win.gg Open in urlscan Pro
52.35.68.139 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Submission: On July 05 via manual (July 5th 2021, 5:51:09 am UTC) from US

Summary HTTP 238 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 54 IPs in 10 countries across 49 domains to perform 238 HTTP transactions. The main IP is 52.35.68.139, located in Boardman, United States and belongs to AMAZON-02, US. The main domain is win.gg.
TLS certificate: Issued by Amazon on June 14th 2021. Valid for: a year.

This is the only time win.gg was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
22	52.35.68.139 52.35.68.139	16509 (AMAZON-02) (AMAZON-02)
5	2.18.234.190 2.18.234.190	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
8	35.190.74.49 35.190.74.49	15169 (GOOGLE) (GOOGLE)
13	2606:2800:234... 2606:2800:234:46c:e8b:1e2f:2bd:694	15133 (EDGECAST) (EDGECAST)
3	104.244.42.200 104.244.42.200	13414 (TWITTER) (TWITTER)
1	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
1	2.18.232.28 2.18.232.28	16625 (AKAMAI-AS) (AKAMAI-AS)
1	52.49.37.161 52.49.37.161	16509 (AMAZON-02) (AMAZON-02)
22	143.204.98.55 143.204.98.55	16509 (AMAZON-02) (AMAZON-02)
1	13.224.193.70 13.224.193.70	16509 (AMAZON-02) (AMAZON-02)
2	2606:2800:134... 2606:2800:134:1a0d:1429:742:782:b6	15133 (EDGECAST) (EDGECAST)
2	2600:1f18:e8a... 2600:1f18:e8a:cd10:3bb7:12f:ec6a:dc8a	14618 (AMAZON-AES) (AMAZON-AES)
2	2a00:1450:400... 2a00:1450:4001:811::2008	15169 (GOOGLE) (GOOGLE)
3	64.202.112.95 64.202.112.95	23352 (SERVERCEN...) (SERVERCENTRAL)
31	194.146.38.205 194.146.38.205	41436 (CLOUDWEBM...) (CLOUDWEBMANAGE-EU)
1	13.225.87.6 13.225.87.6	16509 (AMAZON-02) (AMAZON-02)
1	18.197.253.20 18.197.253.20	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:400c:c04::9b	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::2004	15169 (GOOGLE) (GOOGLE)
1	13.224.193.31 13.224.193.31	16509 (AMAZON-02) (AMAZON-02)
1	13.224.193.116 13.224.193.116	16509 (AMAZON-02) (AMAZON-02)
2	13.224.192.34 13.224.192.34	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
2	2.18.233.180 2.18.233.180	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	185.94.180.126 185.94.180.126	35220 (SPOTX-AMS) (SPOTX-AMS)
2 2	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
2	2a0c:5c81:509... 2a0c:5c81:5095:0:225:90ff:fefa:245d	55081 (24SHELLS) (24SHELLS)
20	143.204.98.113 143.204.98.113	16509 (AMAZON-02) (AMAZON-02)
3 4	18.158.181.33 18.158.181.33	16509 (AMAZON-02) (AMAZON-02)
1 1	162.55.6.210 162.55.6.210	24940 (HETZNER-AS) (HETZNER-AS)
3 3	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	185.33.221.15 185.33.221.15	29990 (ASN-APPNEX) (ASN-APPNEX)
4	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
1	151.101.114.132 151.101.114.132	54113 (FASTLY) (FASTLY)
4	18.196.47.46 18.196.47.46	16509 (AMAZON-02) (AMAZON-02)
4 4	185.184.8.65 185.184.8.65	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
2 9	62.149.0.72 62.149.0.72	15497 (COLOCALL ...) (COLOCALL Internet Data Center ColoCALL)
1 2	5.178.65.245 5.178.65.245	50673 (SERVERIUS-AS) (SERVERIUS-AS)
3	2600:9000:215... 2600:9000:2156:e000:f:4f64:8940:93a1	16509 (AMAZON-02) (AMAZON-02)
1 2	37.157.4.23 37.157.4.23	198622 (ADFORM) (ADFORM)
2	185.59.220.198 185.59.220.198	60068 (CDN77 ^_^) (CDN77 ^_^)
1 13	18.197.81.144 18.197.81.144	16509 (AMAZON-02) (AMAZON-02)
1	185.64.189.115 185.64.189.115	62713 (AS-PUBMATIC) (AS-PUBMATIC)
7	51.89.9.252 51.89.9.252	16276 (OVH) (OVH)
2 2	185.33.220.241 185.33.220.241	29990 (ASN-APPNEX) (ASN-APPNEX)
1	193.200.65.5 193.200.65.5	6681 (GIVEME-CLOUD) (GIVEME-CLOUD)
3 3	185.29.135.233 185.29.135.233	30419 (MEDIAMATH...) (MEDIAMATH-INC)
2	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
2 2	37.157.5.142 37.157.5.142	198622 (ADFORM) (ADFORM)
2 2	216.58.212.130 216.58.212.130	15169 (GOOGLE) (GOOGLE)
1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
1	18.197.47.23 18.197.47.23	16509 (AMAZON-02) (AMAZON-02)
2 2	18.156.0.31 18.156.0.31	16509 (AMAZON-02) (AMAZON-02)
2 2	13.248.242.197 13.248.242.197	16509 (AMAZON-02) (AMAZON-02)
2 2	3.120.43.188 3.120.43.188	16509 (AMAZON-02) (AMAZON-02)
1 1	194.213.62.34 194.213.62.34	5588 (GTSCE GTS...) (GTSCE GTS Central Europe Antel Germany)
4	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2006	15169 (GOOGLE) (GOOGLE)
1 1	37.252.173.108 37.252.173.108	29990 (ASN-APPNEX) (ASN-APPNEX)
3	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
3	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
1 1	178.250.2.151 178.250.2.151	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	104.109.78.125 104.109.78.125	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	72.251.244.142 72.251.244.142	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
1	2606:4700:303... 2606:4700:3034::6815:4466	13335 (CLOUDFLAR...) (CLOUDFLARENET)
238	54

22 52.35.68.139 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-35-68-139.us-west-2.compute.amazonaws.com

win.gg	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2.18.234.190 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-190.deploy.static.akamaitechnologies.com

widgets.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
widget-pixels.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googleoptimize.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 35.190.74.49 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 49.74.190.35.bc.googleusercontent.com

enormousearth.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2606:2800:234:46c:e8b:1e2f:2bd:694 (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.244.42.200 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.232.28 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-232-28.deploy.static.akamaitechnologies.com

tcheck.outbrainimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.49.37.161 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-37-161.eu-west-1.compute.amazonaws.com

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 143.204.98.55 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-55.fra50.r.cloudfront.net

cdn-images.win.gg	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.193.70 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-193-70.fra2.r.cloudfront.net

ob.cheqzone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:134:1a0d:1429:742:782:b6 (United States)

ASN15133 (EDGECAST, US)

cdn.syndication.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pbs.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:e8a:cd10:3bb7:12f:ec6a:dc8a (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

obs.cheqzone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 64.202.112.95 (United States)

ASN23352 (SERVERCENTRAL, US)
PTR: ny.outbrain.com

log.outbrainimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 194.146.38.205 (Amsterdam, Netherlands)

ASN41436 (CLOUDWEBMANAGE-EU, US)

live.sekindo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
live.primis.tech	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.87.6 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-87-6.fra2.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.197.253.20 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com

nexus.ensighten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400c:c04::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.193.31 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-193-31.fra2.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.193.116 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-193-116.fra2.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.224.192.34 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-192-34.fra2.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.233.180 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-180.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.94.180.126 (United States) 2 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.98.64.218 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a0c:5c81:5095:0:225:90ff:fefa:245d (London, United Kingdom)

ASN55081 (24SHELLS, US)

s.console.adtarget.com.tr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.adtelligent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 143.204.98.113 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-113.fra50.r.cloudfront.net

video.primis.tech	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.158.181.33 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-158-181-33.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.55.6.210 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)

csync.loopme.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2.18.234.21 (Frankfurt am Main, Germany) 3 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.33.221.15 (Amsterdam, Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.114.132 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

odb.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.196.47.46 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-47-46.eu-central-1.compute.amazonaws.com

prebid-server.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.184.8.65 (Amsterdam, Netherlands) 4 redirects

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-65.rtbhouse.net

creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 62.149.0.72 (Ukraine) 2 redirects

ASN15497 (COLOCALL Internet Data Center ColoCALL, UA)
PTR: 0-72.cc86365-03-tmp.cc.colocall.com

sync.console.adtarget.com.tr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.adtelligent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 5.178.65.245 (Woerden, Netherlands) 1 redirects

ASN50673 (SERVERIUS-AS, NL)
PTR: ads.us.e-planning.net

ads.us.e-planning.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:2156:e000:f:4f64:8940:93a1 (United States)

ASN16509 (AMAZON-02, US)

js.adscale.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.4.23 (Denmark) 1 redirects

ASN198622 (ADFORM, DK)

cm.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.59.220.198 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)
PTR: edge-723.bunnyinfra.net

cdn.admatic.com.tr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 18.197.81.144 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-81-144.eu-central-1.compute.amazonaws.com

ih.adscale.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.115 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 51.89.9.252 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip252.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.33.220.241 (Amsterdam, Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 732.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.200.65.5 (Amsterdam, Netherlands)

ASN6681 (GIVEME-CLOUD, PL)
PTR: t.trafmag.com

t.trafmag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.29.135.233 (United Kingdom) 3 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.173.144.165 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel-eu.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.5.142 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

dmp.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.212.130 (Mountain View, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.197.47.23 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-47-23.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.156.0.31 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.248.242.197 (United States) 2 redirects

ASN16509 (AMAZON-02, US)

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.120.43.188 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

a.sportradarserving.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 194.213.62.34 (Brno, Czech Republic) 1 redirects

ASN5588 (GTSCE GTS Central Europe Antel Germany, CZ)

bbnaut.ibillboard.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.252.173.108 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)

adscale-emea.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.151 (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.109.78.125 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-109-78-125.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 72.251.244.142 (Amsterdam, Netherlands) 2 redirects

ASN29791 (VOXEL-DOT-NET, US)

tracking.m6r.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3034::6815:4466 (United States)

ASN13335 (CLOUDFLARENET, US)

images.getadmiral.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
50	primis.tech live.primis.tech video.primis.tech	4 MB
44	win.gg win.gg cdn-images.win.gg	586 KB
16	adscale.de 1 redirects js.adscale.de ih.adscale.de	17 KB
16	twitter.com platform.twitter.com syndication.twitter.com	370 KB
9	rubiconproject.com prebid-server.rubiconproject.com pixel-eu.rubiconproject.com pixel.rubiconproject.com eus.rubiconproject.com token.rubiconproject.com	12 KB
9	doubleclick.net 2 redirects googleads.g.doubleclick.net stats.g.doubleclick.net cm.g.doubleclick.net securepubads.g.doubleclick.net	7 KB
8	enormousearth.com enormousearth.com	241 KB
7	onetag-sys.com onetag-sys.com	3 KB
7	googleapis.com fonts.googleapis.com imasdk.googleapis.com	685 KB
7	google.com analytics.google.com www.google.com adservice.google.com	2 KB
6	adtelligent.com 2 redirects s.adtelligent.com sync.adtelligent.com	3 KB
6	outbrain.com widgets.outbrain.com widget-pixels.outbrain.com odb.outbrain.com	69 KB
5	adnxs.com 5 redirects secure.adnxs.com ib.adnxs.com adscale-emea.adnxs.com	5 KB
5	adtarget.com.tr s.console.adtarget.com.tr sync.console.adtarget.com.tr	3 KB
5	googlesyndication.com pagead2.googlesyndication.com	175 KB
4	adform.net 3 redirects cm.adform.net dmp.adform.net track.adform.net	2 KB
4	creativecdn.com 4 redirects creativecdn.com	1 KB
4	gstatic.com fonts.gstatic.com	103 KB
4	bidswitch.net 3 redirects x.bidswitch.net	1 KB
4	google-analytics.com www.google-analytics.com	55 KB
4	outbrainimg.com tcheck.outbrainimg.com log.outbrainimg.com	1 KB
3	mathtag.com 3 redirects sync.mathtag.com	2 KB
3	casalemedia.com 3 redirects ssum-sec.casalemedia.com ssum.casalemedia.com	3 KB
3	pubmatic.com ads.pubmatic.com image6.pubmatic.com	11 KB
3	google.de www.google.de	736 B
3	hotjar.com static.hotjar.com script.hotjar.com vars.hotjar.com	67 KB
3	cheqzone.com ob.cheqzone.com obs.cheqzone.com	21 KB
2	m6r.eu 2 redirects tracking.m6r.eu	1 KB
2	sportradarserving.com 2 redirects a.sportradarserving.com	2 KB
2	adsrvr.org 2 redirects match.adsrvr.org	924 B
2	yahoo.com 2 redirects ups.analytics.yahoo.com	1 KB
2	admatic.com.tr cdn.admatic.com.tr	21 KB
2	e-planning.net 1 redirects ads.us.e-planning.net	404 B
2	openx.net 2 redirects u.openx.net	696 B
2	spotxchange.com 2 redirects sync.search.spotxchange.com	1 KB
2	amazon-adsystem.com c.amazon-adsystem.com	36 KB
2	googletagmanager.com www.googletagmanager.com	102 KB
2	twimg.com cdn.syndication.twimg.com pbs.twimg.com	4 KB
1	getadmiral.com images.getadmiral.com	1 KB
1	criteo.com 1 redirects dis.criteo.com	579 B
1	2mdn.net s0.2mdn.net	17 KB
1	ibillboard.com 1 redirects bbnaut.ibillboard.com	550 B
1	advertising.com pixel.advertising.com	125 B
1	trafmag.com t.trafmag.com	232 B
1	loopme.me 1 redirects csync.loopme.me	243 B
1	ensighten.com nexus.ensighten.com	271 B
1	sekindo.com live.sekindo.com	11 KB
1	adsafeprotected.com static.adsafeprotected.com	259 B
1	googleoptimize.com www.googleoptimize.com	36 KB
238	49

	Domain	Requested by
30	live.primis.tech	live.sekindo.com live.primis.tech win.gg
22	cdn-images.win.gg	win.gg
22	win.gg	win.gg
20	video.primis.tech	live.primis.tech win.gg
13	ih.adscale.de	1 redirects js.adscale.de ih.adscale.de
13	platform.twitter.com	win.gg platform.twitter.com
8	enormousearth.com	win.gg enormousearth.com
7	onetag-sys.com	s.adtelligent.com onetag-sys.com
5	sync.adtelligent.com	2 redirects s.adtelligent.com onetag-sys.com
5	pagead2.googlesyndication.com	win.gg pagead2.googlesyndication.com srcdoc
4	imasdk.googleapis.com	live.primis.tech imasdk.googleapis.com
4	sync.console.adtarget.com.tr	s.console.adtarget.com.tr s.adtelligent.com js.adscale.de
4	creativecdn.com	4 redirects
4	prebid-server.rubiconproject.com	live.primis.tech
4	fonts.gstatic.com	fonts.googleapis.com
4	x.bidswitch.net	3 redirects win.gg
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
4	widgets.outbrain.com	win.gg widgets.outbrain.com
3	securepubads.g.doubleclick.net	imasdk.googleapis.com
3	adservice.google.com	imasdk.googleapis.com
3	sync.mathtag.com	3 redirects
3	js.adscale.de	s.console.adtarget.com.tr js.adscale.de ih.adscale.de
3	fonts.googleapis.com	win.gg live.primis.tech enormousearth.com
3	www.google.de	win.gg
3	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
3	log.outbrainimg.com	widgets.outbrain.com
3	syndication.twitter.com	platform.twitter.com win.gg
2	tracking.m6r.eu	2 redirects
2	eus.rubiconproject.com	live.primis.tech eus.rubiconproject.com
2	a.sportradarserving.com	2 redirects
2	match.adsrvr.org	2 redirects
2	ups.analytics.yahoo.com	2 redirects
2	cm.g.doubleclick.net	2 redirects
2	dmp.adform.net	2 redirects
2	ib.adnxs.com	2 redirects
2	cdn.admatic.com.tr	s.console.adtarget.com.tr cdn.admatic.com.tr
2	ads.us.e-planning.net	1 redirects s.console.adtarget.com.tr
2	secure.adnxs.com	2 redirects
2	ssum-sec.casalemedia.com	2 redirects
2	u.openx.net	2 redirects
2	sync.search.spotxchange.com	2 redirects
2	ads.pubmatic.com	live.primis.tech s.console.adtarget.com.tr
2	c.amazon-adsystem.com	live.primis.tech c.amazon-adsystem.com
2	www.google.com	win.gg
2	analytics.google.com	www.googletagmanager.com
2	www.googletagmanager.com	win.gg www.googletagmanager.com
2	obs.cheqzone.com	ob.cheqzone.com win.gg
1	images.getadmiral.com
1	token.rubiconproject.com	eus.rubiconproject.com
1	dis.criteo.com	1 redirects
1	track.adform.net	1 redirects
1	ssum.casalemedia.com	1 redirects
1	adscale-emea.adnxs.com	1 redirects
1	s0.2mdn.net	imasdk.googleapis.com
1	bbnaut.ibillboard.com	1 redirects
1	pixel.advertising.com	onetag-sys.com
1	pixel.rubiconproject.com	onetag-sys.com
1	pixel-eu.rubiconproject.com	onetag-sys.com
1	t.trafmag.com	s.adtelligent.com
1	image6.pubmatic.com	ads.pubmatic.com
1	cm.adform.net	s.console.adtarget.com.tr
1	s.adtelligent.com	s.console.adtarget.com.tr
1	odb.outbrain.com	widgets.outbrain.com
1	csync.loopme.me	1 redirects
1	s.console.adtarget.com.tr	live.primis.tech
1	vars.hotjar.com	static.hotjar.com
1	script.hotjar.com	static.hotjar.com
1	nexus.ensighten.com	www.googletagmanager.com
1	static.hotjar.com	www.googletagmanager.com
1	live.sekindo.com	win.gg
1	pbs.twimg.com	win.gg
1	cdn.syndication.twimg.com	platform.twitter.com
1	ob.cheqzone.com	widgets.outbrain.com
1	static.adsafeprotected.com	win.gg
1	widget-pixels.outbrain.com	win.gg
1	tcheck.outbrainimg.com	widgets.outbrain.com
1	googleads.g.doubleclick.net	pagead2.googlesyndication.com
1	www.googleoptimize.com	win.gg
238	78

This site contains links to these domains. Also see Links.

Domain
winners.net
www.facebook.com
youtube.com
twitter.com
www.instagram.com
feeds.win.gg
winnersleague.gg
winners.bet
getadmiral.com

Subject Issuer	Validity	Valid
win.gg Amazon	`2021-06-14` - `2022-07-13`	a year	crt.sh
*.outbrain.com DigiCert SHA2 Secure Server CA	`2021-05-25` - `2022-06-01`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-06-07` - `2021-08-30`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-06-07` - `2021-08-30`	3 months	crt.sh
enormousearth.com R3	`2021-05-19` - `2021-08-17`	3 months	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-05` - `2021-11-09`	a year	crt.sh
syndication.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
*.outbrainimg.com DigiCert SHA2 Secure Server CA	`2021-05-04` - `2022-05-09`	a year	crt.sh
static.adsafeprotected.com Amazon	`2021-01-06` - `2022-02-04`	a year	crt.sh
*.cheqzone.com Amazon	`2021-02-21` - `2022-03-22`	a year	crt.sh
obs.cheqzone.com R3	`2021-06-14` - `2021-09-12`	3 months	crt.sh
www.sekindo.com Go Daddy Secure Certificate Authority - G2	`2021-05-11` - `2021-11-28`	7 months	crt.sh
*.hotjar.com Amazon	`2020-12-25` - `2022-01-23`	a year	crt.sh
nexus.ensighten.com DigiCert SHA2 Secure Server CA	`2020-09-09` - `2021-10-11`	a year	crt.sh
*.google.com GTS CA 1C3	`2021-06-07` - `2021-08-30`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-06-07` - `2021-08-30`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-06-07` - `2021-08-30`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2020-08-04` - `2021-08-02`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-06-07` - `2021-08-30`	3 months	crt.sh
*.pubmatic.com DigiCert SHA2 Secure Server CA	`2021-03-30` - `2022-04-04`	a year	crt.sh
s.console.adtarget.com.tr ZeroSSL ECC Domain Secure Site CA	`2021-06-02` - `2021-08-31`	3 months	crt.sh
*.primis.tech Amazon	`2021-04-22` - `2022-05-21`	a year	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2020-04-23` - `2022-05-04`	2 years	crt.sh
*.gstatic.com GTS CA 1C3	`2021-06-07` - `2021-08-30`	3 months	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2020-12-18` - `2022-01-18`	a year	crt.sh
s.adtelligent.com ZeroSSL ECC Domain Secure Site CA	`2021-06-06` - `2021-09-04`	3 months	crt.sh
sync.console.adtarget.com.tr R3	`2021-06-01` - `2021-08-30`	3 months	crt.sh
ads.us.e-planning.net R3	`2021-05-24` - `2021-08-22`	3 months	crt.sh
*.adscale.de Amazon	`2020-09-06` - `2021-10-06`	a year	crt.sh
*.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2021-05-28` - `2022-06-15`	a year	crt.sh
cdn.admatic.com.tr R3	`2021-06-29` - `2021-09-27`	3 months	crt.sh
onetag-sys.com R3	`2021-05-02` - `2021-07-31`	3 months	crt.sh
sync.adtelligent.com R3	`2021-06-05` - `2021-09-03`	3 months	crt.sh
*.trafmag.com Sectigo RSA Domain Validation Secure Server CA	`2021-06-10` - `2022-06-22`	a year	crt.sh
pixel.advertising.com DigiCert SHA2 High Assurance Server CA	`2021-03-01` - `2021-08-24`	6 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-06-07` - `2021-08-30`	3 months	crt.sh
getadmiral.com Cloudflare Inc ECC CA-3	`2021-05-13` - `2022-05-12`	a year	crt.sh

This page contains 30 frames:

Primary Page: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Frame ID: B2D095F042BAC02F87D6E718C41AA4EC
Requests: 120 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fwin.gg
Frame ID: 52CE74ED6B8FF7C1B6CA13B49607CB90
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210630/r20190131/zrt_lookup.html
Frame ID: 1B6AFBE4D953C143306535AE022D3060
Requests: 1 HTTP requests in this frame

Frame: https://widgets.outbrain.com/nanoWidget/externals/cookie/test.html
Frame ID: 991F162AF4ABD3B5083DA1168D6650D1
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/embed/Tweet.html?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1205235849438171136&lang=en&origin=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&sessionId=194ce5f3771b522eb59dea5099a71b143f90ff5e&siteScreenName=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Frame ID: BFFA2AAC96436B8CC1FB8C2A2FE18CC4
Requests: 14 HTTP requests in this frame

Frame: https://live.primis.tech/live/liveView.php?s=104669&cbuster=[CACHE_BUSTER]&pubUrl=[PAGE_URL_ENCODED]&subId=[SUBID_ENCODED]&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed2011jiuskxrn&csuuid=60e29da741a7d&r_csuuid=1&cbuster=1625464231&pubUrlAuto=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&videoType=flow&floatWidth=400&floatHeight=225&floatDirection=br&floatVerticalOffset=110&floatHorizontalOffset=1&floatCloseBtn=1&flowMode=below&flowCloseButtonPosition=right
Frame ID: FF875698480177A8055EACA0BBB95BCF
Requests: 25 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Frame ID: F96F01B1F2EAF27549D9C009FF3EF7C6
Requests: 1 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Roboto&display=swap
Frame ID: 0D71CB87F6E953C325486EA7EB813E1F
Requests: 12 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D60e29da741a7d%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D1%26gdpr_consent%3D
Frame ID: A344683E28317EC854AA11FFC8E167FC
Requests: 2 HTTP requests in this frame

Frame: https://live.primis.tech/live/liveCS.php?source=external&csuuid=60e29da741a7d&pixel=&advId=94&advUuid=e8d1a525-dd54-11eb-8a5c-1f057aaa0406
Frame ID: 0CAB3CD88C1A8C7655C984D453C09A3C
Requests: 1 HTTP requests in this frame

Frame: https://live.primis.tech/live/liveCS.php?source=external&csuuid=60e29da741a7d&pixel=&advId=98&advUuid=6883cabb-6e94-4edc-bdf0-27155ebb4234
Frame ID: DE8DB7DB05F399A2E3AF57A63665BC82
Requests: 1 HTTP requests in this frame

Frame: https://s.console.adtarget.com.tr/sync.html?aid=556966
Frame ID: 97C7AADF3CFCAD219071502974C5AD32
Requests: 2 HTTP requests in this frame

Frame: https://s.adtelligent.com/sync.html?aid=609724
Frame ID: 79B7BB440B80D8E98E397533E3883924
Requests: 4 HTTP requests in this frame

Frame: https://sync.console.adtarget.com.tr/csync?t=a&ep=307080&extuid=46bQQaGJlboBCne13r92&pi=admatic&tc=1
Frame ID: 45DCFDC9C896D6D93557728AF9553BEA
Requests: 1 HTTP requests in this frame

Frame: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Frame ID: 50F904E93A3B9A7B193B201DF0791EDD
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307406%26extuid%3D
Frame ID: F6A6C75006898813EBFE4DA0862514CB
Requests: 1 HTTP requests in this frame

Frame: https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
Frame ID: C11D997A0552C305D16D136AD4E3CAE0
Requests: 5 HTTP requests in this frame

Frame: https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307457%26extuid%3D%24UID
Frame ID: 8C1E97C86CCB538B840C3577D36BAE52
Requests: 1 HTTP requests in this frame

Frame: https://cdn.admatic.com.tr/user
Frame ID: 0E6EB20498D65A27F82FA722E6D348D2
Requests: 2 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=59a18369e249bfb
Frame ID: 7FB888B505F2F477629FCFDDA06D73BC
Requests: 11 HTTP requests in this frame

Frame: https://sync.adtelligent.com/csync?t=a&ep=307355&extuid=46bQQaGJlboBCne13r92&pi=adtelligent&tc=1
Frame ID: 610A6D7AF6FE7DE933F110D83B1017E6
Requests: 1 HTTP requests in this frame

Frame: https://widgets.outbrain.com/widgetOBUserSync/obUserSync.html
Frame ID: 21690A77DA35288FFD4A752107B3E36B
Requests: 1 HTTP requests in this frame

Frame: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Frame ID: D439C36284A7FF4ED2BBE104B9D7EB38
Requests: 11 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.470.1_en.html
Frame ID: EBCF7F5FBFDD34D4F4214A03E471BE77
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 8A2F3D84B9A52C45F17D346D154AAB4F
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?gdpr=1&gdpr_consent=
Frame ID: 887CC02C6BC9B6FC8CF09184E51C84D7
Requests: 3 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.470.1_en.html
Frame ID: EE84C6480F23730BC5756AE4CC1B6C54
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: ED8845C2A5C174AB64A53CD75C05FF51
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.470.1_en.html
Frame ID: D67B219D7A62C38B99AB9CB12850BABF
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: AAD36A2C95C25489E697D590C971B8F4
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Outbrain (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /widgets\.outbrain\.com\/outbrain\.js/i

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/platform\.twitter\.com\/widgets\.js/i

Page Statistics

238
Requests

98 %
HTTPS

29 %
IPv6

49
Domains

78
Subdomains

54
IPs

10
Countries

7068 kB
Transfer

12714 kB
Size

0
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: https://winners.net/?utm_source=wingg&utm_medium=banner&utm_campaign=winggparnter

Search URL Search Domain Scan URL

URL: https://www.facebook.com/officialWINgg/

Search URL Search Domain Scan URL

URL: http://youtube.com/c/wingg

Search URL Search Domain Scan URL

URL: https://twitter.com/officialWINgg

Search URL Search Domain Scan URL

URL: https://www.instagram.com/officialwingg/

Search URL Search Domain Scan URL

URL: https://feeds.win.gg/news/rss

Search URL Search Domain Scan URL

URL: https://winners.net/

Search URL Search Domain Scan URL

URL: https://winnersleague.gg/

Search URL Search Domain Scan URL

URL: https://winners.bet/

Search URL Search Domain Scan URL

URL: https://getadmiral.com/pb/?utm_source=win.gg&utm_medium=pb&session=4-75ea71b2-a74d3b45a2539be20a71623ae0e69c2d-6763652d6575726f70652d7765737431-60e29daa-0
Title: Powered By

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 107

https://sync.search.spotxchange.com/partner?adv_id=8805&redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D60e29da741a7d%26pixel%3D%26advId%3D94%26advUuid%3D%24SPOTX_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=8805&redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D60e29da741a7d%26pixel%3D%26advId%3D94%26advUuid%3D%24SPOTX_USER_ID&__user_check__=1&sync_id=e8d1a56e-dd54-11eb-8a5c-1f057aaa0406 HTTP 302
https://live.primis.tech/live/liveCS.php?source=external&csuuid=60e29da741a7d&pixel=&advId=94&advUuid=e8d1a525-dd54-11eb-8a5c-1f057aaa0406

Request Chain 108

https://u.openx.net/w/1.0/cm?id=476b50d3-5ccf-49a1-89b8-1ddf8ea18042&r=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D60e29da741a7d%26pixel%3D%26advId%3D98%26advUuid%3D HTTP 302
https://u.openx.net/w/1.0/cm?cc=1&id=476b50d3-5ccf-49a1-89b8-1ddf8ea18042&r=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D60e29da741a7d%26pixel%3D%26advId%3D98%26advUuid%3D HTTP 302
https://live.primis.tech/live/liveCS.php?source=external&csuuid=60e29da741a7d&pixel=&advId=98&advUuid=6883cabb-6e94-4edc-bdf0-27155ebb4234

Request Chain 126

https://csync.loopme.me/?redirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D60e29da741a7d%26pixel%3D%26advId%3D93%26advUuid%3D%7Bdevice_id%7D HTTP 307
https://live.primis.tech/live/liveCS.php?source=external&csuuid=60e29da741a7d&pixel=&advId=93&advUuid=0735dca2-6bbb-439c-a38e-63b77f3a8387

Request Chain 127

https://ssum-sec.casalemedia.com/usermatchredir?s=192962&cb=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D60e29da741a7d%26pixel%3D%26advId%3D99%26advUuid%3D HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D60e29da741a7d%26pixel%3D%26advId%3D99%26advUuid%3D&s=192962&C=1 HTTP 302
https://live.primis.tech/live/liveCS.php?source=external&csuuid=60e29da741a7d&pixel=&advId=99&advUuid=YOKdp6sxgYtohR9lC5KJ9wAAAU8AAAAB

Request Chain 128

https://secure.adnxs.com/getuid?https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D60e29da741a7d%26pixel%3D%26advId%3D105%26advUuid%3D%24UID HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Flive.primis.tech%252Flive%252FliveCS.php%253Fsource%253Dexternal%2526csuuid%253D60e29da741a7d%2526pixel%253D%2526advId%253D105%2526advUuid%253D%2524UID HTTP 302
https://live.primis.tech/live/liveCS.php?source=external&csuuid=60e29da741a7d&pixel=&advId=105&advUuid=5397176225586167585

Request Chain 135

https://creativecdn.com/cm-notify?pi=admatic HTTP 302
https://creativecdn.com/cm-notify?pi=admatic&tc=1 HTTP 302
https://sync.console.adtarget.com.tr/csync?t=a&ep=307080&extuid=46bQQaGJlboBCne13r92&pi=admatic&tc=1

Request Chain 136

https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID HTTP 302
https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID

Request Chain 142

https://ih.adscale.de/uu?cbfn=receive&t=1625464231 HTTP 302
https://ih.adscale.de/uu?cbfn=receive&t=1625464231&nut&uu=d4957de4777544728fa7c8a2dec10706

Request Chain 148

https://creativecdn.com/cm-notify?pi=adtelligent HTTP 302
https://creativecdn.com/cm-notify?pi=adtelligent&tc=1 HTTP 302
https://sync.adtelligent.com/csync?t=a&ep=307355&extuid=46bQQaGJlboBCne13r92&pi=adtelligent&tc=1

Request Chain 149

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D297253%26extuid%3D%24UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fsync.adtelligent.com%252Fcsync%253Ft%253Da%2526ep%253D297253%2526extuid%253D%2524UID HTTP 302
https://sync.adtelligent.com/csync?t=a&ep=297253&extuid=3451754271499631240

Request Chain 150

https://sync.adtelligent.com/csync?&redir=https%3A%2F%2Ft.trafmag.com%2Fimages%2Fimages%2F1px-matching-adtelligent.gif%3Fid%3D%7Buid%7D HTTP 302
https://t.trafmag.com/images/images/1px-matching-adtelligent.gif?id=8cf1c054735dcf4d

Request Chain 151

https://sync.adtelligent.com/csync?redir=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D322988%26extuid%3D%7Buid%7D HTTP 302
https://sync.console.adtarget.com.tr/csync?t=a&ep=322988&extuid=8cf1c054735dcf4d

Request Chain 155

https://sync.mathtag.com/sync/img?mt_exid=75&redir=%2F%2Fonetag-sys.com%2Fsync%2Fi%2C1%2F%5BMM_UUID%5D HTTP 302
https://onetag-sys.com/sync/i,1/f8da60e2-9da8-4600-aaa9-47e4d2fc8e53

Request Chain 157

https://dmp.adform.net/serving/cookie/match?party=1167&cid=rsfFxknNLwhVZh82E2dHDvxdhoruLsfOmvKbHCW-n5g HTTP 302
https://dmp.adform.net/serving/cookie/match?CC=1&party=1167&cid=rsfFxknNLwhVZh82E2dHDvxdhoruLsfOmvKbHCW-n5g HTTP 302
https://onetag-sys.com/sync/i,34/8122476445970049220

Request Chain 158

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_cm&no_r=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_cm=&no_r=1&google_tc= HTTP 302
https://onetag-sys.com/sync/i,19/?no_r=1&google_gid=CAESEDIlBCHu5jAI3U0D9F7kFHg&google_cver=1

Request Chain 161

https://ups.analytics.yahoo.com/ups/58488/occ HTTP 302
https://ups.analytics.yahoo.com/ups/58488/occ?verify=true HTTP 302
https://onetag-sys.com/match/?int_id=92&uid=y-DNiJ7WFE2uHN9dkKio8nHxwcRW49L5tfx9z6rFc-~A

Request Chain 162

https://match.adsrvr.org/track/cmf/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=1&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=1&gdpr_consent= HTTP 302
https://onetag-sys.com/sync/i,29/?tdid=fa5472f2-627a-4f7f-a562-6f6587649a9a&ttl=1628056232

Request Chain 163

https://x.bidswitch.net/sync?ssp=onetag HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=onetag HTTP 302
https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=onetag HTTP 302
https://a.sportradarserving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=onetag HTTP 302
https://x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=1&user_id=2e402450-bd1d-494c-92bb-b427dc764f1c&ssp=onetag HTTP 302
https://onetag-sys.com/match/?int_id=30&uid=ea0e900c-90e5-4b74-bd18-a6bba479d419&gdpr=&gdpr_consent=&us_privacy=

Request Chain 172

https://bbnaut.ibillboard.com/match/AdScale?partneruid=d4957de4777544728fa7c8a2dec10706&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Fdeed9b8eb7b341129cbc893a8ce4ec94%2F1625464232097%2F0%2Fimg%3Ftpid%3D101%26tpuid%3DIBB_USER_ID&gdpr=0 HTTP 302
https://ih.adscale.de/sium/deed9b8eb7b341129cbc893a8ce4ec94/1625464232097/0/img?tpid=101&tpuid=BBID-01-03001782325523065-16332120

Request Chain 181

https://sync.mathtag.com/sync/img?mt_exid=26&redir=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D108%26tpuid%3D%5BMM_UUID%5D&uid=6fc98432d644e24461f89eff102001ebac2ab02df8dddd3de28e4bf369d3964b&tpid=108&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Fdeed9b8eb7b341129cbc893a8ce4ec94%2F1625464232097%2F0%2Fimg&gdpr=0 HTTP 302
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=108&tpuid=f8da60e2-9da8-4600-aaa9-47e4d2fc8e53&gdpr=0&gdpr_consent=

Request Chain 182

https://adscale-emea.adnxs.com/getuid?https%3A%2F%2Fih.adscale.de%2Fsium%2Fdeed9b8eb7b341129cbc893a8ce4ec94%2F1625464232097%2F0%2Fimg%3Ftpid%3D75%26tpuid%3D%24UID&gdpr=0 HTTP 302
https://ih.adscale.de/sium/deed9b8eb7b341129cbc893a8ce4ec94/1625464232097/0/img?tpid=75&tpuid=3451754271499631240&gdpr=0

Request Chain 183

https://ssum.casalemedia.com/usermatchredir?s=183592&cb=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D63%26tpuid%3D__UID__&uid=a2b67f4e739957defe8c4410f1dd29a31f74400ae3836d2d5475a43249c6c4e6&tpid=63&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Fdeed9b8eb7b341129cbc893a8ce4ec94%2F1625464232097%2F0%2Fimg&gdpr=0 HTTP 302
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?gdpr=0&tpid=63&tpuid=YOKdp6sxgYtohR9lC5KJ9wAA%26335

Request Chain 186

https://track.adform.net/serving/cookie/match/?party=9&uid=eb2b6d9b4e2ebb3a80fecb0de2a30033a4afb79bc16986d30a6281c704d57446&tpid=42&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Fdeed9b8eb7b341129cbc893a8ce4ec94%2F1625464232097%2F0%2Fimg&gdpr=0 HTTP 302
https://ih.adscale.de/sium/deed9b8eb7b341129cbc893a8ce4ec94/1625464232097/0/img?tpid=42&gdpr=0&tpuid=8122476445970049220

Request Chain 187

https://dis.criteo.com/dis/usersync.aspx?r=17&p=32&cp=adscale&url=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D40%26tpuid%3D%40%40CRITEO_USERID%40%40&uid=aa2b29d1e745d0877c0239191a214acfea8869e8f01c2da34e39aa7c966eaeb8&tpid=40&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Fdeed9b8eb7b341129cbc893a8ce4ec94%2F1625464232097%2F0%2Fimg&gdpr=0 HTTP 302
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=f81cb7f5-f494-4a30-9e22-bb42a201f302

Request Chain 189

https://sync.mathtag.com/sync/img?mt_exid=26&redir=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D39%26tpuid%3D%5BMM_UUID%5D&uid=518ba796c0662bd1120ae6f6eb4ddd603a8cbac267c63b96f09d1418ab38059f&tpid=39&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Fdeed9b8eb7b341129cbc893a8ce4ec94%2F1625464232097%2F0%2Fimg&gdpr=0 HTTP 302
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=3c3960e2-9da9-4500-b4c2-5b2946442c23&gdpr=0&gdpr_consent=

Request Chain 192

https://tracking.m6r.eu/sync/adscaleRedirect?gdprFallback=true&uid=f84faf435f7829bd225d10514f52defbacb6905409015a59827694acd1ff0ccb&tpid=48&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Fdeed9b8eb7b341129cbc893a8ce4ec94%2F1625464232097%2F0%2Fjs&gdpr=0 HTTP 302
https://tracking.m6r.eu/sync/adscaleRedirect?gdprFallback=true&uid=f84faf435f7829bd225d10514f52defbacb6905409015a59827694acd1ff0ccb&tpid=48&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Fdeed9b8eb7b341129cbc893a8ce4ec94%2F1625464232097%2F0%2Fjs&gdpr=0&checkcookies=true HTTP 302
https://ih.adscale.de/sium/deed9b8eb7b341129cbc893a8ce4ec94/1625464232097/0/js?tpid=48&tpuid=53faffb43605d61b7a2316fa22458caa

238 HTTP transactions
-4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request has-corpse-husband-ever-shown-his-face-question-mark-we-investigate Show response
win.gg/news/7999/ 101 KB
28 KB 1826ms
1241ms Document
text/html 52.35.68.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.35.68.139 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-35-68-139.us-west-2.compute.amazonaws.com

Software

nginx / Next.js

Resource Hash

2d3558c1c2cedb1ae3f1eef8467a1b7f6f643a86506d979d9024e824a1918a1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: win.gg
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Mon, 05 Jul 2021 05:50:29 GMT
ETag: "1946e-x6iO6rxjIO7mUA5EygZ9Oz3K+CI"
Server: nginx
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Powered-By: Next.js
X-Xss-Protection: 1; mode=block
transfer-encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK styles.569076bd.chunk.css
win.gg/_next/static/css/ 74 KB
8 KB 244ms
239ms Stylesheet
text/css 52.35.68.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://win.gg/_next/static/css/styles.569076bd.chunk.css

Requested by

Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.35.68.139 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-35-68-139.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

9c3500c6354d6cca5ebe517dfad92ce8a1204579f9467cca0edd1a6d7a5b692e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: win.gg
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Connection: keep-alive
Referer: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Jul 2021 05:50:30 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
x-amz-request-id: AV3V1EQV9QKVQGNY
x-amz-id-2: G+sT2FyxaEPFAvi7BuChBAPhUOwV1R3LJ9/yN9AZWGRV2CznhIyJmPG0PpsVv3JNVjJVqwL6850=
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 7617
X-Xss-Protection: 1; mode=block
Last-Modified: Mon, 17 May 2021 09:48:50 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: W/"5778f3f466763d7dfaa5766d86830e24"
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Content-Type: text/css
Cache-Control: public, max-age=31536000, immutable

GET
H/1.1 200
OK e131c285e681484cc2b42095c01ea9fecf46b257_CSS.af726f49.chunk.css
win.gg/_next/static/css/ 55 KB
6 KB 465ms
221ms Stylesheet
text/css 52.35.68.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://win.gg/_next/static/css/e131c285e681484cc2b42095c01ea9fecf46b257_CSS.af726f49.chunk.css

Requested by

Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.35.68.139 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-35-68-139.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

4bdfb79288321fe816d8e3e70c46bbba6fc703993b83f2d64a150439517a2dbd

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: win.gg
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Connection: keep-alive
Referer: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Jul 2021 05:50:30 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
x-amz-request-id: AV3RG6NKXER1RJZY
x-amz-id-2: OuNe2hfAgIF8mwTuwhSBZKQdh1JeehnnKO01pVZHXF1nH8nQ+O4JXP06Ccot9Smpt4R60aCPtFY=
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 5148
X-Xss-Protection: 1; mode=block
Last-Modified: Mon, 17 May 2021 09:48:50 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: W/"ea29ea636391d508f3149424c6971e19"
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Content-Type: text/css
Cache-Control: public, max-age=31536000, immutable

GET
H/1.1 200
OK main-2535a1540cb8fa18d291.js Show response
win.gg/_next/static/chunks/ 17 KB
7 KB 593ms
218ms Script
application/javascript 52.35.68.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://win.gg/_next/static/chunks/main-2535a1540cb8fa18d291.js

Requested by

Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.35.68.139 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-35-68-139.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

51459bc6ffe473ac67f7b4a7342c9450f7a2958256f07e8c544f08d923041761

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: win.gg
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Connection: keep-alive
Referer: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Jul 2021 05:50:30 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
x-amz-request-id: AV3XS20SGNB8G7CC
x-amz-id-2: Xj/typtQYDcGCkfGSMD2MDxk3zhcyO1n8w+oV9zTZkMYAkR4btxK0aVorVcjAL5Hem4LeA6FQH8=
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 6839
X-Xss-Protection: 1; mode=block
Last-Modified: Mon, 17 May 2021 09:48:50 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: W/"8497f5cc1c5dbb7896681fdda0054f7c"
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Content-Type: application/javascript
Cache-Control: public, max-age=31536000, immutable

GET
H/1.1 200
OK webpack-6db12db89a1040fb7fdf.js Show response
win.gg/_next/static/chunks/ 3 KB
2 KB 583ms
207ms Script
application/javascript 52.35.68.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://win.gg/_next/static/chunks/webpack-6db12db89a1040fb7fdf.js

Requested by

Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.35.68.139 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-35-68-139.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

90805ba88e5c4c373b911c96d62b1d6a8bd6f496fa8ae838d600a4fb71618877

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: win.gg
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Connection: keep-alive
Referer: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Jul 2021 05:50:30 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
x-amz-request-id: AV3RX15DVC5Q59VC
x-amz-id-2: OWVEc3WeHZvLMZPdKj780JoWVFtiWp5RNs6llBRdANINx+hryNBQ2aqGr+ewCeZAuWaTzOMpvp0=
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 1513
X-Xss-Protection: 1; mode=block
Last-Modified: Mon, 17 May 2021 09:48:50 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: W/"9d24e877c6d3d73fc45901bebac1c635"
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Content-Type: application/javascript
Cache-Control: public, max-age=31536000, immutable

GET
H/1.1 200
OK framework.33edf24cd040bcfe1fae.js Show response
win.gg/_next/static/chunks/ 129 KB
48 KB 753ms
374ms Script
application/javascript 52.35.68.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://win.gg/_next/static/chunks/framework.33edf24cd040bcfe1fae.js

Requested by

Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.35.68.139 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-35-68-139.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

782a87bd18241cdd7b1e30f3502d78d342c47dd564333ab5f775c22e8dfbf0e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: win.gg
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Connection: keep-alive
Referer: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Jul 2021 05:50:30 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
x-amz-request-id: AV3NQ8734SDRFFWC
transfer-encoding: chunked
x-amz-id-2: zIeGYGvy6lk5x+pz3fGK7A8LPqzHpWLcdUcLhvGLtmbsvYVuSIc3prP+wwS22Fmotfo0TlZ7e5M=
Connection: keep-alive
Vary: Accept-Encoding
X-Xss-Protection: 1; mode=block
Last-Modified: Mon, 17 May 2021 09:48:50 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: W/"b1be9c5075da3ba15338016a9d40e146"
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Content-Type: application/javascript
Cache-Control: public, max-age=31536000, immutable

GET
H/1.1 200
OK commons.4e5d3f2c1dd3e30dc1e6.js Show response
win.gg/_next/static/chunks/ 40 KB
15 KB 755ms
376ms Script
application/javascript 52.35.68.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://win.gg/_next/static/chunks/commons.4e5d3f2c1dd3e30dc1e6.js

Requested by

Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.35.68.139 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-35-68-139.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

7bad3757a05d7c6a22c30127a3be33478dd8fc8cef294a96a38487e1f8dad179

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: win.gg
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Connection: keep-alive
Referer: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Jul 2021 05:50:30 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
x-amz-request-id: AV3TSP603E0SNHET
x-amz-id-2: j5WwLfywmHUtaDlSu0P8CUZIfHXOiwzKNcyPwrHUulMHuFTTujtoJ2Wl3l+Op1CYEhHcLpti/sk=
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 15160
X-Xss-Protection: 1; mode=block
Last-Modified: Mon, 17 May 2021 09:48:50 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: W/"83c4dfe7eb1e099ce5de9b4b263351bf"
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Content-Type: application/javascript
Cache-Control: public, max-age=31536000, immutable

GET
H/1.1 200
OK 621eed9ee291de38e4d94d5fe17029d666781a61.16d5dfae4b12d556990c.js Show response
win.gg/_next/static/chunks/ 59 KB
21 KB 754ms
374ms Script
application/javascript 52.35.68.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://win.gg/_next/static/chunks/621eed9ee291de38e4d94d5fe17029d666781a61.16d5dfae4b12d556990c.js

Requested by

Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.35.68.139 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-35-68-139.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

fc57e92d2e36700dae12e71b5d6bda0529af71454b6cde671e7ba75f8f959a7b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: win.gg
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Connection: keep-alive
Referer: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Jul 2021 05:50:30 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
x-amz-request-id: AV3KGR608K3CZYHN
x-amz-id-2: QbH5IlZXFzA1dLhNO85SpXVsFckuk4UJD3NMZhbMsmRuySQcWvNmr08wClnGV4Tr3zwUbEp/5Zk=
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20502
X-Xss-Protection: 1; mode=block
Last-Modified: Mon, 17 May 2021 09:48:50 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: W/"328abead0439c21b64ba8377d808013e"
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Content-Type: application/javascript
Cache-Control: public, max-age=31536000, immutable

GET
H/1.1 200
OK styles.c2ece2ab1b92d9900338.js Show response
win.gg/_next/static/chunks/ 396 B
1006 B 680ms
216ms Script
application/javascript 52.35.68.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://win.gg/_next/static/chunks/styles.c2ece2ab1b92d9900338.js

Requested by

Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.35.68.139 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-35-68-139.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

e2679a03abad1a4b61c41a3f39ea558d811bd68cbd9ac19a3217071a76db497a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: win.gg
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Connection: keep-alive
Referer: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Jul 2021 05:50:30 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 17 May 2021 09:48:50 GMT
Server: nginx
x-amz-request-id: AV3ZVJYH74JMT2EW
ETag: "8de3a3967bc8b1255a2793c2ec7f5e7b"
X-Frame-Options: SAMEORIGIN
Connection: keep-alive
Content-Type: application/javascript
Cache-Control: public, max-age=31536000, immutable
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Accept-Ranges: bytes
Content-Length: 396
X-Xss-Protection: 1; mode=block
x-amz-id-2: APAjelSpiJ9m8qUQKZs5gNuEXPEvy2+r/mESyMYHs8gRBr3yQscdCyRiIUodR33VJy7P49xNXkk=

GET
H/1.1 200
OK _app-6998b01168da29ea278b.js Show response
win.gg/_next/static/chunks/pages/ 52 KB
22 KB 952ms
369ms Script
application/javascript 52.35.68.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://win.gg/_next/static/chunks/pages/_app-6998b01168da29ea278b.js

Requested by

Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.35.68.139 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-35-68-139.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

dca18eb730e3977305cdb36680103281682133622b49458399bc539727da487a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: win.gg
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Connection: keep-alive
Referer: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Jul 2021 05:50:30 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
x-amz-request-id: AV3TEAAFDD8T80RW
x-amz-id-2: ATPsxljaAR9t6Yf2g2vEp/PB8qfAfVcuVEqkMrG2JOggZR4gsc6vRsfwhq9Rs6eSK3MsX/VEedg=
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 21782
X-Xss-Protection: 1; mode=block
Last-Modified: Mon, 17 May 2021 09:48:50 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: W/"59e81eb7b25b6ea971b3c7a7a30afc04"
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Content-Type: application/javascript
Cache-Control: public, max-age=31536000, immutable

GET
H/1.1 200
OK e131c285e681484cc2b42095c01ea9fecf46b257.b42f3f9b1c991b864bea.js Show response
win.gg/_next/static/chunks/ 177 KB
61 KB 812ms
220ms Script
application/javascript 52.35.68.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://win.gg/_next/static/chunks/e131c285e681484cc2b42095c01ea9fecf46b257.b42f3f9b1c991b864bea.js

Requested by

Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.35.68.139 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-35-68-139.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

ffdd35d15d7c994f9ec3ef787be1438de07081f4d5440cbb7b8562124b25ba8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: win.gg
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Connection: keep-alive
Referer: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Jul 2021 05:50:30 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
x-amz-request-id: AV3HT4WTS3CHW1VE
transfer-encoding: chunked
x-amz-id-2: Ul1PtD5x9JyKT4uc9cac4bKQ2+xHuRA9R723mvJiffwGvgnhbCdhVce5MsYdHboKVHPtFs2Re8k=
Connection: keep-alive
Vary: Accept-Encoding
X-Xss-Protection: 1; mode=block
Last-Modified: Mon, 17 May 2021 09:48:50 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: W/"5b58a58da5700e652424aeb8425bd4de"
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Content-Type: application/javascript
Cache-Control: public, max-age=31536000, immutable

GET
H/1.1 200
OK e131c285e681484cc2b42095c01ea9fecf46b257_CSS.a83a6a4548b93404854d.js Show response
win.gg/_next/static/chunks/ 69 B
678 B 885ms
205ms Script
application/javascript 52.35.68.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://win.gg/_next/static/chunks/e131c285e681484cc2b42095c01ea9fecf46b257_CSS.a83a6a4548b93404854d.js

Requested by

Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.35.68.139 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-35-68-139.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

856ab159a9a6cbdc7beb72fc35086e839adb48361d197135a92809e95b875345

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: win.gg
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Connection: keep-alive
Referer: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Jul 2021 05:50:30 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 17 May 2021 09:48:50 GMT
Server: nginx
x-amz-request-id: AV3TH04RDH8F6BAG
ETag: "99e6d6dc6704694222e663251c1f8deb"
X-Frame-Options: SAMEORIGIN
Connection: keep-alive
Content-Type: application/javascript
Cache-Control: public, max-age=31536000, immutable
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Accept-Ranges: bytes
Content-Length: 69
X-Xss-Protection: 1; mode=block
x-amz-id-2: jAI1mbbuCyQl7uzEAkPyzRUa2MJ2XA83eZcQiwIXhpU97zQoHY+Jb8hiGF3wz1hWBH4b7mUJlc8=

GET
H/1.1 200
OK 5bf10f1e6e180613e463bd3c60eceebb6933729b.004bacf3a5329b318e71.js Show response
win.gg/_next/static/chunks/ 36 KB
14 KB 978ms
223ms Script
application/javascript 52.35.68.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://win.gg/_next/static/chunks/5bf10f1e6e180613e463bd3c60eceebb6933729b.004bacf3a5329b318e71.js

Requested by

Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.35.68.139 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-35-68-139.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

e5c8cfe628899742b1717332ff98e584ed9d447a5ab7286dc09e0a70200cc803

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: win.gg
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Connection: keep-alive
Referer: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Jul 2021 05:50:30 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
x-amz-request-id: AV3SB0DE5V711ARP
x-amz-id-2: 3+FCEkhgnvME9UAMOOmJc6EeWqU935WMHZP1wXGhRKWpeQ4QKeWtFDXDxAPGTRS68Ekn9YjTY2E=
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 13766
X-Xss-Protection: 1; mode=block
Last-Modified: Mon, 17 May 2021 09:48:50 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: W/"3690da8cfc836d8f4cc348ba1d2c1d5b"
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Content-Type: application/javascript
Cache-Control: public, max-age=31536000, immutable

GET
H/1.1 200
OK %5B%5B...article%5D%5D-c7e5f85e68fa46eb4afa.js Show response
win.gg/_next/static/chunks/pages/news/ 39 KB
12 KB 953ms
197ms Script
application/javascript 52.35.68.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://win.gg/_next/static/chunks/pages/news/%5B%5B...article%5D%5D-c7e5f85e68fa46eb4afa.js

Requested by

Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.35.68.139 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-35-68-139.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

4703e74548d17725c6b19435dea7c5a6360637bb7da29bba1cffb492a6021a36

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: win.gg
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Connection: keep-alive
Referer: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Jul 2021 05:50:30 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Mon, 17 May 2021 09:46:43 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: W/"9b25-17979b877b8"
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/javascript; charset=UTF-8
Cache-Control: public, max-age=31536000, immutable
transfer-encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Accept-Ranges: bytes
X-Xss-Protection: 1; mode=block

GET
H2 200 outbrain.js Show response
widgets.outbrain.com/ 177 KB
59 KB 168ms
56ms Script
application/x-javascript 2.18.234.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.outbrain.com/outbrain.js
Requested by: Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-190.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 688966c3a481f6f6867e350d3882f4df19687902adc581a4f6caf4770d18e11c

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:30 GMT
content-encoding: gzip
last-modified: Wed, 30 Jun 2021 12:53:56 GMT
etag: W/"2c50e-lPKvdY+1cKyywMPZ+2be1Wpw9nQ"
vary: Accept-Encoding
edge-cache-tag: widget-cheetah
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
x-traceid: bde731bed30d0807eb88fe1db4cbc31b
timing-allow-origin: *, *
content-length: 60102
expires: Mon, 05 Jul 2021 09:50:30 GMT

GET
H2 200 optimize.js Show response
www.googleoptimize.com/ 90 KB
36 KB 36ms
16ms Script
application/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleoptimize.com/optimize.js?id=GTM-T8SWN4K

Requested by

Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

82912c525b3b44cc4ffc7a55b8e4eaf43ecbd5fb70b1969511761f5ad2417056

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:29 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36451
x-xss-protection: 0
last-modified: Mon, 05 Jul 2021 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 05 Jul 2021 05:50:29 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 135 KB
48 KB 48ms
26ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

789d25597a48ee75857b4f804d9bc81fe5c0484b6f05cf76c3c6335948c41cb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48740
x-xss-protection: 0
server: cafe
etag: 4822591463873944812
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 05 Jul 2021 05:50:30 GMT

GET
H2 200 v2rgfDdndpl66h9VM1zLygfc-9xi0cneh2WrNivwmFGh1e6l2nA4mPoRTI_Qg4Mfb Show response
enormousearth.com/ 579 KB
107 KB 344ms
258ms Script
text/javascript 35.190.74.49
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://enormousearth.com/v2rgfDdndpl66h9VM1zLygfc-9xi0cneh2WrNivwmFGh1e6l2nA4mPoRTI_Qg4Mfb

Requested by

Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.74.49 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

49.74.190.35.bc.googleusercontent.com

Software

Resource Hash

b6117b1101275965523bf6436b7902222225c8dcb87030b5746584d2440e0a1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; preload
content-encoding: br
x-datacenter: gce-europe-west1
etag: "57f48889a053598ec2176759e50baa1a29646729935d4bea50e069335f94bcb5"
vary: Accept-Encoding, Accept-Language
x-hostname: 37b68176
content-type: text/javascript; charset=utf-8
cache-control: private, must-revalidate, max-age=21600
date: Mon, 05 Jul 2021 05:50:30 GMT
timing-allow-origin: *

GET
H2 200 v2ztixJtvvVyiUz7-FvleTsLgEWv_kdVMNFPIQ6a1oSXokOdPO8nGIbQ4hbwgeNBQaNiZqrflrsj4imLALA Show response
enormousearth.com/ 16 KB
6 KB 328ms
242ms Script
text/javascript 35.190.74.49
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://enormousearth.com/v2ztixJtvvVyiUz7-FvleTsLgEWv_kdVMNFPIQ6a1oSXokOdPO8nGIbQ4hbwgeNBQaNiZqrflrsj4imLALA

Requested by

Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.74.49 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

49.74.190.35.bc.googleusercontent.com

Software

Resource Hash

0cca3546f59f49f09cf513896a04fb439fd0d8a9c2067a0539e86d2f81af6ae8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; preload
content-encoding: gzip
x-datacenter: gce-europe-west1
etag: "38cac12f0c12431dcb9c5015e6f72f2375b920352ed57a2d49b24bade2cbe986"
vary: Accept-Encoding, Accept-Language
x-hostname: 37b68176
content-type: text/javascript; charset=utf-8
cache-control: private, must-revalidate, max-age=21600
date: Mon, 05 Jul 2021 05:50:30 GMT
timing-allow-origin: *

GET
H/1.1 200
OK _buildManifest.js Show response
win.gg/_next/static/e20cc898bca7c17f12bbcd528c18503d63a96871/ 1 KB
1 KB 205ms
205ms Script
application/javascript 52.35.68.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://win.gg/_next/static/e20cc898bca7c17f12bbcd528c18503d63a96871/_buildManifest.js

Requested by

Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.35.68.139 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-35-68-139.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

9a006d898f97d3e99147e94a9af12df0b7ae91402c7f66d6b9017f0a361dacd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: win.gg
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Cookie: usprivacy=1---
Connection: keep-alive
Referer: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Jul 2021 05:50:30 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
x-amz-request-id: AV3QG5SEXBSP4V7T
x-amz-id-2: +Xbj4CfpS9Nx7SVMgwzE7bPr87wUUL8D68aZzJX/5s7NNKK3hc9jztn6/Xgk9aZ9dpg/bwSW6Y4=
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 474
X-Xss-Protection: 1; mode=block
Last-Modified: Mon, 17 May 2021 09:48:50 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: W/"50fc08882afa7f0fe49271c9f26aa783"
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Content-Type: application/javascript
Cache-Control: public, max-age=31536000, immutable

GET
H/1.1 200
OK _ssgManifest.js Show response
win.gg/_next/static/e20cc898bca7c17f12bbcd528c18503d63a96871/ 76 B
685 B 204ms
204ms Script
application/javascript 52.35.68.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://win.gg/_next/static/e20cc898bca7c17f12bbcd528c18503d63a96871/_ssgManifest.js

Requested by

Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.35.68.139 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-35-68-139.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

653f3e53e89b4f8548ff86c19e92bb3c6b84b6be7485a320b1e00893ed877479

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: win.gg
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Cookie: usprivacy=1---
Connection: keep-alive
Referer: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Jul 2021 05:50:30 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 17 May 2021 09:48:50 GMT
Server: nginx
x-amz-request-id: AV3RHQDE6BQQ8TZP
ETag: "abee47769bf307639ace4945f9cfd4ff"
X-Frame-Options: SAMEORIGIN
Connection: keep-alive
Content-Type: application/javascript
Cache-Control: public, max-age=31536000, immutable
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Accept-Ranges: bytes
Content-Length: 76
X-Xss-Protection: 1; mode=block
x-amz-id-2: sN9PC1cENceAxftUQ2UBWtpjSYJLSLCLwCK0WRXhk97oj4NTJYQIcD9qmDU4ct/uglOeJL4o1cM=

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 95 KB
29 KB 28ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/674D) /
Resource Hash: a12b87855b6403c6f73092396d80541a6984aae03097a637769291d9cad15d19

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Jul 2021 05:50:30 GMT
Content-Encoding: gzip
Last-Modified: Wed, 28 Apr 2021 17:57:32 GMT
Server: ECS (frb/674D)
Age: 125
Etag: "9eb59e5602fef4b3ebf6090856ff21db+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 28779

GET
H/1.1 200
OK widget_iframe.06c6ee58c3810956b7509218508c7b56.html Show response
platform.twitter.com/widgets/ Frame 52CE 319 KB
103 KB 6ms
6ms Document
text/html 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fwin.gg
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BA) /
Resource Hash: 5f789ea36ae4671282524bda454709578d63b915b782c1e041132a7e726ff1c3

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://win.gg/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://win.gg/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 289335
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Mon, 05 Jul 2021 05:50:30 GMT
Etag: "dab7ee9ff99366614e06e117bab5e542+gzip"
Last-Modified: Wed, 28 Apr 2021 17:56:54 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/67BA)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 105298

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 52CE 256 B
441 B 264ms
157ms Fetch
application/json 104.244.42.200
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=194ce5f3771b522eb59dea5099a71b143f90ff5e

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fwin.gg

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.200 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

c9815821ab1442501b9e9bae3d4bc5730315d6a513c8b40141b2d47b76da1916

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:29 GMT
content-encoding: gzip
last-modified: Mon, 05 Jul 2021 05:50:30 GMT
server: tsa_o
vary: Origin
strict-transport-security: max-age=631138519
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
x-connection-hash: d598fcefd6035d224f2a03c5979014b70468db39bed591026ee27622a1f223ab
content-length: 176

GET
H2 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210630/r20190131/ 240 KB
89 KB 32ms
32ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210630/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-3008689639908773&plah=win.gg&amaexp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c107239496609ede285e80b91336c653f68e65956a25b489ef9b4d9591d07ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 91175
x-xss-protection: 0
server: cafe
etag: 16806287549005047208
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 05 Jul 2021 05:50:30 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210630/r20190131/ Frame 1B6A 10 KB
5 KB 25ms
5ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210630/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

20b3bad1427e2212dd847357841f993f025b5061c4af1d382dcc727e102cc1e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210630/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://win.gg/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://win.gg/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 05 Jul 2021 04:24:00 GMT
expires: Mon, 19 Jul 2021 04:24:00 GMT
content-type: text/html; charset=UTF-8
etag: 15579341980913220427
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4579
x-xss-protection: 0
age: 5190
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 put.html Show response
widgets.outbrain.com/nanoWidget/externals/cookie/ Frame 991F 416 B
798 B 63ms
63ms Document
text/html 2.18.234.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.outbrain.com/nanoWidget/externals/cookie/put.html
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-190.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 4f3b933077b738b503f7543ffc82fa0a061f0fe7d0ff1470865fde561a324bcc

Request headers

:method: GET
:authority: widgets.outbrain.com
:scheme: https
:path: /nanoWidget/externals/cookie/put.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://win.gg/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://win.gg/

Response headers

accept-ranges: bytes
content-type: text/html
etag: "c0311cf15c21ddda054005e92fad3f9e:1625058934.29122"
last-modified: Wed, 30 Jun 2021 12:53:14 GMT
server: AkamaiNetStorage
content-length: 416
cache-control: max-age=345600
date: Mon, 05 Jul 2021 05:50:30 GMT
timing-allow-origin: * *
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
set-cookie: akacd_widgets_routing=1625464230~rv=93~id=2b245af6d5671e2aed6c5f38cf248efb; path=/; Expires=Mon, 05 Jul 2021 05:50:30 GMT; Secure; SameSite=None

GET
H/1.1 200
OK d2luLmdn Show response
tcheck.outbrainimg.com/tcheck/check/ 15 B
461 B 167ms
53ms XHR
application/json 2.18.232.28
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tcheck.outbrainimg.com/tcheck/check/d2luLmdn
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.232.28 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-28.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 39d160e97e2bea07b0cf1c647259ffa4f0bd07069dba4e6c19a22d38b408510f

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Jul 2021 05:50:30 GMT
ETag: W/"f-ayLlCL3PuzXSThdu78iReSEjl6Y"
Access-Control-Max-Age: 43200
Access-Control-Allow-Methods: GET,POST
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=4655
Access-Control-Allow-Credentials: false
Connection: keep-alive
X-TraceId: b98cdd43752c60e0d9d3462f7e7f4ae5
Content-Length: 15
Expires: Mon, 05 Jul 2021 07:08:05 GMT

GET
H2 200 px.gif
widget-pixels.outbrain.com/widget/detect/ 43 B
451 B 56ms
55ms Image
image/gif 2.18.234.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widget-pixels.outbrain.com/widget/detect/px.gif?ch=1&rn=6.445363829004898
Requested by: Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-190.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:30 GMT
last-modified: Wed, 30 Sep 2020 14:22:29 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1601475749.911431"
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=2592000
access-control-allow-credentials: false
accept-ranges: bytes
timing-allow-origin: *, *
content-length: 43
expires: Wed, 04 Aug 2021 05:50:30 GMT

GET
H2 200 test.html Show response
widgets.outbrain.com/nanoWidget/externals/cookie/ Frame 991F 610 B
992 B 59ms
59ms Document
text/html 2.18.234.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.outbrain.com/nanoWidget/externals/cookie/test.html
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/nanoWidget/externals/cookie/put.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-190.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 6139e1fc0d3709eebbe2b18510cf24361b9f8a538c3529a73c282bafe6c78474

Request headers

:method: GET
:authority: widgets.outbrain.com
:scheme: https
:path: /nanoWidget/externals/cookie/test.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://widgets.outbrain.com/nanoWidget/externals/cookie/put.html
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: thirdparty=yes
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://widgets.outbrain.com/nanoWidget/externals/cookie/put.html

Response headers

accept-ranges: bytes
content-type: text/html
etag: "48053d50141031b1511dbd30f9a31288:1625058934.993134"
last-modified: Wed, 30 Jun 2021 12:53:14 GMT
server: AkamaiNetStorage
content-length: 610
cache-control: max-age=345600
date: Mon, 05 Jul 2021 05:50:30 GMT
timing-allow-origin: * *
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
set-cookie: akacd_widgets_routing=1625464230~rv=30~id=29e97110e6ae3c99057c1b889ddb2340; path=/; Expires=Mon, 05 Jul 2021 05:50:30 GMT; Secure; SameSite=None

GET
H/1.1 200
OK horizon_tweet.2bd42981e3af03ce9186a5655508da28.js Show response
platform.twitter.com/js/ 7 KB
3 KB 6ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/horizon_tweet.2bd42981e3af03ce9186a5655508da28.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/669E) /
Resource Hash: 263627ec362c25037d69022de008fad33cf85ec7267604a5ae5c8e6fe4ad9e38

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Jul 2021 05:50:30 GMT
Content-Encoding: gzip
Last-Modified: Wed, 28 Apr 2021 17:56:41 GMT
Server: ECS (frb/669E)
Age: 289336
Etag: "43544c32afe87494042045e40e7b3213+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 2436

GET
H2 200 acv.json Show response
enormousearth.com/ 210 KB
46 KB 141ms
57ms Fetch
application/json 35.190.74.49
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://enormousearth.com/acv.json

Requested by

Host: enormousearth.com
URL: https://enormousearth.com/v2rgfDdndpl66h9VM1zLygfc-9xi0cneh2WrNivwmFGh1e6l2nA4mPoRTI_Qg4Mfb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.74.49 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

49.74.190.35.bc.googleusercontent.com

Software

Resource Hash

6e75948ee66bf6e7da9235ee5cecbda03fa7f592a3f08193757202be43d6cb38

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; preload
content-encoding: br
last-modified: Sat, 03 Jul 2021 04:23:09 GMT
x-datacenter: gce-europe-west1
date: Mon, 05 Jul 2021 05:50:30 GMT
vary: Accept-Encoding, Origin
x-hostname: 37b68176
content-type: application/json
access-control-allow-origin: https://win.gg
access-control-allow-credentials: true
access-control-allow-methods: POST, OPTIONS
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie

GET
H2 200 skeleton.gif
static.adsafeprotected.com/ 43 B
259 B 194ms
64ms Image
image/gif 52.49.37.161
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adsafeprotected.com/skeleton.gif
Requested by: Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.49.37.161 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-49-37-161.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:30 GMT
last-modified: Mon, 17 Aug 2020 23:55:15 GMT
server: nginx/1.16.1
age: 10145466
etag: "45cf913e5d9d3c9b2058033056d3dd23"
x-cache-status: HIT
content-type: image/gif
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 43

GET
H2 200 logo_footer.png
cdn-images.win.gg/static/imgs/assets/Footer/ 19 KB
19 KB 360ms
231ms Image
image/png 143.204.98.55
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-images.win.gg/static/imgs/assets/Footer/logo_footer.png
Requested by: Host: win.gg
URL: https://win.gg/_next/static/css/e131c285e681484cc2b42095c01ea9fecf46b257_CSS.af726f49.chunk.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-55.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 267893f9fbc3c75119da25e5d96ee58e9c5cb43baed64724d50673cb3c4f77fb

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:31 GMT
via: 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
last-modified: Mon, 02 Mar 2020 09:05:26 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
etag: "92266de8cae410fd9f21df49ba799765"
vary: Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31557600
x-cache: RefreshHit from cloudfront
content-length: 19235
x-amz-cf-id: x4gFdmpRml0w5GH2QKOvaWi_mv6jZ8H-qPbxYnFoq7pYcUPFUmMXEA==

GET
H/1.1 200
OK Tweet.html Show response
platform.twitter.com/embed/ Frame BFFA 487 B
971 B 6ms
6ms Document
text/html 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/Tweet.html?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1205235849438171136&lang=en&origin=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&sessionId=194ce5f3771b522eb59dea5099a71b143f90ff5e&siteScreenName=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/668B) /
Resource Hash: b920759f5ba868ff7a8fa71208a7746bfd37babe29c116ba245522f8cc492b82

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://win.gg/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://win.gg/

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 495
Cache-Control: public, max-age=1800
Content-Type: text/html; charset=utf-8
Date: Mon, 05 Jul 2021 05:50:30 GMT
Etag: "e3278d70fc9f6dce021527fdb4770376"
Last-Modified: Thu, 01 Jul 2021 21:20:26 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/668B)
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 487

GET
H/1.1 200
OK embed.runtime.abff6a82314c4833181a.js Show response
platform.twitter.com/embed/ Frame BFFA 8 KB
4 KB 7ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.runtime.abff6a82314c4833181a.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1205235849438171136&lang=en&origin=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&sessionId=194ce5f3771b522eb59dea5099a71b143f90ff5e&siteScreenName=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67E2) /
Resource Hash: 893ceb2ff84c4dc7e5519c40d57efe2d6b6cd4969cef99794212dcaf823448be

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1205235849438171136&lang=en&origin=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&sessionId=194ce5f3771b522eb59dea5099a71b143f90ff5e&siteScreenName=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Jul 2021 05:50:30 GMT
Content-Encoding: gzip
Last-Modified: Thu, 01 Jul 2021 21:20:26 GMT
Server: ECS (frb/67E2)
Age: 289335
Etag: "9b459491c0f29d1c8dd34feb25724636+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 3516

GET
H/1.1 200
OK embed.modules.b77b7cad63a09dd863a4.js Show response
platform.twitter.com/embed/ Frame BFFA 501 KB
160 KB 13ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.modules.b77b7cad63a09dd863a4.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1205235849438171136&lang=en&origin=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&sessionId=194ce5f3771b522eb59dea5099a71b143f90ff5e&siteScreenName=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6795) /
Resource Hash: ce2c83aa57d73b90ff0266ebe6d8631a0a090a0406e1108a36056a28b7128a61

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1205235849438171136&lang=en&origin=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&sessionId=194ce5f3771b522eb59dea5099a71b143f90ff5e&siteScreenName=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Jul 2021 05:50:30 GMT
Content-Encoding: gzip
Last-Modified: Thu, 01 Jul 2021 21:20:26 GMT
Server: ECS (frb/6795)
Age: 289335
Etag: "835a67b4167ec7940920d0e1f512c7f5+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 163558

GET
H/1.1 200
OK embed.i18n.c12629618c7555761d5d.js Show response
platform.twitter.com/embed/ Frame BFFA 146 B
651 B 25ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.i18n.c12629618c7555761d5d.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1205235849438171136&lang=en&origin=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&sessionId=194ce5f3771b522eb59dea5099a71b143f90ff5e&siteScreenName=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BE) /
Resource Hash: bcce16468496437c5089ea25ac4a21df4b96043deb2220bda588d72283991fff

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1205235849438171136&lang=en&origin=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&sessionId=194ce5f3771b522eb59dea5099a71b143f90ff5e&siteScreenName=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Jul 2021 05:50:30 GMT
Access-Control-Allow-Methods: GET
Last-Modified: Thu, 01 Jul 2021 21:20:26 GMT
Server: ECS (frb/67BE)
Age: 289336
Etag: "5f4a09fa71bda22516384aa36d71d94d"
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
Content-Length: 146

GET
H/1.1 200
OK embed.Tweet.24c669c1f9bff5021722.js Show response
platform.twitter.com/embed/ Frame BFFA 15 KB
6 KB 26ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.Tweet.24c669c1f9bff5021722.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1205235849438171136&lang=en&origin=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&sessionId=194ce5f3771b522eb59dea5099a71b143f90ff5e&siteScreenName=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BD) /
Resource Hash: 069a30f19020243cb38546e37d2bdfbd9e07c048fcf9dab8a7bad2c637267448

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1205235849438171136&lang=en&origin=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&sessionId=194ce5f3771b522eb59dea5099a71b143f90ff5e&siteScreenName=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Jul 2021 05:50:30 GMT
Content-Encoding: gzip
Last-Modified: Thu, 01 Jul 2021 21:20:26 GMT
Server: ECS (frb/67BD)
Age: 289335
Etag: "7180de3430ddb648daf8401f8553a028+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 5568

GET
H2 200 placement_invocation Show response
ob.cheqzone.com/ 50 KB
19 KB 170ms
62ms Script
text/javascript 13.224.193.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ob.cheqzone.com/placement_invocation?id=65349&idx=0
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-70.fra2.r.cloudfront.net
Software: /
Resource Hash: 5e0aeb27ad5ec940a7b1049848d9ac96fcc00a34653745b7796d695f9f25f508

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 00:04:07 GMT
content-encoding: gzip
cheq_headers_order: Content-Type Cache-Control Expires Etag Content-Length Content-Encoding Date Connection
age: 20783
etag: "c62f-zfp6hy/A0Hu4xWYKZo/YBOKVxgM"
x-cache: Hit from cloudfront
content-type: text/javascript; charset=utf-8
via: 1.1 e0efba8a72628bfc3dc6d4d637b28302.cloudfront.net (CloudFront)
cache-control: max-age=43200
x-amz-cf-pop: FRA2-C1
content-length: 19216
x-amz-cf-id: HJFxeva7Eds42agnZH5GpSK3yURJZ5dd6OH_pTDwliATyS7phPLltg==
expires: Mon, 05 Jul 2021 12:04:07 GMT

GET
H/1.1 200
OK embed.vendors~ondemand.horizon-web.en-js.da67c80b15a261987832.js Show response
platform.twitter.com/embed/ Frame BFFA 21 KB
7 KB 6ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~ondemand.horizon-web.en-js.da67c80b15a261987832.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.abff6a82314c4833181a.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67F2) /
Resource Hash: c84737ed98fba5d40474804773fa4a889faad2a9f5a7f049c1d850494e9b5f39

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1205235849438171136&lang=en&origin=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&sessionId=194ce5f3771b522eb59dea5099a71b143f90ff5e&siteScreenName=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Jul 2021 05:50:30 GMT
Content-Encoding: gzip
Last-Modified: Thu, 01 Jul 2021 21:20:26 GMT
Server: ECS (frb/67F2)
Age: 289335
Etag: "633742842407ac7dad3d420012727391+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 7050

GET
H/1.1 200
OK embed.ondemand.i18n.en-js.b4b5f7fe932f900b7057.js Show response
platform.twitter.com/embed/ Frame BFFA 3 KB
2 KB 7ms
7ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.ondemand.i18n.en-js.b4b5f7fe932f900b7057.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.abff6a82314c4833181a.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6763) /
Resource Hash: 7b612ff529725ae692fe908ca7abab4d85d2cf65d40a0490185df84bc1bf5654

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1205235849438171136&lang=en&origin=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&sessionId=194ce5f3771b522eb59dea5099a71b143f90ff5e&siteScreenName=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Jul 2021 05:50:30 GMT
Content-Encoding: gzip
Last-Modified: Thu, 01 Jul 2021 21:20:26 GMT
Server: ECS (frb/6763)
Age: 289336
Etag: "e2a8baad532925d1d8cb8923f885aba8+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 1545

GET
H/1.1 200
OK embed.vendors~ondemand.TimelineList~ondemand.TimelineProfile~ondemand.Tweet.22ed862f34c8c98fa79c.js Show response
platform.twitter.com/embed/ Frame BFFA 118 KB
32 KB 6ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~ondemand.TimelineList~ondemand.TimelineProfile~ondemand.Tweet.22ed862f34c8c98fa79c.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.abff6a82314c4833181a.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67E2) /
Resource Hash: 404c99a291c53119a6bc17d791918a0c258daa0b2ff5740d8387da180085cc35

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1205235849438171136&lang=en&origin=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&sessionId=194ce5f3771b522eb59dea5099a71b143f90ff5e&siteScreenName=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Jul 2021 05:50:30 GMT
Content-Encoding: gzip
Last-Modified: Thu, 01 Jul 2021 21:20:26 GMT
Server: ECS (frb/67E2)
Age: 289335
Etag: "5f5c2203dc3e7463e8048cccdc25073d+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 31959

GET
H/1.1 200
OK embed.vendors~ondemand.Tweet.1ff8a181d909c06588bc.js Show response
platform.twitter.com/embed/ Frame BFFA 16 KB
6 KB 7ms
7ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~ondemand.Tweet.1ff8a181d909c06588bc.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.abff6a82314c4833181a.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6738) /
Resource Hash: de6bfdf9ff0a2da5cf6e7f959ff0298d69a2eba4d4fafc5a457dd9513e2147b6

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1205235849438171136&lang=en&origin=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&sessionId=194ce5f3771b522eb59dea5099a71b143f90ff5e&siteScreenName=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Jul 2021 05:50:30 GMT
Content-Encoding: gzip
Last-Modified: Thu, 01 Jul 2021 21:20:26 GMT
Server: ECS (frb/6738)
Age: 289335
Etag: "4e87c3299d0f183ececc85b416a98a5d+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 5753

GET
H/1.1 200
OK embed.ondemand.Tweet.f12d18c605bc02cedaf7.js Show response
platform.twitter.com/embed/ Frame BFFA 60 KB
15 KB 7ms
7ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.ondemand.Tweet.f12d18c605bc02cedaf7.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.abff6a82314c4833181a.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6738) /
Resource Hash: a71138bec5eca04da7fc6e41b176c80ab023e76f1149ced24ff0a04af4c478f9

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1205235849438171136&lang=en&origin=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&sessionId=194ce5f3771b522eb59dea5099a71b143f90ff5e&siteScreenName=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Jul 2021 05:50:30 GMT
Content-Encoding: gzip
Last-Modified: Thu, 01 Jul 2021 21:20:26 GMT
Server: ECS (frb/6738)
Age: 289334
Etag: "f6a0f30123abebcd192930fb7a15e612+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 14468

GET
H2 200 tweet Show response
cdn.syndication.twimg.com/ Frame BFFA 760 B
1 KB 170ms
151ms XHR
application/json 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.syndication.twimg.com/tweet?features=tfw_experiments_cookie_expiration%3A1209600%3Btfw_horizon_tweet_embed_9555%3Ahte%3Btfw_tweet_embed_clickability_12102%3Acontrol&id=1205235849438171136&lang=en

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.modules.b77b7cad63a09dd863a4.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_f / Express

Resource Hash

70d9e394513d7633d46380a4b92aa7f6e1441869f7fecc815867aadc12918321

Security Headers

Name	Value
Content-Security-Policy	connect-src 'self'; default-src 'self'; frame-src 'self'; font-src 'self'; form-action 'self'; img-src 'self'; media-src 'self'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: connect-src 'self'; default-src 'self'; frame-src 'self'; font-src 'self'; form-action 'self'; img-src 'self'; media-src 'self'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false
content-encoding: gzip
etag: W/"2f8-DCaEllB2d8BRZFhNAtbda+MSLxg"
x-powered-by: Express
access-control-allow-methods: GET
strict-transport-security: max-age=631138519
content-length: 517
x-xss-protection: 0
server: tsa_f
x-frame-options: SAMEORIGIN
date: Mon, 05 Jul 2021 05:50:30 GMT
vary: Origin, Accept-Encoding
x-tw-cdn: VZ, VZ
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=60
access-control-allow-credentials: true
x-connection-hash: fa5323a6559e78f39b3d69f2b6fd116bc3e77c66d05ccdf94b71c7a27ca1ebb2
x-content-type-options: nosniff
access-contol-allow-origin: platform.twitter.com

GET
H2 200 show_pla
obs.cheqzone.com/ 3 KB
2 KB 430ms
216ms Script
text/javascript 2600:1f18:e8a:cd10:3bb7:12f:ec6a:dc8a
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.cheqzone.com/show_pla?id=65349&url=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&sf=0&k=&idx=0&ch=&ext=&np=linux%20x86_64&nv=google%20inc.&rand=04189556614720091980859236668575040157561181572227212426910121222872&nc=0&tsf=0&tsfmi=&pv=0&cb=1625464230903&ref=&pit=1&hl=2&op=0&fs=1600x1200&ss=1600x1200&pre=0&jsonp=OBR.extern.onCheqResponse&mr=&ag=2826626440&at=&bid=e30%3D&di=W1siZWYiLDY1ODVdLFsxMiwie1wiZVwiOjAsXCJ3Z2xcIjoxfSJdLFstMSwiLSJdLFstMiwiMTEs%0D%0AWEh4ZzFqMHpFbEFRd0oxUUVja3Z6b3ZiY0FJWlNFRWpBaEpJUVFCd2dsOUY0Q0JBZ1FXZ2lkMExI%0D%0AQkJlT0dqYnZYM3FZeU02Lyt2enZTN0dvWEd3aC8rYk1samJUeWFvN09QZiJdLFstMywiW10iXSxb%0D%0ALTQsIi0iXSxbLTUsIi0iXSxbLTYsIntcIndcIjpbXCIwXCIsXCJhZFVuaXRQYXRoXCIsXCJkaWRu%0D%0AYVwiLFwiYWRtaXJhbFwiLFwiZ29vZ2xldGFnXCIsXCJfX3RjZmFwaVwiLFwiX191c3BhcGlcIixc%0D%0AImdvb2dsZV90YWdfbWFuYWdlclwiLFwiZGF0YUxheWVyXCIsXCJnb29nbGVfb3B0aW1pemVcIixc%0D%0AInR3dHRyXCIsXCJfX3R3dHRybGxcIixcIl9fdHd0dHJcIixcImdvb2dsZV9qc19yZXBvcnRpbmdf%0D%0AcXVldWVcIixcImdvb2dsZV9zcnRcIixcImdvb2dsZV9sb2dnaW5nX3F1ZXVlXCIsXCJnb29nbGVf%0D%0AYWRfbW9kaWZpY2F0aW9uc1wiLFwiZ2dlYWNcIixcImdvb2dsZV9tZWFzdXJlX2pzX3RpbWluZ1wi%0D%0ALFwiZ29vZ2xlX3JlYWN0aXZlX2Fkc19nbG9iYWxfc3RhdGVcIixcImFkc2J5Z29vZ2xlXCIsXCJf%0D%0AZ2ZwX2FfXCIsXCJnb29nbGVfc2FfcXVldWVcIixcImdvb2dsZV9zbF93aW5cIixcImdvb2dsZV9w%0D%0Acm9jZXNzX3Nsb3RzXCIsXCJnb29nbGVfcGVyc2lzdGVudF9zdGF0ZV9hc3luY1wiLFwiZ29vZ2xl%0D%0AX3NwZmRcIixcImdvb2dsZV91bmlxdWVfaWRcIixcImdvb2dsZV9zdl9tYXBcIixcImdvb2dsZV91%0D%0Ac2VyX2FnZW50X2NsaWVudF9oaW50XCIsXCJHb29nX0FkU2Vuc2VfZ2V0QWRBZGFwdGVySW5zdGFu%0D%0AY2VcIixcIkdvb2dfQWRTZW5zZV9Pc2RBZGFwdGVyXCIsXCJnb29nbGVfc2FfaW1wbFwiLFwiX19n%0D%0Ab29nbGVfYWRfdXJsc1wiLFwiZ29vZ2xlX2dsb2JhbF9jb3JyZWxhdG9yXCIsXCJfX2dvb2dsZV9h%0D%0AZF91cmxzX2lkXCIsXCJnb29nbGVUb2tlblwiLFwiZ29vZ2xlSU1TdGF0ZVwiLFwiT0JSXCIsXCJP%0D%0AQl9yZWxlYXNlVmVyXCIsXCJPQlIkXCIsXCJPQl9QUk9YWVwiLFwib3V0YnJhaW5cIixcIm91dGJy%0D%0AYWluX3JhdGVyXCIsXCI0ZG0xcjExNTQ1MjQyNTI3XCIsXCJ3ZWJwYWNrSnNvbnBfTl9FXCIsXCJf%0D%0ATl9FXCIsXCJfX2N0Y2dfNjUzNDlfMF9leGVjXCJdLFwiblwiOltdLFwiZFwiOltdfSJdLFstNywi%0D%0ALSJdLFstOCwiLSJdLFstOSwiLSJdLFstMTAsIi0iXSxbLTExLCJ7XCJ0XCI6XCJcIixcIm1cIjpb%0D%0AXCJkZXNjcmlwdGlvblwiLFwia2V5d29yZHNcIixcIm9nOnRpdGxlXCIsXCJvZzpkZXNjcmlwdGlv%0D%0AblwiLFwidHdpdHRlcjp0aXRsZVwiLFwidHdpdHRlcjpkZXNjcmlwdGlvblwiXX0iXSxbLTEyLCJu%0D%0AdWxsIl0sWy0xMywiLSJdLFstMTQsIntcIm9cIjowfSJdLFstMTUsIi0iXSxbLTE2LCIwIl0sWy0x%0D%0ANywiMTYiXSxbLTE4LCJbMCwwLDAsMV0iXSxbLTE5LCJbMCwwLDAsMCwwLDAsMSwyNCwyNCxcIi1c%0D%0AIiwxNjAwLDEyMDAsMTYwMCwxMjAwLDE2MDAsMTIwMCwxNjAwLDEyMDAsMCwwLDAsMCxcIi1cIixc%0D%0AIi1cIl0iXSxbLTIwLCItIl0sWy0yMSwiVGxNVDJ4cXMiXSxbLTIyLCJbXCJuXCIsXCJuXCJdIl0s%0D%0AWy0yMywiKyJdLFstMjQsIltdIl0sWy0yNSwiLSJdLFstMjYsIntcInRqaHNcIjoxOTMwMDAwMCxc%0D%0AInVqaHNcIjoxNjEwMDAwMCxcImpoc2xcIjozNzYwMDAwMDAwfSJdLFstMjcsIlswLDEwLDAsXCI0%0D%0AZ1wiLG51bGxdIl0sWy0yOCwiZW4tVVMiXSxbLTI5LCJ7XCJ2XCI6WzIsMiwyLDIsMCwwLDAsMiww%0D%0ALDIsMCwyLDAsMCwyLDIsMiwyLDBdfSJdLFstMzAsIltcInZcIiwwXSJdLFstMzEsInRydWUiXSxb%0D%0ALTMyLCIyIl0sWy0zMywiLSJdLFstMzQsIi0iXSxbLTM1LCJbMTYyNTQ2NDIzMDc0NywtMl0iXSxb%0D%0ALTM2LCJbXCI0LzNcIixcIjQvM1wiXSJdLFstMzcsIi0iXSxbLTM4LCJpLC0xLC0xLDAsMCwxLDAs%0D%0AOCw1NzYsMTI0OSw1NywwLDIzODcuMywyMzg3LjMsMjYzMywyNjMzIl0sWy0zOSwiW1wiMjAwMzAx%0D%0AMDdcIiwwLFwiR2Vja29cIixcIk5ldHNjYXBlXCIsXCJNb3ppbGxhXCIsbnVsbCxudWxsLHRydWUs%0D%0AOCxmYWxzZSxudWxsLDBdIl0sWy00MCwiMzMiXSxbLTQxLCItIl0sWy00MiwiMTcyNDI5NzY1MyJd%0D%0ALFstNDMsIjAwMDAwMDAxMDAwMDAwMDAwMDExMTAxMTAwIl0sWy00NCwiMCwwLDAsNSJdLFstNDUs%0D%0AIjYyMCwwLDAsMCwwLDAsNzYyLDAsNjQ4LDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAs%0D%0AMCwwLDAsMCwwLDAsMCJdLFstNDYsIjAiXSxbLTQ3LCJFdXJvcGUvQmVybGluLGVuLVVTLGxhdG4s%0D%0AZ3JlZ29yeSJdLFstNDgsIjAsMCJdLFstNDksIi0iXSxbImJuY2giLDE4NF1d&tsfu=&fst=1600x1200&dep=0&cpos=%5B%7B%22x%22%3A0%2C%22y%22%3A0%2C%22w%22%3A1600%2C%22h%22%3A5285%7D%2C%7B%22w%22%3A1600%2C%22h%22%3A1200%7D%5D&ver=41&cri=HXjqBTVQcO&sdd=%7B%7D&pto=2792
Requested by: Host: ob.cheqzone.com
URL: https://ob.cheqzone.com/placement_invocation?id=65349&idx=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2600:1f18:e8a:cd10:3bb7:12f:ec6a:dc8a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Jul 2021 05:50:31 GMT
content-encoding: gzip
content-type: text/javascript
cache-control: no-cache, no-store, must-revalidate
cheq_headers_order: Set-Cookie Content-Type Cache-Control Pragma Expires Content-Length Content-Encoding Date Connection
content-length: 1580
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 jot
syndication.twitter.com/i/ Frame BFFA 43 B
375 B 162ms
161ms Image
image/gif 104.244.42.200
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1625464230945%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22tweet%22%2C%22action%22%3A%22results%22%2C%22section%22%3A%22main%22%7D%2C%22context%22%3A%22horizon%22%2C%22client_version%22%3A%2282e1070%3A1619632193066%22%2C%22dnt%22%3Afalse%2C%22widget_id%22%3A%22twitter-widget-0%22%2C%22widget_origin%22%3A%22https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate%22%2C%22widget_frame%22%3A%22false%22%2C%22widget_partner%22%3A%22%22%2C%22widget_site_screen_name%22%3A%22https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate%22%2C%22widget_site_user_id%22%3A%22%22%2C%22widget_creator_screen_name%22%3A%22%22%2C%22widget_creator_user_id%22%3A%22%22%2C%22widget_iframe_version%22%3A%228d0aa66%3A1625168834488%22%2C%22item_ids%22%3A%5B%221205235849438171136%22%5D%2C%22item_details%22%3A%7B%221205235849438171136%22%3A%7B%22item_type%22%3A0%7D%7D%7D

Requested by

Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.200 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Mon, 05 Jul 2021 05:50:31 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: d598fcefd6035d224f2a03c5979014b70468db39bed591026ee27622a1f223ab
x-transaction: 57bee4b5a95f1a36
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 165 KB
56 KB 54ms
35ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-598L2T6&gtm_auth=&gtm_preview=&gtm_cookies_win=x

Requested by

Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4fa5f2510c631df9260c6580bc7d2bc0f18ceba2417648331497abf770f07e87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:31 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56542
x-xss-protection: 0
last-modified: Mon, 05 Jul 2021 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 05 Jul 2021 05:50:31 GMT

GET
H2 200 TQnRH5pa_normal.jpg
pbs.twimg.com/profile_images/1386395852495720453/ Frame BFFA 2 KB
2 KB 8ms
6ms Image
image/jpeg 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/1386395852495720453/TQnRH5pa_normal.jpg

Requested by

Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/6776) /

Resource Hash

0dbc20d0ab33f8ae6828c9e83750a461ba30136b523b6e299c2b35de5092f52a

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:31 GMT
x-content-type-options: nosniff
age: 38699
x-cache: HIT
content-length: 2187
surrogate-key: profile_images profile_images/bucket/1 profile_images/1386395852495720453
last-modified: Sun, 25 Apr 2021 19:03:03 GMT
server: ECS (frb/6776)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 39f4b75540716d6e0e770cc0c1cc5045a264d871f07ee553c724afac4e15935c
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H/1.1 200
OK dwce_cheq_events
log.outbrainimg.com/loggerServices/ 4 B
325 B 742ms
373ms XHR
application/json 64.202.112.95
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL: https://log.outbrainimg.com/loggerServices/dwce_cheq_events?timestamp=1625464231040&sessionId=176c6829-3219-9fc5-b18c-97c5d3ada15b&url=win.gg&cheqSource=1&cheqEvent=0&exitReason=3
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.202.112.95 , United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 05 Jul 2021 05:50:31 GMT
Access-Control-Allow-Methods: GET,POST
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
X-TraceId: 2f51fb87c89ad9439b5b6223b767239d
Content-Length: 4
Expires: 0

GET
H/1.1 200
OK 16.1db9b6fd20358f2fd5dd.js Show response
win.gg/_next/static/chunks/ 3 KB
2 KB 211ms
210ms Script
application/javascript 52.35.68.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://win.gg/_next/static/chunks/16.1db9b6fd20358f2fd5dd.js

Requested by

Host: win.gg
URL: https://win.gg/_next/static/chunks/webpack-6db12db89a1040fb7fdf.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.35.68.139 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-35-68-139.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

1cc563d8358c3274ab7db0b7af5ab39f89ce81b5d8f9427169ef295522b2491e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: win.gg
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Cookie: usprivacy=1---
Connection: keep-alive
Referer: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Jul 2021 05:50:31 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
x-amz-request-id: CE1E60MGVZZHMB4D
x-amz-id-2: M3d45UWFiY97+Fnfsvp5vIBxczGD4GphnKmkBWa8+r8oyhVTI/tgPdSvH4PD5MqeVOJswnlM5bY=
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 1291
X-Xss-Protection: 1; mode=block
Last-Modified: Mon, 17 May 2021 09:48:50 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: W/"e3cecba64bf7d11722b870e60108eddb"
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Content-Type: application/javascript
Cache-Control: public, max-age=31536000, immutable

GET
H2 200 liveView.php Show response
live.sekindo.com/live/ 39 KB
11 KB 175ms
73ms Script
text/javascript 194.146.38.205
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.sekindo.com/live/liveView.php?s=104669&cbuster=[CACHE_BUSTER]&pubUrl=[PAGE_URL_ENCODED]&subId=[SUBID_ENCODED]&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed2011jiuskxrn
Requested by: Host: win.gg
URL: https://win.gg/_next/static/chunks/621eed9ee291de38e4d94d5fe17029d666781a61.16d5dfae4b12d556990c.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.146.38.205 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software: nginx /
Resource Hash: 5f37ce26be22515bdbfec883bc6f0b7a7aff3ed335ba41e410ee2dc51e521b37

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Jul 2021 05:50:30 GMT
content-encoding: gzip
server: nginx
age: 0
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
cache-control: no-store
content-type: text/javascript; charset=utf-8

GET
H/1.1 200
OK e131c285e681484cc2b42095c01ea9fecf46b257.b42f3f9b1c991b864bea.js
win.gg/_next/static/chunks/ 0
61 KB 256ms
255ms Other
application/javascript 52.35.68.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://win.gg/_next/static/chunks/e131c285e681484cc2b42095c01ea9fecf46b257.b42f3f9b1c991b864bea.js

Requested by

Host: win.gg
URL: https://win.gg/_next/static/chunks/commons.4e5d3f2c1dd3e30dc1e6.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.35.68.139 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-35-68-139.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Purpose: prefetch
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: win.gg
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: empty
Referer: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Cookie: usprivacy=1---
Connection: keep-alive
Referer: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Jul 2021 05:50:31 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
x-amz-request-id: CE1CGKGBHKF0VT43
transfer-encoding: chunked
x-amz-id-2: 0vkmtlvGUfZosD5wPMeNx4OlyCkCS4HrPU8hh3nd8eUX0JDgpMocAQIar0oaT1MYTGNq6IQRF40=
Connection: keep-alive
Vary: Accept-Encoding
X-Xss-Protection: 1; mode=block
Last-Modified: Mon, 17 May 2021 09:48:50 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: W/"5b58a58da5700e652424aeb8425bd4de"
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Content-Type: application/javascript
Cache-Control: public, max-age=31536000, immutable

GET
H/1.1 200
OK e131c285e681484cc2b42095c01ea9fecf46b257_CSS.a83a6a4548b93404854d.js
win.gg/_next/static/chunks/ 0
678 B 244ms
243ms Other
application/javascript 52.35.68.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://win.gg/_next/static/chunks/e131c285e681484cc2b42095c01ea9fecf46b257_CSS.a83a6a4548b93404854d.js

Requested by

Host: win.gg
URL: https://win.gg/_next/static/chunks/commons.4e5d3f2c1dd3e30dc1e6.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.35.68.139 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-35-68-139.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Purpose: prefetch
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: win.gg
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: empty
Referer: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Cookie: usprivacy=1---
Connection: keep-alive
Referer: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Jul 2021 05:50:31 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 17 May 2021 09:48:50 GMT
Server: nginx
x-amz-request-id: CE18ZNYCFN8ZAK1B
ETag: "99e6d6dc6704694222e663251c1f8deb"
X-Frame-Options: SAMEORIGIN
Connection: keep-alive
Content-Type: application/javascript
Cache-Control: public, max-age=31536000, immutable
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Accept-Ranges: bytes
Content-Length: 69
X-Xss-Protection: 1; mode=block
x-amz-id-2: 2Op1qOSalFbfiGaxItO0aw62+bOCbao46/XPYv30znbsTxbxVSy9KGqzVmKdGTBW48foAaxKE4k=

GET
H/1.1 200
OK 5bf10f1e6e180613e463bd3c60eceebb6933729b.004bacf3a5329b318e71.js
win.gg/_next/static/chunks/ 0
14 KB 257ms
256ms Other
application/javascript 52.35.68.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://win.gg/_next/static/chunks/5bf10f1e6e180613e463bd3c60eceebb6933729b.004bacf3a5329b318e71.js

Requested by

Host: win.gg
URL: https://win.gg/_next/static/chunks/commons.4e5d3f2c1dd3e30dc1e6.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.35.68.139 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-35-68-139.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Purpose: prefetch
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: win.gg
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: empty
Referer: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Cookie: usprivacy=1---
Connection: keep-alive
Referer: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Jul 2021 05:50:31 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
x-amz-request-id: CE147893DJ4RAT8E
x-amz-id-2: pPid1bT9hti5taGfKSO7O03AIxX7Dij58s6WHOqHFnmd5mcc5DvEyHyxLRLUkBzbEvj5mEIZ2no=
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 13766
X-Xss-Protection: 1; mode=block
Last-Modified: Mon, 17 May 2021 09:48:50 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: W/"3690da8cfc836d8f4cc348ba1d2c1d5b"
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Content-Type: application/javascript
Cache-Control: public, max-age=31536000, immutable

GET
H/1.1 200
OK %5B%5B...article%5D%5D-c7e5f85e68fa46eb4afa.js
win.gg/_next/static/chunks/pages/news/ 0
12 KB 281ms
281ms Other
application/javascript 52.35.68.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://win.gg/_next/static/chunks/pages/news/%5B%5B...article%5D%5D-c7e5f85e68fa46eb4afa.js

Requested by

Host: win.gg
URL: https://win.gg/_next/static/chunks/commons.4e5d3f2c1dd3e30dc1e6.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.35.68.139 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-35-68-139.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Purpose: prefetch
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: win.gg
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: empty
Referer: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Cookie: usprivacy=1---
Connection: keep-alive
Referer: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Jul 2021 05:50:31 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Mon, 17 May 2021 09:46:43 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: W/"9b25-17979b877b8"
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/javascript; charset=UTF-8
Cache-Control: public, max-age=31536000, immutable
transfer-encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Accept-Ranges: bytes
X-Xss-Protection: 1; mode=block

GET
H2 200 original.jpg
cdn-images.win.gg/resize/w/610/h/345/format/webp/type/progressive/fit/cover/path/news/fa183ba81b8f82c988245d8d4e701366/43d74f00236555ad6f1afa9fc75af627/ 42 KB
42 KB 240ms
237ms Image
image/webp 143.204.98.55
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-images.win.gg/resize/w/610/h/345/format/webp/type/progressive/fit/cover/path/news/fa183ba81b8f82c988245d8d4e701366/43d74f00236555ad6f1afa9fc75af627/original.jpg
Requested by: Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-55.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:32 GMT
via: 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
last-modified: Thu, 29 Apr 2021 15:46:32 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
etag: "e865004f22bda099a2e07fa5c058cf38"
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31557600
x-cache: RefreshHit from cloudfront
content-length: 42524
x-amz-cf-id: G9WGfMVFTjuQDFu_LBKBm0yG35EiNbyOxD7NmPywfI7XcsAPA_HUzQ==

GET
H2 200 s1.png
cdn-images.win.gg/resize/w/189/h/336/format/webp/type/progressive/fit/cover/path/static/imgs/stories/general/ 26 KB
27 KB 374ms
372ms Image
image/webp 143.204.98.55
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-images.win.gg/resize/w/189/h/336/format/webp/type/progressive/fit/cover/path/static/imgs/stories/general/s1.png
Requested by: Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-55.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:32 GMT
via: 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
last-modified: Mon, 10 May 2021 13:41:15 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
etag: "608c4762610cdbe5b712a91470cb4d4d"
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31557600
x-cache: RefreshHit from cloudfront
content-length: 27134
x-amz-cf-id: HvCtbG3OSF9f28U4Nm07ZQEs7Vifmn4hexqFC4o1glLk_LEzcjRGhQ==

GET
H2 200 s2.png
cdn-images.win.gg/resize/w/189/h/336/format/webp/type/progressive/fit/cover/path/static/imgs/stories/general/ 18 KB
18 KB 227ms
224ms Image
image/webp 143.204.98.55
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-images.win.gg/resize/w/189/h/336/format/webp/type/progressive/fit/cover/path/static/imgs/stories/general/s2.png
Requested by: Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-55.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:32 GMT
via: 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
last-modified: Mon, 10 May 2021 13:41:15 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
etag: "11015fe0f3206cf4664f6640ebd4e5da"
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31557600
x-cache: Miss from cloudfront
content-length: 18392
x-amz-cf-id: cGkM8yD-EGvVZYbpIarXT_s8zsu2ORJQRXvDxZEZ2dABKr5wjuzxbQ==

GET
H2 200 s3.png
cdn-images.win.gg/resize/w/189/h/336/format/webp/type/progressive/fit/cover/path/static/imgs/stories/general/ 23 KB
24 KB 266ms
263ms Image
image/webp 143.204.98.55
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-images.win.gg/resize/w/189/h/336/format/webp/type/progressive/fit/cover/path/static/imgs/stories/general/s3.png
Requested by: Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-55.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:32 GMT
via: 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
last-modified: Mon, 10 May 2021 13:41:15 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
etag: "9301b734c6dd95becb31eee5ed83ce90"
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31557600
x-cache: RefreshHit from cloudfront
content-length: 23802
x-amz-cf-id: UF-CR0QiJMlIxiFHuByWU0Uthhv6_VascEHli2V8AoLBXTJNM3UyQA==

GET
H2 200 s4.png
cdn-images.win.gg/resize/w/189/h/336/format/webp/type/progressive/fit/cover/path/static/imgs/stories/general/ 14 KB
15 KB 275ms
273ms Image
image/webp 143.204.98.55
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-images.win.gg/resize/w/189/h/336/format/webp/type/progressive/fit/cover/path/static/imgs/stories/general/s4.png
Requested by: Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-55.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:32 GMT
via: 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
last-modified: Mon, 10 May 2021 13:41:15 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
etag: "80aaa4f596c5e912af733573460c055e"
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31557600
x-cache: RefreshHit from cloudfront
content-length: 14596
x-amz-cf-id: 7Ks1FMlWtPgBurNyZj0z90lG1m6BxujR07PaccTVyi3WIrimu4o0Nw==

GET
H2 200 original.png
cdn-images.win.gg/resize/w/210/h/118/format/webp/type/progressive/fit/cover/path/news/aff53752790c8c5348954c335c5ad682/b2db551e89b21f00df9f64da64a094b5/ 11 KB
11 KB 457ms
454ms Image
image/webp 143.204.98.55
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-images.win.gg/resize/w/210/h/118/format/webp/type/progressive/fit/cover/path/news/aff53752790c8c5348954c335c5ad682/b2db551e89b21f00df9f64da64a094b5/original.png
Requested by: Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-55.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:32 GMT
via: 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
last-modified: Sun, 06 Jun 2021 22:33:50 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
etag: "282d8d4d2c246e86d9032a4463bbf72e"
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31557600
x-cache: Miss from cloudfront
content-length: 11188
x-amz-cf-id: bJk5XLca03TUivoUQUhqqH188Uvnb94GEjq4MVWaBogtefmUPzE_bQ==

GET
H2 200 winners-net-banner.png
cdn-images.win.gg/resize/w/300/h/250/format/webp/type/progressive/fit/cover/path/static/imgs/ads/ 25 KB
25 KB 279ms
276ms Image
image/webp 143.204.98.55
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-images.win.gg/resize/w/300/h/250/format/webp/type/progressive/fit/cover/path/static/imgs/ads/winners-net-banner.png
Requested by: Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-55.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:32 GMT
via: 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
last-modified: Fri, 30 Apr 2021 07:20:20 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
etag: "588159af5c9900d9665e1baf9680fe55"
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31557600
x-cache: RefreshHit from cloudfront
content-length: 25554
x-amz-cf-id: FH11WYSSBbkJ_XranWlMPAjYge2zBTTiua7GCIXnaDiAKPfEaD-ghA==

GET
H2 200 original.jpg
cdn-images.win.gg/resize/w/70/h/70/format/webp/type/progressive/fit/cover/path/news/a0b45d1bb84fe1bedbb8449764c4d5d5/a7c41b33e5d3b13f285c8ab2e1266b0e/ 4 KB
5 KB 370ms
367ms Image
image/webp 143.204.98.55
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-images.win.gg/resize/w/70/h/70/format/webp/type/progressive/fit/cover/path/news/a0b45d1bb84fe1bedbb8449764c4d5d5/a7c41b33e5d3b13f285c8ab2e1266b0e/original.jpg
Requested by: Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-55.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:32 GMT
via: 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
last-modified: Thu, 29 Apr 2021 18:06:14 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
etag: "3e8275c9b6b0b121e69603db7cd25923"
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31557600
x-cache: Miss from cloudfront
content-length: 4400
x-amz-cf-id: 4P53mzZ2NicW9NXis3CPbtAEe89w2IRMj4TIi3Z5rnppPDRqqGL5-A==

GET
H2 200 original.jpg
cdn-images.win.gg/resize/w/70/h/70/format/webp/type/progressive/fit/cover/path/news/67ff32d40fb51f1a2fd2c4f1b1019785/6d6879b55c544b5ed0485397f7595312/ 4 KB
5 KB 282ms
279ms Image
image/webp 143.204.98.55
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-images.win.gg/resize/w/70/h/70/format/webp/type/progressive/fit/cover/path/news/67ff32d40fb51f1a2fd2c4f1b1019785/6d6879b55c544b5ed0485397f7595312/original.jpg
Requested by: Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-55.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:32 GMT
via: 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
last-modified: Thu, 29 Apr 2021 15:46:33 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
etag: "0d869b169a8ea7d60f9d7a173617d149"
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31557600
x-cache: Miss from cloudfront
content-length: 4542
x-amz-cf-id: 24mhFwfT_2JTFJ3zFztH7jwZsntPeSXMJZezhxd9d8VDYwO-3oCN-w==

GET
H2 200 original.png
cdn-images.win.gg/resize/w/70/h/70/format/webp/type/progressive/fit/cover/path/news/27ef345422b300b5bc84817e0f83ca8b/a973806e86db19ac469bb6552a1490d2/ 4 KB
4 KB 396ms
394ms Image
image/webp 143.204.98.55
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-images.win.gg/resize/w/70/h/70/format/webp/type/progressive/fit/cover/path/news/27ef345422b300b5bc84817e0f83ca8b/a973806e86db19ac469bb6552a1490d2/original.png
Requested by: Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-55.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:32 GMT
via: 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
last-modified: Thu, 29 Apr 2021 15:46:33 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
etag: "09f1004d5cdcfea5b9ca4fa35452824b"
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31557600
x-cache: Miss from cloudfront
content-length: 3722
x-amz-cf-id: mjz8OmuqzJGLTq4m4PwTXLEzUu0NqzwhB76XX238SAhxGg2hZTKkYQ==

GET
H2 200 original.jpg
cdn-images.win.gg/resize/w/70/h/70/format/webp/type/progressive/fit/cover/path/news/74f23f9e28cbc5ddaae8582f48642a59/dd66b398eb6f34fd2bf7d63cb841edda/ 4 KB
4 KB 429ms
427ms Image
image/webp 143.204.98.55
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-images.win.gg/resize/w/70/h/70/format/webp/type/progressive/fit/cover/path/news/74f23f9e28cbc5ddaae8582f48642a59/dd66b398eb6f34fd2bf7d63cb841edda/original.jpg
Requested by: Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-55.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:32 GMT
via: 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
last-modified: Thu, 29 Apr 2021 13:58:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
etag: "debd18cbe171e5c9022a71775dd8241d"
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31557600
x-cache: Miss from cloudfront
content-length: 4006
x-amz-cf-id: rrENvpZ6TLOwpH8EgKqyZOxjNEYWgbHIIbIoWsq6t4oeQRKieK-x8w==

GET
H2 200 original.jpg
cdn-images.win.gg/resize/w/70/h/70/format/webp/type/progressive/fit/cover/path/news/2d5c4ea4c4aaf3aea8ac8dee1df8fbe8/f646f0ac0db9f2bcc92cdd39158c4a98/ 4 KB
4 KB 399ms
397ms Image
image/webp 143.204.98.55
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-images.win.gg/resize/w/70/h/70/format/webp/type/progressive/fit/cover/path/news/2d5c4ea4c4aaf3aea8ac8dee1df8fbe8/f646f0ac0db9f2bcc92cdd39158c4a98/original.jpg
Requested by: Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-55.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:32 GMT
via: 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
last-modified: Thu, 29 Apr 2021 13:17:08 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
etag: "27a18bbed322a05cf2814d28d948513c"
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31557600
x-cache: Miss from cloudfront
content-length: 3928
x-amz-cf-id: 6ucPF7TdD-w41mXCEBjnEwx6sz7WRD6w0BxVSOQg-ENTexRs3zBu0g==

GET
H2 200 original.jpg
cdn-images.win.gg/resize/w/70/h/70/format/webp/type/progressive/fit/cover/path/news/2d44e06a7038f2dd98f0f54c4be35e22/11f29ff5f7f7e621592b9c2d4c65e05c/ 4 KB
4 KB 409ms
407ms Image
image/webp 143.204.98.55
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-images.win.gg/resize/w/70/h/70/format/webp/type/progressive/fit/cover/path/news/2d44e06a7038f2dd98f0f54c4be35e22/11f29ff5f7f7e621592b9c2d4c65e05c/original.jpg
Requested by: Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-55.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:32 GMT
via: 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
last-modified: Thu, 29 Apr 2021 13:58:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
etag: "41e32af4bd5020cc7d3ad85c88a71e60"
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31557600
x-cache: Miss from cloudfront
content-length: 3980
x-amz-cf-id: lDhP0NSnvlAKaZxfsD2Wyh-9PFONDoGaDsbPLGIPl7PT35cSS15r3A==

GET
H2 200 original.png
cdn-images.win.gg/resize/w/70/h/70/format/webp/type/progressive/fit/cover/path/news/e02af5824e1eb6ad58d6bc03ac9e827f/d44aef02a83dd050b4bbbfb86d6b1aed/ 4 KB
5 KB 407ms
405ms Image
image/webp 143.204.98.55
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-images.win.gg/resize/w/70/h/70/format/webp/type/progressive/fit/cover/path/news/e02af5824e1eb6ad58d6bc03ac9e827f/d44aef02a83dd050b4bbbfb86d6b1aed/original.png
Requested by: Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-55.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:32 GMT
via: 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
last-modified: Thu, 29 Apr 2021 13:12:32 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
etag: "fafbd288aa70c509f7b6c4f1b23d26a2"
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31557600
x-cache: Miss from cloudfront
content-length: 4414
x-amz-cf-id: 83uSOwAEjE1R-jpd7KZWQlEzHPjczU7yLJ4M_N0l9v5-PKDbUzoXog==

GET
H2 200 original.jpg
cdn-images.win.gg/resize/w/70/h/70/format/webp/type/progressive/fit/cover/path/news/6c250b592dc94d4de38a79db4d2b18f2/06ef93d6defd273d271c92bd53c85f90/ 3 KB
4 KB 398ms
396ms Image
image/webp 143.204.98.55
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-images.win.gg/resize/w/70/h/70/format/webp/type/progressive/fit/cover/path/news/6c250b592dc94d4de38a79db4d2b18f2/06ef93d6defd273d271c92bd53c85f90/original.jpg
Requested by: Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-55.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:32 GMT
via: 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
last-modified: Wed, 28 Apr 2021 21:56:07 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
etag: "2ecba650fa6d4e4cece24bf78ebf64c5"
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31557600
x-cache: Miss from cloudfront
content-length: 3580
x-amz-cf-id: G8FwvJ-JhkWtrWvzMvCR17PIoDSjTgUquBL4vMb5SzehIOt2H1gZww==

GET
H2 200 original.jpg
cdn-images.win.gg/resize/w/70/h/70/format/webp/type/progressive/fit/cover/path/news/ef7be8c57773f2ab48d013434d3ad4f7/bc409d20b211535ddcc2767028c64f06/ 4 KB
5 KB 392ms
390ms Image
image/webp 143.204.98.55
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-images.win.gg/resize/w/70/h/70/format/webp/type/progressive/fit/cover/path/news/ef7be8c57773f2ab48d013434d3ad4f7/bc409d20b211535ddcc2767028c64f06/original.jpg
Requested by: Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-55.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:32 GMT
via: 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
last-modified: Thu, 29 Apr 2021 03:25:19 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
etag: "bdd12b99ed3ed0b98c22c0f53024cc07"
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31557600
x-cache: Miss from cloudfront
content-length: 4600
x-amz-cf-id: tVrmWBORZJmSuCuTsv9JUbikOClKiw3sj0zeWej9WfWMW9oFDhClHw==

GET
H2 200 original.jpg
cdn-images.win.gg/resize/w/70/h/70/format/webp/type/progressive/fit/cover/path/news/1977b575ffa6d1708a5e3eb9ccd851cc/123ec5809f0d0692f0f8439c1a30b2ef/ 4 KB
5 KB 396ms
394ms Image
image/webp 143.204.98.55
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-images.win.gg/resize/w/70/h/70/format/webp/type/progressive/fit/cover/path/news/1977b575ffa6d1708a5e3eb9ccd851cc/123ec5809f0d0692f0f8439c1a30b2ef/original.jpg
Requested by: Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-55.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:32 GMT
via: 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
last-modified: Wed, 28 Apr 2021 21:47:53 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
etag: "e07252f068adf2932487b7f55125ccf7"
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31557600
x-cache: Miss from cloudfront
content-length: 4430
x-amz-cf-id: _o9cXQHmVBEPEHcIOdghaCMtik9xM87wkYcEwpDMfVJpANgCT2tlUw==

GET
H2 200 original.jpg
cdn-images.win.gg/resize/w/70/h/70/format/webp/type/progressive/fit/cover/path/news/bc3c4a6331a8a9950945a1aa8c95ab8a/9d7ffab97edee298a53a7306b83b7e9b/ 5 KB
5 KB 416ms
414ms Image
image/webp 143.204.98.55
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-images.win.gg/resize/w/70/h/70/format/webp/type/progressive/fit/cover/path/news/bc3c4a6331a8a9950945a1aa8c95ab8a/9d7ffab97edee298a53a7306b83b7e9b/original.jpg
Requested by: Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-55.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:32 GMT
via: 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
last-modified: Thu, 29 Apr 2021 15:48:59 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
etag: "7bf9e32b2cbb4cbd9fbea2c2693971e9"
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31557600
x-cache: Miss from cloudfront
content-length: 4718
x-amz-cf-id: jU0JC7VKXTy6h6eSuaIWk_4Zec50-e00O6IqW4GJ5PMtQEDGrwrlJA==

GET
H2 200 original.jpg
cdn-images.win.gg/resize/w/70/h/70/format/webp/type/progressive/fit/cover/path/news/48c34cb86aa86816e112a44ef2bf4c30/87740a23b4e1349cb4cb26eed01a7ff3/ 5 KB
5 KB 398ms
397ms Image
image/webp 143.204.98.55
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-images.win.gg/resize/w/70/h/70/format/webp/type/progressive/fit/cover/path/news/48c34cb86aa86816e112a44ef2bf4c30/87740a23b4e1349cb4cb26eed01a7ff3/original.jpg
Requested by: Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-55.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:32 GMT
via: 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
last-modified: Thu, 29 Apr 2021 13:58:07 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
etag: "6c733390549d51b591f17b427d7e05f5"
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31557600
x-cache: Miss from cloudfront
content-length: 4956
x-amz-cf-id: aegcI1SCp6eSX8CdcQP8KrCWYh-SN5KyKtplfGB__03eG8hF42OglA==

GET
H2 200 original.jpg
cdn-images.win.gg/resize/w/70/h/70/format/webp/type/progressive/fit/cover/path/news/c02d0450cdd75ce7595f5eaeb5f041a3/421f6301210de60eba0a937b9958bffc/ 3 KB
4 KB 423ms
422ms Image
image/webp 143.204.98.55
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-images.win.gg/resize/w/70/h/70/format/webp/type/progressive/fit/cover/path/news/c02d0450cdd75ce7595f5eaeb5f041a3/421f6301210de60eba0a937b9958bffc/original.jpg
Requested by: Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-55.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:32 GMT
via: 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
last-modified: Wed, 28 Apr 2021 05:26:09 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
etag: "ec9590262043fd284052b94642f190ee"
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31557600
x-cache: Miss from cloudfront
content-length: 3466
x-amz-cf-id: 9YsYk7wh0NNtnPpMQpWI_0y4sgrU2nYhHM3nowEl1ax8-Bd2VUySrA==

GET
H2 200 original.png
cdn-images.win.gg/resize/w/70/h/70/format/webp/type/progressive/fit/cover/path/news/4efa8b668ee1198289bb15965d9705b6/8d319a5347698bb8242b7d9aa0a4631c/ 3 KB
3 KB 417ms
416ms Image
image/webp 143.204.98.55
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-images.win.gg/resize/w/70/h/70/format/webp/type/progressive/fit/cover/path/news/4efa8b668ee1198289bb15965d9705b6/8d319a5347698bb8242b7d9aa0a4631c/original.png
Requested by: Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-55.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:32 GMT
via: 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
last-modified: Wed, 28 Apr 2021 05:26:09 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
etag: "43a2a6f7b6df2e2d80a2caac83200842"
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31557600
x-cache: Miss from cloudfront
content-length: 3104
x-amz-cf-id: 2NMHvTWKEN-9QkGdC4RHmdACzPdDsbN7q7ppKHX8ccwVpMGu6kZaKg==

GET
H3-29 200 js Show response
www.googletagmanager.com/gtag/ 119 KB
46 KB 34ms
21ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-916JLHZYLF&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-598L2T6&gtm_auth=&gtm_preview=&gtm_cookies_win=x

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

256f17fb79f4b47e77e4ce9eabc2c8e626a2b6e66f011ac7e29c5bf9176b3817

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:31 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47290
x-xss-protection: 0
expires: Mon, 05 Jul 2021 05:50:31 GMT

GET
H2 200 hotjar-1102782.js
static.hotjar.com/c/ 40 KB
7 KB 192ms
85ms Script
application/javascript 13.225.87.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-1102782.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-598L2T6&gtm_auth=&gtm_preview=&gtm_cookies_win=x

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.87.6 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-87-6.fra2.r.cloudfront.net

Software

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:31 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
x-amz-cf-pop: FRA2-C2
etag: W/6e3fd8574a8f4c3fc1cfac436e2a5ee0
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
x-amz-cf-id: 86ReMf8mOgCxhu8wE_1-9roAy2RfsgjFCLR7_hS1K4mXeyIRz_Nb2Q==
via: 1.1 286eb4b50e0acf373dd03645aee00b7f.cloudfront.net (CloudFront)

GET
H2 200 Bootstrap.js
nexus.ensighten.com/choozle/14253/ 47 B
271 B 184ms
58ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/choozle/14253/Bootstrap.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-598L2T6&gtm_auth=&gtm_preview=&gtm_cookies_win=x
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:31 GMT
last-modified: Mon, 01 Apr 2013 06:07:33 GMT
server: nginx
etag: "51592425-2f"
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 47
expires: Mon, 05 Jul 2021 05:50:30 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
20 KB 26ms
6ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-598L2T6&gtm_auth=&gtm_preview=&gtm_cookies_win=x

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Jun 2021 17:36:57 GMT
server: Golfe2
age: 509
date: Mon, 05 Jul 2021 05:42:02 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19661
expires: Mon, 05 Jul 2021 07:42:02 GMT

GET
H/1.1 200
OK e131c285e681484cc2b42095c01ea9fecf46b257_CSS.af726f49.chunk.css
win.gg/_next/static/css/ 55 KB
6 KB 213ms
212ms Fetch
text/css 52.35.68.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://win.gg/_next/static/css/e131c285e681484cc2b42095c01ea9fecf46b257_CSS.af726f49.chunk.css

Requested by

Host: win.gg
URL: https://win.gg/_next/static/chunks/commons.4e5d3f2c1dd3e30dc1e6.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.35.68.139 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-35-68-139.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: win.gg
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: empty
Referer: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Cookie: usprivacy=1---
Connection: keep-alive
Referer: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Jul 2021 05:50:31 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
x-amz-request-id: CE1A4GSVM9HW85EH
x-amz-id-2: X+vsCcjpIkDrjGv3zGoM8UzKkg0nkFCzEWASv+Bl4eUoc8pH36TcWd6qkXziBjILCsw0L81SAy8=
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 5148
X-Xss-Protection: 1; mode=block
Last-Modified: Mon, 17 May 2021 09:48:50 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: W/"ea29ea636391d508f3149424c6971e19"
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Content-Type: text/css
Cache-Control: public, max-age=31536000, immutable

GET
H2 200 jot
syndication.twitter.com/i/ Frame BFFA 43 B
119 B 163ms
163ms Image
image/gif 104.244.42.200
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1625464231218%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22tweet%22%2C%22action%22%3A%22FCP%22%2C%22component%22%3A%22performance%22%2C%22section%22%3A%22main%22%7D%2C%22context%22%3A%22horizon%22%2C%22client_version%22%3A%2282e1070%3A1619632193066%22%2C%22dnt%22%3Afalse%2C%22widget_id%22%3A%22twitter-widget-0%22%2C%22widget_origin%22%3A%22https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate%22%2C%22widget_frame%22%3A%22false%22%2C%22widget_partner%22%3A%22%22%2C%22widget_site_screen_name%22%3A%22https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate%22%2C%22widget_site_user_id%22%3A%22%22%2C%22widget_creator_screen_name%22%3A%22%22%2C%22widget_creator_user_id%22%3A%22%22%2C%22widget_iframe_version%22%3A%228d0aa66%3A1625168834488%22%2C%22item_ids%22%3A%5B%221205235849438171136%22%5D%2C%22item_details%22%3A%7B%221205235849438171136%22%3A%7B%22item_type%22%3A0%7D%7D%2C%22duration_ms%22%3A768.3000030517578%7D

Requested by

Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.200 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Mon, 05 Jul 2021 05:50:31 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: d598fcefd6035d224f2a03c5979014b70468db39bed591026ee27622a1f223ab
x-transaction: a77eb5bb1a8c3f2b
expires: Tue, 31 Mar 1981 05:00:00 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 26ms
13ms XHR
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j91&a=1185052787&t=pageview&_s=1&dl=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&ul=en-us&de=UTF-8&dt=Has%20Corpse%20Husband%20ever%20shown%20his%20face%3F%20We%20investigate%20-%20GENERAL%20News%20-%20WIN.gg&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEADQAAAAC~&jid=2111419101&gjid=881719072&cid=588736772.1625464231&tid=UA-125662552-1&_gid=1546390359.1625464231&_r=1&gtm=2wg6u0598L2T6&cg1=&cd2=&z=1467737089

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 05 Jul 2021 05:50:31 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://win.gg
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 js Show response
www.google-analytics.com/gtm/ 90 KB
36 KB 28ms
18ms Script
application/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-T8SWN4K&t=gtm11&cid=588736772.1625464231

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

30cd51247834a98c40e54cf0159ae40fb3b79710706accbe4891ca5e0542f899

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:31 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36469
x-xss-protection: 0
last-modified: Mon, 05 Jul 2021 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 05 Jul 2021 05:50:31 GMT

POST
H2 204 collect
analytics.google.com/g/ 0
362 B 33ms
13ms Ping
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-916JLHZYLF&gtm=2oe6u0&_p=1185052787&sr=1600x1200&_gaz=1&ul=en-us&cid=588736772.1625464231&_s=1&dl=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&dt=Has%20Corpse%20Husband%20ever%20shown%20his%20face%3F%20We%20investigate%20-%20GENERAL%20News%20-%20WIN.gg&sid=1625464231&sct=1&seg=0&en=suggestion&_fv=1&_ss=1&ep.suggestion_path=%2Fnews%2F7994%2Fastra-is-bad-for-valorant-according-to-top-pro-players&ep.suggestion_reason=recency&ep.suggestion_location=right_column
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-916JLHZYLF&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 05 Jul 2021 05:50:31 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://win.gg
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-29 204 collect
stats.g.doubleclick.net/g/ 0
17 B 29ms
15ms Ping
text/plain 2a00:1450:400c:c04::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-916JLHZYLF&cid=588736772.1625464231&gtm=2oe6u0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-916JLHZYLF&l=dataLayer&cx=c
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400c:c04::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 05 Jul 2021 05:50:31 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://win.gg
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
522 B 37ms
16ms Image
image/gif 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-916JLHZYLF&cid=588736772.1625464231&gtm=2oe6u0&aip=1&z=1385235144

Requested by

Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Jul 2021 05:50:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
428 B 41ms
15ms XHR
text/plain 2a00:1450:400c:c04::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j91&tid=UA-125662552-1&cid=588736772.1625464231&jid=2111419101&gjid=881719072&_gid=1546390359.1625464231&_u=YEBAAEACQAAAAC~&z=1476916770

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c04::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 05 Jul 2021 05:50:31 GMT
content-type: text/plain
access-control-allow-origin: https://win.gg
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
522 B 37ms
17ms Image
image/gif 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j91&tid=UA-125662552-1&cid=588736772.1625464231&jid=2111419101&_u=YEBAAEACQAAAAC~&z=1503782250

Requested by

Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Jul 2021 05:50:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 17ms
17ms Image
image/gif 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j91&tid=UA-125662552-1&cid=588736772.1625464231&jid=2111419101&_u=YEBAAEACQAAAAC~&z=1503782250

Requested by

Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Jul 2021 05:50:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 liveView.php
live.primis.tech/live/ Frame FF87 2 KB
1 KB 58ms
57ms Script
text/javascript 194.146.38.205
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/live/liveView.php?s=104669&cbuster=[CACHE_BUSTER]&pubUrl=[PAGE_URL_ENCODED]&subId=[SUBID_ENCODED]&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed2011jiuskxrn&csuuid=60e29da741a7d&r_csuuid=1&cbuster=1625464231&pubUrlAuto=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&videoType=flow&floatWidth=400&floatHeight=225&floatDirection=br&floatVerticalOffset=110&floatHorizontalOffset=1&floatCloseBtn=1&flowMode=below&flowCloseButtonPosition=right
Requested by: Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?s=104669&cbuster=[CACHE_BUSTER]&pubUrl=[PAGE_URL_ENCODED]&subId=[SUBID_ENCODED]&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed2011jiuskxrn
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.146.38.205 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Jul 2021 05:50:31 GMT
content-encoding: gzip
server: nginx
age: 0
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
cache-control: no-store
content-type: text/javascript; charset=utf-8

GET
H/1.1 200
OK dwce_cheq_events
log.outbrainimg.com/loggerServices/ 4 B
325 B 498ms
123ms XHR
application/json 64.202.112.95
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL: https://log.outbrainimg.com/loggerServices/dwce_cheq_events?timestamp=1625464231344&sessionId=176c6829-3219-9fc5-b18c-97c5d3ada15b&url=win.gg&cheqSource=1&cheqEvent=2&responseTime=818
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.202.112.95 , United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 05 Jul 2021 05:50:31 GMT
Access-Control-Allow-Methods: GET,POST
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
X-TraceId: 6f03f53bae88a6ac333f3af0892e284d
Content-Length: 4
Expires: 0

GET
H2 200 imp.gif
obs.cheqzone.com/tracker/ 43 B
135 B 244ms
243ms Image
image/gif 2600:1f18:e8a:cd10:3bb7:12f:ec6a:dc8a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://obs.cheqzone.com/tracker/imp.gif?e=37dfbd8ee84e001368ebc333ee45899c9225c24f567d51c5c30f41b0254384cfa532ff1a285aa40e98d022e0b44dc87ea4a36fde4c1b8c682309094d0ba0bfea9475489e91da563e351aff717718956a8b70cd0130003f8101424d3f065cc3bf775d36fa26e877cb55e2cc7ce2586fb01f6f3903d053f054abd1c5d52fe87547ed62d2f1157f84163312714593d60632fd78afe7dfe1474ab9488bbd39e821da61c45085052aae2d05f91e46042cc95b32b49affa125be2ab8589801f95c0c2cf38e6b256a655c9b6599857ea95a61a7d4f232331e32d786302080903b477442750c1bef8828796d76e4ba152cebfea755c9a444771e2bb5a5a384800cc6b9a326f746c0016537dd9fcfe6ad6b89cc9133d56c5384e6c1250616e9656ca0990a63ecc89825d957bd1fad811bc551c8c96dd82a77c3d835d2779884eda58ebde71a7ffe28b6b2fb2e0765ef806092b413e0454f07df095fd0d4c38681eb923bce6a88deeedb29b92e2865d62a2ac795904e70d0b227aa51bdc74bcc24f879101f57c830ff439cd0be71f8df78d217ebc3d9de2a825e517cb00b4f08250474c4bd2cb548c4de9623ea9472ec902fd684a6f96988a0a84e6c739de5114ed0a6465e01f5ebad27e16fd9ae05b0be33ef2de26a881481098ef67a925963bdf9c3226a2d7c117e5e4e1dabfd9e2e8753f41a105123fba85d9dc40a0695bbc3b9bc69deeee4f59afbadf757523afb419ab5586d9f5e631bd77f40776cf767b27019c6f7dc608c60cb388dab2ea0a41fca69053354776e0f8e92f6d13d6747df49579fd7c5a9f39f1143cbf2ce22d3913722868500362dbbd48c4a33f46797559f57&cb=1625464231344&cri=HXjqBTVQcO
Requested by: Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2600:1f18:e8a:cd10:3bb7:12f:ec6a:dc8a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Jul 2021 05:50:31 GMT
cache-control: no-cache, no-store, must-revalidate
cheq_headers_order: Cache-Control Pragma Expires Content-Type Date Connection Content-Length
content-type: image/gif
content-length: 43
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 iab_consent_sdk.v1.0.js
live.primis.tech/content/ClientDetections/ Frame FF87 19 KB
6 KB 54ms
53ms Script
application/javascript 194.146.38.205
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/content/ClientDetections/iab_consent_sdk.v1.0.js
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=104669&cbuster=[CACHE_BUSTER]&pubUrl=[PAGE_URL_ENCODED]&subId=[SUBID_ENCODED]&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed2011jiuskxrn&csuuid=60e29da741a7d&r_csuuid=1&cbuster=1625464231&pubUrlAuto=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&videoType=flow&floatWidth=400&floatHeight=225&floatDirection=br&floatVerticalOffset=110&floatHorizontalOffset=1&floatCloseBtn=1&flowMode=below&flowCloseButtonPosition=right
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.146.38.205 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:31 GMT
content-encoding: gzip
last-modified: Wed, 12 Feb 2020 15:01:36 GMT
server: nginx
etag: W/"5e441350-4be0"
content-type: application/javascript
cache-control: max-age=31536000, public
expires: Tue, 05 Jul 2022 05:50:31 GMT

GET
H2 200 DetectGDPR2.v1.1.js
live.primis.tech/content/ClientDetections/ Frame FF87 9 KB
3 KB 58ms
56ms Script
application/javascript 194.146.38.205
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/content/ClientDetections/DetectGDPR2.v1.1.js
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=104669&cbuster=[CACHE_BUSTER]&pubUrl=[PAGE_URL_ENCODED]&subId=[SUBID_ENCODED]&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed2011jiuskxrn&csuuid=60e29da741a7d&r_csuuid=1&cbuster=1625464231&pubUrlAuto=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&videoType=flow&floatWidth=400&floatHeight=225&floatDirection=br&floatVerticalOffset=110&floatHorizontalOffset=1&floatCloseBtn=1&flowMode=below&flowCloseButtonPosition=right
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.146.38.205 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:31 GMT
content-encoding: gzip
last-modified: Thu, 11 Feb 2021 09:45:48 GMT
server: nginx
etag: W/"6024fccc-228f"
content-type: application/javascript
cache-control: max-age=31536000, public
expires: Tue, 05 Jul 2022 05:50:31 GMT

GET
H2 200 DetectGDPR.v1.1.js
live.primis.tech/content/ClientDetections/ Frame FF87 8 KB
3 KB 56ms
54ms Script
application/javascript 194.146.38.205
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/content/ClientDetections/DetectGDPR.v1.1.js
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=104669&cbuster=[CACHE_BUSTER]&pubUrl=[PAGE_URL_ENCODED]&subId=[SUBID_ENCODED]&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed2011jiuskxrn&csuuid=60e29da741a7d&r_csuuid=1&cbuster=1625464231&pubUrlAuto=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&videoType=flow&floatWidth=400&floatHeight=225&floatDirection=br&floatVerticalOffset=110&floatHorizontalOffset=1&floatCloseBtn=1&flowMode=below&flowCloseButtonPosition=right
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.146.38.205 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:31 GMT
content-encoding: gzip
last-modified: Thu, 11 Feb 2021 09:45:48 GMT
server: nginx
etag: W/"6024fccc-1ef8"
content-type: application/javascript
cache-control: max-age=31536000, public
expires: Tue, 05 Jul 2022 05:50:31 GMT

GET
H2 200 hls.0.12.4_2.min.js
live.primis.tech/content/video/hls/ Frame FF87 256 KB
86 KB 62ms
61ms Script
application/javascript 194.146.38.205
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/content/video/hls/hls.0.12.4_2.min.js
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=104669&cbuster=[CACHE_BUSTER]&pubUrl=[PAGE_URL_ENCODED]&subId=[SUBID_ENCODED]&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed2011jiuskxrn&csuuid=60e29da741a7d&r_csuuid=1&cbuster=1625464231&pubUrlAuto=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&videoType=flow&floatWidth=400&floatHeight=225&floatDirection=br&floatVerticalOffset=110&floatHorizontalOffset=1&floatCloseBtn=1&flowMode=below&flowCloseButtonPosition=right
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.146.38.205 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:31 GMT
content-encoding: gzip
last-modified: Thu, 13 Aug 2020 08:36:05 GMT
server: nginx
etag: W/"5f34fb75-3ff27"
content-type: application/javascript
cache-control: max-age=31536000, public
expires: Tue, 05 Jul 2022 05:50:31 GMT

GET
H2 200 prebidVid.4.43.0_3.min.js
live.primis.tech/content/prebid/ Frame FF87 385 KB
143 KB 114ms
113ms Script
application/javascript 194.146.38.205
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/content/prebid/prebidVid.4.43.0_3.min.js
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=104669&cbuster=[CACHE_BUSTER]&pubUrl=[PAGE_URL_ENCODED]&subId=[SUBID_ENCODED]&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed2011jiuskxrn&csuuid=60e29da741a7d&r_csuuid=1&cbuster=1625464231&pubUrlAuto=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&videoType=flow&floatWidth=400&floatHeight=225&floatDirection=br&floatVerticalOffset=110&floatHorizontalOffset=1&floatCloseBtn=1&flowMode=below&flowCloseButtonPosition=right
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.146.38.205 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:31 GMT
content-encoding: gzip
last-modified: Tue, 29 Jun 2021 11:43:13 GMT
server: nginx
etag: W/"60db0751-60302"
content-type: application/javascript
cache-control: max-age=31536000, public
expires: Tue, 05 Jul 2022 05:50:31 GMT

GET
H2 200 liveVideo.php
live.primis.tech/live/ Frame FF87 558 KB
156 KB 143ms
142ms Script
text/html 194.146.38.205
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032312D30372D30355F30387D7B7331343830393231367D7B433235397D7B5364326C754C6D646E7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583735307D7B593432347D7B66317D7B4C383535367DFEFE&userIpAddr=185.236.42.19&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F89.0.4389.72+Safari%2F537.36&debugInformation=&isWePassGdpr=0&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&csuuid=60e29da741a7d&debugInfo=14809216_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=14809216&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2011jiuskxrn&secondaryContent=&x=750&y=424&pubUrl=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=110&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=59.3247&geoLong=18.056&vpTemplate=8556&flowMode=below&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=104669&cbuster=[CACHE_BUSTER]&pubUrl=[PAGE_URL_ENCODED]&subId=[SUBID_ENCODED]&x=[WIDTH]&y=[HEIGHT]&vp_content=plembed2011jiuskxrn&csuuid=60e29da741a7d&r_csuuid=1&cbuster=1625464231&pubUrlAuto=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&videoType=flow&floatWidth=400&floatHeight=225&floatDirection=br&floatVerticalOffset=110&floatHorizontalOffset=1&floatCloseBtn=1&flowMode=below&flowCloseButtonPosition=right
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.146.38.205 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:31 GMT
content-encoding: gzip
server: nginx
content-type: text/html; charset=UTF-8

GET
H2 200 modules.5d7b003bea9773742697.js
script.hotjar.com/ 219 KB
58 KB 171ms
63ms Script
application/javascript 13.224.193.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.5d7b003bea9773742697.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1102782.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.193.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-193-31.fra2.r.cloudfront.net

Software

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 28 Jun 2021 11:18:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 585146
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 59104
access-control-allow-origin: *
last-modified: Mon, 28 Jun 2021 11:17:19 GMT
etag: "7ec91cc4f2cd9fc68adc95dae9f9b891"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 0e75d8f2d484ce463fc04f5c422aa179.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: G3ABskkk8hRJBVsJPKkkRTBVqEif5ii1Acnho9WqoES4BOl1NrG7Dg==

GET
H2 200 box-25a418976ea02a6f393fbbe77cec94bb.html
vars.hotjar.com/ Frame F96F 2 KB
1 KB 158ms
52ms Document
text/html 13.224.193.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1102782.js?sv=7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.116 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-116.fra2.r.cloudfront.net
Software: /
Resource Hash

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-25a418976ea02a6f393fbbe77cec94bb.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://win.gg/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://win.gg/

Response headers

content-type: text/html
content-length: 1044
date: Sun, 04 Jul 2021 20:03:42 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "76922233be8bdb14c053af468d29404a"
last-modified: Mon, 28 Jun 2021 11:17:19 GMT
x-amz-server-side-encryption: AES256
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 1d67a4c00b06651cb6daa95ec3f21f9b.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: _MfTpvOcearYFoJHkRb8e7GjTG9M6JT_rwiWdSERYSdsyFg_mUSNFA==
age: 35208

GET
H2 200 primisslate.css
live.primis.tech/content/video/css/ 17 KB
5 KB 51ms
50ms Stylesheet
text/css 194.146.38.205
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/content/video/css/primisslate.css
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032312D30372D30355F30387D7B7331343830393231367D7B433235397D7B5364326C754C6D646E7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583735307D7B593432347D7B66317D7B4C383535367DFEFE&userIpAddr=185.236.42.19&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F89.0.4389.72+Safari%2F537.36&debugInformation=&isWePassGdpr=0&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&csuuid=60e29da741a7d&debugInfo=14809216_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=14809216&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2011jiuskxrn&secondaryContent=&x=750&y=424&pubUrl=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=110&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=59.3247&geoLong=18.056&vpTemplate=8556&flowMode=below&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.146.38.205 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:31 GMT
content-encoding: gzip
last-modified: Tue, 18 Aug 2020 10:07:25 GMT
server: nginx
etag: W/"5f3ba85d-45c8"
content-type: text/css

GET
H2 200 apstag.js
c.amazon-adsystem.com/aax2/ Frame FF87 123 KB
33 KB 189ms
80ms Script
application/javascript 13.224.192.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032312D30372D30355F30387D7B7331343830393231367D7B433235397D7B5364326C754C6D646E7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583735307D7B593432347D7B66317D7B4C383535367DFEFE&userIpAddr=185.236.42.19&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F89.0.4389.72+Safari%2F537.36&debugInformation=&isWePassGdpr=0&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&csuuid=60e29da741a7d&debugInfo=14809216_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=14809216&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2011jiuskxrn&secondaryContent=&x=750&y=424&pubUrl=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=110&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=59.3247&geoLong=18.056&vpTemplate=8556&flowMode=below&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.192.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-192-34.fra2.r.cloudfront.net
Software: Server /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: ZuFCHfrmTECGFCQSjXf99pkGgMeeKb9N
content-encoding: gzip
server: Server
age: 650
etag: c457e964d47ff007ca9e04843536c474
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
cache-control: public, max-age=900
date: Mon, 05 Jul 2021 05:39:41 GMT
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: QssYvq87U_l10D6FyOIazoDq8QBCGrnAaySFHPC6EZs1VVIVlmRzWQ==

GET
H2 200 css
fonts.googleapis.com/ Frame 0D71 2 KB
644 B 14ms
14ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto&display=swap

Requested by

Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 05 Jul 2021 05:09:42 GMT
server: ESF
date: Mon, 05 Jul 2021 05:50:31 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 05 Jul 2021 05:50:31 GMT

GET
H3-29 200 css
fonts.googleapis.com/ 2 KB
548 B 28ms
14ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto&display=swap

Requested by

Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032312D30372D30355F30387D7B7331343830393231367D7B433235397D7B5364326C754C6D646E7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583735307D7B593432347D7B66317D7B4C383535367DFEFE&userIpAddr=185.236.42.19&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F89.0.4389.72+Safari%2F537.36&debugInformation=&isWePassGdpr=0&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&csuuid=60e29da741a7d&debugInfo=14809216_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=14809216&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2011jiuskxrn&secondaryContent=&x=750&y=424&pubUrl=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=110&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=59.3247&geoLong=18.056&vpTemplate=8556&flowMode=below&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 05 Jul 2021 05:19:22 GMT
server: ESF
date: Mon, 05 Jul 2021 05:50:31 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 05 Jul 2021 05:50:31 GMT

GET
H2 200 user_sync.html
ads.pubmatic.com/AdServer/js/ Frame A344 14 KB
5 KB 165ms
55ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D60e29da741a7d%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D1%26gdpr_consent%3D
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032312D30372D30355F30387D7B7331343830393231367D7B433235397D7B5364326C754C6D646E7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583735307D7B593432347D7B66317D7B4C383535367DFEFE&userIpAddr=185.236.42.19&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F89.0.4389.72+Safari%2F537.36&debugInformation=&isWePassGdpr=0&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&csuuid=60e29da741a7d&debugInfo=14809216_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=14809216&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2011jiuskxrn&secondaryContent=&x=750&y=424&pubUrl=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=110&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=59.3247&geoLong=18.056&vpTemplate=8556&flowMode=below&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D60e29da741a7d%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D1%26gdpr_consent%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://win.gg/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://win.gg/

Response headers

last-modified: Tue, 15 Jun 2021 06:08:03 GMT
etag: "1300708-3945-5c4c7cc02bd56"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5054
content-type: text/html; charset=UTF-8
cache-control: max-age=30736
expires: Mon, 05 Jul 2021 14:22:47 GMT
date: Mon, 05 Jul 2021 05:50:31 GMT
vary: Accept-Encoding

GET
H2

200

liveCS.php
live.primis.tech/live/ Frame 0CAB
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=8805&redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D60e29da741a7d%26pixel%3D%26advId%3D94%26advUuid%3D%24...
https://sync.search.spotxchange.com/partner?adv_id=8805&redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D60e29da741a7d%26pixel%3D%26advId%3D94%26advUuid%3D%24...
https://live.primis.tech/live/liveCS.php?source=external&csuuid=60e29da741a7d&pixel=&advId=94&advUuid=e8d1a525-dd54-11eb-8a5c-1f057aaa0406

0
223 B

53ms
53ms

Document
text/html

194.146.38.205
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/live/liveCS.php?source=external&csuuid=60e29da741a7d&pixel=&advId=94&advUuid=e8d1a525-dd54-11eb-8a5c-1f057aaa0406
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032312D30372D30355F30387D7B7331343830393231367D7B433235397D7B5364326C754C6D646E7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583735307D7B593432347D7B66317D7B4C383535367DFEFE&userIpAddr=185.236.42.19&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F89.0.4389.72+Safari%2F537.36&debugInformation=&isWePassGdpr=0&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&csuuid=60e29da741a7d&debugInfo=14809216_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=14809216&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2011jiuskxrn&secondaryContent=&x=750&y=424&pubUrl=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=110&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=59.3247&geoLong=18.056&vpTemplate=8556&flowMode=below&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.146.38.205 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

:method: GET
:authority: live.primis.tech
:scheme: https
:path: /live/liveCS.php?source=external&csuuid=60e29da741a7d&pixel=&advId=94&advUuid=e8d1a525-dd54-11eb-8a5c-1f057aaa0406
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://win.gg/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://win.gg/

Response headers

server: nginx
date: Mon, 05 Jul 2021 05:50:31 GMT
content-type: text/html; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-store
pragma: no-cache
age: 0
content-encoding: gzip

Redirect headers

Server: nginx
Date: Mon, 05 Jul 2021 05:50:31 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Set-Cookie: audience=e8d1a525-dd54-11eb-8a5c-1f057aaa0406; expires=Tue, 05-Jul-2022 06:57:11 GMT; path=/; domain=.spotxchange.com; SameSite=none; Secure
Location: https://live.primis.tech/live/liveCS.php?source=external&csuuid=60e29da741a7d&pixel=&advId=94&advUuid=e8d1a525-dd54-11eb-8a5c-1f057aaa0406
X-fe: 55
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0

GET
H2

200

liveCS.php
live.primis.tech/live/ Frame DE8D
Redirect Chain

https://u.openx.net/w/1.0/cm?id=476b50d3-5ccf-49a1-89b8-1ddf8ea18042&r=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D60e29da741a7d%26pixel%3D%26advId%3D98%26advU...
https://u.openx.net/w/1.0/cm?cc=1&id=476b50d3-5ccf-49a1-89b8-1ddf8ea18042&r=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D60e29da741a7d%26pixel%3D%26advId%3D98%2...
https://live.primis.tech/live/liveCS.php?source=external&csuuid=60e29da741a7d&pixel=&advId=98&advUuid=6883cabb-6e94-4edc-bdf0-27155ebb4234

0
223 B

54ms
54ms

Document
text/html

194.146.38.205
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/live/liveCS.php?source=external&csuuid=60e29da741a7d&pixel=&advId=98&advUuid=6883cabb-6e94-4edc-bdf0-27155ebb4234
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032312D30372D30355F30387D7B7331343830393231367D7B433235397D7B5364326C754C6D646E7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583735307D7B593432347D7B66317D7B4C383535367DFEFE&userIpAddr=185.236.42.19&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F89.0.4389.72+Safari%2F537.36&debugInformation=&isWePassGdpr=0&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&csuuid=60e29da741a7d&debugInfo=14809216_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=14809216&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2011jiuskxrn&secondaryContent=&x=750&y=424&pubUrl=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=110&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=59.3247&geoLong=18.056&vpTemplate=8556&flowMode=below&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.146.38.205 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

:method: GET
:authority: live.primis.tech
:scheme: https
:path: /live/liveCS.php?source=external&csuuid=60e29da741a7d&pixel=&advId=98&advUuid=6883cabb-6e94-4edc-bdf0-27155ebb4234
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://win.gg/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://win.gg/

Response headers

server: nginx
date: Mon, 05 Jul 2021 05:50:31 GMT
content-type: text/html; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-store
pragma: no-cache
age: 0
content-encoding: gzip

Redirect headers

vary: Accept, Accept-Encoding
set-cookie: i=4c8a1352-8b55-49d8-a343-79ded6d432dc|1625464231; Version=1; Expires=Tue, 05-Jul-2022 05:50:31 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.210.0
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://live.primis.tech/live/liveCS.php?source=external&csuuid=60e29da741a7d&pixel=&advId=98&advUuid=6883cabb-6e94-4edc-bdf0-27155ebb4234
date: Mon, 05 Jul 2021 05:50:31 GMT
content-type: text/html
content-length: 0
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H/1.1 200
OK sync.html
s.console.adtarget.com.tr/ Frame 97C7 2 KB
1 KB 75ms
24ms Document
text/html 2a0c:5c81:5095:0:225:90ff:fefa:245d
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032312D30372D30355F30387D7B7331343830393231367D7B433235397D7B5364326C754C6D646E7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583735307D7B593432347D7B66317D7B4C383535367DFEFE&userIpAddr=185.236.42.19&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F89.0.4389.72+Safari%2F537.36&debugInformation=&isWePassGdpr=0&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&csuuid=60e29da741a7d&debugInfo=14809216_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=14809216&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2011jiuskxrn&secondaryContent=&x=750&y=424&pubUrl=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=110&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=59.3247&geoLong=18.056&vpTemplate=8556&flowMode=below&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5095:0:225:90ff:fefa:245d London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash

Request headers

Host: s.console.adtarget.com.tr
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://win.gg/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://win.gg/

Response headers

Server: VertaMedia 1.0
Date: Mon, 05 Jul 2021 05:50:30 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 847
Access-Control-Allow-Origin: https://win.gg
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Encoding: gzip

GET
H2 200 liveView.php
live.primis.tech/live/ Frame FF87 15 KB
4 KB 70ms
69ms XHR
application/json 194.146.38.205
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/live/liveView.php?s=58057&vid_vastTimeout=-1&vid_vastType=3&vid_playerVer=3.1.0&vid_viewabilityState=1&vid_content_url=https%3A%2F%2Fvideo.primis.tech%2Fuploads%2Fcn19%2Fvideo%2Fusers%2Fconverted%2F29909%2Fvideo_5f6af001aae1b264352045%2Fvid60e2687fb17f7406121763.mp4&vid_content_id=1646385&vid_content_desc=It%E2%80%99s+CHAOS%21+Fans+are+LAUGHING+at+FINAL+FANTASY+ORIGIN&vid_content_title=It%E2%80%99s+CHAOS%21+Fans+are+LAUGHING+at+FINAL+FANTASY+ORIGIN&vid_content_duration=104&debugInformation=&x=473&y=266&pubUrl=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&ri=6C69766553746174737C736B317B54307D7B64323032312D30372D30355F30387D7B7331343830393231367D7B433235397D7B5364326C754C6D646E7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583735307D7B593432347D7B66317D7B4C383535367DFEFE&isApp=0&geoLati=59.3247&geoLong=18.056&userIpAddr=185.236.42.19&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F89.0.4389.72+Safari%2F537.36&playerApiId=&csuuid=60e29da741a7d&cbuster=1625464231632&gdpr=1&gdprConsent=&isWePassGdpr=0
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032312D30372D30355F30387D7B7331343830393231367D7B433235397D7B5364326C754C6D646E7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583735307D7B593432347D7B66317D7B4C383535367DFEFE&userIpAddr=185.236.42.19&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F89.0.4389.72+Safari%2F537.36&debugInformation=&isWePassGdpr=0&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&csuuid=60e29da741a7d&debugInfo=14809216_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=14809216&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2011jiuskxrn&secondaryContent=&x=750&y=424&pubUrl=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=110&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=59.3247&geoLong=18.056&vpTemplate=8556&flowMode=below&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.146.38.205 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Jul 2021 05:50:31 GMT
content-encoding: gzip
server: nginx
age: 0
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: https://win.gg
cache-control: no-store
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
content-length: 3309

GET
H2 200 liveView.php
live.primis.tech/live/ Frame FF87 15 KB
3 KB 76ms
75ms XHR
application/json 194.146.38.205
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/live/liveView.php?s=58057&vid_vastTimeout=-1&vid_vastType=3&vid_playerVer=3.1.0&vid_viewabilityState=1&vid_content_url=https%3A%2F%2Fvideo.primis.tech%2Fuploads%2Fcn19%2Fvideo%2Fusers%2Fconverted%2F29909%2Fvideo_5f6af001aae1b264352045%2Fvid60e2687fb17f7406121763.mp4&vid_content_id=1646385&vid_content_desc=It%E2%80%99s+CHAOS%21+Fans+are+LAUGHING+at+FINAL+FANTASY+ORIGIN&vid_content_title=It%E2%80%99s+CHAOS%21+Fans+are+LAUGHING+at+FINAL+FANTASY+ORIGIN&vid_content_duration=104&debugInformation=&x=400&y=225&pubUrl=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&ri=6C69766553746174737C736B317B54307D7B64323032312D30372D30355F30387D7B7331343830393231367D7B433235397D7B5364326C754C6D646E7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583735307D7B593432347D7B66317D7B4C383535367DFEFE&isApp=0&geoLati=59.3247&geoLong=18.056&userIpAddr=185.236.42.19&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F89.0.4389.72+Safari%2F537.36&playerApiId=&csuuid=60e29da741a7d&cbuster=1625464231632&gdpr=1&gdprConsent=&isWePassGdpr=0
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032312D30372D30355F30387D7B7331343830393231367D7B433235397D7B5364326C754C6D646E7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583735307D7B593432347D7B66317D7B4C383535367DFEFE&userIpAddr=185.236.42.19&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F89.0.4389.72+Safari%2F537.36&debugInformation=&isWePassGdpr=0&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&csuuid=60e29da741a7d&debugInfo=14809216_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=14809216&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2011jiuskxrn&secondaryContent=&x=750&y=424&pubUrl=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=110&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=59.3247&geoLong=18.056&vpTemplate=8556&flowMode=below&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.146.38.205 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Jul 2021 05:50:31 GMT
content-encoding: gzip
server: nginx
age: 0
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: https://win.gg
cache-control: no-store
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
content-length: 3309

GET
H2 200 liveView.php
live.primis.tech/live/ Frame FF87 2 B
291 B 62ms
62ms XHR
application/json 194.146.38.205
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://live.primis.tech/live/liveView.php?s=58057&vid_vastTimeout=-1&vid_vastType=3&vid_playerVer=3.1.0&vid_viewabilityState=0&vid_content_url=https%3A%2F%2Fvideo.primis.tech%2Fuploads%2Fcn19%2Fvideo%2Fusers%2Fconverted%2F29909%2Fvideo_5f6af001aae1b264352045%2Fvid60e2687fb17f7406121763.mp4&vid_content_id=1646385&vid_content_desc=It%E2%80%99s+CHAOS%21+Fans+are+LAUGHING+at+FINAL+FANTASY+ORIGIN&vid_content_title=It%E2%80%99s+CHAOS%21+Fans+are+LAUGHING+at+FINAL+FANTASY+ORIGIN&vid_content_duration=104&debugInformation=&x=473&y=266&pubUrl=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&ri=6C69766553746174737C736B317B54307D7B64323032312D30372D30355F30387D7B7331343830393231367D7B433235397D7B5364326C754C6D646E7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583735307D7B593432347D7B66317D7B4C383535367DFEFE&isApp=0&geoLati=59.3247&geoLong=18.056&userIpAddr=185.236.42.19&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F89.0.4389.72+Safari%2F537.36&playerApiId=&csuuid=60e29da741a7d&cbuster=1625464231634&gdpr=1&gdprConsent=&isWePassGdpr=0
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032312D30372D30355F30387D7B7331343830393231367D7B433235397D7B5364326C754C6D646E7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583735307D7B593432347D7B66317D7B4C383535367DFEFE&userIpAddr=185.236.42.19&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F89.0.4389.72+Safari%2F537.36&debugInformation=&isWePassGdpr=0&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&csuuid=60e29da741a7d&debugInfo=14809216_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=14809216&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2011jiuskxrn&secondaryContent=&x=750&y=424&pubUrl=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=110&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=59.3247&geoLong=18.056&vpTemplate=8556&flowMode=below&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.146.38.205 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Jul 2021 05:50:31 GMT
content-encoding: gzip
server: nginx
age: 0
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: https://win.gg
cache-control: no-store
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
content-length: 22

GET
H2 200 chunklist_480.m3u8
video.primis.tech/uploads/cn19/video/users/hls/29909/video_5f6af001aae1b264352045/vid60e2687fb17f7406121763.mp4/ 707 B
1 KB 170ms
53ms XHR
application/vnd.apple.mpegurl 143.204.98.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://video.primis.tech/uploads/cn19/video/users/hls/29909/video_5f6af001aae1b264352045/vid60e2687fb17f7406121763.mp4/chunklist_480.m3u8
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_2.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-113.fra50.r.cloudfront.net
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 04:52:32 GMT
via: 1.1 9c7c26f5beeb09381cea450ea3581b37.cloudfront.net (CloudFront)
last-modified: Mon, 05 Jul 2021 04:08:38 GMT
server: nginx
age: 3479
etag: "60e285c6-2c3"
x-cache: Hit from cloudfront
content-type: application/vnd.apple.mpegurl
access-control-allow-origin: *
cache-control: no-cache
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 707
x-amz-cf-id: xEjdLX0ES5IODh2qrntZKmJZAuLqXlFLJBBybvIJMIFF15oKlbk6fQ==
expires: Mon, 05 Jul 2021 04:52:31 GMT

GET
H2 200 vid60e2687fb17f7406121763_thumb.jpg
video.primis.tech/uploads/cn19/video/users/converted/29909/video_5f6af001aae1b264352045/ Frame 0D71 4 KB
4 KB 166ms
57ms Image
image/jpeg 143.204.98.113
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://video.primis.tech/uploads/cn19/video/users/converted/29909/video_5f6af001aae1b264352045/vid60e2687fb17f7406121763_thumb.jpg?cbuster=1625458000
Requested by: Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-113.fra50.r.cloudfront.net
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 04:28:15 GMT
via: 1.1 b912dc97777020eb19579888add26978.cloudfront.net (CloudFront)
last-modified: Mon, 05 Jul 2021 04:07:34 GMT
server: nginx
age: 4936
etag: "60e28586-f04"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=315360000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 3844
x-amz-cf-id: PeRlePWnksEwlTPJ4wXDhNeoutbvolUaxUiQcXV3BEty_BlLK6fK3w==
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 vid60e10aa90460e068878326_thumb.jpg
video.primis.tech/uploads/cn18/video/users/converted/29909/video_5f6af001aae1b264352045/ Frame 0D71 3 KB
3 KB 163ms
53ms Image
image/jpeg 143.204.98.113
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://video.primis.tech/uploads/cn18/video/users/converted/29909/video_5f6af001aae1b264352045/vid60e10aa90460e068878326_thumb.jpg?cbuster=1625362005
Requested by: Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-113.fra50.r.cloudfront.net
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 04 Jul 2021 04:39:07 GMT
via: 1.1 b912dc97777020eb19579888add26978.cloudfront.net (CloudFront)
last-modified: Sun, 04 Jul 2021 01:28:12 GMT
server: nginx
age: 90684
etag: "60e10eac-c4f"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=315360000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 3151
x-amz-cf-id: G3f1agMgwabbd_YO1JCbzfQewPsbe1P12ZqN5rjXGcs6V2o7SybIIg==
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 vid60dfe4aa80ce8466078453_thumb.jpg
video.primis.tech/uploads/cn17/video/users/converted/29909/video_5f6af001aae1b264352045/ Frame 0D71 2 KB
2 KB 168ms
59ms Image
image/jpeg 143.204.98.113
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://video.primis.tech/uploads/cn17/video/users/converted/29909/video_5f6af001aae1b264352045/vid60dfe4aa80ce8466078453_thumb.jpg?cbuster=1625360001
Requested by: Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-113.fra50.r.cloudfront.net
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 03 Jul 2021 08:28:12 GMT
via: 1.1 b912dc97777020eb19579888add26978.cloudfront.net (CloudFront)
last-modified: Sat, 03 Jul 2021 04:19:05 GMT
server: nginx
age: 163339
etag: "60dfe539-82f"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=315360000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 2095
x-amz-cf-id: jQ3N9l1L6BC9Vt1k-RkTKt7UktOBFImfSO68CKm10K78KgzckFrlHA==
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 vid60df11c8ba1b7874171102_thumb.jpg
video.primis.tech/uploads/cn16/video/users/converted/29909/video_5f6af001aae1b264352045/ Frame 0D71 3 KB
4 KB 199ms
90ms Image
image/jpeg 143.204.98.113
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://video.primis.tech/uploads/cn16/video/users/converted/29909/video_5f6af001aae1b264352045/vid60df11c8ba1b7874171102_thumb.jpg?cbuster=1625234958
Requested by: Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-113.fra50.r.cloudfront.net
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 02 Jul 2021 16:40:58 GMT
via: 1.1 b912dc97777020eb19579888add26978.cloudfront.net (CloudFront)
last-modified: Fri, 02 Jul 2021 14:10:07 GMT
server: nginx
age: 220173
etag: "60df1e3f-d73"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=315360000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 3443
x-amz-cf-id: 7onWamE8mP8U453X1jcaMQgHxtEYmMVvEOWxPsW3xNS-KDXJ4KiYUw==
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 vid60de6e07922d3691199560_thumb.jpg
video.primis.tech/uploads/cn16/video/users/converted/29909/video_5f6af001aae1b264352045/ Frame 0D71 2 KB
2 KB 169ms
60ms Image
image/jpeg 143.204.98.113
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://video.primis.tech/uploads/cn16/video/users/converted/29909/video_5f6af001aae1b264352045/vid60de6e07922d3691199560_thumb.jpg?cbuster=1625230244
Requested by: Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-113.fra50.r.cloudfront.net
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 02 Jul 2021 05:06:15 GMT
via: 1.1 b912dc97777020eb19579888add26978.cloudfront.net (CloudFront)
last-modified: Fri, 02 Jul 2021 01:40:38 GMT
server: nginx
age: 261856
etag: "60de6e96-839"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=315360000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 2105
x-amz-cf-id: a6hFketfl2XCzyWY5IuSb_OmBuTaobCXjmMXVOc5HixkW928U3DizQ==
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 vid60de18bd586d6615370996_thumb.jpg
video.primis.tech/uploads/cn15/video/users/converted/29569/video_5ecf5c9c4d7ee374315632/ Frame 0D71 2 KB
2 KB 68ms
68ms Image
image/jpeg 143.204.98.113
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://video.primis.tech/uploads/cn15/video/users/converted/29569/video_5ecf5c9c4d7ee374315632/vid60de18bd586d6615370996_thumb.jpg?cbuster=1625168063
Requested by: Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-113.fra50.r.cloudfront.net
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Jul 2021 21:51:56 GMT
via: 1.1 b912dc97777020eb19579888add26978.cloudfront.net (CloudFront)
last-modified: Thu, 01 Jul 2021 19:37:01 GMT
server: nginx
age: 287915
etag: "60de195d-60d"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=315360000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 1549
x-amz-cf-id: npBLIQ_mBfHHRJLrSy0V-HQtya5pYVq-aMGJqyg8shbGqbXczrV-Qw==
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 vid60de18a85053e623060676_thumb.jpg
video.primis.tech/uploads/cn15/video/users/converted/29569/video_5ecf5c9c4d7ee374315632/ Frame 0D71 5 KB
5 KB 69ms
68ms Image
image/jpeg 143.204.98.113
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://video.primis.tech/uploads/cn15/video/users/converted/29569/video_5ecf5c9c4d7ee374315632/vid60de18a85053e623060676_thumb.jpg?cbuster=1625168044
Requested by: Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-113.fra50.r.cloudfront.net
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Jul 2021 21:29:09 GMT
via: 1.1 b912dc97777020eb19579888add26978.cloudfront.net (CloudFront)
last-modified: Thu, 01 Jul 2021 19:35:15 GMT
server: nginx
age: 289282
etag: "60de18f3-1211"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=315360000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 4625
x-amz-cf-id: qrTVoR1l1Sn4Mp4tuoIHT_hqdw3sztu7LrKtsnjUd299Bme7JWlxsA==
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 vid60dde427db1a4437869892_thumb.jpg
video.primis.tech/uploads/cn15/video/users/converted/29569/video_5ecf5c9c4d7ee374315632/ Frame 0D71 5 KB
5 KB 68ms
68ms Image
image/jpeg 143.204.98.113
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://video.primis.tech/uploads/cn15/video/users/converted/29569/video_5ecf5c9c4d7ee374315632/vid60dde427db1a4437869892_thumb.jpg?cbuster=1625154606
Requested by: Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-113.fra50.r.cloudfront.net
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Jul 2021 19:17:58 GMT
via: 1.1 b912dc97777020eb19579888add26978.cloudfront.net (CloudFront)
last-modified: Thu, 01 Jul 2021 15:51:08 GMT
server: nginx
age: 297153
etag: "60dde46c-1211"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=315360000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 4625
x-amz-cf-id: gApWOFAfsn465osCANC_keT6QoGYL5p8fSHeolmNEQTkzcaKtFJAIA==
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 vid60dcb60e100f1217224240_thumb.jpg
video.primis.tech/uploads/cn14/video/users/converted/29569/video_5ecf5c9c4d7ee374315632/ Frame 0D71 4 KB
5 KB 75ms
74ms Image
image/jpeg 143.204.98.113
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://video.primis.tech/uploads/cn14/video/users/converted/29569/video_5ecf5c9c4d7ee374315632/vid60dcb60e100f1217224240_thumb.jpg?cbuster=1625077263
Requested by: Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-113.fra50.r.cloudfront.net
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 20:43:24 GMT
via: 1.1 b912dc97777020eb19579888add26978.cloudfront.net (CloudFront)
last-modified: Wed, 30 Jun 2021 18:24:40 GMT
server: nginx
age: 378427
etag: "60dcb6e8-10b0"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=315360000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 4272
x-amz-cf-id: V1xPrL33HI4pXErRZijwZP3S6w1LftNpj6F7M41oRQgYLsI7kivefw==
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 vid60db9218e0d86722407977_thumb.jpg
video.primis.tech/uploads/cn14/video/users/converted/29569/video_5ecf5c9c4d7ee374315632/ Frame 0D71 4 KB
5 KB 75ms
74ms Image
image/jpeg 143.204.98.113
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://video.primis.tech/uploads/cn14/video/users/converted/29569/video_5ecf5c9c4d7ee374315632/vid60db9218e0d86722407977_thumb.jpg?cbuster=1625002523
Requested by: Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-113.fra50.r.cloudfront.net
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 00:49:20 GMT
via: 1.1 b912dc97777020eb19579888add26978.cloudfront.net (CloudFront)
last-modified: Tue, 29 Jun 2021 21:36:37 GMT
server: nginx
age: 450071
etag: "60db9265-1182"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=315360000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 4482
x-amz-cf-id: EneAoWIx8OE1wWRddeapCd7qpWXZ0KDWe_fPiA4Cg6hZLXrcHyddDw==
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 liveView.php
live.primis.tech/live/ 0
226 B 56ms
55ms Image
text/html 194.146.38.205
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.primis.tech/live/liveView.php?njs=1&ito=1&vid_event=50&serverTime=1625464231&vid_playerVer=3.1.0&s=104669&sta=0&x=750&y=424&vid_passDomain=win.gg&subId=win.gg&debugInformation=&isApp=0&ri=6C69766553746174737C736B317B54307D7B64323032312D30372D30355F30387D7B7331343830393231367D7B433235397D7B5364326C754C6D646E7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583735307D7B593432347D7B66317D7B4C383535367DFEFE&diaid=&userIpAddr=185.236.42.19&userUA=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F89.0.4389.72%20Safari%2F537.36&csuuid=60e29da741a7d&contentFileId=0&mediaPlayListId=0&mediaListId=0&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=&cbuster=1625464231627&uid=SekindoSPlayer60e29da769634&pubUrl=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&floatStatus=false
Requested by: Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.146.38.205 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Jul 2021 05:50:31 GMT
content-encoding: gzip
server: nginx
age: 0
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
cache-control: no-store
content-type: text/html; charset=UTF-8

GET
H2 200 sync
x.bidswitch.net/ Frame FF87 43 B
146 B 154ms
50ms Image
image/gif 18.158.181.33
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=sekindo&user_id=60e29da741a7d&custom_data=60e29da741a7d;live.primis.tech&gdpr=1&gdpr_consent=
Requested by: Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.158.181.33 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-158-181-33.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:31 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H2

200

liveCS.php
live.primis.tech/live/ Frame FF87
Redirect Chain

https://csync.loopme.me/?redirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D60e29da741a7d%26pixel%3D%26advId%3D93%26advUuid%3D%7Bdevice_id%7D
https://live.primis.tech/live/liveCS.php?source=external&csuuid=60e29da741a7d&pixel=&advId=93&advUuid=0735dca2-6bbb-439c-a38e-63b77f3a8387

0
223 B

52ms
52ms

Image
text/html

194.146.38.205
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.primis.tech/live/liveCS.php?source=external&csuuid=60e29da741a7d&pixel=&advId=93&advUuid=0735dca2-6bbb-439c-a38e-63b77f3a8387
Requested by: Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.146.38.205 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Jul 2021 05:50:31 GMT
content-encoding: gzip
server: nginx
age: 0
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-store
content-type: text/html; charset=utf-8

Redirect headers

location: https://live.primis.tech/live/liveCS.php?source=external&csuuid=60e29da741a7d&pixel=&advId=93&advUuid=0735dca2-6bbb-439c-a38e-63b77f3a8387
date: Mon, 05 Jul 2021 05:50:31 GMT
server: _
content-length: 0

GET
H2

200

liveCS.php
live.primis.tech/live/ Frame FF87
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=192962&cb=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D60e29da741a7d%26pixel%3D%26advId%3D99%26advUuid%3D
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D60e29da741a7d%26pixel%3D%26advId%3D99%26advUuid%3D&s=192962&C=1
https://live.primis.tech/live/liveCS.php?source=external&csuuid=60e29da741a7d&pixel=&advId=99&advUuid=YOKdp6sxgYtohR9lC5KJ9wAAAU8AAAAB

0
223 B

52ms
52ms

Image
text/html

194.146.38.205
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.primis.tech/live/liveCS.php?source=external&csuuid=60e29da741a7d&pixel=&advId=99&advUuid=YOKdp6sxgYtohR9lC5KJ9wAAAU8AAAAB
Requested by: Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.146.38.205 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Jul 2021 05:50:31 GMT
content-encoding: gzip
server: nginx
age: 0
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-store
content-type: text/html; charset=utf-8

Redirect headers

Pragma: no-cache
Date: Mon, 05 Jul 2021 05:50:31 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://live.primis.tech/live/liveCS.php?source=external&csuuid=60e29da741a7d&pixel=&advId=99&advUuid=YOKdp6sxgYtohR9lC5KJ9wAAAU8AAAAB
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 334
Expires: Mon, 05 Jul 2021 05:50:31 GMT

GET
H2

200

liveCS.php
live.primis.tech/live/ Frame FF87
Redirect Chain

https://secure.adnxs.com/getuid?https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D60e29da741a7d%26pixel%3D%26advId%3D105%26advUuid%3D%24UID
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Flive.primis.tech%252Flive%252FliveCS.php%253Fsource%253Dexternal%2526csuuid%253D60e29da741a7d%2526pixel%253D%2526advId%253D105%2526ad...
https://live.primis.tech/live/liveCS.php?source=external&csuuid=60e29da741a7d&pixel=&advId=105&advUuid=5397176225586167585

0
223 B

54ms
54ms

Image
text/html

194.146.38.205
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.primis.tech/live/liveCS.php?source=external&csuuid=60e29da741a7d&pixel=&advId=105&advUuid=5397176225586167585
Requested by: Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.146.38.205 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Jul 2021 05:50:31 GMT
content-encoding: gzip
server: nginx
age: 0
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control: no-store
content-type: text/html; charset=utf-8

Redirect headers

Pragma: no-cache
Date: Mon, 05 Jul 2021 05:50:31 GMT
X-Proxy-Origin: 185.236.42.19; 185.236.42.19; 720.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: c7d359c2-719d-4826-826d-44dc5941a633
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://live.primis.tech/live/liveCS.php?source=external&csuuid=60e29da741a7d&pixel=&advId=105&advUuid=5397176225586167585
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 vid60e2687fb17f7406121763.jpg
video.primis.tech/uploads/cn19/video/users/converted/29909/video_5f6af001aae1b264352045/ 23 KB
24 KB 156ms
53ms Image
image/jpeg 143.204.98.113
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://video.primis.tech/uploads/cn19/video/users/converted/29909/video_5f6af001aae1b264352045/vid60e2687fb17f7406121763.jpg?cbuster=1625458000
Requested by: Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-113.fra50.r.cloudfront.net
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 04:05:42 GMT
via: 1.1 b912dc97777020eb19579888add26978.cloudfront.net (CloudFront)
last-modified: Mon, 05 Jul 2021 02:04:41 GMT
server: nginx
age: 6289
etag: "60e268b9-5dc6"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=315360000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 24006
x-amz-cf-id: EAsLHRKlXPOA7fXslN9lWf-m3ntXCTvpj3ypFEYIDBAxG8htWR836g==
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ 15 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://win.gg
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 10:48:51 GMT
x-content-type-options: nosniff
age: 414100
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:35 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 30 Jun 2022 10:48:51 GMT

GET
H2 200 get
odb.outbrain.com/utils/ 3 KB
2 KB 247ms
146ms Script
text/javascript 151.101.114.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://odb.outbrain.com/utils/get?url=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&idx=0&rand=67713&key=NANOWDGT01&widgetJSId=GS_1&va=true&et=true&format=html&pdobuid=-1&api_user_id=null&adblck=false&abwl=false&clss=fUMJp5NlxKuQ8S%2FRT%2F8RaJZkJ3I3c27H2DmnFKRSoW4PWfqWTPH%2BIcJvgpDMrZahsCheoWnDUBagqMLh&px=270&py=5605&vpd=4405&cw=670&ts=1625464231682&settings=true&recs=true&version=2000374&sig=TlMT2xqs&apv=false&osLang=en-US&winW=1600&winH=1200&scrW=1600&scrH=1200&dpr=1&secured=true&cmpStat=1&ccpaStat=1&wdr-natlaz=true
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.114.132 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:31 GMT
via: 1.1 varnish, 1.1 varnish
traffic-path: NYDC1, LGA, HHN, Europe1
x-timer: S1625464232.824502,VS0,VE97
accept-ranges: bytes
vary: Accept-Encoding, User-Agent
x-cache: MISS, MISS
content-type: text/javascript; charset=UTF-8
backend-ip: 157.52.117.28
expires: Thu, 01 Jan 1970 00:00:00 GMT
x-cache-hits: 0, 0
x-traceid: 2689685a99fede282767e9ccd87f5356
content-encoding: gzip
content-length: 1504
x-served-by: cache-lga21928-LGA, cache-hhn4033-HHN

GET
H3-29 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ Frame 0D71 15 KB
15 KB 20ms
6ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto&display=swap

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://win.gg
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 10:48:51 GMT
x-content-type-options: nosniff
age: 414100
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:35 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 30 Jun 2022 10:48:51 GMT

POST
H2 200 auction
prebid-server.rubiconproject.com/openrtb2/ Frame FF87 173 B
377 B 681ms
578ms XHR
application/json 18.196.47.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.4.43.0_3.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.47.46 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-196-47-46.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 05 Jul 2021 05:50:32 GMT
content-encoding: gzip
content-type: application/json
access-control-allow-origin: https://win.gg
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 168
expires: 0

GET
H/1.1 200
OK sync.html
s.adtelligent.com/ Frame 79B7 2 KB
1 KB 76ms
24ms Document
text/html 2a0c:5c81:5095:0:225:90ff:fefa:245d
24SHELLS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adtelligent.com/sync.html?aid=609724
Requested by: Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a0c:5c81:5095:0:225:90ff:fefa:245d London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software: VertaMedia 1.0 /
Resource Hash

Request headers

Host: s.adtelligent.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://s.console.adtarget.com.tr/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://s.console.adtarget.com.tr/

Response headers

Server: VertaMedia 1.0
Date: Mon, 05 Jul 2021 05:50:30 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 810
Access-Control-Allow-Origin: https://s.console.adtarget.com.tr
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Encoding: gzip

GET
H/1.1

200
OK

Cookie set csync
sync.console.adtarget.com.tr/ Frame 45DC
Redirect Chain

https://creativecdn.com/cm-notify?pi=admatic
https://creativecdn.com/cm-notify?pi=admatic&tc=1
https://sync.console.adtarget.com.tr/csync?t=a&ep=307080&extuid=46bQQaGJlboBCne13r92&pi=admatic&tc=1

86 B
547 B

1416ms
414ms

Document
image/gif

62.149.0.72
COLOCALL Internet...

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.console.adtarget.com.tr/csync?t=a&ep=307080&extuid=46bQQaGJlboBCne13r92&pi=admatic&tc=1
Requested by: Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center ColoCALL, UA),
Reverse DNS: 0-72.cc86365-03-tmp.cc.colocall.com
Software: VertaMedia 1.0 /
Resource Hash

Request headers

Host: sync.console.adtarget.com.tr
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://s.console.adtarget.com.tr/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://s.console.adtarget.com.tr/

Response headers

Server: VertaMedia 1.0
Date: Mon, 05 Jul 2021 05:50:32 GMT
Content-Type: image/gif
Content-Length: 86
Cache-Control: no-cache, no-store, must-revalidate
Set-Cookie: vmuid=54935848141f1959; expires=Sun, 05 Sep 2021 05:50:32 GMT; domain=.console.adtarget.com.tr; path=/; secure; SameSite=None a307080=46bQQaGJlboBCne13r92; expires=Sun, 05 Sep 2021 05:50:32 GMT; domain=.console.adtarget.com.tr; path=/; secure; SameSite=None

Redirect headers

date: Mon, 05 Jul 2021 05:50:31 GMT Mon, 05 Jul 2021 05:50:31 GMT
location: https://sync.console.adtarget.com.tr/csync?t=a&ep=307080&extuid=46bQQaGJlboBCne13r92&pi=admatic&tc=1
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
content-length: 0

GET
H2

200

/
ads.us.e-planning.net/uspd/1/ Frame 50F9
Redirect Chain

https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID

13 B
91 B

50ms
50ms

Document
text/html

5.178.65.245
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Requested by: Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.178.65.245 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash

Request headers

:method: GET
:authority: ads.us.e-planning.net
:scheme: https
:path: /uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://s.console.adtarget.com.tr/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: CT=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://s.console.adtarget.com.tr/

Response headers

server: openresty
date: Mon, 05 Jul 2021 05:50:31 GMT
content-type: text/html
content-length: 13
x-sid: AMS-603

Redirect headers

server: openresty
date: Mon, 05 Jul 2021 05:50:31 GMT
content-type: text/html; charset=iso-8859-1
set-cookie: CT=1; path=/; SameSite=None; Secure
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
location: /uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
x-sid: AMS-603

GET
H2 200 user_sync.html
ads.pubmatic.com/AdServer/js/ Frame F6A6 14 KB
5 KB 55ms
54ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307406%26extuid%3D
Requested by: Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307406%26extuid%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://s.console.adtarget.com.tr/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://s.console.adtarget.com.tr/

Response headers

last-modified: Tue, 15 Jun 2021 06:08:03 GMT
etag: "1300708-3945-5c4c7cc02bd56"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5054
content-type: text/html; charset=UTF-8
cache-control: max-age=30736
expires: Mon, 05 Jul 2021 14:22:47 GMT
date: Mon, 05 Jul 2021 05:50:31 GMT
vary: Accept-Encoding

GET
H2 200 pbsync.html
js.adscale.de/ Frame C11D 3 KB
2 KB 30ms
6ms Document
text/html 2600:9000:2156:e000:f:4f64:8940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
Requested by: Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:e000:f:4f64:8940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

:method: GET
:authority: js.adscale.de
:scheme: https
:path: /pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://s.console.adtarget.com.tr/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://s.console.adtarget.com.tr/

Response headers

content-type: text/html
last-modified: Wed, 02 Jun 2021 04:52:00 GMT
x-amz-version-id: PrxfzkfOycpkP6dzd0FWzZeWCMor9ul2
server: AmazonS3
content-encoding: br
date: Mon, 05 Jul 2021 04:25:38 GMT
cache-control: max-age=7200
etag: W/"5550fca00caf055568d6ced373f2721f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 e64eb476d8f76c461d21278e018e194f.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: dCZL5ILobSVjwgWZyIozwAbAlQ38mjajdkSyRG6qisC_r-BQ5OcS8A==
age: 5094

GET
H2 200 cookie
cm.adform.net/ Frame 8C1E 43 B
106 B 112ms
37ms Document
image/gif 37.157.4.23
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307457%26extuid%3D%24UID
Requested by: Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.4.23 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

:method: GET
:authority: cm.adform.net
:scheme: https
:path: /cookie?redirect_url=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307457%26extuid%3D%24UID
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://s.console.adtarget.com.tr/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://s.console.adtarget.com.tr/

Response headers

server: nginx
date: Mon, 05 Jul 2021 05:50:31 GMT
content-type: image/gif
content-length: 43

GET
H2 200 user
cdn.admatic.com.tr/ Frame 0E6E 251 B
617 B 155ms
45ms Document
text/html 185.59.220.198
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admatic.com.tr/user
Requested by: Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.59.220.198 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: edge-723.bunnyinfra.net
Software: BunnyCDN-DE1-723 /
Resource Hash

Request headers

:method: GET
:authority: cdn.admatic.com.tr
:scheme: https
:path: /user
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://s.console.adtarget.com.tr/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://s.console.adtarget.com.tr/

Response headers

date: Mon, 05 Jul 2021 05:50:31 GMT
content-type: text/html
vary: Accept-Encoding
server: BunnyCDN-DE1-723
cdn-pullzone: 266102
cdn-uid: bea626e5-d007-4073-8941-73ce8dd2f81c
cdn-requestcountrycode: SE
cdn-edgestorageid: 755
cdn-storageserver: DE-169
cache-control: public, max-age=3600
last-modified: Thu, 11 Feb 2021 13:30:42 GMT
cdn-cachedat: 2021-07-05 05:50:27
cdn-requestpullsuccess: True
cdn-requestpullcode: 206
cdn-requestid: 39ea18156a614bc64860fa5bf5344917
cdn-cache: HIT
content-encoding: gzip

GET
H/1.1 200
OK csync
sync.console.adtarget.com.tr/ Frame 97C7 86 B
402 B 1542ms
70ms Image
image/gif 62.149.0.72
COLOCALL Internet...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.console.adtarget.com.tr/csync?redir=
Requested by: Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center ColoCALL, UA),
Reverse DNS: 0-72.cc86365-03-tmp.cc.colocall.com
Software: VertaMedia 1.0 /
Resource Hash

Request headers

Referer: https://s.console.adtarget.com.tr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Jul 2021 05:50:32 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: VertaMedia 1.0
Content-Length: 86
Content-Type: image/gif

GET
H2

200

uu
ih.adscale.de/ Frame C11D
Redirect Chain

https://ih.adscale.de/uu?cbfn=receive&t=1625464231
https://ih.adscale.de/uu?cbfn=receive&t=1625464231&nut&uu=d4957de4777544728fa7c8a2dec10706

44 B
213 B

53ms
53ms

Script
text/javascript

18.197.81.144
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ih.adscale.de/uu?cbfn=receive&t=1625464231&nut&uu=d4957de4777544728fa7c8a2dec10706
Requested by: Host: js.adscale.de
URL: https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.197.81.144 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-81-144.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://js.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:31 GMT
content-length: 44
content-type: text/javascript;charset=ISO-8859-1

Redirect headers

location: https://ih.adscale.de/uu?cbfn=receive&t=1625464231&nut&uu=d4957de4777544728fa7c8a2dec10706
date: Mon, 05 Jul 2021 05:50:31 GMT
content-length: 0

GET
H2 200 aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame FF87 6 KB
3 KB 160ms
54ms XHR
application/javascript 13.224.192.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.192.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-192-34.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: UwMoja_wiYmXZ_L.v58hX8_8XzeYFzV9
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 21602
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Thu, 01 Jul 2021 22:05:10 GMT
server: AmazonS3
date: Sun, 04 Jul 2021 23:50:30 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 d8328954e51c0912a8419c1a67cea1dc.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: BQvv4x6oIUeThmjEZwZwHLq9QxWJ5rNa_gs-QFaUXLth5uA0h8S2Tg==

GET
H2 200 PugMaster
image6.pubmatic.com/AdServer/ Frame A344 0
42 B 154ms
51ms Script
text/plain 185.64.189.115
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=11234859&p=159196&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=1&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D60e29da741a7d%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D1%26gdpr_consent%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.115 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:30 GMT
content-length: 0

GET
H2 200 w_480_00000.ts
video.primis.tech/uploads/cn19/video/users/hls/29909/video_5f6af001aae1b264352045/vid60e2687fb17f7406121763.mp4/ 435 KB
435 KB 63ms
63ms XHR
video/mp2t 143.204.98.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://video.primis.tech/uploads/cn19/video/users/hls/29909/video_5f6af001aae1b264352045/vid60e2687fb17f7406121763.mp4/w_480_00000.ts
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_2.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-113.fra50.r.cloudfront.net
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 04:28:16 GMT
via: 1.1 9c7c26f5beeb09381cea450ea3581b37.cloudfront.net (CloudFront)
last-modified: Mon, 05 Jul 2021 04:08:30 GMT
server: nginx
age: 4935
etag: "60e285be-6ca44"
x-cache: Hit from cloudfront
content-type: video/mp2t
access-control-allow-origin: *
cache-control: max-age=604800
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 444996
x-amz-cf-id: zgeUscX7r6AmdpJmuwGyBbFqzoS9bKu-B3jQnpBbBnoYIB23xyWpsg==
expires: Mon, 12 Jul 2021 04:28:16 GMT

GET
BLOB 200
OK 3d7c3384-3de5-47a9-9d4d-bd037286e696
https://win.gg/ 65 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://win.gg/3d7c3384-3de5-47a9-9d4d-bd037286e696
Requested by: Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 66258
Content-Type: text/javascript

GET
H2 200 /
onetag-sys.com/usync/ Frame 7FB8 3 KB
1 KB 152ms
50ms Document
text/html 51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=59a18369e249bfb

Requested by

Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=609724

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

:method: GET
:authority: onetag-sys.com
:scheme: https
:path: /usync/?pubId=59a18369e249bfb
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://s.adtelligent.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://s.adtelligent.com/

Response headers

p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
set-cookie: OTP=rsfFxknNLwhVZh82E2dHDvxdhoruLsfOmvKbHCW-n5g; path=/; expires=Wed, 05 Jul 2023 05:50:31; domain=onetag-sys.com; SameSite=None; Secure
content-type: text/html
cache-control: no-transform, no-cache
content-encoding: gzip
content-length: 1165
strict-transport-security: max-age=15552000

GET
H/1.1

200
OK

Cookie set csync
sync.adtelligent.com/ Frame 610A
Redirect Chain

https://creativecdn.com/cm-notify?pi=adtelligent
https://creativecdn.com/cm-notify?pi=adtelligent&tc=1
https://sync.adtelligent.com/csync?t=a&ep=307355&extuid=46bQQaGJlboBCne13r92&pi=adtelligent&tc=1

86 B
531 B

718ms
403ms

Document
image/gif

62.149.0.72
COLOCALL Internet...

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.adtelligent.com/csync?t=a&ep=307355&extuid=46bQQaGJlboBCne13r92&pi=adtelligent&tc=1
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=609724
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center ColoCALL, UA),
Reverse DNS: 0-72.cc86365-03-tmp.cc.colocall.com
Software: VertaMedia 1.0 /
Resource Hash

Request headers

Host: sync.adtelligent.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://s.adtelligent.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://s.adtelligent.com/

Response headers

Server: VertaMedia 1.0
Date: Mon, 05 Jul 2021 05:50:31 GMT
Content-Type: image/gif
Content-Length: 86
Cache-Control: no-cache, no-store, must-revalidate
Set-Cookie: vmuid=8cf1c054735dcf4d; expires=Sun, 05 Sep 2021 05:50:32 GMT; domain=.adtelligent.com; path=/; secure; SameSite=None a307355=46bQQaGJlboBCne13r92; expires=Sun, 05 Sep 2021 05:50:32 GMT; domain=.adtelligent.com; path=/; secure; SameSite=None

Redirect headers

date: Mon, 05 Jul 2021 05:50:31 GMT Mon, 05 Jul 2021 05:50:31 GMT
location: https://sync.adtelligent.com/csync?t=a&ep=307355&extuid=46bQQaGJlboBCne13r92&pi=adtelligent&tc=1
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
content-length: 0

GET
H/1.1

200
OK

csync
sync.adtelligent.com/ Frame 79B7
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D297253%26extuid%3D%24UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fsync.adtelligent.com%252Fcsync%253Ft%253Da%2526ep%253D297253%2526extuid%253D%2524UID
https://sync.adtelligent.com/csync?t=a&ep=297253&extuid=3451754271499631240

86 B
530 B

936ms
483ms

Image
image/gif

62.149.0.72
COLOCALL Internet...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.adtelligent.com/csync?t=a&ep=297253&extuid=3451754271499631240
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=609724
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center ColoCALL, UA),
Reverse DNS: 0-72.cc86365-03-tmp.cc.colocall.com
Software: VertaMedia 1.0 /
Resource Hash

Request headers

Referer: https://s.adtelligent.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Jul 2021 05:50:32 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: VertaMedia 1.0
Content-Length: 86
Content-Type: image/gif

Redirect headers

Pragma: no-cache
Date: Mon, 05 Jul 2021 05:50:31 GMT
X-Proxy-Origin: 185.236.42.19; 185.236.42.19; 732.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 9fc0b6c5-891b-4dc3-8cf1-cedf78329d60
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://sync.adtelligent.com/csync?t=a&ep=297253&extuid=3451754271499631240
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

1px-matching-adtelligent.gif
t.trafmag.com/images/images/ Frame 79B7
Redirect Chain

https://sync.adtelligent.com/csync?&redir=https%3A%2F%2Ft.trafmag.com%2Fimages%2Fimages%2F1px-matching-adtelligent.gif%3Fid%3D%7Buid%7D
https://t.trafmag.com/images/images/1px-matching-adtelligent.gif?id=8cf1c054735dcf4d

35 B
232 B

188ms
54ms

Image
image/gif

193.200.65.5
GIVEME-CLOUD

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.trafmag.com/images/images/1px-matching-adtelligent.gif?id=8cf1c054735dcf4d
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=609724
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 193.200.65.5 Amsterdam, Netherlands, ASN6681 (GIVEME-CLOUD, PL),
Reverse DNS: t.trafmag.com
Software: nginx /
Resource Hash

Request headers

Referer: https://s.adtelligent.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:32 GMT
server: nginx
content-type: image/gif
content-length: 35
p3p: CP="NON DSP COR CURa TIA"

Redirect headers

Location: https://t.trafmag.com/images/images/1px-matching-adtelligent.gif?id=8cf1c054735dcf4d
Date: Mon, 05 Jul 2021 05:50:31 GMT
Server: VertaMedia 1.0
Content-Length: 43
Content-Type: image/gif

GET
H/1.1

200
OK

csync
sync.console.adtarget.com.tr/ Frame 79B7
Redirect Chain

https://sync.adtelligent.com/csync?redir=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D322988%26extuid%3D%7Buid%7D
https://sync.console.adtarget.com.tr/csync?t=a&ep=322988&extuid=8cf1c054735dcf4d

86 B
543 B

1259ms
402ms

Image
image/gif

62.149.0.72
COLOCALL Internet...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.console.adtarget.com.tr/csync?t=a&ep=322988&extuid=8cf1c054735dcf4d
Requested by: Host: s.adtelligent.com
URL: https://s.adtelligent.com/sync.html?aid=609724
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center ColoCALL, UA),
Reverse DNS: 0-72.cc86365-03-tmp.cc.colocall.com
Software: VertaMedia 1.0 /
Resource Hash

Request headers

Referer: https://s.adtelligent.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Jul 2021 05:50:33 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: VertaMedia 1.0
Content-Length: 86
Content-Type: image/gif

Redirect headers

Location: https://sync.console.adtarget.com.tr/csync?t=a&ep=322988&extuid=8cf1c054735dcf4d
Date: Mon, 05 Jul 2021 05:50:31 GMT
Server: VertaMedia 1.0
Content-Length: 43
Content-Type: image/gif

GET
H2 200 bundle.js
cdn.admatic.com.tr/user/ Frame 0E6E 54 KB
20 KB 55ms
55ms Script
application/javascript 185.59.220.198
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admatic.com.tr/user/bundle.js
Requested by: Host: cdn.admatic.com.tr
URL: https://cdn.admatic.com.tr/user
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.59.220.198 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: edge-723.bunnyinfra.net
Software: BunnyCDN-DE1-723 /
Resource Hash

Request headers

Referer: https://cdn.admatic.com.tr/user
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:31 GMT
content-encoding: br
cdn-edgestorageid: 601
cdn-storageserver: DE-51
cdn-cachedat: 2021-07-04 15:31:29
cdn-pullzone: 266102
last-modified: Fri, 12 Mar 2021 04:24:48 GMT
server: BunnyCDN-DE1-723
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: application/javascript
cdn-cache: HIT
cdn-uid: bea626e5-d007-4073-8941-73ce8dd2f81c
cache-control: public, max-age=3600
cdn-requestid: 7f92517add05d4b8ef23f876c4299bb6
cdn-requestcountrycode: SE
cdn-requestpullsuccess: True

GET
H/1.1 200
OK widgetGlobalEvent
log.outbrainimg.com/loggerServices/ 4 B
325 B 123ms
123ms Fetch
application/json 64.202.112.95
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL: https://log.outbrainimg.com/loggerServices/widgetGlobalEvent?rId=21e2a1d064338189805fcea0077a9805&pvId=21e2a1d064338189805fcea0077a9805&sid=6858278&pid=46845&idx=0&wId=829&pad=0&org=0&tm=1589&eT=0&cnsnt=no_consent&widgetWidth=670&widgetHeight=0&widgetX=270&widgetY=5605&tpcs=0&wRV=2000374&pVis=0&lsd=-1&eIdx=&cnsnt=no_consent&cheq=2&ab=0&wl=0
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.202.112.95 , United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 05 Jul 2021 05:50:32 GMT
Access-Control-Allow-Methods: GET,POST
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
X-TraceId: b13019c0fd157e5d69556ae2223fa2c9
Content-Length: 4
Expires: 0

GET
H2 200 obUserSync.html
widgets.outbrain.com/widgetOBUserSync/ Frame 2169 16 KB
6 KB 58ms
57ms Document
text/html 2.18.234.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.outbrain.com/widgetOBUserSync/obUserSync.html
Requested by: Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.190 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-190.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash

Request headers

:method: GET
:authority: widgets.outbrain.com
:scheme: https
:path: /widgetOBUserSync/obUserSync.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://win.gg/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://win.gg/

Response headers

accept-ranges: bytes
content-type: text/html
etag: "983cbd9c9c474d7db77dbfc514fc2001:1625126599.142533"
last-modified: Thu, 01 Jul 2021 07:58:23 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=86400
expires: Tue, 06 Jul 2021 05:50:31 GMT
date: Mon, 05 Jul 2021 05:50:31 GMT
content-length: 5500
timing-allow-origin: * *
access-control-allow-credentials: false
access-control-allow-methods: GET,POST
access-control-allow-origin: *
set-cookie: akacd_widgets_routing=1625464231~rv=81~id=403ca4401bd1ea49ff0dc6434bf231e8; path=/; Expires=Mon, 05 Jul 2021 05:50:31 GMT; Secure; SameSite=None

GET
H2

200

f8da60e2-9da8-4600-aaa9-47e4d2fc8e53
onetag-sys.com/sync/i,1/ Frame 7FB8
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=75&redir=%2F%2Fonetag-sys.com%2Fsync%2Fi%2C1%2F%5BMM_UUID%5D
https://onetag-sys.com/sync/i,1/f8da60e2-9da8-4600-aaa9-47e4d2fc8e53

0
290 B

50ms
50ms

Image
text/plain

51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,1/f8da60e2-9da8-4600-aaa9-47e4d2fc8e53

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=59a18369e249bfb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-cache, no-transform
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

Date: Mon, 05 Jul 2021 05:53:08 GMT
Server: MT3 3799 851f7e8 master cdg-pixel-x25
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://onetag-sys.com/sync/i,1/f8da60e2-9da8-4600-aaa9-47e4d2fc8e53
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 05 Jul 2021 05:53:07 GMT

GET
H/1.1 204
No Content sync.php
pixel-eu.rubiconproject.com/exchange/ Frame 7FB8 0
239 B 222ms
52ms Image
image/gif 69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-eu.rubiconproject.com/exchange/sync.php?p=onetag
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=59a18369e249bfb
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 6f9fd0201ed801884e5299d5aabca094
Content-Type: image/gif

GET
H2

200

8122476445970049220
onetag-sys.com/sync/i,34/ Frame 7FB8
Redirect Chain

https://dmp.adform.net/serving/cookie/match?party=1167&cid=rsfFxknNLwhVZh82E2dHDvxdhoruLsfOmvKbHCW-n5g
https://dmp.adform.net/serving/cookie/match?CC=1&party=1167&cid=rsfFxknNLwhVZh82E2dHDvxdhoruLsfOmvKbHCW-n5g
https://onetag-sys.com/sync/i,34/8122476445970049220

0
290 B

51ms
51ms

Image
text/plain

51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,34/8122476445970049220

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=59a18369e249bfb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-cache, no-transform
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Mon, 05 Jul 2021 05:50:32 GMT
server: nginx
location: https://onetag-sys.com/sync/i,34/8122476445970049220
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

204

/
onetag-sys.com/sync/i,19/ Frame 7FB8
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_cm&no_r=1
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_cm=&no_r=1&google_tc=
https://onetag-sys.com/sync/i,19/?no_r=1&google_gid=CAESEDIlBCHu5jAI3U0D9F7kFHg&google_cver=1

0
287 B

52ms
52ms

Image
text/plain

51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,19/?no_r=1&google_gid=CAESEDIlBCHu5jAI3U0D9F7kFHg&google_cver=1

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=59a18369e249bfb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-cache, no-transform
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Mon, 05 Jul 2021 05:50:32 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://onetag-sys.com/sync/i,19/?no_r=1&google_gid=CAESEDIlBCHu5jAI3U0D9F7kFHg&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 298
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 204
No Content tap.php
pixel.rubiconproject.com/ Frame 7FB8 0
239 B 211ms
52ms Image
image/gif 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=223352&nid=4584&put=rsfFxknNLwhVZh82E2dHDvxdhoruLsfOmvKbHCW-n5g
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=59a18369e249bfb
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
Content-Type: image/gif

GET
H2 204 sync
pixel.advertising.com/ups/58198/ Frame 7FB8 0
125 B 158ms
52ms Image
text/plain 18.197.47.23
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.advertising.com/ups/58198/sync?&gdpr=1&gdpr_consent=&redir=true

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=59a18369e249bfb

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.197.47.23 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-197-47-23.eu-central-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:32 GMT
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

/
onetag-sys.com/match/ Frame 7FB8
Redirect Chain

https://ups.analytics.yahoo.com/ups/58488/occ
https://ups.analytics.yahoo.com/ups/58488/occ?verify=true
https://onetag-sys.com/match/?int_id=92&uid=y-DNiJ7WFE2uHN9dkKio8nHxwcRW49L5tfx9z6rFc-~A

0
291 B

50ms
50ms

Image
text/plain

51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=92&uid=y-DNiJ7WFE2uHN9dkKio8nHxwcRW49L5tfx9z6rFc-~A

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=59a18369e249bfb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

Date: Mon, 05 Jul 2021 05:50:32 GMT
Server: ATS/7.1.2.128
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://onetag-sys.com/match/?int_id=92&uid=y-DNiJ7WFE2uHN9dkKio8nHxwcRW49L5tfx9z6rFc-~A
Connection: keep-alive
Content-Length: 0

GET
H2

200

/
onetag-sys.com/sync/i,29/ Frame 7FB8
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=1&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=1&gdpr_consent=
https://onetag-sys.com/sync/i,29/?tdid=fa5472f2-627a-4f7f-a562-6f6587649a9a&ttl=1628056232

43 B
379 B

52ms
52ms

Image
image/gif

51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,29/?tdid=fa5472f2-627a-4f7f-a562-6f6587649a9a&ttl=1628056232

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=59a18369e249bfb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
cache-control: no-cache, no-transform
content-length: 64
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Mon, 05 Jul 2021 05:50:32 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://onetag-sys.com/sync/i,29/?tdid=fa5472f2-627a-4f7f-a562-6f6587649a9a&ttl=1628056232
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 211

GET
H2

200

/
onetag-sys.com/match/ Frame 7FB8
Redirect Chain

https://x.bidswitch.net/sync?ssp=onetag
https://x.bidswitch.net/ul_cb/sync?ssp=onetag
https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=onetag
https://a.sportradarserving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=onetag
https://x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=1&user_id=2e402450-bd1d-494c-92bb-b427dc764f1c&ssp=onetag
https://onetag-sys.com/match/?int_id=30&uid=ea0e900c-90e5-4b74-bd18-a6bba479d419&gdpr=&gdpr_consent=&us_privacy=

0
291 B

62ms
61ms

Image
text/plain

51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=30&uid=ea0e900c-90e5-4b74-bd18-a6bba479d419&gdpr=&gdpr_consent=&us_privacy=

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=59a18369e249bfb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

location: //onetag-sys.com/match/?int_id=30&uid=ea0e900c-90e5-4b74-bd18-a6bba479d419&gdpr=&gdpr_consent=&us_privacy=
date: Mon, 05 Jul 2021 05:50:32 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H/1.1 200
OK csync
sync.adtelligent.com/ Frame 7FB8 86 B
554 B 973ms
494ms Image
image/gif 62.149.0.72
COLOCALL Internet...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.adtelligent.com/csync?t=a&ep=306279&extuid=rsfFxknNLwhVZh82E2dHDvxdhoruLsfOmvKbHCW-n5g
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=59a18369e249bfb
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center ColoCALL, UA),
Reverse DNS: 0-72.cc86365-03-tmp.cc.colocall.com
Software: VertaMedia 1.0 /
Resource Hash

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Jul 2021 05:50:32 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: VertaMedia 1.0
Content-Length: 86
Content-Type: image/gif

GET
H2 200 userconnect.js
js.adscale.de/ Frame C11D 14 KB
5 KB 6ms
6ms Script
application/javascript 2600:9000:2156:e000:f:4f64:8940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adscale.de/userconnect.js
Requested by: Host: js.adscale.de
URL: https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:e000:f:4f64:8940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: qk2YZDtBUeUOoSq4Qhy4ZfQ7Zg9BAnLT
content-encoding: br
last-modified: Wed, 02 Jun 2021 04:52:00 GMT
server: AmazonS3
age: 1020
etag: W/"98f37b242862929d9aef4bde91abc8ad"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 e64eb476d8f76c461d21278e018e194f.cloudfront.net (CloudFront)
cache-control: max-age=7200
date: Mon, 05 Jul 2021 05:33:31 GMT
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: clZwT5tHlJEYd8khW15UjPqbkRVzl8HgRbT2ic47pXq00hoc-cR5qw==

GET
H/1.1 200
OK csync
sync.console.adtarget.com.tr/ Frame C11D 86 B
559 B 1697ms
402ms Image
image/gif 62.149.0.72
COLOCALL Internet...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.console.adtarget.com.tr/csync?t=a&ep=307565&extuid=d4957de4777544728fa7c8a2dec10706
Requested by: Host: js.adscale.de
URL: https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 62.149.0.72 , Ukraine, ASN15497 (COLOCALL Internet Data Center ColoCALL, UA),
Reverse DNS: 0-72.cc86365-03-tmp.cc.colocall.com
Software: VertaMedia 1.0 /
Resource Hash

Request headers

Referer: https://js.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Jul 2021 05:50:33 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: VertaMedia 1.0
Content-Length: 86
Content-Type: image/gif

GET
H2 200 userconnect
ih.adscale.de/ Frame C11D 149 B
224 B 51ms
51ms Script
application/javascript 18.197.81.144
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ih.adscale.de/userconnect?ssl=1&sid=0&cbfn=stroeerCoreConnect&ts=1625464232004&umd=false&gdpr=0&gdpr_version=2&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F
Requested by: Host: js.adscale.de
URL: https://js.adscale.de/userconnect.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.197.81.144 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-81-144.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://js.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:32 GMT
content-length: 149
content-type: application/javascript

GET
H2 200 w_480_00001.ts
video.primis.tech/uploads/cn19/video/users/hls/29909/video_5f6af001aae1b264352045/vid60e2687fb17f7406121763.mp4/ 464 KB
465 KB 54ms
53ms XHR
video/mp2t 143.204.98.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://video.primis.tech/uploads/cn19/video/users/hls/29909/video_5f6af001aae1b264352045/vid60e2687fb17f7406121763.mp4/w_480_00001.ts
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_2.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-113.fra50.r.cloudfront.net
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 04:28:17 GMT
via: 1.1 9c7c26f5beeb09381cea450ea3581b37.cloudfront.net (CloudFront)
last-modified: Mon, 05 Jul 2021 04:08:31 GMT
server: nginx
age: 4935
etag: "60e285bf-74080"
x-cache: Hit from cloudfront
content-type: video/mp2t
access-control-allow-origin: *
cache-control: max-age=604800
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 475264
x-amz-cf-id: HXet_dMKq2DQph5Ja6HUzCZPPgq74j7Hzdl7INq95do2a0NWl-QDRQ==
expires: Mon, 12 Jul 2021 04:28:17 GMT

GET
H2 200 map
ih.adscale.de/ Frame D439 3 KB
3 KB 68ms
67ms Document
text/html 18.197.81.144
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Requested by: Host: js.adscale.de
URL: https://js.adscale.de/userconnect.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.197.81.144 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-81-144.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: ih.adscale.de
:scheme: https
:path: /map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://js.adscale.de/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: uu=d4957de4777544728fa7c8a2dec10706; cct=1625464231910
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://js.adscale.de/

Response headers

date: Mon, 05 Jul 2021 05:50:32 GMT
content-type: text/html;charset=ISO-8859-1
content-length: 2702
set-cookie: tu=4#408185787#48~~451517~451517~1#101~~451517~451517~1#39~~451517~451517~1#40~~451517~451517~1#42~~451517~451517~1#75~~451517~451517~1#108~~451517~451517~1#63~~451517~451517~1; Max-Age=31336000; Domain=ih.adscale.de; Path=/; Secure; SameSite=None cct=1625464232097; Max-Age=31336000; Domain=.adscale.de; Path=/; Secure; SameSite=None

GET
H2 200 w_480_00002.ts
video.primis.tech/uploads/cn19/video/users/hls/29909/video_5f6af001aae1b264352045/vid60e2687fb17f7406121763.mp4/ 545 KB
546 KB 56ms
56ms XHR
video/mp2t 143.204.98.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://video.primis.tech/uploads/cn19/video/users/hls/29909/video_5f6af001aae1b264352045/vid60e2687fb17f7406121763.mp4/w_480_00002.ts
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_2.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-113.fra50.r.cloudfront.net
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 04:28:23 GMT
via: 1.1 9c7c26f5beeb09381cea450ea3581b37.cloudfront.net (CloudFront)
last-modified: Mon, 05 Jul 2021 04:08:31 GMT
server: nginx
age: 4929
etag: "60e285bf-882e4"
x-cache: Hit from cloudfront
content-type: video/mp2t
access-control-allow-origin: *
cache-control: max-age=604800
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 557796
x-amz-cf-id: AzQNRZC5j0MBe-bp-X4ZiXRXIA-eJ7L5P9oC-FOjrCh7IN6P5jiDdA==
expires: Mon, 12 Jul 2021 04:28:23 GMT

GET
H2 200 match.js
js.adscale.de/ Frame D439 4 KB
2 KB 6ms
6ms Script
application/javascript 2600:9000:2156:e000:f:4f64:8940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adscale.de/match.js
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:e000:f:4f64:8940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: Hy7stwDKjWSCFshbRJl9T4nANPe7.cNc
content-encoding: gzip
last-modified: Wed, 02 Jun 2021 04:52:00 GMT
server: AmazonS3
age: 3511
etag: W/"b75124846aec28a28b7a3441813682d5"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 e64eb476d8f76c461d21278e018e194f.cloudfront.net (CloudFront)
cache-control: max-age=7200
date: Mon, 05 Jul 2021 04:52:02 GMT
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: dFRx--mJieSrf2aaAiTCyfr8mAHSV-JoIG9ZRjyjSzLfu6ClFNYX9g==

GET
H2

200

img
ih.adscale.de/sium/deed9b8eb7b341129cbc893a8ce4ec94/1625464232097/0/ Frame D439
Redirect Chain

https://bbnaut.ibillboard.com/match/AdScale?partneruid=d4957de4777544728fa7c8a2dec10706&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Fdeed9b8eb7b341129cbc893a8ce4ec94%2F1625464232097%2F0%2Fimg%3Ftpid%...
https://ih.adscale.de/sium/deed9b8eb7b341129cbc893a8ce4ec94/1625464232097/0/img?tpid=101&tpuid=BBID-01-03001782325523065-16332120

49 B
463 B

59ms
58ms

Image
image/gif

18.197.81.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/deed9b8eb7b341129cbc893a8ce4ec94/1625464232097/0/img?tpid=101&tpuid=BBID-01-03001782325523065-16332120
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.197.81.144 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-81-144.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:32 GMT
p3p: CP=NOI PSA OUR
content-length: 49
content-type: image/gif

Redirect headers

Date: Mon, 05 Jul 2021 05:50:32 GMT
Server: nginx
Transfer-Encoding: chunked
p3p: CP="CUR ADM DEV OUR STP PRE DSP NOI COR NID"
Location: https://ih.adscale.de/sium/deed9b8eb7b341129cbc893a8ce4ec94/1625464232097/0/img?tpid=101&tpuid=BBID-01-03001782325523065-16332120
Cache-Control: private, max-age=3600
Access-Control-Allow-Credentials: true
Connection: close

GET
H2 200 w_480_00003.ts
video.primis.tech/uploads/cn19/video/users/hls/29909/video_5f6af001aae1b264352045/vid60e2687fb17f7406121763.mp4/ 510 KB
511 KB 60ms
60ms XHR
video/mp2t 143.204.98.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://video.primis.tech/uploads/cn19/video/users/hls/29909/video_5f6af001aae1b264352045/vid60e2687fb17f7406121763.mp4/w_480_00003.ts
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_2.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-113.fra50.r.cloudfront.net
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 04:28:24 GMT
via: 1.1 9c7c26f5beeb09381cea450ea3581b37.cloudfront.net (CloudFront)
last-modified: Mon, 05 Jul 2021 04:08:32 GMT
server: nginx
age: 4928
etag: "60e285c0-7f6a0"
x-cache: Hit from cloudfront
content-type: video/mp2t
access-control-allow-origin: *
cache-control: max-age=604800
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 521888
x-amz-cf-id: XvoIXhA3Cl8stQDr8hCyYZOkDX7jjsOMAIvvU1FOGLVe1duEcMdmTg==
expires: Mon, 12 Jul 2021 04:28:24 GMT

GET
H2 200 w_480_00004.ts
video.primis.tech/uploads/cn19/video/users/hls/29909/video_5f6af001aae1b264352045/vid60e2687fb17f7406121763.mp4/ 495 KB
496 KB 60ms
60ms XHR
video/mp2t 143.204.98.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://video.primis.tech/uploads/cn19/video/users/hls/29909/video_5f6af001aae1b264352045/vid60e2687fb17f7406121763.mp4/w_480_00004.ts
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_2.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-113.fra50.r.cloudfront.net
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 04:28:26 GMT
via: 1.1 9c7c26f5beeb09381cea450ea3581b37.cloudfront.net (CloudFront)
last-modified: Mon, 05 Jul 2021 04:08:32 GMT
server: nginx
age: 4926
etag: "60e285c0-7ba68"
x-cache: Hit from cloudfront
content-type: video/mp2t
access-control-allow-origin: *
cache-control: max-age=604800
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 506472
x-amz-cf-id: j92TPHcnkvTlVxIOhx8zzgUoRji9SSy5pDs1l25mVgOp4NRiwOXDJw==
expires: Mon, 12 Jul 2021 04:28:26 GMT

GET
H2 200 w_480_00005.ts
video.primis.tech/uploads/cn19/video/users/hls/29909/video_5f6af001aae1b264352045/vid60e2687fb17f7406121763.mp4/ 483 KB
484 KB 53ms
53ms XHR
video/mp2t 143.204.98.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://video.primis.tech/uploads/cn19/video/users/hls/29909/video_5f6af001aae1b264352045/vid60e2687fb17f7406121763.mp4/w_480_00005.ts
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_2.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-113.fra50.r.cloudfront.net
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 04:28:27 GMT
via: 1.1 9c7c26f5beeb09381cea450ea3581b37.cloudfront.net (CloudFront)
last-modified: Mon, 05 Jul 2021 04:08:33 GMT
server: nginx
age: 4925
etag: "60e285c1-78ce0"
x-cache: Hit from cloudfront
content-type: video/mp2t
access-control-allow-origin: *
cache-control: max-age=604800
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 494816
x-amz-cf-id: 3RdcFQEzdIQOqw4LkesSJOmN2dCCqmZl8hv1OWhQSW8oPgOnsD9QXw==
expires: Mon, 12 Jul 2021 04:28:27 GMT

GET
H2 200 ima3.js
imasdk.googleapis.com/js/sdkloader/ Frame FF87 339 KB
117 KB 34ms
14ms Script
text/javascript 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 118860
x-xss-protection: 0
expires: Mon, 05 Jul 2021 05:50:32 GMT

GET
H2 200 liveView.php
live.primis.tech/live/ 0
226 B 62ms
61ms Image
text/html 194.146.38.205
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.primis.tech/live/liveView.php?njs=1&ito=1&vid_event=49&serverTime=1625464231&vid_playerVer=3.1.0&s=104669&sta=0&x=750&y=424&vid_passDomain=win.gg&subId=win.gg&debugInformation=&isApp=0&userIpAddr=185.236.42.19&userUA=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F89.0.4389.72%20Safari%2F537.36&csuuid=60e29da741a7d&vImpOpportunityMultiplier=1&contentFileId=0&mediaPlayListId=0&mediaListId=0&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=&cbuster=1625464232424&uid=SekindoSPlayer60e29da769634&pubUrl=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&floatStatus=false
Requested by: Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.146.38.205 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Jul 2021 05:50:32 GMT
content-encoding: gzip
server: nginx
age: 0
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
cache-control: no-store
content-type: text/html; charset=UTF-8

GET
H3-29 200 bridge3.470.1_en.html
imasdk.googleapis.com/js/core/ Frame EBCF 576 KB
189 KB 21ms
7ms Document
text/html 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.470.1_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.470.1_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://win.gg/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://win.gg/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 193313
date: Tue, 29 Jun 2021 16:15:51 GMT
expires: Wed, 29 Jun 2022 16:15:51 GMT
last-modified: Tue, 29 Jun 2021 16:12:08 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 480881
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 client.js
s0.2mdn.net/instream/video/ Frame FF87 44 KB
17 KB 33ms
13ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
expires: Mon, 05 Jul 2021 05:50:32 GMT

GET
H3-29 200 omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 8A2F 36 KB
12 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:12:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2293
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12603
x-xss-protection: 0
last-modified: Mon, 14 Dec 2020 16:45:56 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Mon, 05 Jul 2021 06:12:19 GMT

GET
H2

200

img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame D439
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=26&redir=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D108%26tpuid%3D%5BMM_UUID%5D&uid=6fc98432d644e24461f89ef...
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=108&tpuid=f8da60e2-9da8-4600-aaa9-47e4d2fc8e53&gdpr=0&gdpr_consent=

49 B
559 B

52ms
51ms

Image
image/gif

18.197.81.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=108&tpuid=f8da60e2-9da8-4600-aaa9-47e4d2fc8e53&gdpr=0&gdpr_consent=
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.197.81.144 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-81-144.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:32 GMT
p3p: CP=NOI PSA OUR
content-length: 49
content-type: image/gif

Redirect headers

Date: Mon, 05 Jul 2021 05:53:09 GMT
Server: MT3 3799 851f7e8 master cdg-pixel-x5
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=108&tpuid=f8da60e2-9da8-4600-aaa9-47e4d2fc8e53&gdpr=0&gdpr_consent=
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 05 Jul 2021 05:53:08 GMT

GET
H2

200

img
ih.adscale.de/sium/deed9b8eb7b341129cbc893a8ce4ec94/1625464232097/0/ Frame D439
Redirect Chain

https://adscale-emea.adnxs.com/getuid?https%3A%2F%2Fih.adscale.de%2Fsium%2Fdeed9b8eb7b341129cbc893a8ce4ec94%2F1625464232097%2F0%2Fimg%3Ftpid%3D75%26tpuid%3D%24UID&gdpr=0
https://ih.adscale.de/sium/deed9b8eb7b341129cbc893a8ce4ec94/1625464232097/0/img?tpid=75&tpuid=3451754271499631240&gdpr=0

49 B
569 B

63ms
63ms

Image
image/gif

18.197.81.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/deed9b8eb7b341129cbc893a8ce4ec94/1625464232097/0/img?tpid=75&tpuid=3451754271499631240&gdpr=0
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.197.81.144 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-81-144.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:32 GMT
p3p: CP=NOI PSA OUR
content-length: 49
content-type: image/gif

Redirect headers

Pragma: no-cache
Date: Mon, 05 Jul 2021 05:50:32 GMT
X-Proxy-Origin: 185.236.42.19; 185.236.42.19; 833.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 09916b65-01c4-4a53-bda0-6cf715d88e28
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ih.adscale.de/sium/deed9b8eb7b341129cbc893a8ce4ec94/1625464232097/0/img?tpid=75&tpuid=3451754271499631240&gdpr=0
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame D439
Redirect Chain

https://ssum.casalemedia.com/usermatchredir?s=183592&cb=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D63%26tpuid%3D__UID__&uid=a2b67f4e739957defe8c4410f...
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?gdpr=0&tpid=63&tpuid=YOKdp6sxgYtohR9lC5KJ9wAA%26335

49 B
586 B

52ms
52ms

Image
image/gif

18.197.81.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?gdpr=0&tpid=63&tpuid=YOKdp6sxgYtohR9lC5KJ9wAA%26335
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.197.81.144 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-81-144.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:33 GMT
p3p: CP=NOI PSA OUR
content-length: 49
content-type: image/gif

Redirect headers

Pragma: no-cache
Date: Mon, 05 Jul 2021 05:50:33 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?gdpr=0&tpid=63&tpuid=YOKdp6sxgYtohR9lC5KJ9wAA%26335
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 309
Expires: Mon, 05 Jul 2021 05:50:33 GMT

GET
H2 200 integrator.js
adservice.google.com/adsid/ Frame FF87 107 B
570 B 34ms
14ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=win.gg

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 05 Jul 2021 05:50:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads
securepubads.g.doubleclick.net/gampad/ Frame EBCF 0
591 B 193ms
70ms XHR
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F21734706084%2FLowMLprerollsdk&description_url=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&env=vp&correlator=810628837206214&tfcd=0&npa=0&gdfp_req=1&output=xml_vast4&sz=1x1&unviewed_position_start=1&sdkv=h.3.470.1&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&u_so=l&ctv=0&gdpr_consent=tcunavailable&sdki=44d&adk=926249548&sdk_apis=2%2C8&sid=B3374331-8581-4375-A0FB-5F3877E01B01&eid=44741234&url=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&dlt=1625464231321&idt=1289&dt=1625464233068&cookie_enabled=1&scor=683694953598133&ged=ve4_td2_tt0_pd2_la2000_er908.-2700.1061.-2400_vi0.0.1200.1600_vp0_eb16491

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.470.1_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:33 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-creative-id: -2
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

img
ih.adscale.de/sium/deed9b8eb7b341129cbc893a8ce4ec94/1625464232097/0/ Frame D439
Redirect Chain

https://track.adform.net/serving/cookie/match/?party=9&uid=eb2b6d9b4e2ebb3a80fecb0de2a30033a4afb79bc16986d30a6281c704d57446&tpid=42&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Fdeed9b8eb7b341129cbc89...
https://ih.adscale.de/sium/deed9b8eb7b341129cbc893a8ce4ec94/1625464232097/0/img?tpid=42&gdpr=0&tpuid=8122476445970049220

49 B
596 B

52ms
52ms

Image
image/gif

18.197.81.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/deed9b8eb7b341129cbc893a8ce4ec94/1625464232097/0/img?tpid=42&gdpr=0&tpuid=8122476445970049220
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.197.81.144 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-81-144.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:33 GMT
p3p: CP=NOI PSA OUR
content-length: 49
content-type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 05 Jul 2021 05:50:33 GMT
server: nginx
location: https://ih.adscale.de/sium/deed9b8eb7b341129cbc893a8ce4ec94/1625464232097/0/img?tpid=42&gdpr=0&tpuid=8122476445970049220
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame D439
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=17&p=32&cp=adscale&url=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D40%26tpuid%3D%40%40CRITEO_USERID%40%40&u...
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=f81cb7f5-f494-4a30-9e22-bb42a201f302

49 B
545 B

58ms
58ms

Image
image/gif

18.197.81.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=f81cb7f5-f494-4a30-9e22-bb42a201f302
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.197.81.144 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-81-144.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:33 GMT
p3p: CP=NOI PSA OUR
content-length: 49
content-type: image/gif

Redirect headers

pragma: no-cache
x-errorlevel: 0
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=f81cb7f5-f494-4a30-9e22-bb42a201f302
cache-control: no-cache
date: Mon, 05 Jul 2021 05:50:32 GMT
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1543
content-type: text/html; charset=utf-8
content-length: 237
expires: Mon, 05 Jul 2021 00:00:00 GMT

GET
H/1.1 200
OK usync.html
eus.rubiconproject.com/ Frame 887C 281 B
554 B 154ms
51ms Document
text/html 104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?gdpr=1&gdpr_consent=
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.4.43.0_3.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://win.gg/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://win.gg/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 23 Feb 2021 20:47:52 GMT
ETag: "402b0-119-5bc0708346e00"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 05 Jul 2021 05:50:33 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2

200

img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame D439
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=26&redir=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D39%26tpuid%3D%5BMM_UUID%5D&uid=518ba796c0662bd1120ae6f6...
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=3c3960e2-9da9-4500-b4c2-5b2946442c23&gdpr=0&gdpr_consent=

49 B
639 B

55ms
55ms

Image
image/gif

18.197.81.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=3c3960e2-9da9-4500-b4c2-5b2946442c23&gdpr=0&gdpr_consent=
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.197.81.144 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-81-144.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:33 GMT
p3p: CP=NOI PSA OUR
content-length: 49
content-type: image/gif

Redirect headers

Date: Mon, 05 Jul 2021 05:53:10 GMT
Server: MT3 3799 851f7e8 master cdg-pixel-x6
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=3c3960e2-9da9-4500-b4c2-5b2946442c23&gdpr=0&gdpr_consent=
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 05 Jul 2021 05:53:09 GMT

GET
H/1.1 200
OK usync.js
eus.rubiconproject.com/ Frame 887C 31 KB
9 KB 54ms
53ms Script
text/html 104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?gdpr=1&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

Referer: https://eus.rubiconproject.com/usync.html?gdpr=1&gdpr_consent=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 05 Jul 2021 05:50:33 GMT
Content-Encoding: gzip
Last-Modified: Mon, 14 Jun 2021 16:13:39 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=42612
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9276
Expires: Mon, 05 Jul 2021 17:40:45 GMT

GET
H/1.1 200
OK khaos.jpg
token.rubiconproject.com/ Frame 887C 284 B
536 B 200ms
50ms Image
image/jpg 69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/khaos.jpg?gdpr=1
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?gdpr=1&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 284
X-RPHost: 6f9fd0201ed801884e5299d5aabca094
Content-Type: image/jpg

GET
H2

200

js
ih.adscale.de/sium/deed9b8eb7b341129cbc893a8ce4ec94/1625464232097/0/ Frame D439
Redirect Chain

https://tracking.m6r.eu/sync/adscaleRedirect?gdprFallback=true&uid=f84faf435f7829bd225d10514f52defbacb6905409015a59827694acd1ff0ccb&tpid=48&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Fdeed9b8eb7b341...
https://tracking.m6r.eu/sync/adscaleRedirect?gdprFallback=true&uid=f84faf435f7829bd225d10514f52defbacb6905409015a59827694acd1ff0ccb&tpid=48&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2Fdeed9b8eb7b341...
https://ih.adscale.de/sium/deed9b8eb7b341129cbc893a8ce4ec94/1625464232097/0/js?tpid=48&tpuid=53faffb43605d61b7a2316fa22458caa

44 B
585 B

59ms
59ms

Script
text/javascript

18.197.81.144
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ih.adscale.de/sium/deed9b8eb7b341129cbc893a8ce4ec94/1625464232097/0/js?tpid=48&tpuid=53faffb43605d61b7a2316fa22458caa
Requested by: Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.197.81.144 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-81-144.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://ih.adscale.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:34 GMT
p3p: CP=NOI PSA OUR
content-length: 44
content-type: text/javascript

Redirect headers

Date: Mon, 05 Jul 2021 05:50:34 GMT
Server: nginx
Vary: Accept
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://ih.adscale.de/sium/deed9b8eb7b341129cbc893a8ce4ec94/1625464232097/0/js?tpid=48&tpuid=53faffb43605d61b7a2316fa22458caa
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 147

GET
H2 200 liveView.php
live.primis.tech/live/ 0
226 B 55ms
55ms Image
text/html 194.146.38.205
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.primis.tech/live/liveView.php?njs=1&ito=1&vid_event=36&serverTime=1625464231&vid_playerVer=3.1.0&s=104669&sta=0&x=750&y=424&vid_passDomain=win.gg&subId=win.gg&debugInformation=&isApp=0&userIpAddr=185.236.42.19&userUA=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F89.0.4389.72%20Safari%2F537.36&csuuid=60e29da741a7d&contentFileId=0&mediaPlayListId=0&mediaListId=0&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=&cbuster=1625464233680&uid=SekindoSPlayer60e29da769634&pubUrl=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&floatStatus=false
Requested by: Host: win.gg
URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.146.38.205 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Jul 2021 05:50:32 GMT
content-encoding: gzip
server: nginx
age: 0
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
cache-control: no-store
content-type: text/html; charset=UTF-8

POST
H2 200 sium
ih.adscale.de/ Frame D439 0
190 B 62ms
61ms XHR
application/json 18.197.81.144
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ih.adscale.de/sium
Requested by: Host: js.adscale.de
URL: https://js.adscale.de/match.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.197.81.144 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-81-144.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://ih.adscale.de
date: Mon, 05 Jul 2021 05:50:34 GMT
access-control-allow-credentials: true
access-control-allow-headers: x-openrtb-version
content-length: 0
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json

POST
H2 200 v2znpW2EzYD8U5iPWezjEEB9SdbWIwdZ1qXrM_mblqVr5A2YLWTDTW1wfutusPMt_SjcA5_Jc3fTkpVvK
enormousearth.com/ 216 B
347 B 56ms
56ms Fetch
application/json 35.190.74.49
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://enormousearth.com/v2znpW2EzYD8U5iPWezjEEB9SdbWIwdZ1qXrM_mblqVr5A2YLWTDTW1wfutusPMt_SjcA5_Jc3fTkpVvK

Requested by

Host: enormousearth.com
URL: https://enormousearth.com/v2rgfDdndpl66h9VM1zLygfc-9xi0cneh2WrNivwmFGh1e6l2nA4mPoRTI_Qg4Mfb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.74.49 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

49.74.190.35.bc.googleusercontent.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
x-datacenter: gce-europe-west1
date: Mon, 05 Jul 2021 05:50:34 GMT
vary: Accept-Encoding, Origin
access-control-allow-methods: POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://win.gg
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-hostname: 37b68176
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
content-length: 216
expires: Mon, 05 Jul 2021 05:50:33 GMT

POST
H2 200 collect
www.google-analytics.com/j/ 2 B
201 B 13ms
13ms XHR
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j91&a=1185052787&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&ul=en-us&de=UTF-8&dt=Has%20Corpse%20Husband%20ever%20shown%20his%20face%3F%20We%20investigate%20-%20GENERAL%20News%20-%20WIN.gg&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Scroll%20Depth&ea=10&el=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&_u=aGjAAEADQAAAAC~&jid=2086847928&gjid=1828620363&cid=588736772.1625464231&tid=UA-125662552-1&_gid=983847109.1625464234&_r=1&gtm=2wg6u0598L2T6&cg1=&cd2=&z=1843550584

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 05 Jul 2021 05:50:34 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://win.gg
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect
stats.g.doubleclick.net/j/ 4 B
70 B 16ms
16ms XHR
text/plain 2a00:1450:400c:c04::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j91&tid=UA-125662552-1&cid=588736772.1625464231&jid=2086847928&gjid=1828620363&_gid=983847109.1625464234&_u=aGjAAEADQAAAAC~&z=1004584279

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c04::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 05 Jul 2021 05:50:34 GMT
content-type: text/plain
access-control-allow-origin: https://win.gg
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 17ms
17ms Image
image/gif 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j91&tid=UA-125662552-1&cid=588736772.1625464231&jid=2086847928&_u=aGjAAEADQAAAAC~&z=726258680

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Jul 2021 05:50:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 17ms
16ms Image
image/gif 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j91&tid=UA-125662552-1&cid=588736772.1625464231&jid=2086847928&_u=aGjAAEADQAAAAC~&z=726258680

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Jul 2021 05:50:34 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 v2hyjQc52kppFZykT2h0mOw_3HJ_JKJuCI2S6F7ja3DH5gOiGBiI1ZrpsVmjiWP2U7HfNPm33eetAYu7I
enormousearth.com/ 2 KB
770 B 267ms
266ms Fetch
application/json 35.190.74.49
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://enormousearth.com/v2hyjQc52kppFZykT2h0mOw_3HJ_JKJuCI2S6F7ja3DH5gOiGBiI1ZrpsVmjiWP2U7HfNPm33eetAYu7I

Requested by

Host: enormousearth.com
URL: https://enormousearth.com/v2rgfDdndpl66h9VM1zLygfc-9xi0cneh2WrNivwmFGh1e6l2nA4mPoRTI_Qg4Mfb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.74.49 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

49.74.190.35.bc.googleusercontent.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
content-encoding: gzip
x-datacenter: gce-europe-west1
date: Mon, 05 Jul 2021 05:50:34 GMT
vary: Accept-Encoding, Origin
access-control-allow-methods: POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://win.gg
access-control-allow-credentials: true
x-hostname: 37b68176
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
content-length: 730

GET
H2 200 ConsentManager,Sticky2
enormousearth.com/v2ryn-9y-8edI273jlKG1ayLLIBOC8OgFEq01rPaIqdz920URwHQId68zGr0CaSOfDWoTgkvwy5OJRV-S/ 274 KB
80 KB 64ms
63ms Script
text/javascript 35.190.74.49
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://enormousearth.com/v2ryn-9y-8edI273jlKG1ayLLIBOC8OgFEq01rPaIqdz920URwHQId68zGr0CaSOfDWoTgkvwy5OJRV-S/ConsentManager,Sticky2

Requested by

Host: enormousearth.com
URL: https://enormousearth.com/v2rgfDdndpl66h9VM1zLygfc-9xi0cneh2WrNivwmFGh1e6l2nA4mPoRTI_Qg4Mfb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.74.49 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

49.74.190.35.bc.googleusercontent.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Origin: https://win.gg
Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; preload
content-encoding: br
x-datacenter: gce-europe-west1
etag: "6cbaf75b38e37833a1345bdc46a51a052d8113772c52260a1050120f647cdcde"
vary: Accept-Encoding, Origin
access-control-allow-methods: POST, OPTIONS
content-type: text/javascript; charset=utf-8
access-control-allow-origin: https://win.gg
cache-control: private, must-revalidate, max-age=21600
access-control-allow-credentials: true
x-hostname: 37b68176
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
date: Mon, 05 Jul 2021 05:50:34 GMT

GET
H2 200 css2
fonts.googleapis.com/ 7 KB
748 B 14ms
13ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Inter:wght@300;600;700&display=swap

Requested by

Host: enormousearth.com
URL: https://enormousearth.com/v2ryn-9y-8edI273jlKG1ayLLIBOC8OgFEq01rPaIqdz920URwHQId68zGr0CaSOfDWoTgkvwy5OJRV-S/ConsentManager,Sticky2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 05 Jul 2021 04:14:41 GMT
server: ESF
date: Mon, 05 Jul 2021 05:50:34 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 05 Jul 2021 05:50:34 GMT

GET
H2 200 UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
fonts.gstatic.com/s/inter/v3/ 36 KB
36 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/inter/v3/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Inter:wght@300;600;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://win.gg
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 05:10:54 GMT
x-content-type-options: nosniff
age: 434380
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37056
x-xss-protection: 0
last-modified: Thu, 28 Jan 2021 22:48:53 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 30 Jun 2022 05:10:54 GMT

GET
H2 200 UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
fonts.gstatic.com/s/inter/v3/ 36 KB
36 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/inter/v3/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Inter:wght@300;600;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://win.gg
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 05:10:54 GMT
x-content-type-options: nosniff
age: 434380
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37056
x-xss-protection: 0
last-modified: Thu, 28 Jan 2021 22:48:53 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 30 Jun 2022 05:10:54 GMT

GET
H2 200 MiwwOWE3MWMyODc4N2Y
images.getadmiral.com/ 763 B
1 KB 54ms
33ms Image
image/png 2606:4700:3034::6815:4466
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.getadmiral.com/MiwwOWE3MWMyODc4N2Y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:4466 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:34 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 763
server: cloudflare
x-datacenter: gce-europe-west1
etag: "2c607cb7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=zgtrj3onesG1jHP0M1fW5Jl8ucjVVNhmInQYDYnJYgu1Ts3hwylQo%2FEMGWBoTUk6jqjm7BvNwR9Fs2e%2FAYdgiSFavyAk7FN6O34gFzJZBFsUxA23VpLNoKAfx13bLIr8hLodqWMbPwC4Z4XEZI7j"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: Accept-Encoding
cache-control: private, must-revalidate, max-age=300
x-hostname: felicia
cf-ray: 669e510b8f9b96fe-FRA

POST
H2 200 v2znpW2EzYD8U5iPWezjEEB9SdbWIwdZ1qXrM_mblqVr5A2YLWTDTW1wfutusPMt_SjcA5_Jc3fTkpVvK
enormousearth.com/ 272 B
308 B 60ms
60ms Fetch
application/json 35.190.74.49
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://enormousearth.com/v2znpW2EzYD8U5iPWezjEEB9SdbWIwdZ1qXrM_mblqVr5A2YLWTDTW1wfutusPMt_SjcA5_Jc3fTkpVvK

Requested by

Host: enormousearth.com
URL: https://enormousearth.com/v2rgfDdndpl66h9VM1zLygfc-9xi0cneh2WrNivwmFGh1e6l2nA4mPoRTI_Qg4Mfb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.74.49 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

49.74.190.35.bc.googleusercontent.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
x-datacenter: gce-europe-west1
date: Mon, 05 Jul 2021 05:50:34 GMT
vary: Accept-Encoding, Origin
access-control-allow-methods: POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://win.gg
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-hostname: 37b68176
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
content-length: 272
expires: Mon, 05 Jul 2021 05:50:33 GMT

POST
H2 200 v2eokKGyqSlkIWKshCNaOIsGbRcPCCWM5TbI28S1LSspHX4z_95YkOWu1Fp7KLOaLXUre1S41oHIEvDgwTQ
enormousearth.com/ 2 B
316 B 55ms
54ms Ping
application/json 35.190.74.49
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://enormousearth.com/v2eokKGyqSlkIWKshCNaOIsGbRcPCCWM5TbI28S1LSspHX4z_95YkOWu1Fp7KLOaLXUre1S41oHIEvDgwTQ

Requested by

Host: enormousearth.com
URL: https://enormousearth.com/v2rgfDdndpl66h9VM1zLygfc-9xi0cneh2WrNivwmFGh1e6l2nA4mPoRTI_Qg4Mfb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.74.49 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

49.74.190.35.bc.googleusercontent.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
x-datacenter: gce-europe-west1
date: Mon, 05 Jul 2021 05:50:35 GMT
vary: Accept-Encoding, Origin
access-control-allow-methods: POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://win.gg
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-hostname: 37b68176
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
content-length: 2
expires: Mon, 05 Jul 2021 05:50:34 GMT

POST
H2 204 collect
analytics.google.com/g/ 0
54 B 13ms
12ms Ping
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-916JLHZYLF&gtm=2oe6u0&_p=1185052787&sr=1600x1200&ul=en-us&cid=588736772.1625464231&dl=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&dt=Has%20Corpse%20Husband%20ever%20shown%20his%20face%3F%20We%20investigate%20-%20GENERAL%20News%20-%20WIN.gg&sid=1625464231&sct=1&seg=0&_s=2
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-916JLHZYLF&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 05 Jul 2021 05:50:36 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://win.gg
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 liveView.php
live.primis.tech/live/ 0
226 B 54ms
54ms Image
text/html 194.146.38.205
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.primis.tech/live/liveView.php?njs=1&ito=1&vid_event=42&serverTime=1625464231&vid_playerVer=3.1.0&s=104669&sta=0&x=750&y=424&vid_passDomain=win.gg&subId=win.gg&debugInformation=&isApp=0&userIpAddr=185.236.42.19&userUA=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F89.0.4389.72%20Safari%2F537.36&csuuid=60e29da741a7d&contentFileId=0&mediaPlayListId=0&mediaListId=0&dur=500&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=&cbuster=1625464236680&uid=SekindoSPlayer60e29da769634&pubUrl=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&floatStatus=false
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.146.38.205 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Jul 2021 05:50:36 GMT
content-encoding: gzip
server: nginx
age: 0
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
cache-control: no-store
content-type: text/html; charset=UTF-8

POST
H2 200 auction
prebid-server.rubiconproject.com/openrtb2/ Frame FF87 173 B
376 B 51ms
51ms XHR
application/json 18.196.47.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.4.43.0_3.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.47.46 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-196-47-46.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 05 Jul 2021 05:50:40 GMT
content-encoding: gzip
content-type: application/json
access-control-allow-origin: https://win.gg
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 168
expires: 0

GET
H2 200 bridge3.470.1_en.html
imasdk.googleapis.com/js/core/ Frame EE84 576 KB
189 KB 6ms
6ms Document
text/html 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.470.1_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.470.1_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://win.gg/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://win.gg/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 193313
date: Tue, 29 Jun 2021 16:15:51 GMT
expires: Wed, 29 Jun 2022 16:15:51 GMT
last-modified: Tue, 29 Jun 2021 16:12:08 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 480889
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 liveView.php
live.primis.tech/live/ 0
226 B 53ms
53ms Image
text/html 194.146.38.205
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.primis.tech/live/liveView.php?njs=1&ito=1&vid_event=49&serverTime=1625464231&vid_playerVer=3.1.0&s=104669&sta=0&x=750&y=424&vid_passDomain=win.gg&subId=win.gg&debugInformation=&isApp=0&userIpAddr=185.236.42.19&userUA=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F89.0.4389.72%20Safari%2F537.36&csuuid=60e29da741a7d&vImpOpportunityMultiplier=1&contentFileId=0&mediaPlayListId=0&mediaListId=0&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=&cbuster=1625464240341&uid=SekindoSPlayer60e29da769634&pubUrl=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&floatStatus=false
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.146.38.205 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Jul 2021 05:50:40 GMT
content-encoding: gzip
server: nginx
age: 0
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
cache-control: no-store
content-type: text/html; charset=UTF-8

GET
H2 200 omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame ED88 36 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:12:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2301
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12603
x-xss-protection: 0
last-modified: Mon, 14 Dec 2020 16:45:56 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Mon, 05 Jul 2021 06:12:19 GMT

GET
H2 200 integrator.js
adservice.google.com/adsid/ Frame FF87 107 B
165 B 15ms
14ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=win.gg

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 05 Jul 2021 05:50:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads
securepubads.g.doubleclick.net/gampad/ Frame EE84 0
60 B 69ms
69ms XHR
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F21734706084%2FLowMLprerollsdk&description_url=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&env=vp&correlator=413192159184108&tfcd=0&npa=0&gdfp_req=1&output=xml_vast4&sz=1x1&unviewed_position_start=1&sdkv=h.3.470.1&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&u_so=l&ctv=0&gdpr_consent=tcunavailable&sdki=44d&adk=926249548&sdk_apis=2%2C8&sid=B3374331-8581-4375-A0FB-5F3877E01B01&eid=44741234&url=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&dlt=1625464231321&idt=9069&dt=1625464240853&cookie_enabled=1&scor=890342320240997&ged=ve4_td10_tt8_pd10_la10000_er908.-2700.1061.-2400_vi0.0.1200.1600_vp0_ts8_eb16491

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.470.1_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:40 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-creative-id: -2
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 liveView.php
live.primis.tech/live/ 0
226 B 53ms
53ms Image
text/html 194.146.38.205
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.primis.tech/live/liveView.php?njs=1&ito=1&vid_event=25&serverTime=1625464231&vid_playerVer=3.1.0&s=104669&sta=0&x=750&y=424&vid_passDomain=win.gg&subId=win.gg&debugInformation=&isApp=0&userIpAddr=185.236.42.19&userUA=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F89.0.4389.72%20Safari%2F537.36&csuuid=60e29da741a7d&contentFileId=0&mediaPlayListId=0&mediaListId=0&dur=1000&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=&cbuster=1625464241650&uid=SekindoSPlayer60e29da769634&pubUrl=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&floatStatus=false
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.146.38.205 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Jul 2021 05:50:41 GMT
content-encoding: gzip
server: nginx
age: 0
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
cache-control: no-store
content-type: text/html; charset=UTF-8

POST
H2 200 auction
prebid-server.rubiconproject.com/openrtb2/ Frame FF87 173 B
375 B 51ms
51ms XHR
application/json 18.196.47.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.4.43.0_3.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.47.46 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-196-47-46.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 05 Jul 2021 05:50:41 GMT
content-encoding: gzip
content-type: application/json
access-control-allow-origin: https://win.gg
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 167
expires: 0

GET
H2 200 liveView.php
live.primis.tech/live/ 0
226 B 53ms
53ms Image
text/html 194.146.38.205
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.primis.tech/live/liveView.php?njs=1&ito=1&vid_event=42&serverTime=1625464231&vid_playerVer=3.1.0&s=104669&sta=0&x=750&y=424&vid_passDomain=win.gg&subId=win.gg&debugInformation=&isApp=0&userIpAddr=185.236.42.19&userUA=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F89.0.4389.72%20Safari%2F537.36&csuuid=60e29da741a7d&contentFileId=0&mediaPlayListId=0&mediaListId=0&dur=501&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=&cbuster=1625464241687&uid=SekindoSPlayer60e29da769634&pubUrl=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&floatStatus=false
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.146.38.205 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Jul 2021 05:50:41 GMT
content-encoding: gzip
server: nginx
age: 0
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
cache-control: no-store
content-type: text/html; charset=UTF-8

GET
H3-29 200 bridge3.470.1_en.html
imasdk.googleapis.com/js/core/ Frame D67B 576 KB
189 KB 8ms
7ms Document
text/html 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.470.1_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: imasdk.googleapis.com
:scheme: https
:path: /js/core/bridge3.470.1_en.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://win.gg/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://win.gg/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 193313
date: Tue, 29 Jun 2021 16:15:51 GMT
expires: Wed, 29 Jun 2022 16:15:51 GMT
last-modified: Tue, 29 Jun 2021 16:12:08 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 480890
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 liveView.php
live.primis.tech/live/ 0
226 B 54ms
54ms Image
text/html 194.146.38.205
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.primis.tech/live/liveView.php?njs=1&ito=1&vid_event=49&serverTime=1625464231&vid_playerVer=3.1.0&s=104669&sta=0&x=750&y=424&vid_passDomain=win.gg&subId=win.gg&debugInformation=&isApp=0&userIpAddr=185.236.42.19&userUA=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F89.0.4389.72%20Safari%2F537.36&csuuid=60e29da741a7d&vImpOpportunityMultiplier=1&contentFileId=0&mediaPlayListId=0&mediaListId=0&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=&cbuster=1625464241748&uid=SekindoSPlayer60e29da769634&pubUrl=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&floatStatus=false
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.146.38.205 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Jul 2021 05:50:41 GMT
content-encoding: gzip
server: nginx
age: 0
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
cache-control: no-store
content-type: text/html; charset=UTF-8

GET
H3-29 200 omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame AAD3 36 KB
12 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:12:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2302
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12603
x-xss-protection: 0
last-modified: Mon, 14 Dec 2020 16:45:56 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Mon, 05 Jul 2021 06:12:19 GMT

GET
H3-29 200 integrator.js
adservice.google.com/adsid/ Frame FF87 107 B
122 B 28ms
14ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=win.gg

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 05 Jul 2021 05:50:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads
securepubads.g.doubleclick.net/gampad/ Frame D67B 0
23 B 136ms
71ms XHR
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?iu=%2F21734706084%2FLowMLprerollsdk&description_url=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&env=vp&correlator=1934137213616141&tfcd=0&npa=0&gdfp_req=1&output=xml_vast4&sz=1x1&unviewed_position_start=1&sdkv=h.3.470.1&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&u_so=l&ctv=0&gdpr_consent=tcunavailable&sdki=44d&adk=926249548&sdk_apis=2%2C8&sid=B3374331-8581-4375-A0FB-5F3877E01B01&eid=44741234&url=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&dlt=1625464231321&idt=10476&dt=1625464242260&cookie_enabled=1&scor=1503146577435459&ged=ve4_td11_tt9_pd11_la11000_er908.-2700.1061.-2400_vi0.0.1200.1600_vp0_ts1_eb16491

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.470.1_en.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 05:50:42 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-creative-id: -2
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 liveView.php
live.primis.tech/live/ 0
226 B 54ms
53ms Image
text/html 194.146.38.205
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.primis.tech/live/liveView.php?njs=1&ito=1&vid_event=16&serverTime=1625464231&vid_playerVer=3.1.0&s=0&sta=14809216&x=473&y=266&vid_passDomain=win.gg&subId=win.gg&debugInformation=&isApp=0&userIpAddr=185.236.42.19&userUA=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F89.0.4389.72%20Safari%2F537.36&csuuid=60e29da741a7d&contentFileId=1646385&mediaPlayListId=8209&mediaListId=20054&contentMatchType=&isExcludeFromOpt=0&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=&cbuster=1625464242405&uid=SekindoSPlayer60e29da769634&pubUrl=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&floatStatus=false
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.146.38.205 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Jul 2021 05:50:42 GMT
content-encoding: gzip
server: nginx
age: 0
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
cache-control: no-store
content-type: text/html; charset=UTF-8

GET
H2 200 liveView.php
live.primis.tech/live/ 0
226 B 55ms
55ms Image
text/html 194.146.38.205
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.primis.tech/live/liveView.php?njs=1&ito=1&vid_event=42&serverTime=1625464231&vid_playerVer=3.1.0&s=104669&sta=0&x=750&y=424&vid_passDomain=win.gg&subId=win.gg&debugInformation=&isApp=0&userIpAddr=185.236.42.19&userUA=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F89.0.4389.72%20Safari%2F537.36&csuuid=60e29da741a7d&contentFileId=0&mediaPlayListId=0&mediaListId=0&dur=499&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=&cbuster=1625464246680&uid=SekindoSPlayer60e29da769634&pubUrl=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&floatStatus=false
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.146.38.205 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Jul 2021 05:50:46 GMT
content-encoding: gzip
server: nginx
age: 0
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
cache-control: no-store
content-type: text/html; charset=UTF-8

GET
H2 200 w_480_00006.ts
video.primis.tech/uploads/cn19/video/users/hls/29909/video_5f6af001aae1b264352045/vid60e2687fb17f7406121763.mp4/ 487 KB
488 KB 56ms
56ms XHR
video/mp2t 143.204.98.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://video.primis.tech/uploads/cn19/video/users/hls/29909/video_5f6af001aae1b264352045/vid60e2687fb17f7406121763.mp4/w_480_00006.ts
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_2.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-113.fra50.r.cloudfront.net
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 04:31:10 GMT
via: 1.1 9c7c26f5beeb09381cea450ea3581b37.cloudfront.net (CloudFront)
last-modified: Mon, 05 Jul 2021 04:08:33 GMT
server: nginx
age: 4778
etag: "60e285c1-79dc4"
x-cache: Hit from cloudfront
content-type: video/mp2t
access-control-allow-origin: *
cache-control: max-age=604800
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 499140
x-amz-cf-id: 2Z8g4TxVo5xk7m-zFJMzl1qTTHKOeP10Uk5MMM8oVpMKPLem38Pu2Q==
expires: Mon, 12 Jul 2021 04:31:10 GMT

GET
H2 200 liveView.php
live.primis.tech/live/ 0
226 B 55ms
54ms Image
text/html 194.146.38.205
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.primis.tech/live/liveView.php?njs=1&ito=1&vid_event=25&serverTime=1625464231&vid_playerVer=3.1.0&s=104669&sta=0&x=750&y=424&vid_passDomain=win.gg&subId=win.gg&debugInformation=&isApp=0&userIpAddr=185.236.42.19&userUA=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F89.0.4389.72%20Safari%2F537.36&csuuid=60e29da741a7d&contentFileId=0&mediaPlayListId=0&mediaListId=0&dur=1000&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=&cbuster=1625464251650&uid=SekindoSPlayer60e29da769634&pubUrl=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&floatStatus=false
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.146.38.205 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Jul 2021 05:50:51 GMT
content-encoding: gzip
server: nginx
age: 0
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
cache-control: no-store
content-type: text/html; charset=UTF-8

GET
H2 200 liveView.php
live.primis.tech/live/ 0
226 B 59ms
59ms Image
text/html 194.146.38.205
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.primis.tech/live/liveView.php?njs=1&ito=1&vid_event=42&serverTime=1625464231&vid_playerVer=3.1.0&s=104669&sta=0&x=750&y=424&vid_passDomain=win.gg&subId=win.gg&debugInformation=&isApp=0&userIpAddr=185.236.42.19&userUA=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F89.0.4389.72%20Safari%2F537.36&csuuid=60e29da741a7d&contentFileId=0&mediaPlayListId=0&mediaListId=0&dur=500&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=&cbuster=1625464251680&uid=SekindoSPlayer60e29da769634&pubUrl=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&floatStatus=false
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.146.38.205 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Jul 2021 05:50:51 GMT
content-encoding: gzip
server: nginx
age: 0
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
cache-control: no-store
content-type: text/html; charset=UTF-8

POST
H2 200 auction
prebid-server.rubiconproject.com/openrtb2/ Frame FF87 173 B
377 B 52ms
52ms XHR
application/json 18.196.47.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.4.43.0_3.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.47.46 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-196-47-46.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 05 Jul 2021 05:50:53 GMT
content-encoding: gzip
content-type: application/json
access-control-allow-origin: https://win.gg
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 169
expires: 0

GET
H2 200 liveView.php
live.primis.tech/live/ 0
226 B 55ms
55ms Image
text/html 194.146.38.205
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.primis.tech/live/liveView.php?njs=1&ito=1&vid_event=49&serverTime=1625464231&vid_playerVer=3.1.0&s=104669&sta=0&x=750&y=424&vid_passDomain=win.gg&subId=win.gg&debugInformation=&isApp=0&userIpAddr=185.236.42.19&userUA=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F89.0.4389.72%20Safari%2F537.36&csuuid=60e29da741a7d&vImpOpportunityMultiplier=1&contentFileId=0&mediaPlayListId=0&mediaListId=0&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=&cbuster=1625464253471&uid=SekindoSPlayer60e29da769634&pubUrl=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&floatStatus=false
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.146.38.205 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Jul 2021 05:50:53 GMT
content-encoding: gzip
server: nginx
age: 0
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
cache-control: no-store
content-type: text/html; charset=UTF-8

GET
H2 200 w_480_00007.ts
video.primis.tech/uploads/cn19/video/users/hls/29909/video_5f6af001aae1b264352045/vid60e2687fb17f7406121763.mp4/ 507 KB
508 KB 1276ms
1276ms XHR
video/mp2t 143.204.98.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://video.primis.tech/uploads/cn19/video/users/hls/29909/video_5f6af001aae1b264352045/vid60e2687fb17f7406121763.mp4/w_480_00007.ts
Requested by: Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_2.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-113.fra50.r.cloudfront.net
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 05 Jul 2021 04:31:16 GMT
via: 1.1 9c7c26f5beeb09381cea450ea3581b37.cloudfront.net (CloudFront)
last-modified: Mon, 05 Jul 2021 04:08:34 GMT
server: nginx
age: 4779
etag: "60e285c2-7ed14"
x-cache: Hit from cloudfront
content-type: video/mp2t
access-control-allow-origin: *
cache-control: max-age=604800
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 519444
x-amz-cf-id: Cph-K8kdWoYQ_x81ak2ShdPLsP24Y_CViyCnMAjVixqU_OYkwfSTcg==
expires: Mon, 12 Jul 2021 04:31:16 GMT

GET
H2 200 liveView.php
live.primis.tech/live/ 0
226 B 53ms
53ms Image
text/html 194.146.38.205
CLOUDWEBMANAGE-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.primis.tech/live/liveView.php?njs=1&ito=1&vid_event=42&serverTime=1625464231&vid_playerVer=3.1.0&s=104669&sta=0&x=750&y=424&vid_passDomain=win.gg&subId=win.gg&debugInformation=&isApp=0&userIpAddr=185.236.42.19&userUA=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F89.0.4389.72%20Safari%2F537.36&csuuid=60e29da741a7d&contentFileId=0&mediaPlayListId=0&mediaListId=0&dur=500&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=&cbuster=1625464256680&uid=SekindoSPlayer60e29da769634&pubUrl=https%3A%2F%2Fwin.gg%2Fnews%2F7999%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate&floatStatus=false
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.146.38.205 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://win.gg/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Jul 2021 05:50:56 GMT
content-encoding: gzip
server: nginx
age: 0
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
cache-control: no-store
content-type: text/html; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

105 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.sportradarserving.com
ads.pubmatic.com
ads.us.e-planning.net
adscale-emea.adnxs.com
adservice.google.com
analytics.google.com
bbnaut.ibillboard.com
c.amazon-adsystem.com
cdn-images.win.gg
cdn.admatic.com.tr
cdn.syndication.twimg.com
cm.adform.net
cm.g.doubleclick.net
creativecdn.com
csync.loopme.me
dis.criteo.com
dmp.adform.net
enormousearth.com
eus.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
ib.adnxs.com
ih.adscale.de
image6.pubmatic.com
images.getadmiral.com
imasdk.googleapis.com
js.adscale.de
live.primis.tech
live.sekindo.com
log.outbrainimg.com
match.adsrvr.org
nexus.ensighten.com
ob.cheqzone.com
obs.cheqzone.com
odb.outbrain.com
onetag-sys.com
pagead2.googlesyndication.com
pbs.twimg.com
pixel-eu.rubiconproject.com
pixel.advertising.com
pixel.rubiconproject.com
platform.twitter.com
prebid-server.rubiconproject.com
s.adtelligent.com
s.console.adtarget.com.tr
s0.2mdn.net
script.hotjar.com
secure.adnxs.com
securepubads.g.doubleclick.net
ssum-sec.casalemedia.com
ssum.casalemedia.com
static.adsafeprotected.com
static.hotjar.com
stats.g.doubleclick.net
sync.adtelligent.com
sync.console.adtarget.com.tr
sync.mathtag.com
sync.search.spotxchange.com
syndication.twitter.com
t.trafmag.com
tcheck.outbrainimg.com
token.rubiconproject.com
track.adform.net
tracking.m6r.eu
u.openx.net
ups.analytics.yahoo.com
vars.hotjar.com
video.primis.tech
widget-pixels.outbrain.com
widgets.outbrain.com
win.gg
www.google-analytics.com
www.google.com
www.google.de
www.googleoptimize.com
www.googletagmanager.com
x.bidswitch.net
104.109.78.125
104.244.42.200
13.224.192.34
13.224.193.116
13.224.193.31
13.224.193.70
13.225.87.6
13.248.242.197
142.250.181.226
143.204.98.113
143.204.98.55
151.101.114.132
162.55.6.210
178.250.2.151
18.156.0.31
18.158.181.33
18.196.47.46
18.197.253.20
18.197.47.23
18.197.81.144
185.184.8.65
185.29.135.233
185.33.220.241
185.33.221.15
185.59.220.198
185.64.189.115
185.94.180.126
193.200.65.5
194.146.38.205
194.213.62.34
2.18.232.28
2.18.233.180
2.18.234.190
2.18.234.21
216.58.212.130
2600:1f18:e8a:cd10:3bb7:12f:ec6a:dc8a
2600:9000:2156:e000:f:4f64:8940:93a1
2606:2800:134:1a0d:1429:742:782:b6
2606:2800:234:46c:e8b:1e2f:2bd:694
2606:4700:3034::6815:4466
2a00:1450:4001:801::2002
2a00:1450:4001:803::2003
2a00:1450:4001:808::200e
2a00:1450:4001:80e::2002
2a00:1450:4001:80e::2006
2a00:1450:4001:80f::200e
2a00:1450:4001:811::2008
2a00:1450:4001:828::200e
2a00:1450:4001:82a::2003
2a00:1450:4001:82a::200a
2a00:1450:4001:82f::200a
2a00:1450:4001:830::2002
2a00:1450:4001:831::2004
2a00:1450:400c:c04::9b
2a0c:5c81:5095:0:225:90ff:fefa:245d
3.120.43.188
34.98.64.218
35.190.74.49
37.157.4.23
37.157.5.142
37.252.173.108
5.178.65.245
51.89.9.252
52.35.68.139
52.49.37.161
62.149.0.72
64.202.112.95
69.173.144.138
69.173.144.165
72.251.244.142
069a30f19020243cb38546e37d2bdfbd9e07c048fcf9dab8a7bad2c637267448
0cca3546f59f49f09cf513896a04fb439fd0d8a9c2067a0539e86d2f81af6ae8
0dbc20d0ab33f8ae6828c9e83750a461ba30136b523b6e299c2b35de5092f52a
1cc563d8358c3274ab7db0b7af5ab39f89ce81b5d8f9427169ef295522b2491e
20b3bad1427e2212dd847357841f993f025b5061c4af1d382dcc727e102cc1e4
256f17fb79f4b47e77e4ce9eabc2c8e626a2b6e66f011ac7e29c5bf9176b3817
263627ec362c25037d69022de008fad33cf85ec7267604a5ae5c8e6fe4ad9e38
267893f9fbc3c75119da25e5d96ee58e9c5cb43baed64724d50673cb3c4f77fb
2d3558c1c2cedb1ae3f1eef8467a1b7f6f643a86506d979d9024e824a1918a1c
30cd51247834a98c40e54cf0159ae40fb3b79710706accbe4891ca5e0542f899
39d160e97e2bea07b0cf1c647259ffa4f0bd07069dba4e6c19a22d38b408510f
3c107239496609ede285e80b91336c653f68e65956a25b489ef9b4d9591d07ea
404c99a291c53119a6bc17d791918a0c258daa0b2ff5740d8387da180085cc35
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
4703e74548d17725c6b19435dea7c5a6360637bb7da29bba1cffb492a6021a36
4bdfb79288321fe816d8e3e70c46bbba6fc703993b83f2d64a150439517a2dbd
4f3b933077b738b503f7543ffc82fa0a061f0fe7d0ff1470865fde561a324bcc
4fa5f2510c631df9260c6580bc7d2bc0f18ceba2417648331497abf770f07e87
51459bc6ffe473ac67f7b4a7342c9450f7a2958256f07e8c544f08d923041761
5e0aeb27ad5ec940a7b1049848d9ac96fcc00a34653745b7796d695f9f25f508
5f37ce26be22515bdbfec883bc6f0b7a7aff3ed335ba41e410ee2dc51e521b37
5f789ea36ae4671282524bda454709578d63b915b782c1e041132a7e726ff1c3
6139e1fc0d3709eebbe2b18510cf24361b9f8a538c3529a73c282bafe6c78474
653f3e53e89b4f8548ff86c19e92bb3c6b84b6be7485a320b1e00893ed877479
688966c3a481f6f6867e350d3882f4df19687902adc581a4f6caf4770d18e11c
6e75948ee66bf6e7da9235ee5cecbda03fa7f592a3f08193757202be43d6cb38
70d9e394513d7633d46380a4b92aa7f6e1441869f7fecc815867aadc12918321
73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89
782a87bd18241cdd7b1e30f3502d78d342c47dd564333ab5f775c22e8dfbf0e9
789d25597a48ee75857b4f804d9bc81fe5c0484b6f05cf76c3c6335948c41cb0
7b612ff529725ae692fe908ca7abab4d85d2cf65d40a0490185df84bc1bf5654
7bad3757a05d7c6a22c30127a3be33478dd8fc8cef294a96a38487e1f8dad179
82912c525b3b44cc4ffc7a55b8e4eaf43ecbd5fb70b1969511761f5ad2417056
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
856ab159a9a6cbdc7beb72fc35086e839adb48361d197135a92809e95b875345
893ceb2ff84c4dc7e5519c40d57efe2d6b6cd4969cef99794212dcaf823448be
90805ba88e5c4c373b911c96d62b1d6a8bd6f496fa8ae838d600a4fb71618877
9a006d898f97d3e99147e94a9af12df0b7ae91402c7f66d6b9017f0a361dacd2
9c3500c6354d6cca5ebe517dfad92ce8a1204579f9467cca0edd1a6d7a5b692e
a12b87855b6403c6f73092396d80541a6984aae03097a637769291d9cad15d19
a71138bec5eca04da7fc6e41b176c80ab023e76f1149ced24ff0a04af4c478f9
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b6117b1101275965523bf6436b7902222225c8dcb87030b5746584d2440e0a1e
b920759f5ba868ff7a8fa71208a7746bfd37babe29c116ba245522f8cc492b82
bcce16468496437c5089ea25ac4a21df4b96043deb2220bda588d72283991fff
c84737ed98fba5d40474804773fa4a889faad2a9f5a7f049c1d850494e9b5f39
c9815821ab1442501b9e9bae3d4bc5730315d6a513c8b40141b2d47b76da1916
ce2c83aa57d73b90ff0266ebe6d8631a0a090a0406e1108a36056a28b7128a61
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
dca18eb730e3977305cdb36680103281682133622b49458399bc539727da487a
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de6bfdf9ff0a2da5cf6e7f959ff0298d69a2eba4d4fafc5a457dd9513e2147b6
e2679a03abad1a4b61c41a3f39ea558d811bd68cbd9ac19a3217071a76db497a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5c8cfe628899742b1717332ff98e584ed9d447a5ab7286dc09e0a70200cc803
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fc57e92d2e36700dae12e71b5d6bda0529af71454b6cde671e7ba75f8f959a7b
ffdd35d15d7c994f9ec3ef787be1438de07081f4d5440cbb7b8562124b25ba8e

win.gg Open in urlscan Pro 52.35.68.139 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

238 Requests

98 %HTTPS

29 %IPv6

49 Domains

78 Subdomains

54 IPs

10 Countries

7068 kBTransfer

12714 kBSize

0 Cookies

10 Outgoing links

Redirected requests

238 HTTP transactions Everything HTML Script AJAX CSS Image Expand all -4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

win.gg Open in urlscan Pro
52.35.68.139 Public Scan

Screenshot
Live screenshot

Full Image

238
Requests

98 %
HTTPS

29 %
IPv6

49
Domains

78
Subdomains

54
IPs

10
Countries

7068 kB
Transfer

12714 kB
Size

0
Cookies

238 HTTP transactions
-4 data transactions