654eb052c4b95a4e657fb80003c7534d3252268da258e6dba342e3bd5c70f1
5e46484286c90cb4aea34abdd9b242b4e2ab985af692be837028b37296b2cd83
5ea078707f380bf9f07028f5e36945e8c36adc0c1e4bf209e456938f28cebb41
5fb143acb6c2530794155476810cebbd511a5b51399ae7ed92f77e6bf7d2cf55
6088012dda2274a27fa40ed153d9e3a6c96a22af1b177f8a2916368eb3e88bb0
60cfb4c991b760885018dccbe4030609d8d2b1928a8ed356af17ad51caea7f51
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6201cadc13be520feed6d597df1531b6d24005c4c24df4f63c695e0f4df9ba89
62b58b017cf4d54dc404dbc48e49b0429cbbb46678a868a95bf17664cc6340fd
63cf7a38baaaaebc012cfc355797544949b60c040b5da57560f26d88502d1372
6705617f3415ef40a24ee4814f2fdeac8aac82a09e6acf3d7b3d5d2129110fd7
68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17
698cd179b740652017505b8f1c8d7510166f80273e6b2c9c69103f868b6e3b1a
69b179f513145123aea927bd4768efc97e381aa8ce07e407f66999420acd8e46
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6bb3a834b607f88addbb6e8a598fb95c18455aab14bdde8b5ab9fd80069e2796
6fee8b4efec9b0317fa9c53cffbda34f21dace30ad3104e5af3cadf6217fc354
70170e469d8d05527acab7e3335c6fe91e2966ddbb6e9ea6211260b8f717d120
7064e5cec87237de1bbd37783dcbb78af34f757f6990e6df3f37d273455e5f2e
73e067aa23fe7abf9c5ac4cbe50f5678a0c0c4c4943a55fb3127c6e6503cd18b
7447c1664f6a06328cd895a4914acad40ad47827ebe00becbd570138ff7e785c
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
75f527fbaa9c085d67889a6d29a38315325c369f1147807e4bbce2a2f8fcd029
76d1da9e9902ccf3d2983b706151d7c4f1a910c86b757fae4302ccf989c630a7
798adb8860b3dc412e2d789d153f1824e085eef370e05b7531e192a433c06cd4
79ea0fcaad1578acda495df0617d5b4f46de11c0b2dab44f6d20609935385e6c
7b748cce237953136fb0e45af806e1d89388aee1c24d9f1ef89a732399a6c2e2
7c1118eb24bfa93eea877c04b9f141d0984b8666306e2625fd7ca54e86956158
7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c
7ee04154662e67cdd4a6694f6afacb682bb184617b5e81948524637dde2f31d3
8015a89c7e50b71a6597cfc7bc2be462212ae1f57c37e40878a79e7550768ccd
8202571db9f2ea40369490f678a76862163cb069ea4e8cb3fda96a22c6861aed
82f6ea8127a33732040e649437889e9c518b803212460c2a6149cf6f6528713e
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84994399cb52ebff9f8fa575e43b7bdc93ca47b7b0d2628ad67b2209d8ab8bee
84bf5ffcfd8b3a1240721c90836f1167532b716566165a51ca920c9e657a75d4
864bc898e9c8db99b887a34d202717da3df7caa4c541487f874c141b2f608f03
872890c5623628fc32f2bfcacd96f0cbf2226304412a28475ef6567a784c4082
88cd43c3f5453f7b4db2cbe884b47db3c8317860a2ce6e9b2bc934ff4b8e32eb
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4
8a578ceb96d7aebd4a21364544c6e8231fdba71f0be574b3b8d2ca707a5337d6
8aed12b8b95a1d49011f3e134dc8e71804a3576818d1d1334145aaa96d71aa5e
8b5cbe512fbb056de7aa42963d3bac7e38adb05e32fbe6f502b4fad3cabf57fc
8bbe35fc8ed9ca183f10b258feef1e5cb45b4e2f972e2055f766b1bb51a69d24
8c4967c13572e41e718dfbb3d84dddeacc748aa14cb2d65ad91ecdde60f50664
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
8d1b9197e2144f98194a97ef296dc74408b864937477ffd41b3621ea28d3a3c8
8e8aca32971b9f5589212f75509c68f62a70d00334efea6880f2b223a225e42a
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
91b4eb09154d5ebef46352e922194ec6dbb9547b63f9776ae10133fe1ca66879
929e9f0caaa492d99e6da866bd4c78b7d508bd277ce830138a45cd9871200371
930bace270ec211672a216909208999bcb594bf5bebd43abca0476ce63f060bb
94024b15f0a587f637a2303205ae361518e1965d6beb190c005e04307783bf19
9429156707c30311196dec2fa5e76185faeb690771e69e61b45adcbfa66c61bb
968eddce0f701c286e074befb5246716f1f9e39384ec3c67e68a0c6afd500e0d
97b000bf57361ea2628139bc8088d8301a2ed6bedeb95b1d0bc04b16bda48d12
97e32a12a5ea3871849c9adbc397f38de73563d82c6bab62cbfb1f36537cccd8
9855c7c8a4b51486b7de5061053ccfe055da618500b4f94534d113571956381c
989d94d8baba214a6dcc1ba6795c35dc9ce9cf94863248b8970cd8e864674347
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9933d7066a22669cd5d48d0051aa5f2d7ea91bad0a9223f3d7884e93c3ca8a28
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9badfa5ba8ca442451cf829c5c9c37e1d2595c9cd2cb90954c69b04428e0e93c
9be599d6cefdb3787be094191b685a027f52e6bf4ef49d04a50310e7b023c0a6
9c8244b4455fc8b74201cfb5dcbb90bc02ecbcc0c5aa57cb805ef59f6e9f9338
9d78c0148361a3fcb690e899c0dd3885c79797359301f6829e98ae476b800460
9fa7f49e3a869a02c248c7c730f895951b3fc2f811e504d3ab30f72c1f74913c
a08acd55bb001aa85ced7f4f93a4a1446ca18a17689e872b59a9da81ebe0cd45
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73
a2d7112e4efea5c0a74bd9818260ae6438b4ac2611b957fedba45a1f387e668b
a329c1bb704210e5dc1302fd35bba22d775d13577787d834360d4801da442080
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a4fd29aeff5c2151c3e4a2d0edc28885ffd0675a6d3a59e3ca229944e3490c0e
a61959912f1d82d7a5e743328cbfd5fa0405e4ca6c7676a23336a02d30eb8838
a6c748745997e83f17b90756869af2a20cf156acf538f1681a8f93a26edaa94c
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a7ca1133ea7397aaac5233d04ab48dde432c1e34828a57e21ecfd7e7964cbeb4
a91e581ed3c506b6a7639910624b7e0a9d327af4f23d6c8258b3168d56511836
aa0255dd574d1c5d14289aa5974337e6cdc1c8d51ea8f0d402b2fa488fb5c525
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
af7479b5ba8447b9c358b5f135051822d13908ad54dd2aa36f2527f466ae4b11
afa00dedbe6d549e60e8d88516d437069d74af91f302b9c8f1f825d6bad511a4
b013c987554d3046fb540fb4f8d39b7632eab376107cc3b3cf0ce3d640973ef6
b023d448f9ce740a20e6d419706a20608b26538d770afaf88d78e83821bc5c27
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b58f731e7bde735c42ab3bd683dfe93fd88acf7d49ecc739fcd7b01bbb6eb6fc
b60e934203d9142d90ff84d24c80ab486ed50a76146d78541e3316be240bc40c
b67fad811e7e9b06f1bb367ae9204cbdd235b7de4d8b7131a4d4cb212ce6b298
b8f3843576caa76ee9e975f8998589bbf219318de6a5a58550408f2c19b5344a
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bc3b318859454b4c871f892c8c3c8321609eb3ece4b388054a2d0969a839e25c
bd41a6f17c801b2b45b08f96d3548a9168d9179d67f409142a349467978e59b1
c05fd30b575bdc14201b5ee024b8c13b473cb63bf23d8f334ebd4076441ac016
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c2ad9c00c1716188af8903fbb0b6635ec44e6d4b89da7b24e12487b9f8aa87c9
c3cca7f3905498eca3830d175d979513fa33c7e3b816c8c95178281766bba114
c4fb91befcf134b81ecfa1c586e1f9d6426c8f4fc1f6c130ac1fddb49ab5df96
c5f5fafca53e303f739660340b7354ea21f79ccb6f80aed85f4110c941b6cfc9
c7360a9b46fde11845b3090ca0034fb409d92398a71f3ae15fac3a2fa29ae6cc
c7cfa81df0666280921ecd145b9db13714ddc16b425319debf138bf8b3edaff5
c8ecfe747c979fbd87624913200a9237343679923b495885bced089b80fc84f6
c92e2aaa1d5e682d6bcc1a8a660b1bc276053b732310deac4f4baed8c095137b
c9bc9599b9a7a5cde8f3a105eb1a0914b06d5033584ff612bb1e0c9ec3d36dcb
c9e1bea6f6e5a2efe42f07bc94d4431bf5682f4c025272eab0551ffa3ce67a6e
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cc5f3fda871642edf3fb1c0ed6c8364c279db41f718c5ec545691e951ccd63d5
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d12fd1d8afb1c2d8cb9d59868336a6c9e357af548f36aa41bcdb12fa19158365
d165b14fecdaaec5d9d63c078e34e6f49dcb13eec4a95f4fa919869cb68f6f20
d1909839b23a61ccdfd249e342c5bf7e1c4a1b63afdb7d2ac524e4773540158d
d2dffba8a31eb663c59a5494783cbf197c182104edc58f0c0a17b7992429d7af
d668c483ae637f68747f098e2a245796b2928dba0e6d280a7dbfb6967cc33002
d9262f833e999fddfae1cb297ae5f9e260529ca0ca737ed805a11fbf3ab92bcd
d97f3efe68f835117863e4d76fec93f4309fd3c9070b3eee59400d7f145517d2
db6e227c51b78203752bdc36a19b414161c5beae47cc0cdf2ff9f5c89f4f2526
db983074200d71339a25c4550b0a146f38dde476ed1c67addc08e461952d6ae0
dca292776b1ea1c87f822eacde61d8ad49d1d5cd3e6862adbfedf8f5f0cce674
dd2ef8c62f3685c02cbed3dd4fe6931182bba4aeb85ed0463c83d282b433825d
de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98
dfe7dd0c42916253c8bf1e85a83cc72e5479bc2a73ab4e00fced2b4d8417c2d2
e09291b4ed3a50ce545634d27630ae08ac32bebd493452802f3b74fa7050ded3
e105d2d5a0a4edf850b6f2636d15fcfd0f7c3f17c494eeb859fd99077ec37abf
e1ce17fd79478fbb0830c687ff4046c86993acb5fd14fc35b4fd29bed00ce94a
e22a0f3f0c63f4f9e2be0b362a40706b6504d08e370a2769b8293ddbb203b3dc
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
e26142148dc2365533532cc901d730ee02f79bfffb9da86b20873911281c180f
e3aeeb9b76fb8242067c35d89b2a5281561e92a7c9a25239d630f818fe978a7d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5cd1f921cfaad94ec50091c4faf10097e1191cbd744781c7c83c0b11f293029
e6e39c9e08dd80a3a54bd1f590ca4095d8c81394e63932dec839ed675ec5b92a
e6faea8c6293e13dd284996ad31aee2fa8925db94593d8412a86362701005e51
e76f2c32ecd923b05ca6b92d18ebdd280a0d761c2dd5a386d327ba747c5b4ba1
e79333cc12542ef5814da5f3e1bb905dbc9ad673861b8bb62d90f3378fd8558c
e87e542e34fc3af7847f53ae5c258f82ff2d8739646ed8d249c9a54ede9f7128
e8a4ec002545486fb475c977fc9d53ac48a77cfb3d36ac91042c14dc688d5657
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389
e9238dafc9cbef806deb06895ecc1a0da068cb7e12e9563c07ce1d1c89ecd5a9
ec73870a124df2d105249652c84da8f949bf73bcd5ca8ad6deca84b4fbd2e9d0
ecde72bc5d9fd5bc5150218535ae8f75ad9161924b91e64b7995c495fc90c246
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1925611e81e7f75c8ca7bdd55e640339b5cdad099212a698ca77b97da420e66
f6603b783a5c209c39bca7e4885e3d02f2ad5ed7f2b30fa19362cde598b2c46c
f69e6bb514bf46b194ba98bb53c8b1ec2c3ac997b9e7b5cd5dcedd189fd95f90
f6bf6d1af4e1926e10a1f8b61a1d0a658a48e7ffe323b13ef50d57438e6f24b7
f918c43f2ac9d9f4418b1759426e18be2ddc9f543e40709e1bef7da90e011a52
fa34372cf8cce5c590a47479d567a2e084a257a7959cf89b3db44634df18cd2e
fb75611df838a70ce6ea0fbef3f296111a8815508de40f20725acc57d2893179
fb78fc3483b91ffbc1fb6ce89e3221ac5c33f5eea63a7da012096654e4253a27
fbe487ec6728938b3e622e8631734fcb9c3a9e39a6ffb69781ad1de430acc75a
fda04c7b27b3db6bda165e1d1324e7c475edc1f3cc06e927a78f739d74992fcb