plugins4free.com Open in urlscan Pro
51.79.20.70 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://plugins4free.com/plugin/2593/
Submission: On November 14 via manual (November 14th 2023, 2:45:02 pm UTC) from ES — Scanned from CA

Summary HTTP 267 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 64 IPs in 6 countries across 71 domains to perform 267 HTTP transactions. The main IP is 51.79.20.70, located in Beauharnois, Canada and belongs to OVH, FR. The main domain is plugins4free.com.
TLS certificate: Issued by R3 on October 10th 2023. Valid for: 3 months.

This is the only time plugins4free.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
17	51.79.20.70 51.79.20.70	16276 (OVH) (OVH)
2	172.253.63.97 172.253.63.97	15169 (GOOGLE) (GOOGLE)
1 3	142.251.16.103 142.251.16.103	15169 (GOOGLE) (GOOGLE)
6	172.67.21.227 172.67.21.227	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	142.251.111.154 142.251.111.154	15169 (GOOGLE) (GOOGLE)
6	172.67.26.21 172.67.26.21	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	142.251.163.95 142.251.163.95	15169 (GOOGLE) (GOOGLE)
6	172.253.122.94 172.253.122.94	15169 (GOOGLE) (GOOGLE)
7	142.251.111.94 142.251.111.94	15169 (GOOGLE) (GOOGLE)
1 10	142.251.16.157 142.251.16.157	15169 (GOOGLE) (GOOGLE)
4	142.251.167.101 142.251.167.101	15169 (GOOGLE) (GOOGLE)
4	172.253.122.156 172.253.122.156	15169 (GOOGLE) (GOOGLE)
1	172.253.63.95 172.253.63.95	15169 (GOOGLE) (GOOGLE)
3	18.160.53.102 18.160.53.102	16509 (AMAZON-02) (AMAZON-02)
1	18.160.10.20 18.160.10.20	16509 (AMAZON-02) (AMAZON-02)
2	151.101.129.229 151.101.129.229	54113 (FASTLY) (FASTLY)
2	104.26.9.169 104.26.9.169	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 8	68.67.160.114 68.67.160.114	29990 (ASN-APPNEX) (ASN-APPNEX)
1	104.36.115.111 104.36.115.111	62713 (AS-PUBMATIC) (AS-PUBMATIC)
3	147.75.195.55 147.75.195.55	54825 (PACKET) (PACKET)
1	172.64.153.78 172.64.153.78	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	104.22.36.96 104.22.36.96	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	103.132.192.30 103.132.192.30	138552 (RTBHOUSE-...) (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD.)
1	18.165.97.179 18.165.97.179	16509 (AMAZON-02) (AMAZON-02)
6	104.21.82.134 104.21.82.134	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.23.145 104.18.23.145	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 3	23.32.172.185 23.32.172.185	16625 (AKAMAI-AS) (AKAMAI-AS)
6	23.220.141.176 23.220.141.176	16625 (AKAMAI-AS) (AKAMAI-AS)
2	34.95.69.49 34.95.69.49	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 13	52.46.151.131 52.46.151.131	16509 (AMAZON-02) (AMAZON-02)
2 21	142.251.167.132 142.251.167.132	15169 (GOOGLE) (GOOGLE)
4	142.251.179.155 142.251.179.155	15169 (GOOGLE) (GOOGLE)
2 2	18.67.76.108 18.67.76.108	16509 (AMAZON-02) (AMAZON-02)
2 2	35.214.180.112 35.214.180.112	15169 (GOOGLE) (GOOGLE)
2 2	35.236.220.17 35.236.220.17	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	35.208.249.213 35.208.249.213	19527 (GOOGLE-2) (GOOGLE-2)
4 4	54.162.222.197 54.162.222.197	14618 (AMAZON-AES) (AMAZON-AES)
2 2	64.202.112.191 64.202.112.191	23352 (SERVERCEN...) (SERVERCENTRAL)
1 1	70.42.32.63 70.42.32.63	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
2 3	8.43.72.98 8.43.72.98	26667 (RUBICONPR...) (RUBICONPROJECT)
6	184.24.36.205 184.24.36.205	16625 (AKAMAI-AS) (AKAMAI-AS)
2 3	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	216.22.16.53 216.22.16.53	30633 (LEASEWEB-...) (LEASEWEB-USA-WDC)
4 4	159.127.42.204 159.127.42.204	25751 (VALUECLICK) (VALUECLICK)
6 13	35.71.139.29 35.71.139.29	16509 (AMAZON-02) (AMAZON-02)
12 20	69.173.151.100 69.173.151.100	26667 (RUBICONPR...) (RUBICONPROJECT)
5	142.251.16.100 142.251.16.100	15169 (GOOGLE) (GOOGLE)
4	172.253.122.101 172.253.122.101	15169 (GOOGLE) (GOOGLE)
2	172.253.122.139 172.253.122.139	15169 (GOOGLE) (GOOGLE)
1	172.67.38.106 172.67.38.106	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	8.39.36.141 8.39.36.141	26667 (RUBICONPR...) (RUBICONPROJECT)
2	34.149.40.38 34.149.40.38	15169 (GOOGLE) (GOOGLE)
2	172.253.62.132 172.253.62.132	15169 (GOOGLE) (GOOGLE)
6 6	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
5 12	142.251.167.155 142.251.167.155	15169 (GOOGLE) (GOOGLE)
1 3	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2 2	3.213.43.55 3.213.43.55	14618 (AMAZON-AES) (AMAZON-AES)
1 1	54.144.102.175 54.144.102.175	14618 (AMAZON-AES) (AMAZON-AES)
1 1	18.165.98.56 18.165.98.56	16509 (AMAZON-02) (AMAZON-02)
1 2	52.85.132.68 52.85.132.68	16509 (AMAZON-02) (AMAZON-02)
2 3	34.224.189.64 34.224.189.64	14618 (AMAZON-AES) (AMAZON-AES)
4 4	3.225.218.10 3.225.218.10	14618 (AMAZON-AES) (AMAZON-AES)
1	23.46.156.26 23.46.156.26	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 2	104.18.41.104 104.18.41.104	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	8.28.7.81 8.28.7.81	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 2	50.116.194.21 50.116.194.21	6336 (TURN-US-ASN) (TURN-US-ASN)
1	52.87.97.21 52.87.97.21	14618 (AMAZON-AES) (AMAZON-AES)
2	34.149.135.28 34.149.135.28	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 5	162.19.138.117 162.19.138.117	16276 (OVH) (OVH)
9 9	67.202.105.24 67.202.105.24	32748 (STEADFAST) (STEADFAST)
1 2	67.202.105.34 67.202.105.34	32748 (STEADFAST) (STEADFAST)
8 8	35.211.178.172 35.211.178.172	19527 (GOOGLE-2) (GOOGLE-2)
2 2	52.5.102.125 52.5.102.125	14618 (AMAZON-AES) (AMAZON-AES)
5	34.117.239.71 34.117.239.71	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	51.222.39.184 51.222.39.184	16276 (OVH) (OVH)
1	74.119.119.139 74.119.119.139	19750 (AS-CRITEO) (AS-CRITEO)
1	184.24.36.191 184.24.36.191	16625 (AKAMAI-AS) (AKAMAI-AS)
5	174.137.133.32 174.137.133.32	27257 (WEBAIR-IN...) (WEBAIR-INTERNET)
10	34.198.150.224 34.198.150.224	14618 (AMAZON-AES) (AMAZON-AES)
1	162.19.138.120 162.19.138.120	16276 (OVH) (OVH)
1 1	52.206.205.175 52.206.205.175	14618 (AMAZON-AES) (AMAZON-AES)
1	162.248.18.32 162.248.18.32	() ()
1 1	63.251.28.233 63.251.28.233	26558 (FREEWHEEL) (FREEWHEEL)
1	23.220.116.33 23.220.116.33	() ()
1 1	69.166.1.34 69.166.1.34	() ()
2 2	5.161.188.99 5.161.188.99	213230 (HETZNER-C...) (HETZNER-CLOUD2-AS)
267	64

17 51.79.20.70 (Beauharnois, Canada)

ASN16276 (OVH, FR)
PTR: ns566592.ip-51-79-20.net

plugins4free.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
media.plugins4free.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.253.63.97 (United States)

ASN15169 (GOOGLE, US)
PTR: bi-in-f97.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.251.16.103 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: bl-in-f103.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 172.67.21.227 (United States)

ASN13335 (CLOUDFLARENET, US)

services.vlitag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.vlitag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.251.111.154 (United States)

ASN15169 (GOOGLE, US)
PTR: bk-in-f154.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 172.67.26.21 (United States)

ASN13335 (CLOUDFLARENET, US)

storage.ko-fi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 142.251.163.95 (United States)

ASN15169 (GOOGLE, US)
PTR: wv-in-f95.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 172.253.122.94 (United States)

ASN15169 (GOOGLE, US)
PTR: bh-in-f94.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 142.251.111.94 (United States)

ASN15169 (GOOGLE, US)
PTR: bk-in-f94.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 142.251.16.157 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: bl-in-f157.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.251.167.101 (United States)

ASN15169 (GOOGLE, US)
PTR: ww-in-f101.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.253.122.156 (United States)

ASN15169 (GOOGLE, US)
PTR: bh-in-f156.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.253.63.95 (United States)

ASN15169 (GOOGLE, US)
PTR: bi-in-f95.1e100.net

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.160.53.102 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-160-53-102.iad55.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.160.10.20 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-160-10-20.iad12.r.cloudfront.net

config.aps.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.129.229 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.26.9.169 (None, )

ASN13335 (CLOUDFLARENET, US)

script.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 68.67.160.114 (Brooklyn, United States) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.36.115.111 (United States)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 147.75.195.55 (Parsippany, United States)

ASN54825 (PACKET, US)

prebid.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.64.153.78 (United States)

ASN13335 (CLOUDFLARENET, US)

mp.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 104.22.36.96 (None, )

ASN13335 (CLOUDFLARENET, US)

useast.quantumdex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.quantumdex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 103.132.192.30 (Singapore)

ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG)
PTR: ip-103-132-192-30.rtbhouse.net

prebid-asia.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.165.97.179 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-165-97-179.iad55.r.cloudfront.net

aax.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.21.82.134 (None, )

ASN13335 (CLOUDFLARENET, US)

px.vliplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.23.145 (None, )

ASN13335 (CLOUDFLARENET, US)

cadmus.script.ac	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.32.172.185 (New York, United States) 3 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-32-172-185.deploy.static.akamaitechnologies.com

secure-assets.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 23.220.141.176 (Ashburn, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-220-141-176.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.95.69.49 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 49.69.95.34.bc.googleusercontent.com

i.clean.gg	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 52.46.151.131 (Ashburn, United States) 2 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 142.251.167.132 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: ww-in-f132.1e100.net

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.251.179.155 (United States)

ASN15169 (GOOGLE, US)
PTR: pd-in-f155.1e100.net

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.67.76.108 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: server-18-67-76-108.iad89.r.cloudfront.net

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.214.180.112 (Groningen, Netherlands) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 112.180.214.35.bc.googleusercontent.com

csync.loopme.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.236.220.17 (Washington, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 17.220.236.35.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.208.249.213 (Council Bluffs, United States) 1 redirects

ASN19527 (GOOGLE-2, US)
PTR: 213.249.208.35.bc.googleusercontent.com

trace.mediago.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.162.222.197 (United States) 4 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-162-222-197.compute-1.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.202.112.191 (United States) 2 redirects

ASN23352 (SERVERCENTRAL, US)
PTR: ny.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 70.42.32.63 (United States) 1 redirects

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 8.43.72.98 (United States) 2 redirects

ASN26667 (RUBICONPROJECT, US)

pixel-us-east.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 184.24.36.205 (Lithia Springs, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a184-24-36-205.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.98.64.218 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.22.16.53 (Manassas, United States) 1 redirects

ASN30633 (LEASEWEB-USA-WDC, US)

ssbsync-us.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 159.127.42.204 (Los Angeles, United States) 4 redirects

ASN25751 (VALUECLICK, US)
PTR: iad01-nessy-float2.dotomi.com

amazon-tam-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
33across-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 35.71.139.29 (United States) 6 redirects

ASN16509 (AMAZON-02, US)
PTR: afb83dd09526a6517.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 69.173.151.100 (United States) 12 redirects

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.251.16.100 (United States)

ASN15169 (GOOGLE, US)
PTR: bl-in-f100.1e100.net

encrypted-tbn0.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.253.122.101 (United States)

ASN15169 (GOOGLE, US)
PTR: bh-in-f101.1e100.net

encrypted-tbn2.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.253.122.139 (United States)

ASN15169 (GOOGLE, US)
PTR: bh-in-f139.1e100.net

encrypted-tbn1.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.38.106 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 8.39.36.141 (Los Angeles, United States) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel-us-west.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.149.40.38 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 38.40.149.34.bc.googleusercontent.com

u.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.253.62.132 (United States)

ASN15169 (GOOGLE, US)
PTR: bc-in-f132.1e100.net

9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 15.197.193.217 (Seattle, United States) 6 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 142.251.167.155 (United States) 5 redirects

ASN15169 (GOOGLE, US)
PTR: ww-in-f155.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.107.42.14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.213.43.55 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-213-43-55.compute-1.amazonaws.com

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.144.102.175 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-144-102-175.compute-1.amazonaws.com

sync.ipredictive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.165.98.56 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-18-165-98-56.iad55.r.cloudfront.net

live.primis.tech	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.85.132.68 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-52-85-132-68.iad50.r.cloudfront.net

sync.intentiq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync1.intentiq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.224.189.64 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-224-189-64.compute-1.amazonaws.com

match.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.225.218.10 (Ashburn, United States) 4 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-225-218-10.compute-1.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.46.156.26 (Edison, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-46-156-26.deploy.static.akamaitechnologies.com

hb.yahoo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.41.104 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

capi.connatix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 8.28.7.81 (United States)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 50.116.194.21 (United States) 1 redirects

ASN6336 (TURN-US-ASN, US)
PTR: presentation-atl1.turn.com

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.87.97.21 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-87-97-21.compute-1.amazonaws.com

rtb.adentifi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.149.135.28 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 28.135.149.34.bc.googleusercontent.com

g.bidbrain.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 162.19.138.117 (Frankfurt am Main, Germany) 2 redirects

ASN16276 (OVH, FR)
PTR: ns31533568.ip-162-19-138.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 67.202.105.24 (United States) 9 redirects

ASN32748 (STEADFAST, US)
PTR: ip24.67-202-105.static.steadfastdns.net

ssc-cms.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 67.202.105.34 (United States) 1 redirects

ASN32748 (STEADFAST, US)
PTR: ip34.67-202-105.static.steadfastdns.net

de.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
hde.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 35.211.178.172 (North Charleston, United States) 8 redirects

ASN19527 (GOOGLE-2, US)
PTR: 172.178.211.35.bc.googleusercontent.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.5.102.125 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-5-102-125.compute-1.amazonaws.com

t.pswec.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.117.239.71 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 71.239.117.34.bc.googleusercontent.com

events-ssc.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.222.39.184 (Canada)

ASN16276 (OVH, FR)
PTR: ip184.ip-51-222-39.net

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.119.119.139 (United States)

ASN19750 (AS-CRITEO, US)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.24.36.191 (Lithia Springs, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a184-24-36-191.deploy.static.akamaitechnologies.com

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 174.137.133.32 (United States)

ASN27257 (WEBAIR-INTERNET, US)

sync.adkernel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 34.198.150.224 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-198-150-224.compute-1.amazonaws.com

cs-server-s2s.yellowblue.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cs.yellowblue.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.19.138.120 (Frankfurt am Main, Germany)

ASN16276 (OVH, FR)
PTR: ns31533571.ip-162-19-138.eu

lb.eu-1-id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.206.205.175 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-206-205-175.compute-1.amazonaws.com

beacon.lynx.cognitivlabs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.248.18.32 (None, )

ASN- ()

image8.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.251.28.233 (Secaucus, United States) 1 redirects

ASN26558 (FREEWHEEL, US)

ads.stickyadstv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.220.116.33 (None, )

ASN- ()

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.166.1.34 (None, ) 1 redirects

ASN- ()

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 5.161.188.99 (Ashburn, United States) 2 redirects

ASN213230 (HETZNER-CLOUD2-AS, DE)
PTR: static.99.188.161.5.clients.your-server.de

sync-dmp.mobtrakk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
33	rubiconproject.com 18 redirects secure-assets.rubiconproject.com — Cisco Umbrella Rank: 969 eus.rubiconproject.com — Cisco Umbrella Rank: 602 pixel-us-east.rubiconproject.com — Cisco Umbrella Rank: 1156 token.rubiconproject.com — Cisco Umbrella Rank: 458 pixel-us-west.rubiconproject.com — Cisco Umbrella Rank: 4691 pixel.rubiconproject.com — Cisco Umbrella Rank: 376	58 KB
32	googlesyndication.com 2 redirects pagead2.googlesyndication.com — Cisco Umbrella Rank: 97 tpc.googlesyndication.com — Cisco Umbrella Rank: 149 9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com	389 KB
24	doubleclick.net 6 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 securepubads.g.doubleclick.net — Cisco Umbrella Rank: 196 cm.g.doubleclick.net — Cisco Umbrella Rank: 245	373 KB
24	gstatic.com www.gstatic.com fonts.gstatic.com encrypted-tbn0.gstatic.com encrypted-tbn2.gstatic.com encrypted-tbn1.gstatic.com encrypted-tbn3.gstatic.com Failed	639 KB
18	amazon-adsystem.com 2 redirects c.amazon-adsystem.com — Cisco Umbrella Rank: 306 config.aps.amazon-adsystem.com — Cisco Umbrella Rank: 598 aax.amazon-adsystem.com — Cisco Umbrella Rank: 394 s.amazon-adsystem.com — Cisco Umbrella Rank: 310 aax-eu.amazon-adsystem.com Failed	80 KB
17	plugins4free.com plugins4free.com media.plugins4free.com	361 KB
14	33across.com 9 redirects ssc-cms.33across.com — Cisco Umbrella Rank: 923 events-ssc.33across.com — Cisco Umbrella Rank: 1543	6 KB
13	3lift.com 6 redirects eb2.3lift.com — Cisco Umbrella Rank: 417	6 KB
10	yellowblue.io cs-server-s2s.yellowblue.io — Cisco Umbrella Rank: 2460 cs.yellowblue.io — Cisco Umbrella Rank: 1590	5 KB
10	quantumdex.io useast.quantumdex.io — Cisco Umbrella Rank: 17259 sync.quantumdex.io — Cisco Umbrella Rank: 3327	2 KB
10	pubmatic.com hbopenbid.pubmatic.com — Cisco Umbrella Rank: 502 ads.pubmatic.com — Cisco Umbrella Rank: 534 image6.pubmatic.com — Cisco Umbrella Rank: 823 image8.pubmatic.com	35 KB
9	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 246 acdn.adnxs.com — Cisco Umbrella Rank: 609	23 KB
8	bidswitch.net 8 redirects x.bidswitch.net — Cisco Umbrella Rank: 351	4 KB
8	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 31 imasdk.googleapis.com — Cisco Umbrella Rank: 447	131 KB
6	yahoo.com 6 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 492 ups.analytics.yahoo.com — Cisco Umbrella Rank: 327	2 KB
6	adsrvr.org 6 redirects match.adsrvr.org — Cisco Umbrella Rank: 353	2 KB
6	id5-sync.com 2 redirects cdn.id5-sync.com — Cisco Umbrella Rank: 863 id5-sync.com — Cisco Umbrella Rank: 440	36 KB
6	vliplatform.com px.vliplatform.com — Cisco Umbrella Rank: 30945	2 KB
6	ko-fi.com storage.ko-fi.com — Cisco Umbrella Rank: 50663	19 KB
6	vlitag.com services.vlitag.com — Cisco Umbrella Rank: 35568 assets.vlitag.com — Cisco Umbrella Rank: 44068	357 KB
5	adkernel.com sync.adkernel.com — Cisco Umbrella Rank: 1545	4 KB
5	4dex.io script.4dex.io — Cisco Umbrella Rank: 1523 mp.4dex.io — Cisco Umbrella Rank: 2070 u.4dex.io — Cisco Umbrella Rank: 3505	29 KB
4	dotomi.com 4 redirects amazon-tam-match.dotomi.com — Cisco Umbrella Rank: 4850 33across-match.dotomi.com — Cisco Umbrella Rank: 3517	1 KB
4	bidr.io 4 redirects match.prod.bidr.io — Cisco Umbrella Rank: 573	2 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 212	252 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27	21 KB
3	onetag-sys.com onetag-sys.com — Cisco Umbrella Rank: 746
3	sharethrough.com 2 redirects match.sharethrough.com — Cisco Umbrella Rank: 559	750 B
3	linkedin.com 1 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 377	1 KB
3	openx.net 2 redirects u.openx.net — Cisco Umbrella Rank: 659 us-u.openx.net — Cisco Umbrella Rank: 522	749 B
3	a-mo.net prebid.a-mo.net — Cisco Umbrella Rank: 751 assets.a-mo.net Failed	1 KB
3	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 2	1 KB
2	mobtrakk.com 2 redirects sync-dmp.mobtrakk.com — Cisco Umbrella Rank: 2315	546 B
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 145
2	pswec.com 2 redirects t.pswec.com — Cisco Umbrella Rank: 4178	1 KB
2	tynt.com 1 redirects de.tynt.com — Cisco Umbrella Rank: 1605 hde.tynt.com — Cisco Umbrella Rank: 4166	3 KB
2	bidbrain.app g.bidbrain.app — Cisco Umbrella Rank: 19277	1 KB
2	turn.com 1 redirects ad.turn.com — Cisco Umbrella Rank: 851 r.turn.com — Cisco Umbrella Rank: 4121	878 B
2	connatix.com 1 redirects capi.connatix.com — Cisco Umbrella Rank: 1113	523 B
2	intentiq.com 1 redirects sync.intentiq.com — Cisco Umbrella Rank: 886 sync1.intentiq.com — Cisco Umbrella Rank: 2801	2 KB
2	zemanta.com 2 redirects b1sync.zemanta.com — Cisco Umbrella Rank: 580	1 KB
2	simpli.fi 2 redirects um.simpli.fi — Cisco Umbrella Rank: 795	1 KB
2	loopme.me 2 redirects csync.loopme.me — Cisco Umbrella Rank: 940	477 B
2	smaato.net 2 redirects s.ad.smaato.net — Cisco Umbrella Rank: 716	881 B
2	clean.gg i.clean.gg — Cisco Umbrella Rank: 894	105 B
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 335	2 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 35	146 KB
1	sonobi.com 1 redirects sync.go.sonobi.com	633 B
1	media.net contextual.media.net	614 B
1	stickyadstv.com 1 redirects ads.stickyadstv.com — Cisco Umbrella Rank: 566	516 B
1	cognitivlabs.com 1 redirects beacon.lynx.cognitivlabs.com — Cisco Umbrella Rank: 1484	615 B
1	eu-1-id5-sync.com lb.eu-1-id5-sync.com — Cisco Umbrella Rank: 928	276 B
1	criteo.com dis.criteo.com Failed gum.criteo.com — Cisco Umbrella Rank: 454
1	adentifi.com rtb.adentifi.com — Cisco Umbrella Rank: 1218	36 B
1	yahoo.net hb.yahoo.net — Cisco Umbrella Rank: 938	648 B
1	primis.tech 1 redirects live.primis.tech — Cisco Umbrella Rank: 1458	557 B
1	ipredictive.com 1 redirects sync.ipredictive.com — Cisco Umbrella Rank: 909	493 B
1	smartadserver.com 1 redirects ssbsync-us.smartadserver.com — Cisco Umbrella Rank: 6263	279 B
1	outbrain.com 1 redirects sync.outbrain.com — Cisco Umbrella Rank: 807	694 B
1	mediago.io 1 redirects trace.mediago.io — Cisco Umbrella Rank: 904	362 B
1	script.ac cadmus.script.ac — Cisco Umbrella Rank: 1421	46 KB
1	creativecdn.com prebid-asia.creativecdn.com — Cisco Umbrella Rank: 22680	179 B
0	1rx.io Failed sync.1rx.io Failed
0	casalemedia.com Failed ssum-sec.casalemedia.com Failed
0	disqus.com Failed ssp.disqus.com Failed
0	lijit.com Failed ap.lijit.com Failed
0	betweendigital.com Failed ads.betweendigital.com Failed
0	a-mx.com Failed id.a-mx.com Failed
0	rtbrain.app Failed cdn.rtbrain.app Failed
0	pangle-ads.com Failed analytics.pangle-ads.com Failed
0	criteo.net Failed static.criteo.net Failed
267	71

	Domain	Requested by
21	tpc.googlesyndication.com	2 redirects googleads.g.doubleclick.net 9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com
16	plugins4free.com	plugins4free.com
13	eb2.3lift.com	6 redirects sync.quantumdex.io eb2.3lift.com
13	s.amazon-adsystem.com	2 redirects c.amazon-adsystem.com s.amazon-adsystem.com plugins4free.com
12	cm.g.doubleclick.net	5 redirects plugins4free.com 9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com eb2.3lift.com
12	pixel.rubiconproject.com	7 redirects plugins4free.com
9	sync.quantumdex.io	assets.vlitag.com sync.quantumdex.io cs-server-s2s.yellowblue.io sync.adkernel.com
9	ssc-cms.33across.com	9 redirects
9	pagead2.googlesyndication.com	plugins4free.com pagead2.googlesyndication.com 9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com www.googletagservices.com googleads.g.doubleclick.net
8	x.bidswitch.net	8 redirects
8	token.rubiconproject.com	5 redirects eus.rubiconproject.com
8	ib.adnxs.com	3 redirects assets.vlitag.com plugins4free.com eb2.3lift.com acdn.adnxs.com
8	googleads.g.doubleclick.net	1 redirects pagead2.googlesyndication.com googleads.g.doubleclick.net
7	cs-server-s2s.yellowblue.io	sync.quantumdex.io cs-server-s2s.yellowblue.io
7	fonts.gstatic.com	fonts.googleapis.com
7	fonts.googleapis.com	storage.ko-fi.com plugins4free.com googleads.g.doubleclick.net
6	match.adsrvr.org	6 redirects
6	ads.pubmatic.com	s.amazon-adsystem.com plugins4free.com hde.tynt.com assets.vlitag.com sync.quantumdex.io sync.adkernel.com
6	eus.rubiconproject.com	plugins4free.com eus.rubiconproject.com hde.tynt.com cs-server-s2s.yellowblue.io
6	px.vliplatform.com	plugins4free.com
6	www.gstatic.com	www.google.com googleads.g.doubleclick.net
6	storage.ko-fi.com	plugins4free.com storage.ko-fi.com
5	sync.adkernel.com	sync.quantumdex.io sync.adkernel.com
5	events-ssc.33across.com	hde.tynt.com
5	id5-sync.com	2 redirects cdn.id5-sync.com assets.vlitag.com
5	encrypted-tbn0.gstatic.com	googleads.g.doubleclick.net
4	ups.analytics.yahoo.com	4 redirects
4	encrypted-tbn2.gstatic.com	googleads.g.doubleclick.net
4	match.prod.bidr.io	4 redirects
4	www.googletagservices.com	googleads.g.doubleclick.net 9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com
4	securepubads.g.doubleclick.net	services.vlitag.com securepubads.g.doubleclick.net plugins4free.com
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com plugins4free.com
4	services.vlitag.com	plugins4free.com services.vlitag.com
3	cs.yellowblue.io	cs-server-s2s.yellowblue.io
3	onetag-sys.com	plugins4free.com sync.quantumdex.io cs-server-s2s.yellowblue.io
3	match.sharethrough.com	2 redirects plugins4free.com
3	px.ads.linkedin.com	1 redirects plugins4free.com eb2.3lift.com
3	pixel-us-east.rubiconproject.com	2 redirects s.amazon-adsystem.com
3	secure-assets.rubiconproject.com	3 redirects
3	prebid.a-mo.net	assets.vlitag.com plugins4free.com
3	c.amazon-adsystem.com	services.vlitag.com c.amazon-adsystem.com
3	www.google.com	1 redirects plugins4free.com 9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com
2	sync-dmp.mobtrakk.com	2 redirects
2	us-u.openx.net	2 redirects
2	www.googleadservices.com	plugins4free.com
2	33across-match.dotomi.com	2 redirects
2	t.pswec.com	2 redirects
2	g.bidbrain.app	plugins4free.com
2	image6.pubmatic.com	ads.pubmatic.com
2	capi.connatix.com	1 redirects plugins4free.com
2	pr-bh.ybp.yahoo.com	2 redirects
2	9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	u.4dex.io	plugins4free.com hde.tynt.com
2	encrypted-tbn1.gstatic.com	googleads.g.doubleclick.net
2	amazon-tam-match.dotomi.com	2 redirects
2	b1sync.zemanta.com	2 redirects
2	um.simpli.fi	2 redirects
2	csync.loopme.me	2 redirects
2	s.ad.smaato.net	2 redirects
2	i.clean.gg	cadmus.script.ac
2	script.4dex.io	assets.vlitag.com script.4dex.io
2	cdn.jsdelivr.net	assets.vlitag.com securepubads.g.doubleclick.net
2	assets.vlitag.com	services.vlitag.com
2	www.googletagmanager.com	plugins4free.com www.googletagmanager.com
1	sync.go.sonobi.com	1 redirects
1	contextual.media.net	cs-server-s2s.yellowblue.io
1	ads.stickyadstv.com	1 redirects
1	image8.pubmatic.com	cs-server-s2s.yellowblue.io
1	beacon.lynx.cognitivlabs.com	1 redirects
1	lb.eu-1-id5-sync.com	assets.vlitag.com
1	acdn.adnxs.com	assets.vlitag.com
1	gum.criteo.com	assets.vlitag.com
1	hde.tynt.com	plugins4free.com
1	de.tynt.com	1 redirects
1	rtb.adentifi.com	9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com
1	r.turn.com	plugins4free.com
1	ad.turn.com	1 redirects
1	hb.yahoo.net	plugins4free.com
1	sync1.intentiq.com	plugins4free.com
1	sync.intentiq.com	1 redirects
1	live.primis.tech	1 redirects
1	sync.ipredictive.com	1 redirects
1	pixel-us-west.rubiconproject.com	1 redirects
1	cdn.id5-sync.com	securepubads.g.doubleclick.net
1	ssbsync-us.smartadserver.com	1 redirects
1	u.openx.net	s.amazon-adsystem.com
1	sync.outbrain.com	1 redirects
1	trace.mediago.io	1 redirects
1	cadmus.script.ac	script.4dex.io
1	aax.amazon-adsystem.com	c.amazon-adsystem.com
1	prebid-asia.creativecdn.com	assets.vlitag.com
1	useast.quantumdex.io	assets.vlitag.com
1	mp.4dex.io	assets.vlitag.com
1	hbopenbid.pubmatic.com	assets.vlitag.com
1	config.aps.amazon-adsystem.com	c.amazon-adsystem.com
1	imasdk.googleapis.com	services.vlitag.com
1	media.plugins4free.com	plugins4free.com
0	sync.1rx.io Failed	sync.quantumdex.io
0	ssum-sec.casalemedia.com Failed	sync.quantumdex.io
0	ssp.disqus.com Failed	sync.quantumdex.io
0	ap.lijit.com Failed	sync.quantumdex.io
0	ads.betweendigital.com Failed	sync.quantumdex.io
0	assets.a-mo.net Failed	prebid.a-mo.net
0	id.a-mx.com Failed	assets.vlitag.com
0	cdn.rtbrain.app Failed	9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com
0	analytics.pangle-ads.com Failed	9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com
0	dis.criteo.com Failed	9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com eb2.3lift.com
0	aax-eu.amazon-adsystem.com Failed	plugins4free.com
0	encrypted-tbn3.gstatic.com Failed	googleads.g.doubleclick.net
0	static.criteo.net Failed	securepubads.g.doubleclick.net
267	110

This site contains links to these domains. Also see Links.

Domain
twitter.com
www.facebook.com
www.youtube.com
ko-fi.com

Subject Issuer	Validity	Valid
plugins4free.com R3	`2023-10-10` - `2024-01-08`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
vlitag.com GTS CA 1P5	`2023-09-28` - `2023-12-27`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-04-29` - `2024-04-28`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
c.amazon-adsystem.com Amazon RSA 2048 M01	`2023-02-28` - `2024-02-17`	a year	crt.sh
config.aps.amazon-adsystem.com Amazon RSA 2048 M02	`2023-02-20` - `2024-03-20`	a year	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2023 Q3	`2023-09-27` - `2024-10-28`	a year	crt.sh
script.4dex.io Cloudflare Inc ECC CA-3	`2023-10-23` - `2024-10-22`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2023-04-20` - `2024-05-20`	a year	crt.sh
*.a-mo.net R3	`2023-11-07` - `2024-02-05`	3 months	crt.sh
*.creativecdn.com RapidSSL TLS RSA CA G1	`2023-03-29` - `2024-04-28`	a year	crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com Amazon RSA 2048 M01	`2023-03-16` - `2024-03-08`	a year	crt.sh
script.ac E1	`2023-10-31` - `2024-01-29`	3 months	crt.sh
*.rubiconproject.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-03-07` - `2024-04-03`	a year	crt.sh
i.clean.gg GTS CA 1D4	`2023-11-14` - `2024-02-12`	3 months	crt.sh
s.amazon-adsystem.com Amazon RSA 2048 M01	`2023-03-03` - `2024-02-19`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.openx.net RapidSSL TLS RSA CA G1	`2023-08-18` - `2024-08-18`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
adentifi.com Amazon RSA 2048 M01	`2023-07-06` - `2024-08-03`	a year	crt.sh
*.bidbrain.app R3	`2023-11-13` - `2024-02-11`	3 months	crt.sh
*.id5-sync.com R3	`2023-11-01` - `2024-01-30`	3 months	crt.sh
*.tynt.com Sectigo RSA Domain Validation Secure Server CA	`2023-09-05` - `2024-09-30`	a year	crt.sh
*.onetag-sys.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-12-28` - `2024-01-28`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2023-12-23`	3 months	crt.sh
cdn.adnxs.com GeoTrust RSA CA 2018	`2023-08-24` - `2024-08-24`	a year	crt.sh
*.3lift.com Amazon RSA 2048 M02	`2023-04-13` - `2024-05-11`	a year	crt.sh
*.adkernel.com AlphaSSL CA - SHA256 - G4	`2023-01-03` - `2024-02-04`	a year	crt.sh
*.yellowblue.io Amazon ECDSA 256 M02	`2023-04-18` - `2024-05-16`	a year	crt.sh
*.eu-1-id5-sync.com R3	`2023-11-01` - `2024-01-30`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2023-11-03` - `2024-05-03`	6 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.media.net DigiCert TLS RSA SHA256 2020 CA1	`2023-02-10` - `2024-02-18`	a year	crt.sh

This page contains 45 frames:

Primary Page: https://plugins4free.com/plugin/2593/
Frame ID: 9D5C019C8AF529F474B5DF6B952088C1
Requests: 79 HTTP requests in this frame

Frame: https://storage.ko-fi.com/cdn/scripts/floating-chat-main.css
Frame ID: 8BDF37D08EB7FE41CFAB23A328BB6AB0
Requests: 4 HTTP requests in this frame

Frame: https://storage.ko-fi.com/cdn/scripts/floating-chat-main.css
Frame ID: CA7FF3B296539F105ACFAA4BC53BE1E1
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/zrt_lookup_fy2021.html
Frame ID: BA2B3A1B6A084A4F1C670933BE229832
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9421828282617704&output=html&adk=1812271804&adf=3025194257&lmt=1699973095&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=260x810_l%7C260x945_r&format=0x0&url=https%3A%2F%2Fplugins4free.com%2Fplugin%2F2593%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&ascmds=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699973095174&bpp=4&bdt=478&idt=206&shv=r20231109&mjsv=m202311060101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=441787687467&frm=20&pv=2&ga_vid=1601140643.1699973095&ga_sid=1699973095&ga_hid=1195136774&ga_fc=1&u_tz=-480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079515%2C44795922%2C44807464%2C44808112%2C31078301%2C44807763%2C44808148%2C44808285&oid=2&pvsid=865238194929361&tmod=24835775&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=229
Frame ID: 8125ABF0CA5EC9FA79EA75A36D9F2250
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9421828282617704&output=html&h=90&slotname=3831644919&adk=3988527980&adf=3131441721&pi=t.ma~as.3831644919&w=728&lmt=1699973095&format=728x90&url=https%3A%2F%2Fplugins4free.com%2Fplugin%2F2593%2F&ea=0&region=page-0.8801728567731477&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699973095178&bpp=2&bdt=482&idt=245&shv=r20231109&mjsv=m202311060101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=441787687467&frm=20&pv=1&ga_vid=1601140643.1699973095&ga_sid=1699973095&ga_hid=1195136774&ga_fc=1&u_tz=-480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=84&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079515%2C44795922%2C44807464%2C44808112%2C31078301%2C44807763%2C44808148%2C44808285&oid=2&pvsid=865238194929361&tmod=24835775&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=250
Frame ID: 68E79003740B9C9837AECA616D9F5F0D
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9421828282617704&output=html&h=280&slotname=6439040174&adk=2121505350&adf=3071395567&pi=t.ma~as.6439040174&w=812&fwrn=4&fwrnh=100&lmt=1699973095&rafmt=1&format=812x280&url=https%3A%2F%2Fplugins4free.com%2Fplugin%2F2593%2F&ea=0&region=page-0.5396091586781009&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699973095181&bpp=1&bdt=485&idt=270&shv=r20231109&mjsv=m202311060101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=441787687467&frm=20&pv=1&ga_vid=1601140643.1699973095&ga_sid=1699973095&ga_hid=1195136774&ga_fc=1&u_tz=-480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=312&ady=1048&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079515%2C44795922%2C44807464%2C44808112%2C31078301%2C44807763%2C44808148%2C44808285&oid=2&pvsid=865238194929361&tmod=24835775&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=274
Frame ID: 831DED3CA2F35B8103BF1D143A42EE00
Requests: 21 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=onfocus&endpoint=us-west
Frame ID: F8C22CC2187CF4F622A5433366143616
Requests: 20 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-LoopMe_pm-db5_n-simpli.fi_n-baidu_n-Beeswax_ox-db5_smrt_cnv_3lift_n-Outbrain&dcc=t
Frame ID: 1FF4A1F5DBE6866F80820B6560A97CEC
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 7A7E63C70BB75B9A2A9BA97B80D3FE9A
Requests: 6 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/v3/pr?exlist=n-smaato_n-LoopMe_pm-db5_n-simpli.fi_n-baidu_n-Beeswax_ox-db5_smrt_cnv_3lift_n-Outbrain&fv=1.0&a=cm&cm3ppd=1&dmt=3
Frame ID: 3448D938DF88B06DFDDE9829CACC7C5C
Requests: 7 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: B3799F949403193EC66C60BD99D2E593
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 36E7ACC3D9762344A68CA4881E981330
Requests: 2 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Frame ID: B91755E844AE98AE169ED36E6324EE67
Requests: 2 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Frame ID: 106067C786EEBFBDD5886C31F322BDD8
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?ex=smart.com&id=8426327288077849638&gdpr=0&gdpr_consent=
Frame ID: 3C6B5276AF3C125D74050D37276A8B2F
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?ex=cnv.com&id=AAAGlW7u_ZyTMwNgjICyAAAAAAA&expiration=1700059497&is_secure=true
Frame ID: E764BA0BBB3385191B800318D841CD24
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=3187032228587469864208
Frame ID: 2F0C5BF045D69C723281912BE13A156F
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/IgLScqdiOg8g0FW65X_u-4WKM1KDPqNvzEOKiVhX0wc.js
Frame ID: 274C26513E51E1507AEECB2CF026C21E
Requests: 1 HTTP requests in this frame

Frame: https://9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: E00327F99215230853F022F2EC88793C
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&predirect=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D(PM_UID)
Frame ID: 215D2B872785C8AF1E23B2043B3887D3
Requests: 1 HTTP requests in this frame

Frame: https://9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 612E4CEE36178F37E7AE1B21F942370F
Requests: 13 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 403C58D4656D94F5D8F818FCC2381FE8
Requests: 9 HTTP requests in this frame

Frame: https://hde.tynt.com/deb/?m=xch&rt=html&id=0015a00002oUk4aAAC&ru=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X&b=1
Frame ID: B291F520C431B7E3D679172E70A99E47
Requests: 6 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=
Frame ID: D852997B47C7598770FA1744D84C3402
Requests: 4 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?&p=156423&us_privacy=&predirect=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dh%26us_privacy%3D%26bidder_id%3D25%26external_user_id%3D
Frame ID: 68BC5EA11BEE71E2AD1A2334E1E13E2C
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=6b859b96c564fbe&gdpr=0&gdpr_consent=&us_privacy=
Frame ID: 5E557BAE462401DDAC6D97C9D9582CD3
Requests: 1 HTTP requests in this frame

Frame: https://sync.quantumdex.io/usersync/pbjs
Frame ID: 38FEB0645B281F5C9222D47997794927
Requests: 8 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: AD428D9366D2CD8F27960D94247B9844
Requests: 3 HTTP requests in this frame

Frame: https://prebid.a-mo.net/isyn?gdpr_consent=&gdpr=0&us_privacy=&gpp=&gpp_sid=
Frame ID: AC9A349ADA3C851CAA7568C15136F2C1
Requests: 2 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=157940
Frame ID: D9966D25264106983BAADCC7ED91177E
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Frame ID: 9A08F412AA8C12342C65DD13A89330AF
Requests: 1 HTTP requests in this frame

Frame: https://sync.1rx.io/usersync2/rmphb?gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT}&us_privacy=${US_PRIVACY}&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dunruly%26uid%3D%5BRX_UUID%5D
Frame ID: C980F0AF1F911963390117505665018A
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D
Frame ID: 70D0280A7C9D98F3E109760B948C9D78
Requests: 2 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&gpp=&gpp_sid=&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dtriplelift%26uid%3D%24UID
Frame ID: D1ECFE43B33DF6478E0480DD39B52900
Requests: 11 HTTP requests in this frame

Frame: https://sync.quantumdex.io/setuid?bidder=xapads-mw&uid=A668282022425806367
Frame ID: C66A71AB631BF3ECC9E7983CC4844D59
Requests: 2 HTTP requests in this frame

Frame: https://sync.quantumdex.io/setuid?bidder=xapads-mw&uid=A5055803793460674223
Frame ID: 5E2EDF01CC35E5938F1B5913A6E4F983
Requests: 2 HTTP requests in this frame

Frame: https://sync.quantumdex.io/setuid?bidder=xapads-mw&uid=A3697800832230668502
Frame ID: C0146E9079FCDF9B4118DD7B8CCB99DF
Requests: 3 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=2bb78272a859ca6
Frame ID: 461C0751DE2790A70B462C9C24F51538
Requests: 1 HTTP requests in this frame

Frame: https://cs-server-s2s.yellowblue.io/sync-iframe?gdpr=&gdpr_consent=&redirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Drise%26uid%3D%7BpartnerId%7D
Frame ID: C0EFE9438459B2695F993BDC47519064
Requests: 12 HTTP requests in this frame

Frame: https://sync.adkernel.com/user-sync?zone=184388&r=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dxap-184388%26uid%3D%7BUID%7D
Frame ID: DEF580B38DE2AF1DB78952BACB19B5C9
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/IgLScqdiOg8g0FW65X_u-4WKM1KDPqNvzEOKiVhX0wc.js
Frame ID: D1227F4F8A218CE12E472F9EDBE8E731
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=rise_engage&endpoint=us-east
Frame ID: D844B61A3DAEB1F580723ED571A7C205
Requests: 4 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=69f48c2160c8113&gdpr=0&gdpr_consent=
Frame ID: 82A1C6FED6A59A58991545E6CBF919FB
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162882&userIdMacro=PM_UID&predirect=%2F%2Fsync.adkernel.com%2Fuser-sync%3Fzone%3D149271%26dsp%3D614719%26t%3Diframe%26uid%3DPM_UID
Frame ID: FD601D882E5D81743A15BD676C377661
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Download Free Vintage compressor plugin: SLAX by Sonic Anomaly

Detected technologies

Nuxt.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

/_nuxt/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

267
Requests

72 %
HTTPS

0 %
IPv6

71
Domains

110
Subdomains

64
IPs

6
Countries

3010 kB
Transfer

8691 kB
Size

85
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://twitter.com/plugins4free
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Plugins4Free
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCfLuJ0kv09tXAsdbWMZNZZA
Title: YouTube

Search URL Search Domain Scan URL

URL: https://ko-fi.com/plugins4free
Title: ko-fi.com/plugins4free

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 74

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=onfocus&endpoint=us-west HTTP 301
https://eus.rubiconproject.com/usync.html?p=onfocus&endpoint=us-west

Request Chain 77

https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-LoopMe_pm-db5_n-simpli.fi_n-baidu_n-Beeswax_ox-db5_smrt_cnv_3lift_n-Outbrain HTTP 302
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-LoopMe_pm-db5_n-simpli.fi_n-baidu_n-Beeswax_ox-db5_smrt_cnv_3lift_n-Outbrain&dcc=t

Request Chain 94

https://s.ad.smaato.net/c/?adExInit=aps&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsmaato.com%26id%3D%24UID HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=smaato.com&id=29dc6481b8

Request Chain 95

https://csync.loopme.me/?pubid=11405&redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dloopme.com%26id%3D%7Bviewer_token%7D HTTP 307
https://s.amazon-adsystem.com/ecm3?ex=loopme.com&id=ee22485a-1279-4ca6-abe3-d023a923a966

Request Chain 96

https://um.simpli.fi/amazon/https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsimpli.fi%26id%3D HTTP 302
https://s.amazon-adsystem.com/ecm3?id=43FCC97914064CD3BEEBB4ABF83F6B53&ex=simpli.fi&status=ok

Request Chain 97

https://trace.mediago.io/ju/cs/amazon?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dbaidu.com%26id%3D%24UID HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=baidu.com&id=4df39c49eb81752b26bzk200loyg381j

Request Chain 98

https://match.prod.bidr.io/cookie-sync/amzn?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dbeeswax.com%26id%3D%24UID HTTP 303
https://match.prod.bidr.io/cookie-sync/amzn?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dbeeswax.com%26id%3D%24UID&_bee_ppp=1 HTTP 303
https://s.amazon-adsystem.com/ecm3?id=AACxW07KpxAAABOL40VDqg&ex=beeswax.com

Request Chain 99

https://b1sync.zemanta.com/usersync/amazon_tam/?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Doutbrain.com%26id%3D__ZUID__ HTTP 302
https://b1sync.zemanta.com/usersync/amazon_tam/?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Doutbrain.com%26id%3D__ZUID__&s=2 HTTP 302
https://sync.outbrain.com/sync-external?uid=BftKPLoSJ3NZuyCz6bZE&redirect=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Famazon_tam%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64ZOMFWWC6TPNYWWCZDTPFZXIZLNFZRW63JPMVRW2MZ7MV4D233VORRHEYLJNYXGG33NEZUWIPKCMZ2EWUCMN5JUUM2OLJ2XSQ32GZRFURI HTTP 302
https://pixel-us-east.rubiconproject.com/exchange/sync.php?obhb=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Famazon_tam%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64ZOMFWWC6TPNYWWCZDTPFZXIZLNFZRW63JPMVRW2MZ7MV4D233VORRHEYLJNYXGG33NEZUWIPKCMZ2EWUCMN5JUUM2OLJ2XSQ32GZRFURI&p=15268&obUid=UzU3-_QFJFEAKrgYX9LJ0e-aEgRt9XjYG8RBKc7qMKxbxlVWN_iNF_hFi4pKL6U_&gdpr=$GDPR_APPLIES&gdpr_consent=$CONSNT_STRING&us_privacy=$CCPA&initiator=s2s

Request Chain 102

https://ssbsync-us.smartadserver.com/api/sync?callerId=2 HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=smart.com&id=8426327288077849638&gdpr=0&gdpr_consent=

Request Chain 103

https://amazon-tam-match.dotomi.com/match/bounce/current?networkId=31082&version=1&rurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dcnv.com%26id%3D HTTP 302
https://amazon-tam-match.dotomi.com/match/bounce/current?DotomiTest=2c70d63ae39614d9&is_secure=true&networkId=31082&version=1&rurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dcnv.com%26id%3D HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=cnv.com&id=AAAGlW7u_ZyTMwNgjICyAAAAAAA&expiration=1700059497&is_secure=true

Request Chain 104

https://eb2.3lift.com/getuid?redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID HTTP 302
https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=3187032228587469864208

Request Chain 106

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 118

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgODgyorPzwEQ5QwYmQMyCJNiWW7BUjVL HTTP 301
https://tpc.googlesyndication.com/simgad/388799601516824345

Request Chain 139

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDX6YmHlQEQkAEYkAEyCKOiU1F6p173 HTTP 301
https://tpc.googlesyndication.com/simgad/9671481194446296273

Request Chain 140

https://pixel-us-west.rubiconproject.com/exchange/sync.php?p=onfocus&khaos=LOYG384P-1A-3TH2 HTTP 302
https://u.4dex.io/setuid?bidder=rubicon&uid=LOYG384P-1A-3TH2

Request Chain 146

https://match.adsrvr.org/track/cmf/rubicon HTTP 302
https://match.adsrvr.org/track/cmb/rubicon HTTP 302
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=1f84e42a-3857-4e14-8d09-cf8ba9f90468&gdpr=0&gdpr_consent=&expires=30

Request Chain 148

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEISnN6Lu04hMNpOqvQLQIYI&google_cver=1

Request Chain 149

https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NmY4ZjNiNGQ3MDM2OGUwOWM3NjVkNjdmZWYyYTcxY2ZiOTlmYjBjZQ

Request Chain 150

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=RN0EAmvjQAyyIf3q0_6mxA&rk=usync-na HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=RN0EAmvjQAyyIf3q0_6mxA

Request Chain 151

https://token.rubiconproject.com/token?pid=25470 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_cm&google_hm=TE9ZRzM4NFAtMUEtM1RIMg== HTTP 302
https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESELlYVcOjuqG2fL76L27r1KM&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TE9ZRzM4NFAtMUEtM1RIMg==&google_push=

Request Chain 152

https://token.rubiconproject.com/token?pid=36584 HTTP 302
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LOYG384P-1A-3TH2

Request Chain 153

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/rubicon/25nbXaRoq_34SXkp4VzCGMn5EUdSAgOZEtemQ7w0kco?csrc= HTTP 302
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-ko.4W6ZE2oLcCfvwHCADcXpNqmbvaSK27tDXGA--~A

Request Chain 154

https://match.prod.bidr.io/cookie-sync/rp?bee_sync_partners=rp HTTP 303
https://match.prod.bidr.io/cookie-sync/rp?bee_sync_partners=rp&_bee_ppp=1 HTTP 303
https://pixel.rubiconproject.com/tap.php?v=183462&nid=4114&put=AAEIVU7KpxAAABM06dQw6w&expires=30

Request Chain 155

https://sync.ipredictive.com/d/sync/cookie/generic?https://pixel.rubiconproject.com/tap.php?v=17149&nid=2861&put=${ADELPHIC_CUID}&expires=30 HTTP 302
https://pixel.rubiconproject.com/tap.php?v=17149&nid=2861&put=2920fc55-75ab-4f73-a094-67a0e0ccbbb2&expires=30

Request Chain 156

https://pixel.rubiconproject.com/exchange/sync.php?p=primis HTTP 302
https://live.primis.tech/live/liveCS.php?source=external&advId=100&advUuid=LOYG384P-1A-3TH2 HTTP 301
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1725065545&3rdpcid=LOYG384P-1A-3TH2 HTTP 302
https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1725065545&3rdpcid=LOYG384P-1A-3TH2&ckls=true&ci=Si0lTT6idM&nc=false&trid=-1410515309

Request Chain 157

https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-apn HTTP 302
https://ib.adnxs.com/prebid/setuid?bidder=rubicon&uid=LOYG384P-1A-3TH2

Request Chain 158

https://pixel.rubiconproject.com/exchange/sync.php?p=18694 HTTP 302
https://match.sharethrough.com/sync/v1?source_id=UiRtTsXAfjmfSDAKnR1FjWsu&source_user_id=LOYG384P-1A-3TH2

Request Chain 159

https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-adaptmx HTTP 302
https://prebid.a-mo.net/setuid/magnite?uid=LOYG384P-1A-3TH2

Request Chain 160

https://token.rubiconproject.com/token?pid=26594 HTTP 302
https://ups.analytics.yahoo.com/ups/58160/sync?_origin=1&uid=LOYG384P-1A-3TH2&redir=true HTTP 302
https://ups.analytics.yahoo.com/ups/58160/sync?_origin=1&uid=LOYG384P-1A-3TH2&redir=true&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/58824/sync?_origin=0&dpid=58160&ovsid=LOYG384P-1A-3TH2&redir=true HTTP 302
https://hb.yahoo.net/cksync?cs=63&axid_e=eS1BLm95MWh0RTJ1RXpuWUJfUy5lQy5aVEthMno2ZXB5Y35B&ovsid=LOYG384P-1A-3TH2&dpid=58160

Request Chain 161

https://pixel.rubiconproject.com/exchange/sync.php?p=19564 HTTP 302
https://capi.connatix.com/us/pixel?puid=LOYG384P-1A-3TH2&pId=11&gdpr=&gdpr_consent=&us_privacy= HTTP 302
https://capi.connatix.com/us/pixel?puid=LOYG384P-1A-3TH2&pId=11&gdpr=&gdpr_consent=&us_privacy=&final=true

Request Chain 173

https://ad.turn.com/r/cs?pid=3&google_gid=CAESENI4_fnodHnhONcsoxHV2ZU&google_cver=1&google_push=AXcoOmR2ZWrbtDwCH1aTPy80XEa-0NveKvTdumeLIO0dK0KpK2uHhYvU0aiFjHHXwaz-2gotvz-VFQ8d_3mj_6t2QLiVpA1E3JCARDM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzcxMzQzNzM1MzY4OTM2OTc3MQ==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESENI4_fnodHnhONcsoxHV2ZU&google_cver=1

Request Chain 174

https://um.simpli.fi/gp_match?google_gid=CAESEFDMK_mTdQipmoApsOJ831I&google_cver=1&google_push=AXcoOmTa8xWUNvkjUdsIvkO5Vm8ngrlMHao0PXSmRgAKa9PTgJybxyWQRvhyAqS1CA_DZ-pxIlQrsfJsEPkU-SYz7ZvTr3sH2jh8FDU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=43FCC97914064CD3BEEBB4ABF83F6B53&google_push=AXcoOmTa8xWUNvkjUdsIvkO5Vm8ngrlMHao0PXSmRgAKa9PTgJybxyWQRvhyAqS1CA_DZ-pxIlQrsfJsEPkU-SYz7ZvTr3sH2jh8FDU

Request Chain 175

https://px.ads.linkedin.com/setuid?partner=googleadxdb&google_gid=CAESEKm15HIk2xggz0X3f3uXQRM&google_cver=1&google_push=AXcoOmR6Vv1YwgMZVxcXYH8VnGOYsr_8hZ1QHYHiHYBTDYOnU8LprLhRZpDVcWae1LcyLHtSuK2Kv5fd7y-Jms5ZEP3luUH25oF-4YY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AXcoOmR6Vv1YwgMZVxcXYH8VnGOYsr_8hZ1QHYHiHYBTDYOnU8LprLhRZpDVcWae1LcyLHtSuK2Kv5fd7y-Jms5ZEP3luUH25oF-4YY

Request Chain 176

https://match.adsrvr.org/track/cmf/google?google_gid=CAESEBKTQX6nMiT_a-K6nqG8tN0&google_cver=1&google_push=AXcoOmQXsGvKkFt3r9gFg3IZz4DnOzaagiey7a7SAdOgXWHWNQyqUJxscIL9dvnEUiY5MH-NjL_NeYSBl6PkE2JW0p54A56wvEG-1-c HTTP 302
https://match.adsrvr.org/track/cmb/google?google_gid=CAESEBKTQX6nMiT_a-K6nqG8tN0&google_cver=1&google_push=AXcoOmQXsGvKkFt3r9gFg3IZz4DnOzaagiey7a7SAdOgXWHWNQyqUJxscIL9dvnEUiY5MH-NjL_NeYSBl6PkE2JW0p54A56wvEG-1-c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_hm=MWY4NGU0MmEtMzg1Ny00ZTE0LThkMDktY2Y4YmE5ZjkwNDY4&google_push&gdpr=0&gdpr_consent=&ttd_tdid=1f84e42a-3857-4e14-8d09-cf8ba9f90468

Request Chain 189

https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0015a00002oUk4aAAC&ru=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X HTTP 302
https://de.tynt.com/deb/?m=xch&rt=html&id=0015a00002oUk4aAAC&ru=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X HTTP 307
https://hde.tynt.com/deb/?m=xch&rt=html&id=0015a00002oUk4aAAC&ru=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X&b=1

Request Chain 190

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=33across&endpoint=us-east&us_privacy= HTTP 301
https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=

Request Chain 191

https://ssc-cms.33across.com/ps/?us_privacy=&ts=1699973098326.7&ri=25&ru=https%3A%2F%2Fads.pubmatic.com%2FAdServer%2Fjs%2Fuser_sync.html%3F%26p%3D156423%26us_privacy%3D%24%7BUS_PRIVACY%7D%26predirect%3Dhttps%253A%252F%252Fevents-ssc.33across.com%252Fmatch%253Fliv%253Dh%2526us_privacy%253D%24%7BUS_PRIVACY%7D%2526bidder_id%253D25%2526external_user_id%253D HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?&p=156423&us_privacy=&predirect=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dh%26us_privacy%3D%26bidder_id%3D25%26external_user_id%3D

Request Chain 192

https://ssc-cms.33across.com/ps/?_=1699973098326.&ri=0015a00002oUk4aAAC&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X HTTP 302
https://u.4dex.io/setuid?bidder=33across&uid=212343793359664

Request Chain 193

https://x.bidswitch.net/sync?ssp=the33across&us_privacy= HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=the33across&us_privacy= HTTP 302
https://t.pswec.com/bsw_sync?ssp=the33across&bsw_user_id=f0c97ce2-cff2-4fe8-8a14-1660a8904835 HTTP 302
https://t.pswec.com/ul_cb/bsw_sync?ssp=the33across&bsw_user_id=f0c97ce2-cff2-4fe8-8a14-1660a8904835 HTTP 302
https://x.bidswitch.net/sync?dsp_id=2&user_id=2b0c7282-f9b5-41bf-8c41-b30e8ebb060b&expires=3&user_group=1&ssp=the33across HTTP 302
https://ssc-cms.33across.com/ps/?xi=10&us_privacy=&xu=f0c97ce2-cff2-4fe8-8a14-1660a8904835 HTTP 302
https://events-ssc.33across.com/match?bidder_id=10&external_user_id=f0c97ce2-cff2-4fe8-8a14-1660a8904835&ts=1699973099&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 194

https://ups.analytics.yahoo.com/ups/58350/sync?redir=true HTTP 302
https://ssc-cms.33across.com/ps/?xi=99&us_privacy=&xu=y-GrN1oadE2uEsbsdSTR5zqsQzItCZFyzT~A HTTP 302
https://events-ssc.33across.com/match?bidder_id=99&external_user_id=y-GrN1oadE2uEsbsdSTR5zqsQzItCZFyzT%7EA&ts=1699973098&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 195

https://33across-match.dotomi.com/match/bounce/current?networkId=78390&version=1&us_privacy= HTTP 302
https://33across-match.dotomi.com/match/bounce/current?DotomiTest=69aed65e44351037&is_secure=true&networkId=78390&version=1&us_privacy= HTTP 302
https://ssc-cms.33across.com/ps?xi=64&xu=AAAHaBv4Gr3N5wN07OSKAAAAAAA&expiration=1700059498&is_secure=true&us_privacy= HTTP 302
https://events-ssc.33across.com/match?bidder_id=64&external_user_id=AAAHaBv4Gr3N5wN07OSKAAAAAAA&ts=1699973098&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 196

https://eb2.3lift.com/getuid?gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fssc-cms.33across.com%2Fps%2F%3Fus_privacy%3D%26xi%3D33%26xu%3D%24UID HTTP 302
https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fssc-cms.33across.com%2Fps%2F%3Fus_privacy%3D%26xi%3D33%26xu%3D%24UID HTTP 302
https://ssc-cms.33across.com/ps/?us_privacy=&xi=33&xu=3187032228587469864208 HTTP 302
https://events-ssc.33across.com/match?bidder_id=33&external_user_id=3187032228587469864208&ts=1699973098&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 199

https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=33across&us_privacy=&khaos=LOYG384P-1A-3TH2 HTTP 302
https://ssc-cms.33across.com/ps/?xi=1&xu=LOYG384P-1A-3TH2 HTTP 302
https://events-ssc.33across.com/match?bidder_id=30&external_user_id=LOYG384P-1A-3TH2&ts=1699973098&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 211

https://match.sharethrough.com/FGMrCMMc/v1?redirectUri=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsharethrough%26uid%3D%24UID HTTP 302
https://sync.quantumdex.io/setuid?bidder=sharethrough&uid=87fb8ab2-46d1-4802-8255-c4160004c6c0

Request Chain 212

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dappnexus%26uid%3D%24UID HTTP 302
https://sync.quantumdex.io/setuid?bidder=appnexus&uid=3384027298418322803

Request Chain 215

https://s.ad.smaato.net/c/?adExInit=p&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsmaato%26uid%3D%24UID HTTP 302
https://sync.quantumdex.io/setuid?bidder=smaato&uid=29dc6481b8

Request Chain 217

https://id5-sync.com/i/495/0.gif?callback=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dinmobi%26uid%3D%7BID5UID%7D HTTP 302
https://id5-sync.com/c/495/0/0/1.gif?gdpr=0&gdpr_consent=&us_privacy= HTTP 302
https://sync.quantumdex.io/setuid?bidder=inmobi&uid=ID5-08db39uvLHYOsB9Byz6RB1tDic9g9cDpyuYkRSHuhA

Request Chain 229

https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=3658&xuid=1f84e42a-3857-4e14-8d09-cf8ba9f90468&dongle=0cfd&gdpr=0&gdpr_consent=

Request Chain 230

https://eb2.3lift.com/ebda?sync=1&gdpr=0&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=0&gdpr_consent=&us_privacy=&google_hm=MzE4NzAzMjIyODU4NzQ2OTg2NDIwOA%3D%3D HTTP 302
https://eb2.3lift.com/ebda?gdpr=0&gdpr_consent=

Request Chain 231

https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEFe7I5ClshJIgCzKpfJYzYU&dongle=c627&gdpr=0&gdpr_consent=&google_cver=1

Request Chain 232

https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=0&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=0&gdpr_consent=&us_privacy=&google_hm=MzE4NzAzMjIyODU4NzQ2OTg2NDIwOA%3D%3D

Request Chain 234

https://pr-bh.ybp.yahoo.com/sync/triplelift/3187032228587469864208?gdpr=0&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=2662&xuid=y-CteISJpE2oTB5jYYiYKb.nt3vatWXpnXu6lfz8tH3Q--~A&dongle=0883

Request Chain 235

https://x.bidswitch.net/sync?ssp=triplelift&user_id=3187032228587469864208&gdpr=0&gdpr_consent=${GDPR_CONSENT} HTTP 302
https://beacon.lynx.cognitivlabs.com/bidSwitch.gif?bidswitch_ssp_id=triplelift&bsw_custom_parameter=f0c97ce2-cff2-4fe8-8a14-1660a8904835 HTTP 302
https://x.bidswitch.net/sync?dsp_id=425&user_group=1&expires=365&user_id=a3de0b85-807a-417a-92da-6288943555ad&ssp=triplelift&bsw_param=f0c97ce2-cff2-4fe8-8a14-1660a8904835 HTTP 302
https://eb2.3lift.com/xuid?mid=2409&xuid=f0c97ce2-cff2-4fe8-8a14-1660a8904835&dongle=d3d3&gdpr=&gdpr_consent=&gdpr_pd=

Request Chain 237

https://ib.adnxs.com/getuid?https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D3335%26xuid%3D%24UID%26dongle%3D4d58%26gdpr=0%26gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=3335&xuid=3384027298418322803&dongle=4d58&gdpr=0&gdpr_consent=

Request Chain 240

https://googleads.g.doubleclick.net/pagead/adview?ai=CNpK054dTZY2QHsnCxtYP6d6w0AWj6seMdNGr4K_UEWQQASDCkZocYP2gmYHoA6AB6qf15APIAQmoAwHIA8sEqgTUAU_QzD8Gcx5BHGtRERbq6tCXC6nerV-sICu5PdlxWYgGTBO-EIeQj_MR9tk-kNxah3kPewsNy2pyTMVOJmetjtk6O68D1Q17C3KslbRDFWMWM_4UF9p4k9npOqVcrcgHiFjzB_kjXZEsDdUryP3r3eOm-3ogYVeto4QsPFOAM2R__6T54iYe74kl6UW-c-FH9LD0ty9TEV0U_7AKGREfn19pyJDBhKNukpdX2KwayvNcMUXWTLKqRo81LZX-oBzykw-WEBAwdm_1SifgwOnKhWRoj9nkwASWx5DLmASIBY3Zl6lDkgUECAQYAZIFBAgFGASgBi6AB_7XihuoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAemvhvYBwDyBwQQqYYo0ggUCIBhEAEYHzICigI6AoBASL39wTqaCRRodHRwczovL2FwcHN1bW8uY29tL4AKAcgLAaIMECoOCgzktLEC7rWxArW4sQLaDBAKChDwjZ_lk6zv7CISAgED2BMOiBQB0BUBgBcBshccChoIABIUcHViLTk0MjE4MjgyODI2MTc3MDQYAA&sigh=ElxNkTRb1a0&uach_m=[UACH]&ase=2&nis=4&cid=CAQSTwDICaaNB5XlZlWjTutcel3vNUH_NpO7MEjGJ0Azf_hB5Ddsyc0JQUGo4tqXfpcyuXWT9zDd5AKZFbtlyfGpMad-FUmxnOnEwNHvF7BSb8UYAQ&template_id=494&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xa05050a60223603b0000000000000000%22,%222%22:%220xd73862c2e35eddeb0000000000000000%22,%223%22:%220x88a889134529c30b0000000000000000%22,%224%22:%220x17f5f6d07f3bcc0000000000000000%22,%225%22:%220xd5ad11027c5ffd890000000000000000%22},%22debug_key%22:%2214436223436664855225%22,%22debug_reporting%22:true,%22destination%22:%22https://appsumo.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%221016943594%22],%224%22:[%2211-14%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2210709300583103654609%22}&andc=true

Request Chain 244

https://match.sharethrough.com/universal/v1?supply_id=5926d422&gdpr=0&gdpr_consent= HTTP 302
https://cs.yellowblue.io/cs?aid=11587&uid=0f68a618-c705-4253-95b1-8f2bb1107349&gdpr=0

Request Chain 246

https://ads.stickyadstv.com/user-matching?id=3663&gdpr=0&gdpr_consent= HTTP 302
https://cs.yellowblue.io/cs?aid=11601&id=53f46e8d69e48ef4c514fdc2611ac4a8&gdpr_consent=&gdpr=0

Request Chain 247

https://us-u.openx.net/w/1.0/cm?id=58ceaaf5-c766-4c17-869a-d76e43401714&gdpr=0&gdpr_consent=&r=https%3A%2F%2Fcs-server-s2s.yellowblue.io%2Fcs%3Faid%3D11563%26id%3D HTTP 302
https://us-u.openx.net/w/1.0/cm?cc=1&id=58ceaaf5-c766-4c17-869a-d76e43401714&gdpr=0&gdpr_consent=&r=https%3A%2F%2Fcs-server-s2s.yellowblue.io%2Fcs%3Faid%3D11563%26id%3D HTTP 302
https://cs-server-s2s.yellowblue.io/cs?aid=11563&id=0da10372-245a-47c4-9e93-692363ef549d

Request Chain 249

https://ib.adnxs.com/getuid?https%3A%2F%2Fcs-server-s2s.yellowblue.io%2Fcs%3Faid%3D11596%26id%3D$UID&gdpr=0&gdpr_consent= HTTP 302
https://cs-server-s2s.yellowblue.io/cs?aid=11596&id=3384027298418322803&gdpr=0&gdpr_consent=

Request Chain 250

https://csync.loopme.me/?pubid=11362&gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fcs-server-s2s.yellowblue.io%2Fcs%3Faid%3D11571%26id%3D%7Bdevice_id%7D HTTP 307
https://cs-server-s2s.yellowblue.io/cs?aid=11571&id=ee22485a-1279-4ca6-abe3-d023a923a966&gdpr_consent=null&gdpr=0

Request Chain 251

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcs-server-s2s.yellowblue.io%2Fcs%3Faid%3D11603%26gdpr%3D%5BGDPR%5D%26gdpr_consent%3D%5BUSER_CONSENT%5D%26uid%3D$%7BBSW_UUID%7D HTTP 302
https://cs-server-s2s.yellowblue.io/cs?aid=11603&gdpr=[GDPR]&gdpr_consent=[USER_CONSENT]&uid=f0c97ce2-cff2-4fe8-8a14-1660a8904835

Request Chain 252

https://sync.go.sonobi.com/us?gdpr=0&consent_string=&loc=https%3A%2F%2Fcs-server-s2s.yellowblue.io%2Fcs%3Faid%3D115667%26uid%3D%5BUID%5D HTTP 302
https://cs-server-s2s.yellowblue.io/cs?aid=115667&uid=a590c2b2-42e0-4915-8aa0-74beaccd5eb7

Request Chain 253

https://ssc-cms.33across.com/ps/?ri=0015a00002hdV5tAAE&ru=https%3A%2F%2Fcs-server-s2s.yellowblue.io%2Fcs%3Faid%3D11580%26puid%3D33XUSERID33X HTTP 302
https://cs-server-s2s.yellowblue.io/cs?aid=11580&puid=212343793359664

Request Chain 256

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=rise_engage&endpoint=us-east HTTP 301
https://eus.rubiconproject.com/usync.html?p=rise_engage&endpoint=us-east

Request Chain 260

https://x.bidswitch.net/sync?ssp=xapads&user_id=A3697800832230668502 HTTP 302
https://sync-dmp.mobtrakk.com/match/bidswitch?id=${user_id}&gdpr=&consent=&usp=&ssp=xapads&bsw=f0c97ce2-cff2-4fe8-8a14-1660a8904835 HTTP 302
https://sync-dmp.mobtrakk.com/match/bidswitch?id=%24%7Buser_id%7D&gdpr=&consent=&usp=&ssp=xapads&bsw=f0c97ce2-cff2-4fe8-8a14-1660a8904835&chk=1 HTTP 302
https://x.bidswitch.net/sync?dsp_id=457&user_id=YjViZGM1MDNhZDMwNjZk&gdpr=&gdpr_consent=&us_privacy=&ssp=xapads&bsw_param=f0c97ce2-cff2-4fe8-8a14-1660a8904835 HTTP 302
https://sync.adkernel.com/user-sync?dsp=3&t=image&uid=f0c97ce2-cff2-4fe8-8a14-1660a8904835

Request Chain 265

https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=rise_engage&khaos=LOYG384P-1A-3TH2 HTTP 302
https://cs.yellowblue.io/cs?aid=11590&id=LOYG384P-1A-3TH2

Request Chain 266

https://x.bidswitch.net/sync?ssp=xapads&user_id=A1361858343689971236 HTTP 302
https://rtb.mfadsrvr.com/sync?ssp=bidswitch&bidswitch_ssp_id=xapads&bsw_user_id=f0c97ce2-cff2-4fe8-8a14-1660a8904835&gdpr=&gdpr_consent=&us_privacy= HTTP 302
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=xapads&bsw_user_id=f0c97ce2-cff2-4fe8-8a14-1660a8904835&gdpr=&gdpr_consent=&us_privacy= HTTP 302
https://x.bidswitch.net/sync?dsp_id=250&expires=14&user_id=3ac614de-e77c-4a6b-8dc7-afc82e334443&ssp=xapads HTTP 302
https://sync.adkernel.com/user-sync?dsp=3&t=image&uid=f0c97ce2-cff2-4fe8-8a14-1660a8904835

267 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
plugins4free.com/plugin/2593/ 468 KB
57 KB 216ms
144ms Document
text/html 51.79.20.70
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://plugins4free.com/plugin/2593/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 51.79.20.70 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns566592.ip-51-79-20.net
Software: Apache/2.4.38 /
Resource Hash: 6857ffa808c066dc61ba4241d12bc22b993628bfa868991d32e9ea8458807149

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: none
cache-control: max-age=20, private
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 14 Nov 2023 14:44:54 GMT
etag: "750de-zjJEQ75BNrUPQZVBLIPGMFIwDFw"
server: Apache/2.4.38
vary: Accept-Encoding

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 186 KB
67 KB 135ms
54ms Script
application/javascript 172.253.63.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-1440877-1

Requested by

Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

ec14e5eb7512e49e5b837e67d515af4f6bf5efdf4957a2fb93bf6dfa878294c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:54 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68668
x-xss-protection: 0
last-modified: Tue, 14 Nov 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 14 Nov 2023 14:44:54 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 1 KB
1 KB 131ms
52ms Script
text/javascript 142.251.16.103
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=explicit

Requested by

Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.103 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f103.1e100.net

Software

GSE /

Resource Hash

f0e435535ad00d5f95dcea11de2d87f3a738d49fec323296cf5cd725bc8a92ae

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Tue, 14 Nov 2023 14:44:54 GMT

GET
H2 200 runtime.js Show response
plugins4free.com/_nuxt/ 3 KB
1 KB 52ms
48ms Script
application/javascript 51.79.20.70
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://plugins4free.com/_nuxt/runtime.js
Requested by: Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 51.79.20.70 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns566592.ip-51-79-20.net
Software: Apache/2.4.38 /
Resource Hash: 9417bb3ab7db32c02d410157f6db3f8410063aa01f826e3a960d87384a50f7d8

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/plugin/2593/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:54 GMT
content-encoding: gzip
last-modified: Wed, 12 Apr 2023 18:25:27 GMT
server: Apache/2.4.38
etag: W/"a61-18776b72859"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=20, private
accept-ranges: bytes

GET
H2 200 commons.app.js Show response
plugins4free.com/_nuxt/ 176 KB
60 KB 60ms
57ms Script
application/javascript 51.79.20.70
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://plugins4free.com/_nuxt/commons.app.js
Requested by: Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 51.79.20.70 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns566592.ip-51-79-20.net
Software: Apache/2.4.38 /
Resource Hash: f6fc72d5a06fc6a495dfa314828bd68c1a112db58097e2442b52b7d4de96766d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/plugin/2593/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:54 GMT
content-encoding: gzip
last-modified: Wed, 12 Apr 2023 18:25:27 GMT
server: Apache/2.4.38
etag: W/"2bedd-18776b72855"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=20, private
accept-ranges: bytes

GET
H2 200 vendors.app.js Show response
plugins4free.com/_nuxt/ 722 KB
148 KB 59ms
56ms Script
application/javascript 51.79.20.70
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://plugins4free.com/_nuxt/vendors.app.js
Requested by: Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 51.79.20.70 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns566592.ip-51-79-20.net
Software: Apache/2.4.38 /
Resource Hash: 543741ea808dbd5f2ccfa4f1d37253c180d07948085dad8eeb73b33492ea5461

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/plugin/2593/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:54 GMT
content-encoding: gzip
last-modified: Wed, 12 Apr 2023 18:25:27 GMT
server: Apache/2.4.38
etag: W/"b4832-18776b72859"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=20, private
accept-ranges: bytes

GET
H2 200 app.js Show response
plugins4free.com/_nuxt/ 60 KB
18 KB 53ms
50ms Script
application/javascript 51.79.20.70
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://plugins4free.com/_nuxt/app.js
Requested by: Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 51.79.20.70 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns566592.ip-51-79-20.net
Software: Apache/2.4.38 /
Resource Hash: 0a41318e8676f624371fc38baf7a8970fb1231d4ea525b59e6b98bd94591946c

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/plugin/2593/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:54 GMT
content-encoding: gzip
last-modified: Wed, 12 Apr 2023 18:25:27 GMT
server: Apache/2.4.38
etag: W/"f0e2-18776b72855"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=20, private
accept-ranges: bytes

GET
H2 200 [_]pluginID.js Show response
plugins4free.com/_nuxt/pages/Plugin/ 6 KB
2 KB 51ms
48ms Script
application/javascript 51.79.20.70
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://plugins4free.com/_nuxt/pages/Plugin/[_]pluginID.js
Requested by: Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 51.79.20.70 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns566592.ip-51-79-20.net
Software: Apache/2.4.38 /
Resource Hash: 6fbd7d1149c9f72c6bb763246db80c9e5fa384b2264c5e5cd53f1c543ae5f7c9

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/plugin/2593/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:54 GMT
content-encoding: gzip
last-modified: Wed, 12 Apr 2023 18:25:27 GMT
server: Apache/2.4.38
etag: W/"181d-18776b72859"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=20, private
accept-ranges: bytes

GET
H2 200 26.js Show response
plugins4free.com/_nuxt/ 14 KB
5 KB 52ms
49ms Script
application/javascript 51.79.20.70
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://plugins4free.com/_nuxt/26.js
Requested by: Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 51.79.20.70 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns566592.ip-51-79-20.net
Software: Apache/2.4.38 /
Resource Hash: 380570786b3b7753ef9345ce1c8754e704302d3244cc7b06d7c0650108c4224d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/plugin/2593/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:54 GMT
content-encoding: gzip
last-modified: Wed, 12 Apr 2023 18:25:27 GMT
server: Apache/2.4.38
etag: W/"37d1-18776b72859"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=20, private
accept-ranges: bytes

GET
H2 200 39.js Show response
plugins4free.com/_nuxt/ 463 B
358 B 54ms
52ms Script
application/javascript 51.79.20.70
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://plugins4free.com/_nuxt/39.js
Requested by: Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 51.79.20.70 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns566592.ip-51-79-20.net
Software: Apache/2.4.38 /
Resource Hash: d74bb875198085803154ebbf3685df531232cec9c96d47259dd4e7325132cedd

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/plugin/2593/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:54 GMT
content-encoding: gzip
last-modified: Wed, 12 Apr 2023 18:25:27 GMT
server: Apache/2.4.38
etag: W/"1cf-18776b72859"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=20, private
accept-ranges: bytes

GET
H2 200 38.js Show response
plugins4free.com/_nuxt/ 2 KB
949 B 51ms
49ms Script
application/javascript 51.79.20.70
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://plugins4free.com/_nuxt/38.js
Requested by: Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 51.79.20.70 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns566592.ip-51-79-20.net
Software: Apache/2.4.38 /
Resource Hash: 74ab137d1b9f0d42f6a123f08f4c59d5ef8814488e5ae8bea092ef78e6938b02

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/plugin/2593/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:54 GMT
content-encoding: gzip
last-modified: Wed, 12 Apr 2023 18:25:27 GMT
server: Apache/2.4.38
etag: W/"65f-18776b72859"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=20, private
accept-ranges: bytes

GET
H2 200 29.js Show response
plugins4free.com/_nuxt/ 13 KB
4 KB 54ms
52ms Script
application/javascript 51.79.20.70
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://plugins4free.com/_nuxt/29.js
Requested by: Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 51.79.20.70 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns566592.ip-51-79-20.net
Software: Apache/2.4.38 /
Resource Hash: 5d3ad1935c5cda74ba872946bddff25d6be856df56b2ecce1f4edfe7289f207d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/plugin/2593/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:54 GMT
content-encoding: gzip
last-modified: Wed, 12 Apr 2023 18:25:27 GMT
server: Apache/2.4.38
etag: W/"3469-18776b72859"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=20, private
accept-ranges: bytes

GET
H2 200 32.js Show response
plugins4free.com/_nuxt/ 4 KB
2 KB 54ms
52ms Script
application/javascript 51.79.20.70
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://plugins4free.com/_nuxt/32.js
Requested by: Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 51.79.20.70 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns566592.ip-51-79-20.net
Software: Apache/2.4.38 /
Resource Hash: c7bb90368efa98cc3c3d57b40e7b6764a40f3d0780704ad99591702094348b45

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/plugin/2593/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:54 GMT
content-encoding: gzip
last-modified: Wed, 12 Apr 2023 18:25:27 GMT
server: Apache/2.4.38
etag: W/"11c6-18776b72859"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=20, private
accept-ranges: bytes

GET
H2 200 33.js Show response
plugins4free.com/_nuxt/ 4 KB
2 KB 57ms
56ms Script
application/javascript 51.79.20.70
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://plugins4free.com/_nuxt/33.js
Requested by: Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 51.79.20.70 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns566592.ip-51-79-20.net
Software: Apache/2.4.38 /
Resource Hash: c7efc2fb43ed5119b250a8db182c34d4fcada6de81a56bf0c230f1f689547ae2

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/plugin/2593/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:54 GMT
content-encoding: gzip
last-modified: Wed, 12 Apr 2023 18:25:27 GMT
server: Apache/2.4.38
etag: W/"10fe-18776b72859"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=20, private
accept-ranges: bytes

GET
H2 200 5.js Show response
plugins4free.com/_nuxt/ 1 KB
655 B 58ms
57ms Script
application/javascript 51.79.20.70
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://plugins4free.com/_nuxt/5.js
Requested by: Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 51.79.20.70 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns566592.ip-51-79-20.net
Software: Apache/2.4.38 /
Resource Hash: 91d090cc39d39e25632d9ba218f551f022892895a1db2f103ed8062e63a18b2c

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/plugin/2593/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:54 GMT
content-encoding: gzip
last-modified: Wed, 12 Apr 2023 18:25:27 GMT
server: Apache/2.4.38
etag: W/"4a9-18776b72855"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=20, private
accept-ranges: bytes

GET
H2 200 / Show response
services.vlitag.com/adv1/ 576 KB
148 KB 104ms
55ms Script
application/javascript 172.67.21.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://services.vlitag.com/adv1/?q=e9fe5fff997f24da2f25a5fb3de32256
Requested by: Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.21.227 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 93d32884d6f3238598cb851e1df730612e85343b59ade0dd4a6c2d740f1639bd

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:54 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
server: cloudflare
age: 696
cf-polished: origSize=589849
etag: W/"e9fe5fff997f24da2f25a5fb3de32256 2023-11-13T23:08:04 v1 default"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, stale-while-revalidate=3600
x-robots-tag: noindex, nofollow, noarchive, nosnippet
cf-ray: 826009026c5a3a0a-YYZ
alt-svc: h3=":443"; ma=86400

GET
H2 200 word_logo.7be5645.png
plugins4free.com/_nuxt/img/ 20 KB
20 KB 31ms
31ms Image
image/png 51.79.20.70
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://plugins4free.com/_nuxt/img/word_logo.7be5645.png
Requested by: Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 51.79.20.70 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns566592.ip-51-79-20.net
Software: Apache/2.4.38 /
Resource Hash: 863a6a0276355b433d9298e51dbebe611e1c487dd15f1f1f11b506ec2ee2379d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/plugin/2593/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:54 GMT
last-modified: Wed, 12 Apr 2023 18:25:27 GMT
server: Apache/2.4.38
etag: W/"4e12-18776b72855"
content-type: image/png
cache-control: max-age=20, private
accept-ranges: bytes
content-length: 19986

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 150 KB
52 KB 155ms
77ms Script
text/javascript 142.251.111.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.111.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bk-in-f154.1e100.net

Software

cafe /

Resource Hash

0a1f8da6b54cadc8fe60b1fb6b3409878bdee6a43e0d266fb55d617fc7172499

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:54 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52738
x-xss-protection: 0
server: cafe
etag: 634154921743663134
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 14 Nov 2023 14:44:54 GMT

GET
H2 200 overlay-widget.js Show response
storage.ko-fi.com/cdn/scripts/ 16 KB
5 KB 88ms
38ms Script
application/javascript 172.67.26.21
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.ko-fi.com/cdn/scripts/overlay-widget.js
Requested by: Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.67.26.21 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85a8c75fdf88c5cecd850c7da6726f989585e565b7e634a5f3722a24286ee739

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 14 Nov 2023 14:44:54 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: Tt5z7rNW6rgxDlYGY45qMw==
age: 191
cf-polished: origSize=22458
x-ms-lease-status: unlocked
cf-bgj: minify
last-modified: Sun, 23 Oct 2022 22:21:01 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: f24b6009-001e-0031-5764-721089000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
cf-ray: 826009029ae036bd-YYZ

GET
H2 200 floating-chat-main.css
storage.ko-fi.com/cdn/scripts/ Frame 8BDF 588 B
477 B 32ms
32ms Stylesheet
text/css 172.67.26.21
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.ko-fi.com/cdn/scripts/floating-chat-main.css
Requested by: Host: storage.ko-fi.com
URL: https://storage.ko-fi.com/cdn/scripts/overlay-widget.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.67.26.21 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d95ba86fa0391a4a86a6388088e53e1a0bfa52fa6f3c7c1e057e898522a30570

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 14 Nov 2023 14:44:54 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: BHz4+3jV+xooBaj1E0Km4g==
age: 1189
cf-polished: origSize=839
x-ms-lease-status: unlocked
cf-bgj: minify
last-modified: Sun, 23 Oct 2022 22:21:50 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: f78f1e1c-001e-0031-47bf-501089000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
cf-ray: 82600902fb6e36bd-YYZ

GET
H2 200 floating-chat-main.css
storage.ko-fi.com/cdn/scripts/ Frame CA7F 588 B
383 B 37ms
37ms Stylesheet
text/css 172.67.26.21
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.ko-fi.com/cdn/scripts/floating-chat-main.css
Requested by: Host: storage.ko-fi.com
URL: https://storage.ko-fi.com/cdn/scripts/overlay-widget.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.67.26.21 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d95ba86fa0391a4a86a6388088e53e1a0bfa52fa6f3c7c1e057e898522a30570

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 14 Nov 2023 14:44:54 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: BHz4+3jV+xooBaj1E0Km4g==
age: 1189
cf-polished: origSize=839
x-ms-lease-status: unlocked
cf-bgj: minify
last-modified: Sun, 23 Oct 2022 22:21:50 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: f78f1e1c-001e-0031-47bf-501089000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
cf-ray: 82600902fb7b36bd-YYZ

GET
H2 200 floating-chat-wrapper.css
storage.ko-fi.com/cdn/scripts/ 6 KB
1 KB 39ms
39ms Stylesheet
text/css 172.67.26.21
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.ko-fi.com/cdn/scripts/floating-chat-wrapper.css
Requested by: Host: storage.ko-fi.com
URL: https://storage.ko-fi.com/cdn/scripts/overlay-widget.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.67.26.21 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 54bf5af24434f9006216242e7b12b9ff58c736f4e1a4d47f08c433971800b565

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 14 Nov 2023 14:44:54 GMT
content-encoding: gzip
cf-cache-status: HIT
content-md5: E53X9EMRndzQtdHOHn9Ilw==
age: 2636
cf-polished: origSize=9058
x-ms-lease-status: unlocked
cf-bgj: minify
last-modified: Sun, 23 Oct 2022 22:21:49 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: ddfde7a0-401e-000e-459f-0cf43b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
cf-ray: 826009030b7e36bd-YYZ

GET
H2 200 css
fonts.googleapis.com/ 5 KB
1 KB 123ms
46ms Stylesheet
text/css 142.251.163.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Nunito:400,700,800&display=swap

Requested by

Host: storage.ko-fi.com
URL: https://storage.ko-fi.com/cdn/scripts/overlay-widget.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.163.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f95.1e100.net

Software

ESF /

Resource Hash

cced72a5fc90de9cbfa59c691d65be471f67d2aae3e3ed37ebe476bf2b0c7030

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 14 Nov 2023 14:44:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 14 Nov 2023 14:33:21 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 14 Nov 2023 14:44:54 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 8BDF 5 KB
690 B 124ms
47ms Stylesheet
text/css 142.251.163.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Nunito:400,700,800&display=swap

Requested by

Host: storage.ko-fi.com
URL: https://storage.ko-fi.com/cdn/scripts/overlay-widget.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.163.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f95.1e100.net

Software

ESF /

Resource Hash

cced72a5fc90de9cbfa59c691d65be471f67d2aae3e3ed37ebe476bf2b0c7030

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 14 Nov 2023 14:44:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 14 Nov 2023 13:37:41 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 14 Nov 2023 14:44:54 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame CA7F 5 KB
691 B 123ms
46ms Stylesheet
text/css 142.251.163.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Nunito:400,700,800&display=swap

Requested by

Host: storage.ko-fi.com
URL: https://storage.ko-fi.com/cdn/scripts/overlay-widget.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.163.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f95.1e100.net

Software

ESF /

Resource Hash

cced72a5fc90de9cbfa59c691d65be471f67d2aae3e3ed37ebe476bf2b0c7030

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 14 Nov 2023 14:44:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 14 Nov 2023 14:33:33 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 14 Nov 2023 14:44:54 GMT

GET
H2 200 cup-border.png
storage.ko-fi.com/cdn/ Frame 8BDF 6 KB
6 KB 35ms
35ms Image
image/webp 172.67.26.21
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://storage.ko-fi.com/cdn/cup-border.png
Requested by: Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.67.26.21 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 457554ad286ecf6fd5f5e79e6c883602d57638d50f96fb060f6edc19de027834

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 14 Nov 2023 14:44:54 GMT
cf-cache-status: HIT
content-md5: nt+i2V4lVEX5fauLp9jhTw==
age: 3840
cf-polished: origFmt=png, origSize=11273
content-disposition: inline; filename="cup-border.webp"
content-length: 6016
x-ms-lease-status: unlocked
cf-bgj: imgq:100,h2pri,csam-hash
last-modified: Sun, 23 Oct 2022 21:56:48 GMT
server: cloudflare
etag: 0x8DAB5417C366016
vary: Accept
content-type: image/webp
access-control-allow-origin: *
x-ms-request-id: 10f997b2-501e-0033-16d0-00411d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 826009030b8136bd-YYZ

GET
H2 200 cup-border.png
storage.ko-fi.com/cdn/ Frame CA7F 6 KB
6 KB 31ms
31ms Image
image/webp 172.67.26.21
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://storage.ko-fi.com/cdn/cup-border.png
Requested by: Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 172.67.26.21 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 457554ad286ecf6fd5f5e79e6c883602d57638d50f96fb060f6edc19de027834

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 14 Nov 2023 14:44:54 GMT
cf-cache-status: HIT
content-md5: nt+i2V4lVEX5fauLp9jhTw==
age: 3840
cf-polished: origFmt=png, origSize=11273
content-disposition: inline; filename="cup-border.webp"
content-length: 6016
x-ms-lease-status: unlocked
cf-bgj: imgq:100,h2pri,csam-hash
last-modified: Sun, 23 Oct 2022 21:56:48 GMT
server: cloudflare
etag: 0x8DAB5417C366016
vary: Accept
content-type: image/webp
access-control-allow-origin: *
x-ms-request-id: 10f997b2-501e-0033-16d0-00411d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 826009030b8336bd-YYZ

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/fGZmEzpfeSeqDJiApS_XZ4Y2/ 466 KB
188 KB 116ms
38ms Script
text/javascript 172.253.122.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/fGZmEzpfeSeqDJiApS_XZ4Y2/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=explicit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f94.1e100.net

Software

sffe /

Resource Hash

09ed391c987b3b27df5080114e00377ff1a748793cb417a809b33f22d737fe55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://plugins4free.com/
Origin: https://plugins4free.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 11:33:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 11472
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 191412
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 03:03:27 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 13 Nov 2024 11:33:42 GMT

GET
H2 200 40.js Show response
plugins4free.com/_nuxt/ 4 KB
2 KB 32ms
31ms Script
application/javascript 51.79.20.70
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://plugins4free.com/_nuxt/40.js
Requested by: Host: plugins4free.com
URL: https://plugins4free.com/_nuxt/runtime.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 51.79.20.70 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns566592.ip-51-79-20.net
Software: Apache/2.4.38 /
Resource Hash: cfe5efcc9712f5d697d7f6c543ce9c20508efbbe3a49740c6c352f9963a3668f

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/plugin/2593/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:54 GMT
content-encoding: gzip
last-modified: Wed, 12 Apr 2023 18:25:27 GMT
server: Apache/2.4.38
etag: W/"1137-18776b72859"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=20, private
accept-ranges: bytes

GET
H2 200 css
fonts.googleapis.com/ 13 KB
956 B 81ms
48ms Stylesheet
text/css 142.251.163.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:100,300,400,500,700,900&display=swap

Requested by

Host: plugins4free.com
URL: https://plugins4free.com/_nuxt/vendors.app.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.163.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f95.1e100.net

Software

ESF /

Resource Hash

b92f631c8cf38be6724c9b0ef9dcc762b7314ee2197ced3608efb40e02618fac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 14 Nov 2023 14:44:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 14 Nov 2023 14:12:26 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 14 Nov 2023 14:44:54 GMT

GET
H2 200 0.js Show response
plugins4free.com/_nuxt/ 17 KB
5 KB 33ms
33ms Script
application/javascript 51.79.20.70
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://plugins4free.com/_nuxt/0.js
Requested by: Host: plugins4free.com
URL: https://plugins4free.com/_nuxt/runtime.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 51.79.20.70 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns566592.ip-51-79-20.net
Software: Apache/2.4.38 /
Resource Hash: e695977d0348645637e7ecc405883195175ec7e2dd7b55b30ef98c1ab9e14254

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/plugin/2593/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:55 GMT
content-encoding: gzip
last-modified: Wed, 12 Apr 2023 18:25:27 GMT
server: Apache/2.4.38
etag: W/"4365-18776b72855"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=20, private
accept-ranges: bytes

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 16 KB
16 KB 114ms
38ms Font
font/woff2 142.251.111.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,300,400,500,700,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.111.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bk-in-f94.1e100.net

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://plugins4free.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Fri, 10 Nov 2023 04:11:02 GMT
x-content-type-options: nosniff
age: 383633
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 09 Nov 2024 04:11:02 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
15 KB 129ms
55ms Font
font/woff2 142.251.111.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,300,400,500,700,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.111.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bk-in-f94.1e100.net

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://plugins4free.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Fri, 10 Nov 2023 03:38:20 GMT
x-content-type-options: nosniff
age: 385595
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 09 Nov 2024 03:38:20 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 132ms
62ms Font
font/woff2 142.251.111.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,300,400,500,700,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.111.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bk-in-f94.1e100.net

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://plugins4free.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Thu, 09 Nov 2023 18:51:46 GMT
x-content-type-options: nosniff
age: 417189
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 08 Nov 2024 18:51:46 GMT

GET
H2 200 XRXV3I6Li01BKofINeaB.woff2
fonts.gstatic.com/s/nunito/v26/ Frame 8BDF 38 KB
38 KB 123ms
69ms Font
font/woff2 142.251.111.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/nunito/v26/XRXV3I6Li01BKofINeaB.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Nunito:400,700,800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.111.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bk-in-f94.1e100.net

Software

sffe /

Resource Hash

1a48b70f97555c13f84b8f088a417f9179d99b5101250819350acaf6e91bb92f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://plugins4free.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Thu, 09 Nov 2023 15:57:22 GMT
x-content-type-options: nosniff
age: 427653
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39124
x-xss-protection: 0
last-modified: Thu, 14 Sep 2023 00:02:20 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 08 Nov 2024 15:57:22 GMT

GET
H2 200 SLAX_2.jpg
media.plugins4free.com/img/ 33 KB
34 KB 64ms
29ms Image
image/jpeg 51.79.20.70
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.plugins4free.com/img/SLAX_2.jpg
Requested by: Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 51.79.20.70 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns566592.ip-51-79-20.net
Software: Apache/2.4.38 /
Resource Hash: d5a230724df7e22d94976809c0362185fb4a2bf861af72f03ab265ea38b7e496

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:55 GMT
last-modified: Fri, 12 Jun 2020 14:25:48 GMT
server: Apache/2.4.38
etag: "84c3-5a7e3da7ad411"
content-type: image/jpeg
cache-control: max-age=2628000, public
accept-ranges: bytes
content-length: 33987

GET
H2 200 e9fe5fff997f24da2f25a5fb3de32256.json Show response
services.vlitag.com/cli/ 42 B
352 B 127ms
84ms XHR
application/json 172.67.21.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://services.vlitag.com/cli/e9fe5fff997f24da2f25a5fb3de32256.json?hn=https://plugins4free.com
Requested by: Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=e9fe5fff997f24da2f25a5fb3de32256
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.21.227 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c745962f0e708ea8ef49da627bbf71889e2e474ce6847b275b12fdc0e82ad530

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Nov 2023 14:44:55 GMT
cf-cache-status: BYPASS
server: cloudflare
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://plugins4free.com
cache-control: private, no-cache, no-store, must-revalidate
accept-ranges: bytes
x-robots-tag: noindex, nofollow, noarchive, nosnippet
cf-ray: 826009050b9037cf-YYZ
content-length: 42
alt-svc: h3=":443"; ma=86400
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311060101/ 400 KB
136 KB 95ms
94ms Script
text/javascript 142.251.111.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311060101/show_ads_impl_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.111.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bk-in-f154.1e100.net

Software

cafe /

Resource Hash

9cfd23232261089c19c99663238583cd777f7b4eb1ebbdf611b3b5b4ce036ae9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:55 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 138658
x-xss-protection: 0
server: cafe
etag: 6969708297664848902
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Nov 2023 14:44:55 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/ Frame BA2B 9 KB
4 KB 115ms
37ms Document
text/html 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://plugins4free.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 77598
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4118
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 13 Nov 2023 17:11:37 GMT
etag: 16674218716276178799
expires: Mon, 27 Nov 2023 17:11:37 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 222 KB
79 KB 56ms
55ms Script
application/javascript 172.253.63.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-62G8H12RK3&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-1440877-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

8631009651fb60c5c9ee85bc965d9ff8a5b61b343293ab8c297e642966b80b2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:55 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 80621
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 14 Nov 2023 14:44:55 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 112ms
37ms Script
text/javascript 142.251.167.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-1440877-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.167.101 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f101.1e100.net

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 14 Nov 2023 14:19:43 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 1512
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Tue, 14 Nov 2023 16:19:43 GMT

GET
H2 200 KFOkCnqEu92Fr1MmgVxIIzI.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 38ms
37ms Font
font/woff2 142.251.111.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1MmgVxIIzI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,300,400,500,700,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.111.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bk-in-f94.1e100.net

Software

sffe /

Resource Hash

0f303f31706d39866cced9dcc17b61fb8423674278d7f6051d66b3a79ffbca18

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://plugins4free.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 06:15:51 GMT
x-content-type-options: nosniff
age: 289744
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15764
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:35 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 10 Nov 2024 06:15:51 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
15 KB 41ms
41ms Font
font/woff2 142.251.111.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,300,400,500,700,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.111.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bk-in-f94.1e100.net

Software

sffe /

Resource Hash

f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://plugins4free.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Fri, 10 Nov 2023 06:51:20 GMT
x-content-type-options: nosniff
age: 374015
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15740
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 09 Nov 2024 06:51:20 GMT

GET
H3 200 vl.json Show response
services.vlitag.com/vld/1699938185/ 13 B
273 B 112ms
112ms XHR
application/json 172.67.21.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://services.vlitag.com/vld/1699938185/vl.json?page_url=https%3A%2F%2Fplugins4free.com%2Fplugin%2F2593%2F
Requested by: Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=e9fe5fff997f24da2f25a5fb3de32256
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.21.227 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 76aacba4eece592e3a3281e69a5762c6f10b527a29fbba5eae5ac091f47ae554

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:55 GMT
cf-cache-status: HIT
last-modified: Tue, 14 Nov 2023 12:50:52 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://plugins4free.com
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
x-robots-tag: noindex, nofollow, noarchive, nosnippet
cf-ray: 82600905cd6d39e3-YYZ
content-length: 13
alt-svc: h3=":443"; ma=86400

GET
H3 200 e9fe5fff997f24da2f25a5fb3de32256.json Show response
services.vlitag.com/obj/1699938185/ 28 KB
4 KB 34ms
33ms XHR
application/json 172.67.21.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://services.vlitag.com/obj/1699938185/e9fe5fff997f24da2f25a5fb3de32256.json?cc=CA&hn=https://plugins4free.com
Requested by: Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=e9fe5fff997f24da2f25a5fb3de32256
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.21.227 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 623e70e203da8107308cea966abd42be29a2ec09445728474432a82581fd6415

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:55 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 14 Nov 2023 05:10:37 GMT
server: cloudflare
age: 34365
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://plugins4free.com
cache-control: public, immutable, max-age=31536000
x-robots-tag: noindex, nofollow, noarchive, nosnippet
cf-ray: 82600905cd6e39e3-YYZ
alt-svc: h3=":443"; ma=86400

POST
H2 204 collect
www.google-analytics.com/g/ 0
163 B 45ms
45ms Ping
text/plain 142.251.167.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-62G8H12RK3&gtm=45je3b81v9135341820&_p=1699973094937&gcd=11l1l1l1l1&dma=0&cid=1601140643.1699973095&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAAI&_s=1&sid=1699973095&sct=1&seg=0&dl=https%3A%2F%2Fplugins4free.com%2Fplugin%2F2593%2F&dt=Download%20Free%20Vintage%20compressor%20plugin%3A%20SLAX%20by%20Sonic%20Anomaly&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=897
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-62G8H12RK3&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.251.167.101 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: ww-in-f101.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Nov 2023 14:44:55 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://plugins4free.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 8125 197 KB
53 KB 507ms
506ms Document
text/html 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9421828282617704&output=html&adk=1812271804&adf=3025194257&lmt=1699973095&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=260x810_l%7C260x945_r&format=0x0&url=https%3A%2F%2Fplugins4free.com%2Fplugin%2F2593%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&ascmds=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699973095174&bpp=4&bdt=478&idt=206&shv=r20231109&mjsv=m202311060101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=441787687467&frm=20&pv=2&ga_vid=1601140643.1699973095&ga_sid=1699973095&ga_hid=1195136774&ga_fc=1&u_tz=-480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079515%2C44795922%2C44807464%2C44808112%2C31078301%2C44807763%2C44808148%2C44808285&oid=2&pvsid=865238194929361&tmod=24835775&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=229

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311060101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

3d40a8ef9c005f288d5126ae0c0de2ecce598b0ca20caf4328c9ed76419dd101

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://plugins4free.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 54212
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 14 Nov 2023 14:44:55 GMT
expires: Tue, 14 Nov 2023 14:44:55 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 64ms
64ms Image
image/gif 142.251.111.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=DIV&id=kofi-widget-overlay-6f000afe-68ba-4e00-a676-4dc4c37a8df6-kofi-popup-iframe-mobi&cls=floating-chat-kofi-popup-iframe-mobi&ign=true&pw=1600&ph=1200&x=0&y=1130.4

Requested by

Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.111.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bk-in-f154.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Nov 2023 14:44:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 prebid-8.21.0.js Show response
assets.vlitag.com/prebid/default/ 615 KB
187 KB 49ms
44ms Script
application/javascript 172.67.21.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.vlitag.com/prebid/default/prebid-8.21.0.js
Requested by: Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=e9fe5fff997f24da2f25a5fb3de32256
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.21.227 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a3531c1a6993ccc3e7b0f3e1495768e3464aecd55193ef112cb5555422ae6c90

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:55 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Fri, 03 Nov 2023 08:25:02 GMT
server: cloudflare
age: 973180
cf-polished: origSize=630565
etag: W/"6544ae5e-99f25"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=16070400
cf-ray: 826009067ae13a0a-YYZ
alt-svc: h3=":443"; ma=86400
expires: Fri, 03 Nov 2023 08:55:08 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 102 KB
31 KB 152ms
73ms Script
text/javascript 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=e9fe5fff997f24da2f25a5fb3de32256

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f156.1e100.net

Software

cafe /

Resource Hash

20d2894978cc2bac6fcc0e9f3d0fbc7a0469ec99277b6db68262b328debadb78

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:55 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31601
x-xss-protection: 0
server: cafe
etag: 995 / 19675 / m202311090101 / config-hash: 4139038881701353164
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 14 Nov 2023 14:44:55 GMT

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ 363 KB
125 KB 116ms
39ms Script
text/javascript 172.253.63.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=e9fe5fff997f24da2f25a5fb3de32256

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f95.1e100.net

Software

sffe /

Resource Hash

b9be7158c22e6b491bf8e343b9de0b503588d232c5d6bce3deca1bb5b3c02020

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 127387
x-xss-protection: 0
expires: Tue, 14 Nov 2023 14:44:55 GMT

GET
H2 200 sf_host.min.js Show response
assets.vlitag.com/plugins/safeframe/src/js/ 38 KB
17 KB 42ms
37ms Script
application/javascript 172.67.21.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.vlitag.com/plugins/safeframe/src/js/sf_host.min.js
Requested by: Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=e9fe5fff997f24da2f25a5fb3de32256
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.21.227 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1916cf4455a526aadafd82710bf7304154905dcdf69dd9e0b516a63cc82e27e0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:55 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 01 Nov 2019 05:04:50 GMT
server: cloudflare
age: 452759
etag: W/"5dbbbcf2-9806"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=16070400
cf-ray: 826009067ae43a0a-YYZ
alt-svc: h3=":443"; ma=86400
expires: Tue, 07 Nov 2023 10:59:24 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 267 KB
65 KB 139ms
51ms Script
application/javascript 18.160.53.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: services.vlitag.com
URL: https://services.vlitag.com/adv1/?q=e9fe5fff997f24da2f25a5fb3de32256
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.53.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-53-102.iad55.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c484c78d502a9769494d9fe87c9a826618b36fd60b567dee2cfa0f4e9163d79d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 13:54:02 GMT
content-encoding: gzip
via: 1.1 a075746ea1824aa1c02a5e26a9e968e4.cloudfront.net (CloudFront), 1.1 9b00405a1ff669043791884b75822050.cloudfront.net (CloudFront)
last-modified: Mon, 13 Nov 2023 20:18:45 GMT
server: AmazonS3
x-amz-cf-pop: IAD89-C3, IAD55-P2
age: 3054
x-amz-server-side-encryption: AES256
etag: W/"08899ab5b5f986f64974630ad47b39a1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
x-amz-cf-id: pgiN9B0-l5sqXfeVc8q3BKcZbOFNluQ5VoeLXS8qwqmt-2tWH4UuGA==

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 68E7 145 KB
43 KB 963ms
962ms Document
text/html 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9421828282617704&output=html&h=90&slotname=3831644919&adk=3988527980&adf=3131441721&pi=t.ma~as.3831644919&w=728&lmt=1699973095&format=728x90&url=https%3A%2F%2Fplugins4free.com%2Fplugin%2F2593%2F&ea=0&region=page-0.8801728567731477&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699973095178&bpp=2&bdt=482&idt=245&shv=r20231109&mjsv=m202311060101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=441787687467&frm=20&pv=1&ga_vid=1601140643.1699973095&ga_sid=1699973095&ga_hid=1195136774&ga_fc=1&u_tz=-480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=84&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079515%2C44795922%2C44807464%2C44808112%2C31078301%2C44807763%2C44808148%2C44808285&oid=2&pvsid=865238194929361&tmod=24835775&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=250

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311060101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

a3cd40a666fece2a2899f76f738f41239765f4b1b6af4ac5f9880f44f5a034f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://plugins4free.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 43386
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 14 Nov 2023 14:44:56 GMT
expires: Tue, 14 Nov 2023 14:44:56 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
69 B 45ms
44ms XHR
text/plain 142.251.167.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1195136774&t=pageview&_s=1&dl=https%3A%2F%2Fplugins4free.com%2Fplugin%2F2593%2F&ul=en-us&de=UTF-8&dt=Download%20Free%20Vintage%20compressor%20plugin%3A%20SLAX%20by%20Sonic%20Anomaly&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=990053592&gjid=1020631979&cid=1601140643.1699973095&tid=UA-1440877-1&_gid=1578176856.1699973095&_r=1&gtm=457e3b81&gcd=11l1l1l1l1&dma=0&jsscut=1&z=678950901

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.167.101 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f101.1e100.net

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://plugins4free.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 14 Nov 2023 14:44:55 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://plugins4free.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
155 B 37ms
37ms Image
image/gif 142.251.167.101
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=1195136774&t=pageview&_s=2&dl=https%3A%2F%2Fplugins4free.com%2Fplugin%2F2593%2F&dp=%2Fplugin%2F2593%2F&ul=en-us&de=UTF-8&dt=Download%20Free%20Vintage%20compressor%20plugin%3A%20SLAX%20by%20Sonic%20Anomaly&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=&gjid=&cid=1601140643.1699973095&tid=UA-1440877-1&_gid=1578176856.1699973095&gtm=457e3b81&gcd=11l1l1l1l1&dma=0&z=96960250

Requested by

Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.167.101 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f101.1e100.net

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Nov 2023 23:38:52 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 54363
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 831D 163 KB
44 KB 883ms
883ms Document
text/html 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9421828282617704&output=html&h=280&slotname=6439040174&adk=2121505350&adf=3071395567&pi=t.ma~as.6439040174&w=812&fwrn=4&fwrnh=100&lmt=1699973095&rafmt=1&format=812x280&url=https%3A%2F%2Fplugins4free.com%2Fplugin%2F2593%2F&ea=0&region=page-0.5396091586781009&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699973095181&bpp=1&bdt=485&idt=270&shv=r20231109&mjsv=m202311060101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=441787687467&frm=20&pv=1&ga_vid=1601140643.1699973095&ga_sid=1699973095&ga_hid=1195136774&ga_fc=1&u_tz=-480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=312&ady=1048&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079515%2C44795922%2C44807464%2C44808112%2C31078301%2C44807763%2C44808148%2C44808285&oid=2&pvsid=865238194929361&tmod=24835775&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=274

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311060101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

ffb218cb3150e45c6d8003f6f421845b044bf05126627666f18fed11b99f559c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://plugins4free.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 44761
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 14 Nov 2023 14:44:56 GMT
expires: Tue, 14 Nov 2023 14:44:56 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 105ms
36ms XHR
application/javascript 18.160.53.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.53.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-53-102.iad55.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 02:11:08 GMT
x-amz-version-id: 9yABOonr2HqHtwbarUcdbIqN0f4A8Qog
content-encoding: gzip
via: 1.1 d835a04e842d9117fd810e7c8479dad4.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD55-P2
age: 45228
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 29 Aug 2023 08:30:37 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: RC6onOEmKbB_v-KVFdAXYbc4MUyFe60GN6YgNPhEGmMKimqT7Uj4bg==

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/ 429 KB
135 KB 38ms
38ms Script
text/javascript 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f156.1e100.net

Software

cafe /

Resource Hash

b04dfae5d49297b8b6a514bd8bf1c7bea7ebe622232401a5abed5a92809a2b66

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 22:10:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 59662
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 137535
x-xss-protection: 0
server: cafe
etag: 18342593356503948095
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Tue, 12 Nov 2024 22:10:33 GMT

GET
H2 200 9cf0c4f1-7630-476b-9141-f4472e005192 Show response
config.aps.amazon-adsystem.com/configs/ 537 B
813 B 110ms
34ms Script
application/javascript 18.160.10.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://config.aps.amazon-adsystem.com/configs/9cf0c4f1-7630-476b-9141-f4472e005192
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-20.iad12.r.cloudfront.net
Software: CloudFront /
Resource Hash: cde3f48a75106d9686698a27d3eca6389f4c42e14973866c72c474c1a36264f0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:11:39 GMT
via: 1.1 3042bd56e0ca0a7910df89f6b5e95e9e.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: IAD12-P3
age: 1996
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
content-length: 537
x-amz-cf-id: bGdp8bFNnSa9J18MgVFQlPQIbaquIbIOqHp0rNZ7m9hzmmGp693tVQ==

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ 0
311 B 41ms
41ms XHR
text/plain 18.160.53.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fplugins4free.com&pubid=9cf0c4f1-7630-476b-9141-f4472e005192
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.53.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-53-102.iad55.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 12:01:19 GMT
via: 1.1 9b00405a1ff669043791884b75822050.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: IAD55-P2
age: 9816
x-cache: Hit from cloudfront
access-control-allow-origin: https://plugins4free.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-id: 0nfhZwF4MTgZQ-hfOlSDrDm3wSpMEjtezvXufB8LA6NRQ7M09Z9MGA==

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ 2 KB
1 KB 60ms
19ms Fetch
application/json 151.101.129.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20231114

Requested by

Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-8.21.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.129.229 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

25b6629e40e3e53db003591a3797d6f0759fdf29a7908d1e6f528776bad7274a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://plugins4free.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
content-type: text/plain

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 14 Nov 2023 14:44:55 GMT
x-content-type-options: nosniff
content-encoding: br
age: 38644
x-jsd-version: 1.0.1873
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 834
x-served-by: cache-fra-eddf8230103-FRA, cache-yyz4555-YYZ
x-jsd-version-type: version
etag: W/"639-q1ZrsMG8e48QwluKQDkMDaJd7hw"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H/1.1 200
OK localstore.js Show response
script.4dex.io/ 4 KB
2 KB 77ms
34ms Script
application/javascript 104.26.9.169
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-8.21.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.9.169 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8264bf30b0dfc41d19bf53d2c63a8fc9326b427cf3ea9cd9b6be2696fc55b118

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date: Tue, 14 Nov 2023 14:44:55 GMT
Content-Encoding: br
CF-Cache-Status: HIT
Last-Modified: Mon, 06 Nov 2023 14:13:09 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Age: 692176
ETag: W/"e90435520cec1363a82b67d8298d79a8"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SgySgfPq0%2FQLKVGwNFgsBPIUi8qqw66pPzVrTXjUKH5MrWPbYBwpTfa3g4RU9QvNGMEDOaoZjLgvc5NnTPhcJfPuHe6bDlbLKlpc%2BZA%2BojllYG8xspOFjG03k6IXVzue"}],"group":"cf-nel","max_age":604800}
Cache-Control: public, max-age=1800
Connection: keep-alive
CF-RAY: 826009082f4736c1-YYZ

POST
H2 200 prebid Show response
ib.adnxs.com/ut/v3/ 144 B
960 B 274ms
198ms Fetch
application/json 68.67.160.114
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-8.21.0.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.160.114 Brooklyn, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

a5e89961ae0964c9c4170b02397ae303d7a08083e88edf7045325a447fa2892e

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://plugins4free.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Tue, 14 Nov 2023 14:44:55 GMT
an-x-request-uuid: f47226b0-229c-4c56-9286-24bdc595e098
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://plugins4free.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 62.3.36.111; 62.3.36.111; 672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 144
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
117 B 188ms
127ms Fetch 104.36.115.111
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-8.21.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.115.111 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://plugins4free.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: https://plugins4free.com
date: Tue, 14 Nov 2023 14:44:55 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
523 B 101ms
31ms Fetch 147.75.195.55
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-8.21.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.75.195.55 Parsippany, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://plugins4free.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: https://plugins4free.com
date: Tue, 14 Nov 2023 14:44:55 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1
server: envoy
vary: origin, Accept-Encoding

POST
H2 200 prebid Show response
mp.4dex.io/ 1 KB
1 KB 145ms
98ms Fetch
application/json 172.64.153.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mp.4dex.io/prebid
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-8.21.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.153.78 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4b4ae7afdb864bc500adbf359606074abea52b8e99d913f998ce1898a828d02f

Request headers

Referer: https://plugins4free.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Tue, 14 Nov 2023 14:44:55 GMT
x-err: Shapings: no adunits with size and seat and mapping
x-version: 3.0.0-gcp-las
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
content-encoding: gzip
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://plugins4free.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 826009084c0b53ef-YYZ
expires: 0

POST
H2 204 pbjs Show response
useast.quantumdex.io/auction/ 0
266 B 240ms
193ms Fetch 104.22.36.96
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://useast.quantumdex.io/auction/pbjs
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-8.21.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.22.36.96 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://plugins4free.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: https://plugins4free.com
date: Tue, 14 Nov 2023 14:44:55 GMT
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 826009084da8a241-YYZ
access-control-allow-methods: POST, GET

POST
H2 204 bids Show response
prebid-asia.creativecdn.com/bidder/prebid/ 0
179 B 734ms
245ms Fetch 103.132.192.30
RTBHOUSE-AS-AP RT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-asia.creativecdn.com/bidder/prebid/bids
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-8.21.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 103.132.192.30 , Singapore, ASN138552 (RTBHOUSE-AS-AP RTB HOUSE PTE. LTD., SG),
Reverse DNS: ip-103-132-192-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://plugins4free.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: https://plugins4free.com
date: Tue, 14 Nov 2023 14:44:56 GMT
access-control-allow-credentials: true
vary: Origin
access-control-max-age: 3600
access-control-allow-methods: POST

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 182 B
625 B 216ms
106ms XHR
text/javascript 18.165.97.179
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fplugins4free.com%2Fplugin%2F2593%2F&pid=0AUwREMIuQlRT&cb=0&ws=1600x1200&v=23.1108.2350&t=1000&slots=%5B%7B%22sd%22%3A%22vi_1298050448_1%22%2C%22s%22%3A%5B%22160x600%22%2C%22120x600%22%5D%2C%22sn%22%3A50448%2C%22fc%22%3A%22USD%22%2C%22fp%22%3A1%7D%5D&schain=1.0%2C1!pubpower.io%2C656%2C1%2C%2C%2C&pubid=9cf0c4f1-7630-476b-9141-f4472e005192&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.165.97.179 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-165-97-179.iad55.r.cloudfront.net

Software

Server /

Resource Hash

86d2cfd2f5e28e7b51313f46edbd6ebb1041e483d3c2c25739ef60e8f15128b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:55 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 4091abb8cac392d8bc54145a27288bc6.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: IAD55-P4
x-amz-rid: 3RERF7EZ4KJEM7YKVFKR
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://plugins4free.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 182
x-amz-cf-id: 9UECi82Hvt4bV9FrxVRBQJIm_yKEhh_Q0rh-x_R3GfYFRt9A8AbJ-g==

GET
H2 200 tf-v1.jpeg
px.vliplatform.com/ 0
261 B 161ms
112ms Image
image/jpeg 104.21.82.134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.vliplatform.com/tf-v1.jpeg?e=rNTYaMARrtNrtl0zghRzodtgxzNTAAAR_qkyNBAAAAR_ksdNloufqsR_hgeNgfR_cysNgfR_udgrNqsvqnlR_qszNsqmn_sgqrR_hwkNoykqdtR_wktjNryhR_cktjNryhR_qdmNgfRzdNaMqyTrqa-BBet-Paey-qtZq-ZetePYMKqYTtRzyzNhqut_cotvRws0NA
Requested by: Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.82.134 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:55 GMT
cf-cache-status: MISS
last-modified: Tue, 14 Nov 2023 14:44:55 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KRcZU3cfXnp%2BSLNrYPejtCWlw3CF6pfYgS7nnc3%2FI%2Fpj0fqEfzRnKWw44jVcfHW66%2FVsMrZ2t0yPCzxM1cDqTXfaUOxYnP6r5%2FCI8ObmsxTFinVItbYn2D%2BoUZEy0JFIXq5XLw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=864000, immutable
accept-ranges: bytes
x-robots-tag: noindex, nofollow, noarchive, nosnippet
cf-ray: 826009085eaf5407-YYZ
content-length: 0
alt-svc: h3=":443"; ma=86400

GET
H2 200 cc.jpeg
px.vliplatform.com/bi-v4/ 0
516 B 121ms
72ms Image
image/jpeg 104.21.82.134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.vliplatform.com/bi-v4/cc.jpeg?e=rNTYaMARrtNrtl0zghRzodtgxzNTAAAR_qkyNBAAAAR_ksdNloufqsR_hgeNgfR_cysNgfR_udgrNqsvqnlR_qszNsqmn_sgqrR_hwkNoykqdtR_wktjNryhR_cktjNryhR_qdmNgfRmNZAPPMRzdNPBYYqMPe-eeUY-PPqM-aaPw-PYweMwaeqeBBRlmNTUAbUAARdzNwqfftkRqxeNco_TYaMAZAPPM_TRwkjNAR_yszuNyqsltRkjmNTUAbUAA,TYAbUAARwlNgyzdtroq,hxwdqzoe,qdb,qrquog,jxqfzxdrtb,kzwigxltRleNpl
Requested by: Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.82.134 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:55 GMT
cf-cache-status: MISS
last-modified: Tue, 14 Nov 2023 14:44:55 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dAxese9mGFAZSDyFcCIZQdFKjJL1qJWfh1ofUZUWJWFsBuhkNuV6KkLClX1X2XjNNSeVVKS8Tkv9sMQlz6LOq8grezzqFM74LJAszB%2FOuuwFk%2FdM%2BJkLzZnpA6e8I1DMjuVUUA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=864000, immutable
accept-ranges: bytes
x-robots-tag: noindex, nofollow, noarchive, nosnippet
cf-ray: 826009085eb15407-YYZ
content-length: 0
alt-svc: h3=":443"; ma=86400

GET
H2 200 cc.jpeg
px.vliplatform.com/bi-v4/ 0
260 B 124ms
74ms Image
image/jpeg 104.21.82.134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.vliplatform.com/bi-v4/cc.jpeg?e=rNTYaMARrtNrtl0zghRzodtgxzNTAAAR_qkyNBAAAAR_ksdNloufqsR_hgeNgfR_cysNgfR_udgrNqsvqnlR_qszNsqmn_sgqrR_hwkNoykqdtR_wktjNryhR_cktjNryhR_qdmNgfRzdNZeyUUZTt-TyBT-PBwa-wYqM-rBKUqwwtYPYwRdzNwqfftkRlmNTUAbUAARwlNqdqmgfRkjmNTUAbUAA,TYAbUAARrdzNqdqmgfRwkjNTRmNZAPPMRleNplR_yszuNyqslt
Requested by: Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.82.134 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:55 GMT
cf-cache-status: MISS
last-modified: Tue, 14 Nov 2023 14:44:55 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EvZ4qQUB7byUB%2FW7W%2Fho6Jl8F3kK6jqW8GFLIY96PwKDI1OqzK9HtiPJixXIl3bfb05nEcs6A4uVtYRHk%2BmwtgkfAQUNPvfjDVUx%2BxGSNlU3dCUvHLzArknyBbJ1zHzcf5mKMg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=864000, immutable
accept-ranges: bytes
x-robots-tag: noindex, nofollow, noarchive, nosnippet
cf-ray: 826009085eb35407-YYZ
content-length: 0
alt-svc: h3=":443"; ma=86400

GET
H2 200 script.js Show response
cadmus.script.ac/dahhc4ozyvjm6/ 130 KB
46 KB 72ms
28ms Script
application/javascript 104.18.23.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cadmus.script.ac/dahhc4ozyvjm6/script.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.23.145 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6813397ada52c55a6d0a3d60891a35c861778518088b4b23528f38fdc716de73

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:55 GMT
content-encoding: gzip
last-modified: Tue, 14 Nov 2023 13:44:08 GMT
server: cloudflare
age: 0
etag: W/"9a8a75877440dfb192ce8e2e34ea7d6defb4a6be"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public,max-age=600,stale-while-revalidate=3600,stale-if-error=86400
cf-ray: 82600908ba995467-YYZ

GET
H/1.1 200
OK adagio.js Show response
script.4dex.io/ 77 KB
24 KB 77ms
37ms Fetch
application/javascript 104.26.9.169
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.9.169 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 61496aa1a9c3d26cfc292b41fc451a597a47468117c1fb258226a57296390433

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date: Tue, 14 Nov 2023 14:44:55 GMT
Content-Encoding: br
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 691211
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 06 Nov 2023 14:13:08 GMT
Server: cloudflare
ETag: W/"ccc354615ffb5b4afd96268bab4a6502"
Vary: Origin, Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vR6e%2FS0xEXbOe%2FJahLQQbPfMwAZhJ%2FZ4UBJjabXEw6wldmS1%2FCtMbX8WPnsr5c4Z4xp04LaMDp17y7%2FfOT9pnA5Kb5ZF1WhxbXyX063T0%2Bd7Xn%2FaaniLxDlGRJuYpOEy"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers
Cache-Control: public, max-age=1800
CF-RAY: 82600908ca9c5467-YYZ

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame F8C2
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=onfocus&endpoint=us-west
https://eus.rubiconproject.com/usync.html?p=onfocus&endpoint=us-west

281 B
555 B

234ms
141ms

Document
text/html

23.220.141.176
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=onfocus&endpoint=us-west
Requested by: Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.220.141.176 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-220-141-176.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://plugins4free.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Tue, 14 Nov 2023 14:44:56 GMT
ETag: "280525-119-60930cbd3cec0"
Last-Modified: Thu, 02 Nov 2023 19:57:23 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Tue, 14 Nov 2023 14:44:55 GMT
location: https://eus.rubiconproject.com/usync.html?p=onfocus&endpoint=us-west
server: AkamaiGHost

OPTIONS
H2 204 1a
i.clean.gg/ Frame 0
0 84ms
40ms Preflight
text/plain 34.95.69.49
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clean.gg/1a
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.95.69.49 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 49.69.95.34.bc.googleusercontent.com
Software: nginx/1.21.6 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://plugins4free.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Origin,Accept,X-API-Key
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1728000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/plain; charset=utf-8
date: Tue, 14 Nov 2023 14:44:55 GMT
server: nginx/1.21.6
via: 1.1 google

POST
H2 200 1a Show response
i.clean.gg/ 0
105 B 42ms
41ms XHR
application/octet-stream 34.95.69.49
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clean.gg/1a
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/dahhc4ozyvjm6/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.95.69.49 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 49.69.95.34.bc.googleusercontent.com
Software: nginx/1.21.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://plugins4free.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 14 Nov 2023 14:44:55 GMT
via: 1.1 google
server: nginx/1.21.6
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/octet-stream
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Origin,Accept,X-API-Key
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H/1.1

200
OK

iu3 Show response
s.amazon-adsystem.com/ Frame 1FF4
Redirect Chain

https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-LoopMe_pm-db5_n-simpli.fi_n-baidu_n-Beeswax_ox-db5_smrt_cnv_3lift_n-Outbrain
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-LoopMe_pm-db5_n-simpli.fi_n-baidu_n-Beeswax_ox-db5_smrt_cnv_3lift_n-Outbrain&dcc=t

352 B
1 KB

70ms
70ms

Document
text/html

52.46.151.131
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-LoopMe_pm-db5_n-simpli.fi_n-baidu_n-Beeswax_ox-db5_smrt_cnv_3lift_n-Outbrain&dcc=t

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

07cb669499529025b5a10db9362634c3b8d0cd1ce0bf5b388493cc0e3fef62a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer: https://plugins4free.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 352
Content-Type: text/html;charset=ISO-8859-1
Date: Tue, 14 Nov 2023 14:44:56 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid: ZFR9XX6N6641JYPCDNFD

Redirect headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Date: Tue, 14 Nov 2023 14:44:56 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-LoopMe_pm-db5_n-simpli.fi_n-baidu_n-Beeswax_ox-db5_smrt_cnv_3lift_n-Outbrain&dcc=t
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid: 9S5417T7QFCAEB0DK9T9

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311060101/ 160 KB
55 KB 66ms
65ms Script
text/javascript 142.251.111.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311060101/reactive_library_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311060101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.111.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bk-in-f154.1e100.net

Software

cafe /

Resource Hash

31d14bfc9ca856450535d66b080bad45ac084d458bc58d589f8de65de87734de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:55 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55815
x-xss-protection: 0
server: cafe
etag: 10071468018615949492
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Nov 2023 14:44:55 GMT

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/ Frame 7A7E 9 KB
4 KB 39ms
39ms Document
text/html 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311060101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://plugins4free.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 77477
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4118
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 13 Nov 2023 17:13:39 GMT
etag: 16674218716276178799
expires: Mon, 27 Nov 2023 17:13:39 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css2
fonts.googleapis.com/ Frame 7A7E 4 KB
770 B 48ms
47ms Stylesheet
text/css 142.251.163.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.163.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f95.1e100.net

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 14 Nov 2023 14:44:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 14 Nov 2023 13:35:57 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 14 Nov 2023 14:44:56 GMT

GET
H3 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 7A7E 205 B
229 B 114ms
39ms Image
image/png 172.253.122.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f94.1e100.net

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:31:13 GMT
x-content-type-options: nosniff
age: 823
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 13 Nov 2024 14:31:13 GMT

GET
H3 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 7A7E 604 B
628 B 112ms
38ms Image
image/png 172.253.122.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f94.1e100.net

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:43:08 GMT
x-content-type-options: nosniff
age: 108
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 13 Nov 2024 14:43:08 GMT

GET
H2 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame 7A7E 15 KB
7 KB 116ms
38ms Script
text/javascript 142.251.167.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.167.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f132.1e100.net

Software

cafe /

Resource Hash

2881d8eadc298102d2462e8d32e40792adce37b6cd89d99045f574eb3ecbb748

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 16:53:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 78681
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6702
x-xss-protection: 0
server: cafe
etag: 11213825687312121238
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 27 Nov 2023 16:53:35 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame 7A7E 21 KB
9 KB 131ms
54ms Script
text/javascript 142.251.167.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.167.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f132.1e100.net

Software

cafe /

Resource Hash

25b1b4e9934aa4cb8e8bdf5fd7911f6ec67acde6b6b39f1561aec2244f7826af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 15:57:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 82060
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8781
x-xss-protection: 0
server: cafe
etag: 9666818975682992898
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 27 Nov 2023 15:57:16 GMT

GET
H/1.1 200
OK pr Show response
s.amazon-adsystem.com/v3/ Frame 3448 2 KB
3 KB 52ms
52ms Document
text/html 52.46.151.131
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/v3/pr?exlist=n-smaato_n-LoopMe_pm-db5_n-simpli.fi_n-baidu_n-Beeswax_ox-db5_smrt_cnv_3lift_n-Outbrain&fv=1.0&a=cm&cm3ppd=1&dmt=3

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-LoopMe_pm-db5_n-simpli.fi_n-baidu_n-Beeswax_ox-db5_smrt_cnv_3lift_n-Outbrain&dcc=t

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

efb87121d6b515fa367f2db4a23ba65429b64f12e32b2438e36229d6e125db7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-LoopMe_pm-db5_n-simpli.fi_n-baidu_n-Beeswax_ox-db5_smrt_cnv_3lift_n-Outbrain&dcc=t
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 2473
Content-Type: text/html;charset=ISO-8859-1
Date: Tue, 14 Nov 2023 14:44:56 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
x-amz-rid: 3BH1S10RY43HWGV0JQYA

GET
H2 200 css
fonts.googleapis.com/ Frame B379 14 KB
1 KB 47ms
46ms Stylesheet
text/css 142.251.163.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.163.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f95.1e100.net

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 14 Nov 2023 14:44:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 14 Nov 2023 13:59:33 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 14 Nov 2023 14:44:56 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame B379 2 KB
903 B 71ms
60ms Script
text/javascript 142.251.167.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.167.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f132.1e100.net

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 15:53:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 82300
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 27 Nov 2023 15:53:16 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame B379 23 KB
9 KB 70ms
61ms Script
text/javascript 142.251.167.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.167.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f132.1e100.net

Software

cafe /

Resource Hash

8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 15:53:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 82300
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9282
x-xss-protection: 0
server: cafe
etag: 14645652906762492339
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 27 Nov 2023 15:53:16 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 36E7 143 B
166 B 40ms
38ms Document
text/html 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 1817
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 14 Nov 2023 14:14:39 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame B379 3 KB
1 KB 67ms
59ms Script
text/javascript 142.251.167.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.167.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f132.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 15:52:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 82320
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 27 Nov 2023 15:52:56 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame B379 20 KB
8 KB 49ms
41ms Script
text/javascript 142.251.167.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.167.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f132.1e100.net

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 15:53:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 82316
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 27 Nov 2023 15:53:00 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame B379 199 KB
64 KB 118ms
40ms Script
text/javascript 142.251.179.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.179.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

pd-in-f155.1e100.net

Software

sffe /

Resource Hash

ef3bb29709966d129ee7c25526332d37e9c80a66f90be3953bcff733d420f82d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64401
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1699878811805094"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 14 Nov 2023 14:44:56 GMT

GET
H3 200 a6de5423b7c632060e8f86136bd5d27a.js Show response
www.gstatic.com/mysidia/ Frame B379 37 KB
15 KB 43ms
39ms Script
text/javascript 172.253.122.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/a6de5423b7c632060e8f86136bd5d27a.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f94.1e100.net

Software

sffe /

Resource Hash

0c21f21f7b1658ed6ab5c0461020a21d62f9e0a7cd7cf3d9e6ef61a2c481f31e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Thu, 09 Nov 2023 22:56:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 402535
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15478
x-xss-protection: 0
last-modified: Thu, 09 Nov 2023 22:22:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 07 Feb 2024 22:56:01 GMT

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 3448
Redirect Chain

https://s.ad.smaato.net/c/?adExInit=aps&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsmaato.com%26id%3D%24UID
https://s.amazon-adsystem.com/ecm3?ex=smaato.com&id=29dc6481b8

43 B
479 B

54ms
53ms

Image
image/gif

52.46.151.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=smaato.com&id=29dc6481b8

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-smaato_n-LoopMe_pm-db5_n-simpli.fi_n-baidu_n-Beeswax_ox-db5_smrt_cnv_3lift_n-Outbrain&fv=1.0&a=cm&cm3ppd=1&dmt=3

Protocol

HTTP/1.1

Server

52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 14 Nov 2023 14:44:56 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 10FEXQJ35AH837DGF7EE
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

date: Tue, 14 Nov 2023 14:44:35 GMT
via: 1.1 782e548cb0b1b64c63d995fc59568b48.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: IAD89-P2
age: 21
x-cache: Hit from cloudfront
location: https://s.amazon-adsystem.com/ecm3?ex=smaato.com&id=29dc6481b8
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: UqgZpVuXgSDy6oFmLHecUIXut6-VUzmWFSgDcnAfBjRise9WWtc7cg==

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 3448
Redirect Chain

https://csync.loopme.me/?pubid=11405&redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dloopme.com%26id%3D%7Bviewer_token%7D
https://s.amazon-adsystem.com/ecm3?ex=loopme.com&id=ee22485a-1279-4ca6-abe3-d023a923a966

43 B
479 B

44ms
43ms

Image
image/gif

52.46.151.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=loopme.com&id=ee22485a-1279-4ca6-abe3-d023a923a966

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-smaato_n-LoopMe_pm-db5_n-simpli.fi_n-baidu_n-Beeswax_ox-db5_smrt_cnv_3lift_n-Outbrain&fv=1.0&a=cm&cm3ppd=1&dmt=3

Protocol

HTTP/1.1

Server

52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 14 Nov 2023 14:44:56 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: APQSD2JF4AAJVD4SADVM
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://s.amazon-adsystem.com/ecm3?ex=loopme.com&id=ee22485a-1279-4ca6-abe3-d023a923a966
date: Tue, 14 Nov 2023 14:44:56 GMT
server: _
content-length: 0

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 3448
Redirect Chain

https://um.simpli.fi/amazon/https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsimpli.fi%26id%3D
https://s.amazon-adsystem.com/ecm3?id=43FCC97914064CD3BEEBB4ABF83F6B53&ex=simpli.fi&status=ok

43 B
479 B

107ms
57ms

Image
image/gif

52.46.151.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?id=43FCC97914064CD3BEEBB4ABF83F6B53&ex=simpli.fi&status=ok

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-smaato_n-LoopMe_pm-db5_n-simpli.fi_n-baidu_n-Beeswax_ox-db5_smrt_cnv_3lift_n-Outbrain&fv=1.0&a=cm&cm3ppd=1&dmt=3

Protocol

HTTP/1.1

Server

52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 14 Nov 2023 14:44:56 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: JD9C3012EXK73S2S7ZS3
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

date: Tue, 14 Nov 2023 14:44:56 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://s.amazon-adsystem.com/ecm3?id=43FCC97914064CD3BEEBB4ABF83F6B53&ex=simpli.fi&status=ok
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Mon, 13 Nov 2023 14:44:56 GMT

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 3448
Redirect Chain

https://trace.mediago.io/ju/cs/amazon?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dbaidu.com%26id%3D%24UID
https://s.amazon-adsystem.com/ecm3?ex=baidu.com&id=4df39c49eb81752b26bzk200loyg381j

43 B
479 B

104ms
46ms

Image
image/gif

52.46.151.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=baidu.com&id=4df39c49eb81752b26bzk200loyg381j

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-smaato_n-LoopMe_pm-db5_n-simpli.fi_n-baidu_n-Beeswax_ox-db5_smrt_cnv_3lift_n-Outbrain&fv=1.0&a=cm&cm3ppd=1&dmt=3

Protocol

HTTP/1.1

Server

52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 14 Nov 2023 14:44:56 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 59X158R8QQTCSGYJR3K3
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

date: Tue, 14 Nov 2023 14:44:56 GMT
via: 1.1 google
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain; charset=utf-8
location: https://s.amazon-adsystem.com/ecm3?ex=baidu.com&id=4df39c49eb81752b26bzk200loyg381j
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 3448
Redirect Chain

https://match.prod.bidr.io/cookie-sync/amzn?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dbeeswax.com%26id%3D%24UID
https://match.prod.bidr.io/cookie-sync/amzn?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dbeeswax.com%26id%3D%24UID&_bee_ppp=1
https://s.amazon-adsystem.com/ecm3?id=AACxW07KpxAAABOL40VDqg&ex=beeswax.com

43 B
479 B

56ms
56ms

Image
image/gif

52.46.151.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?id=AACxW07KpxAAABOL40VDqg&ex=beeswax.com

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-smaato_n-LoopMe_pm-db5_n-simpli.fi_n-baidu_n-Beeswax_ox-db5_smrt_cnv_3lift_n-Outbrain&fv=1.0&a=cm&cm3ppd=1&dmt=3

Protocol

HTTP/1.1

Server

52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 14 Nov 2023 14:44:59 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: E9ENCZX6G8D1ZE4Z0Q7D
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://s.amazon-adsystem.com/ecm3?id=AACxW07KpxAAABOL40VDqg&ex=beeswax.com
Date: Tue, 14 Nov 2023 14:44:59 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

sync.php
pixel-us-east.rubiconproject.com/exchange/ Frame 3448
Redirect Chain

https://b1sync.zemanta.com/usersync/amazon_tam/?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Doutbrain.com%26id%3D__ZUID__
https://b1sync.zemanta.com/usersync/amazon_tam/?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Doutbrain.com%26id%3D__ZUID__&s=2
https://sync.outbrain.com/sync-external?uid=BftKPLoSJ3NZuyCz6bZE&redirect=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Famazon_tam%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64ZOMFWWC6TPNYWWCZDTPFZXIZLNFZRW63...
https://pixel-us-east.rubiconproject.com/exchange/sync.php?obhb=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Famazon_tam%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64ZOMFWWC6TPNYWWCZDTPFZXIZLNFZRW63JPMVRW2MZ7...

42 B
711 B

479ms
40ms

Image
image/gif

8.43.72.98
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-us-east.rubiconproject.com/exchange/sync.php?obhb=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Famazon_tam%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64ZOMFWWC6TPNYWWCZDTPFZXIZLNFZRW63JPMVRW2MZ7MV4D233VORRHEYLJNYXGG33NEZUWIPKCMZ2EWUCMN5JUUM2OLJ2XSQ32GZRFURI&p=15268&obUid=UzU3-_QFJFEAKrgYX9LJ0e-aEgRt9XjYG8RBKc7qMKxbxlVWN_iNF_hFi4pKL6U_&gdpr=$GDPR_APPLIES&gdpr_consent=$CONSNT_STRING&us_privacy=$CCPA&initiator=s2s
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-smaato_n-LoopMe_pm-db5_n-simpli.fi_n-baidu_n-Beeswax_ox-db5_smrt_cnv_3lift_n-Outbrain&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol: HTTP/1.1
Server: 8.43.72.98 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 42
X-RPHost: 9ef75ea4f1dd62e53c52f84d8070c378
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

Location: https://pixel-us-east.rubiconproject.com/exchange/sync.php?obhb=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Famazon_tam%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64ZOMFWWC6TPNYWWCZDTPFZXIZLNFZRW63JPMVRW2MZ7MV4D233VORRHEYLJNYXGG33NEZUWIPKCMZ2EWUCMN5JUUM2OLJ2XSQ32GZRFURI&p=15268&obUid=UzU3-_QFJFEAKrgYX9LJ0e-aEgRt9XjYG8RBKc7qMKxbxlVWN_iNF_hFi4pKL6U_&gdpr=$GDPR_APPLIES&gdpr_consent=$CONSNT_STRING&us_privacy=$CCPA&initiator=s2s
Date: Tue, 14 Nov 2023 14:44:57 GMT
X-TraceId: 1a58b5282fc7d9f42c7e759fb782490a
Content-Length: 0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame B917 15 KB
6 KB 398ms
47ms Document
text/html 184.24.36.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-smaato_n-LoopMe_pm-db5_n-simpli.fi_n-baidu_n-Beeswax_ox-db5_smrt_cnv_3lift_n-Outbrain&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.24.36.205 Lithia Springs, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-24-36-205.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 94061a925c5d84bf776554ac894020c407a9a4c89b979d538de3cf45591fe423

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=35788
content-encoding: gzip
content-length: 5606
content-type: text/html
date: Tue, 14 Nov 2023 14:44:56 GMT
expires: Wed, 15 Nov 2023 00:41:24 GMT
last-modified: Fri, 01 Sep 2023 11:18:33 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2 200 cm Show response
u.openx.net/w/1.0/ Frame 1060 0
177 B 97ms
55ms Document
text/html 34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-smaato_n-LoopMe_pm-db5_n-simpli.fi_n-baidu_n-Beeswax_ox-db5_smrt_cnv_3lift_n-Outbrain&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Tue, 14 Nov 2023 14:44:56 GMT
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H/1.1

200
OK

ecm3 Show response
s.amazon-adsystem.com/ Frame 3C6B
Redirect Chain

https://ssbsync-us.smartadserver.com/api/sync?callerId=2
https://s.amazon-adsystem.com/ecm3?ex=smart.com&id=8426327288077849638&gdpr=0&gdpr_consent=

43 B
479 B

48ms
48ms

Document
image/gif

52.46.151.131
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/ecm3?ex=smart.com&id=8426327288077849638&gdpr=0&gdpr_consent=

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-smaato_n-LoopMe_pm-db5_n-simpli.fi_n-baidu_n-Beeswax_ox-db5_smrt_cnv_3lift_n-Outbrain&fv=1.0&a=cm&cm3ppd=1&dmt=3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif
Date: Tue, 14 Nov 2023 14:44:56 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
x-amz-rid: YNW093PGD2STKRDARQ55

Redirect headers

content-length: 0
date: Tue, 14 Nov 2023 14:44:55 GMT
location: https://s.amazon-adsystem.com/ecm3?ex=smart.com&id=8426327288077849638&gdpr=0&gdpr_consent=

GET
H/1.1

200
OK

ecm3 Show response
s.amazon-adsystem.com/ Frame E764
Redirect Chain

https://amazon-tam-match.dotomi.com/match/bounce/current?networkId=31082&version=1&rurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dcnv.com%26id%3D
https://amazon-tam-match.dotomi.com/match/bounce/current?DotomiTest=2c70d63ae39614d9&is_secure=true&networkId=31082&version=1&rurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dcnv.com%26id%3D
https://s.amazon-adsystem.com/ecm3?ex=cnv.com&id=AAAGlW7u_ZyTMwNgjICyAAAAAAA&expiration=1700059497&is_secure=true

43 B
479 B

51ms
50ms

Document
image/gif

52.46.151.131
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/ecm3?ex=cnv.com&id=AAAGlW7u_ZyTMwNgjICyAAAAAAA&expiration=1700059497&is_secure=true

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-smaato_n-LoopMe_pm-db5_n-simpli.fi_n-baidu_n-Beeswax_ox-db5_smrt_cnv_3lift_n-Outbrain&fv=1.0&a=cm&cm3ppd=1&dmt=3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif
Date: Tue, 14 Nov 2023 14:44:57 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
x-amz-rid: WPGJ1GVZ9BK8QVGNGVFG

Redirect headers

cache-control: no-cache, private, max-age=0, no-store
content-length: 0
date: Tue, 14 Nov 2023 14:44:57 GMT
expires: 0
location: https://s.amazon-adsystem.com/ecm3?ex=cnv.com&id=AAAGlW7u_ZyTMwNgjICyAAAAAAA&expiration=1700059497&is_secure=true
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
pragma: no-cache
server: nginx

GET
H/1.1

200
OK

ecm3 Show response
s.amazon-adsystem.com/ Frame 2F0C
Redirect Chain

https://eb2.3lift.com/getuid?redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID
https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID
https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=3187032228587469864208

43 B
479 B

59ms
58ms

Document
image/gif

52.46.151.131
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=3187032228587469864208

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-smaato_n-LoopMe_pm-db5_n-simpli.fi_n-baidu_n-Beeswax_ox-db5_smrt_cnv_3lift_n-Outbrain&fv=1.0&a=cm&cm3ppd=1&dmt=3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif
Date: Tue, 14 Nov 2023 14:44:58 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
x-amz-rid: 5B8JGRC6DAVS2WHT9QY2

Redirect headers

cache-control: no-cache, no-store, must-revalidate
content-length: 0
date: Tue, 14 Nov 2023 14:44:58 GMT
location: https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=3187032228587469864208
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame F8C2 46 KB
13 KB 47ms
46ms Script
text/html 23.220.141.176
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=onfocus&endpoint=us-west
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.220.141.176 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-220-141-176.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 01fb9092480a65465992a1f6ef9bdd2fab30d431f3c19b9924e604844bb56d5a

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=onfocus&endpoint=us-west
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date: Tue, 14 Nov 2023 14:44:56 GMT
Content-Encoding: gzip
Last-Modified: Mon, 13 Nov 2023 20:05:38 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=19242
Connection: keep-alive
Content-Length: 13280
Expires: Tue, 14 Nov 2023 20:05:38 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 36E7
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

56ms
55ms

Document
text/html

142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.16.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 14 Nov 2023 14:44:56 GMT
expires: Tue, 14 Nov 2023 14:44:56 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 14 Nov 2023 14:44:56 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK khaos.json Show response
token.rubiconproject.com/ Frame F8C2 7 B
778 B 160ms
40ms XHR
application/json 69.173.151.100
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://token.rubiconproject.com/khaos.json?
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: a1dd48c657971696c2087f2a6beb489ee65b25320b763222f10718dd93e9149e

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://eus.rubiconproject.com
Cache-Control: no-cache,no-store,must-revalidate
access-control-allow-credentials: true
content-length: 7
X-RPHost: 0190a17a18f2299b1b85aeb1793e601c
Expires: 0

GET
H3 200 css
fonts.googleapis.com/ Frame 831D 4 KB
632 B 49ms
48ms Stylesheet
text/css 142.251.163.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9421828282617704&output=html&h=280&slotname=6439040174&adk=2121505350&adf=3071395567&pi=t.ma~as.6439040174&w=812&fwrn=4&fwrnh=100&lmt=1699973095&rafmt=1&format=812x280&url=https%3A%2F%2Fplugins4free.com%2Fplugin%2F2593%2F&ea=0&region=page-0.5396091586781009&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699973095181&bpp=1&bdt=485&idt=270&shv=r20231109&mjsv=m202311060101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=441787687467&frm=20&pv=1&ga_vid=1601140643.1699973095&ga_sid=1699973095&ga_hid=1195136774&ga_fc=1&u_tz=-480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=312&ady=1048&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079515%2C44795922%2C44807464%2C44808112%2C31078301%2C44807763%2C44808148%2C44808285&oid=2&pvsid=865238194929361&tmod=24835775&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=274

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f95.1e100.net

Software

ESF /

Resource Hash

4681d619f677c1b314814309a6f00a5e0ec3f12968e807ee71def1cf42bd7808

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 14 Nov 2023 14:44:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 14 Nov 2023 13:32:38 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 14 Nov 2023 14:44:56 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 831D 2 KB
856 B 37ms
37ms Script
text/javascript 142.251.167.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.167.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f132.1e100.net

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 15:53:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 82300
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 27 Nov 2023 15:53:16 GMT

GET
H2 200 shopping
encrypted-tbn0.gstatic.com/ Frame 831D 18 KB
18 KB 389ms
59ms Image
image/jpeg 142.251.16.100
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcQhF98qjMT5Cvj2Q95kMWVyv6H3in_Pu4v9ByNVa1jJhaYPGj_QSJR-0twyiC8&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f100.1e100.net

Software

sffe /

Resource Hash

05109ea6f0f4537f9bce8ec24c6dc2ba20673d7aa3542b1788b23405d0f29398

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 02:52:38 GMT
x-content-type-options: nosniff
age: 42738
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18367
x-xss-protection: 0
last-modified: Sat, 15 Jan 2022 06:10:57 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Wed, 13 Nov 2024 02:52:38 GMT

GET
H2 200 shopping
encrypted-tbn2.gstatic.com/ Frame 831D 24 KB
24 KB 3450ms
86ms Image
image/png 172.253.122.101
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcSBtGJlUIbJLnIekYwL3YEFhnqSvMTXxdSOeNIxoKL369P44Xf4bPUs8bx5ZA&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.101 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f101.1e100.net

Software

sffe /

Resource Hash

9382e93cffaa15c546e1e8d39bd3fd04e940857ab1c755368e4e6581458c95eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 07:03:04 GMT
x-content-type-options: nosniff
age: 27715
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24261
x-xss-protection: 0
last-modified: Mon, 01 Aug 2022 05:57:20 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Wed, 13 Nov 2024 07:03:04 GMT

GET
H2 200 shopping
encrypted-tbn2.gstatic.com/ Frame 831D 21 KB
22 KB 3439ms
75ms Image
image/jpeg 172.253.122.101
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcQMnFoT7rffP5sXMqO6lnzDCRSB2nllvyEzvhiZCIUo9nEg_WJE1EQxJgC17ds&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.101 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f101.1e100.net

Software

sffe /

Resource Hash

cb2dfbbfd24fecba9abff19d709fa131125ed847c6bcd29d41938f539d391243

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 13:36:51 GMT
x-content-type-options: nosniff
age: 4088
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21931
x-xss-protection: 0
last-modified: Fri, 10 May 2024 07:22:01 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Wed, 13 Nov 2024 13:36:51 GMT

GET
H2 200 shopping
encrypted-tbn1.gstatic.com/ Frame 831D 30 KB
31 KB 1127ms
39ms Image
image/jpeg 172.253.122.139
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcScFguFdHiog0RatB5ephPSU42QifDpkJey_hs69A3tPJH9j0HkGeoG-njviQg&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.139 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f139.1e100.net

Software

sffe /

Resource Hash

0b73ec2a2ca35c612778e0fca9eb72d746bc0d9995390007df8f19f5f01557a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 09:59:29 GMT
x-content-type-options: nosniff
age: 17128
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30761
x-xss-protection: 0
last-modified: Sat, 28 Jan 2023 07:21:18 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Wed, 13 Nov 2024 09:59:29 GMT

GET
H2 200 shopping
encrypted-tbn0.gstatic.com/ Frame 831D 22 KB
22 KB 412ms
84ms Image
image/jpeg 142.251.16.100
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcSBWJq_jn0CKNTjFkJUCjoIs_vHmCIGpDpKpzFJSs17xdOzD9C6YWLgLEfAcvs&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f100.1e100.net

Software

sffe /

Resource Hash

366ba6d93da77118048890738a5b20a69682bd120da180ab75417dcb82eba530

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sat, 11 Nov 2023 13:13:45 GMT
x-content-type-options: nosniff
age: 264671
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22394
x-xss-protection: 0
last-modified: Fri, 18 Feb 2022 04:48:19 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Sun, 10 Nov 2024 13:13:45 GMT

GET
H2 200 shopping
encrypted-tbn0.gstatic.com/ Frame 831D 27 KB
28 KB 366ms
38ms Image
image/jpeg 142.251.16.100
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcRjzzDhW5CFXbc_TKdk_dTJ25hNQ-Tf9S5YbBU4t_mpSd1mKrzfnUpyWmMabw&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f100.1e100.net

Software

sffe /

Resource Hash

c3311d6f7aaeb427077eb7b4867b71e8c27d546b073c1f9a75ffd06a0b226340

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 09:04:40 GMT
x-content-type-options: nosniff
age: 20416
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28045
x-xss-protection: 0
last-modified: Thu, 11 Jan 2024 05:47:51 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Wed, 13 Nov 2024 09:04:40 GMT

GET
H2 200 shopping
encrypted-tbn2.gstatic.com/ Frame 831D 22 KB
23 KB 3418ms
55ms Image
image/jpeg 172.253.122.101
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcQVL8HtqVdLqjOVZuv-8uoZGBsFiCRc5dvQLtjrE9pnt3eT4Ef-7hz0VQrj38s&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.101 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f101.1e100.net

Software

sffe /

Resource Hash

0cc47c554971e1f8a3d9acadeab1ce4850fa99423aebf64761fd7658fda25c8c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 04:43:06 GMT
x-content-type-options: nosniff
age: 36113
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22729
x-xss-protection: 0
last-modified: Sat, 06 Jan 2024 11:09:00 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Wed, 13 Nov 2024 04:43:06 GMT

GET
H2 200 shopping
encrypted-tbn0.gstatic.com/ Frame 831D 30 KB
30 KB 395ms
68ms Image
image/jpeg 142.251.16.100
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcSN-rJc6X5fTkYbeay-Qlyxmh3FGCFaKDPHprTCsUM_YjpJUp4sijcqHjcKPw&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f100.1e100.net

Software

sffe /

Resource Hash

74363270720b2c701d396b7d76bd9ac3f6d91330c62c97248f116078773fc644

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 04:46:54 GMT
x-content-type-options: nosniff
age: 35882
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30934
x-xss-protection: 0
last-modified: Fri, 18 Feb 2022 06:20:22 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Wed, 13 Nov 2024 04:46:54 GMT

GET
H2

200

388799601516824345
tpc.googlesyndication.com/simgad/ Frame 831D
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgODgyorPzwEQ5QwYmQMyCJNiWW7BUjVL
https://tpc.googlesyndication.com/simgad/388799601516824345

15 KB
16 KB

38ms
37ms

Image
image/png

142.251.167.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/388799601516824345

Requested by

Protocol

Server

142.251.167.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f132.1e100.net

Software

sffe /

Resource Hash

01bc94eace248cc63c0a8d0310a58823e49c52e536348b593929f503740874a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:54:14 GMT
x-content-type-options: nosniff
age: 539442
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15695
x-xss-protection: 0
last-modified: Fri, 18 Feb 2022 22:16:17 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 07 Nov 2024 08:54:14 GMT

Redirect headers

date: Mon, 13 Nov 2023 16:06:53 GMT
x-content-type-options: nosniff
server: cafe
age: 81483
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://tpc.googlesyndication.com/simgad/388799601516824345
content-type: text/html; charset=UTF-8
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 13 Dec 2023 16:06:53 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame 831D 23 KB
9 KB 45ms
44ms Script
text/javascript 142.251.167.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.167.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f132.1e100.net

Software

cafe /

Resource Hash

8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 15:53:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 82300
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9282
x-xss-protection: 0
server: cafe
etag: 14645652906762492339
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 27 Nov 2023 15:53:16 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 831D 3 KB
1 KB 44ms
44ms Script
text/javascript 142.251.167.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.167.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f132.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 15:52:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 82320
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 27 Nov 2023 15:52:56 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 831D 20 KB
8 KB 41ms
40ms Script
text/javascript 142.251.167.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.167.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f132.1e100.net

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 15:53:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 82316
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 27 Nov 2023 15:53:00 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 831D 199 KB
63 KB 42ms
39ms Script
text/javascript 142.251.179.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.179.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

pd-in-f155.1e100.net

Software

sffe /

Resource Hash

ef3bb29709966d129ee7c25526332d37e9c80a66f90be3953bcff733d420f82d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64401
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1699878811805094"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 14 Nov 2023 14:44:56 GMT

GET
H3 200 a6de5423b7c632060e8f86136bd5d27a.js Show response
www.gstatic.com/mysidia/ Frame 831D 37 KB
15 KB 40ms
38ms Script
text/javascript 172.253.122.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/a6de5423b7c632060e8f86136bd5d27a.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f94.1e100.net

Software

sffe /

Resource Hash

0c21f21f7b1658ed6ab5c0461020a21d62f9e0a7cd7cf3d9e6ef61a2c481f31e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Thu, 09 Nov 2023 22:56:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 402535
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15478
x-xss-protection: 0
last-modified: Thu, 09 Nov 2023 22:22:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 07 Feb 2024 22:56:01 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 68E7 2 KB
856 B 38ms
36ms Script
text/javascript 142.251.167.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9421828282617704&output=html&h=90&slotname=3831644919&adk=3988527980&adf=3131441721&pi=t.ma~as.3831644919&w=728&lmt=1699973095&format=728x90&url=https%3A%2F%2Fplugins4free.com%2Fplugin%2F2593%2F&ea=0&region=page-0.8801728567731477&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1699973095178&bpp=2&bdt=482&idt=245&shv=r20231109&mjsv=m202311060101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=441787687467&frm=20&pv=1&ga_vid=1601140643.1699973095&ga_sid=1699973095&ga_hid=1195136774&ga_fc=1&u_tz=-480&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=84&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079515%2C44795922%2C44807464%2C44808112%2C31078301%2C44807763%2C44808148%2C44808285&oid=2&pvsid=865238194929361&tmod=24835775&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.167.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f132.1e100.net

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 15:53:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 82300
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 27 Nov 2023 15:53:16 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame 68E7 23 KB
9 KB 40ms
39ms Script
text/javascript 142.251.167.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.167.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f132.1e100.net

Software

cafe /

Resource Hash

8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 15:53:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 82300
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9282
x-xss-protection: 0
server: cafe
etag: 14645652906762492339
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 27 Nov 2023 15:53:16 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 68E7 3 KB
1 KB 40ms
38ms Script
text/javascript 142.251.167.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f132.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 15:52:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 82320
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 27 Nov 2023 15:52:56 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 68E7 20 KB
8 KB 38ms
37ms Script
text/javascript 142.251.167.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.167.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f132.1e100.net

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 15:53:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 82316
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 27 Nov 2023 15:53:00 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 68E7 199 KB
63 KB 40ms
40ms Script
text/javascript 142.251.179.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.179.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

pd-in-f155.1e100.net

Software

sffe /

Resource Hash

ef3bb29709966d129ee7c25526332d37e9c80a66f90be3953bcff733d420f82d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64401
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1699878811805094"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 14 Nov 2023 14:44:56 GMT

GET
H3 200 a6de5423b7c632060e8f86136bd5d27a.js Show response
www.gstatic.com/mysidia/ Frame 68E7 37 KB
15 KB 41ms
39ms Script
text/javascript 172.253.122.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/a6de5423b7c632060e8f86136bd5d27a.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f94.1e100.net

Software

sffe /

Resource Hash

0c21f21f7b1658ed6ab5c0461020a21d62f9e0a7cd7cf3d9e6ef61a2c481f31e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Thu, 09 Nov 2023 22:56:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 402535
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15478
x-xss-protection: 0
last-modified: Thu, 09 Nov 2023 22:22:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 07 Feb 2024 22:56:01 GMT

GET
H3 200 pubcid.min.js Show response
cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/ 732 B
815 B 43ms
21ms Script
application/javascript 151.101.129.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js

Protocol

Security

QUIC, , AES_256_GCM

Server

151.101.129.229 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 14 Nov 2023 14:44:56 GMT
x-content-type-options: nosniff
content-encoding: br
age: 3186
x-jsd-version: master
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 439
x-served-by: cache-fra-eddf8230042-FRA, cache-yyz4544-YYZ
x-jsd-version-type: branch
etag: W/"2dc-IrZxm/sP4aqtIfs1EfEw6Dg5q1Y"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 esp.js Show response
cdn.id5-sync.com/api/1.0/ 147 KB
32 KB 1100ms
31ms Script
text/javascript 172.67.38.106
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/esp.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.38.106 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b02f712bafaaaf093abcbe50187969700636642c4a9b659974eae2da90b2f914

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:57 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 09 Nov 2023 09:47:12 GMT
server: cloudflare
x-amz-request-id: G3XC3DTC0GZSJPG1
age: 26
etag: W/"c129d5681852fdb4346e144820aba0c3"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 82600913b9e636c2-YYZ
x-amz-id-2: Q/UuvXzC3I8I9GPTmo5q6EWSHhlFNHcLDRS0aQZMYAul9Pg/eAOPqDIrDqimJTsG2ymvyquhZ34=

GET publishertag.ids.js
static.criteo.net/js/ld/ 0
0

GET
H3 200 IgLScqdiOg8g0FW65X_u-4WKM1KDPqNvzEOKiVhX0wc.js Show response
pagead2.googlesyndication.com/bg/ Frame 274C 39 KB
15 KB 40ms
39ms Script
text/javascript 142.251.111.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IgLScqdiOg8g0FW65X_u-4WKM1KDPqNvzEOKiVhX0wc.js

Requested by

Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.111.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bk-in-f154.1e100.net

Software

sffe /

Resource Hash

2202d272a7623a0f20d055bae57feefb858a3352833ea36fcc438a895857d307

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Thu, 09 Nov 2023 22:10:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 405262
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15051
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 08 Nov 2024 22:10:34 GMT

GET
H2 200 shopping
encrypted-tbn1.gstatic.com/ Frame 68E7 23 KB
23 KB 1031ms
62ms Image
image/jpeg 172.253.122.139
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcQ5ZqMa7uJAK694EvBOkVA4ZTK_ktW3nE-l8K9_OFXo8sQQanWaNQbzEB6nJ7M&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.139 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f139.1e100.net

Software

sffe /

Resource Hash

dcc779c4f41253e3ec85bc7010aa7dbe89b484cfe084cf3f8c5a23e83fe4903a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 06:06:10 GMT
x-content-type-options: nosniff
age: 31127
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23210
x-xss-protection: 0
last-modified: Sat, 06 Jan 2024 07:44:23 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Wed, 13 Nov 2024 06:06:10 GMT

GET shopping
encrypted-tbn3.gstatic.com/ Frame 68E7 0
0

GET
H2 200 shopping
encrypted-tbn2.gstatic.com/ Frame 68E7 29 KB
29 KB 3339ms
96ms Image
image/jpeg 172.253.122.101
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn2.gstatic.com/shopping?q=tbn:ANd9GcS-Lf7BzFRCmrQzNo4chjiVFO7Pk_rNizU5jul9U94kFy6ipxgF4Td0UsL_jVU&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.101 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f101.1e100.net

Software

sffe /

Resource Hash

2349e7d13c826053c8777c43dd423aa47bf36136c76ef78826e2c40b0d4a65cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 09:13:13 GMT
x-content-type-options: nosniff
age: 19906
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29602
x-xss-protection: 0
last-modified: Sat, 09 Dec 2023 09:18:57 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Wed, 13 Nov 2024 09:13:13 GMT

GET
H2 200 shopping
encrypted-tbn0.gstatic.com/ Frame 68E7 19 KB
20 KB 287ms
79ms Image
image/jpeg 142.251.16.100
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcTx22UtqMJXdWEz-XPRzEwMf26AFK15Kt3MZuYCM3NIt4IKtAJKoh4gyf8lVjo&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f100.1e100.net

Software

sffe /

Resource Hash

a630c8169a8704a104ef727eb706506aeacd032e0301ab495cf2299716d38f16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 18:43:35 GMT
x-content-type-options: nosniff
age: 158481
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19844
x-xss-protection: 0
last-modified: Tue, 02 Jan 2024 08:22:39 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Mon, 11 Nov 2024 18:43:35 GMT

GET shopping
encrypted-tbn3.gstatic.com/ Frame 68E7 0
0

GET
H3

200

9671481194446296273
tpc.googlesyndication.com/simgad/ Frame 68E7
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDX6YmHlQEQkAEYkAEyCKOiU1F6p173
https://tpc.googlesyndication.com/simgad/9671481194446296273

5 KB
5 KB

38ms
38ms

Image
image/png

142.251.167.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9671481194446296273

Requested by

Protocol

Server

142.251.167.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f132.1e100.net

Software

sffe /

Resource Hash

cbf0afd95d90bb6e3d843abb3e0650bdbb399425330b0f752abbbcde5eb5bc20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Wed, 08 Nov 2023 08:48:10 GMT
x-content-type-options: nosniff
age: 539806
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4749
x-xss-protection: 0
last-modified: Fri, 29 Jan 2021 17:34:41 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 07 Nov 2024 08:48:10 GMT

Redirect headers

date: Tue, 14 Nov 2023 11:04:36 GMT
x-content-type-options: nosniff
server: cafe
age: 13220
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://tpc.googlesyndication.com/simgad/9671481194446296273
content-type: text/html; charset=UTF-8
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 14 Dec 2023 11:04:36 GMT

GET
H2

200

setuid
u.4dex.io/ Frame F8C2
Redirect Chain

https://pixel-us-west.rubiconproject.com/exchange/sync.php?p=onfocus&khaos=LOYG384P-1A-3TH2
https://u.4dex.io/setuid?bidder=rubicon&uid=LOYG384P-1A-3TH2

0
678 B

127ms
81ms

Image
text/plain

34.149.40.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://u.4dex.io/setuid?bidder=rubicon&uid=LOYG384P-1A-3TH2
Requested by: Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/
Protocol: H2
Server: 34.149.40.38 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 38.40.149.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Nov 2023 14:44:56 GMT
via: 1.1 google
vary: Origin, Accept-Encoding
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: 0

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://u.4dex.io/setuid?bidder=rubicon&uid=LOYG384P-1A-3TH2
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: e8ee3bea2ab086361542c3b52b688813
Expires: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 164 KB
57 KB 835ms
834ms Fetch
text/plain 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=865238194929361&correlator=3152614869648832&eid=31079527&output=ldjh&gdfp_req=1&vrg=202311090101&ptt=17&impl=fifs&iu_parts=21724377464%3A22497485278%2Cplugins4free.com_vli50448&enc_prev_ius=%2F0%2F1&prev_iu_szs=160x600%7C120x600&ifi=6&sfv=1-0-40&fsfs=1&eri=1&sc=1&cookie=ID%3D258855900b5a40f1%3AT%3D1699973095%3ART%3D1699973095%3AS%3DALNI_MZ7GcO9NunHRDRibUSn0yHrVc1zZA&gpic=UID%3D00000da1bfc1dc5e%3AT%3D1699973095%3ART%3D1699973095%3AS%3DALNI_MaTPHpLVJ_o7nYC7eachUZlKYeqrQ&abxe=1&dt=1699973096502&lmt=1699973096&adxs=1132&adys=789&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-480&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fplugins4free.com%2Fplugin%2F2593%2F&vis=1&psz=160x-1&msz=160x-1&fws=4&ohw=1600&ga_vid=1601140643.1699973095&ga_sid=1699973095&ga_hid=1195136774&ga_fc=true&a3p=EhkKCnB1YmNpZC5vcmcYncir8rwxSABSAghkEh0KDmVzcC5jcml0ZW8uY29tGJ3Iq_K8MUgAUgIIZBIbCgxpZDUtc3luYy5jb20Yncir8rwxSABSAghk&dlt=1699973094696&idt=1035&prev_scp=vli_adslot%3D50448%26vli_acc%3D152media%26vli_adtype%3Ddisplay%26hb_width%3D160%26hb_height%3D600%26pw_tagid%3D50448%26vli_sf%3D1%26pw_network%3Dtrue%26vli_ad_type%3Dpassback%26pw_pb%3D0.01&cust_params=hb_domain%3Dplugins4free.com&adks=3069661672&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f156.1e100.net

Software

cafe /

Resource Hash

1ca0a5d97c64f0be7c238096ab137be3d8be1f27d27db12625051c0ae2a67c2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:57 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58214
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://plugins4free.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cc.jpeg
px.vliplatform.com/bi-v4/ 0
311 B 89ms
89ms Image
image/jpeg 104.21.82.134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.vliplatform.com/bi-v4/cc.jpeg?e=rNTYaMARrtNrtl0zghRzodtgxzNTAAAR_qkyNBAAAAR_ksdNloufqsR_hgeNgfR_cysNgfR_udgrNqsvqnlR_qszNsqmn_sgqrR_hwkNoykqdtR_wktjNryhR_cktjNryhR_qdmNgfRzdNUAAYeMaU-PTqA-PAeK-aqMA-qPwPBKKteTTeRdzNwqfftkRwlNqrb_TZYdtroqRkjmNTUAbUAA,TYAbUAARrdzNuggustRwkjNTRmNZAPPMRleNplR_yszuNyqslt
Requested by: Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.82.134 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:56 GMT
cf-cache-status: MISS
last-modified: Tue, 14 Nov 2023 14:44:56 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7VfmVGH3XRTkYLn%2Bb4ro1ahmNEzW85B0B7kw5rvL5juTu%2BGX928vPCZ%2FaO0OF5I%2FMa7g%2F9aSM%2BM5m1%2Fg5XfgbxbOJQ7t3HAtu9flk9m6YR%2FcmMQlFqfIFNBt6tUNnBHHNquu3w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=864000, immutable
accept-ranges: bytes
x-robots-tag: noindex, nofollow, noarchive, nosnippet
cf-ray: 8260090d4c3a5407-YYZ
content-length: 0
alt-svc: h3=":443"; ma=86400

GET
H2 200 container.html Show response
9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame E003 6 KB
3 KB 382ms
40ms Document
text/html 172.253.62.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.62.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f132.1e100.net

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://plugins4free.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 14 Nov 2023 14:44:56 GMT
expires: Wed, 13 Nov 2024 14:44:56 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 68E7 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 719e1505d4ec154422d1b5c6b863be721929042b4f39cd39f5aa642b3a720f21

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 831D 207 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1c7cc924d2b269a29c975a2865cd427ade7fd4a536ce7c70d3e8678da1ea2b86

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame F8C2
Redirect Chain

https://match.adsrvr.org/track/cmf/rubicon
https://match.adsrvr.org/track/cmb/rubicon?
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=1f84e42a-3857-4e14-8d09-cf8ba9f90468&gdpr=0&gdpr_consent=&expires=30

42 B
711 B

41ms
40ms

Image
image/gif

69.173.151.100
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=1f84e42a-3857-4e14-8d09-cf8ba9f90468&gdpr=0&gdpr_consent=&expires=30
Requested by: Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/
Protocol: HTTP/1.1
Server: 69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 42
X-RPHost: 0228ab361cece0438ff9eb16e4e5890e
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

location: https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=1f84e42a-3857-4e14-8d09-cf8ba9f90468&gdpr=0&gdpr_consent=&expires=30
date: Tue, 14 Nov 2023 14:45:00 GMT
server: Kestrel
content-length: 289

GET dcm
aax-eu.amazon-adsystem.com/s/ Frame F8C2 0
0

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame F8C2
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEISnN6Lu04hMNpOqvQLQIYI&google_cver=1

42 B
691 B

329ms
38ms

Image
image/gif

69.173.151.100
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEISnN6Lu04hMNpOqvQLQIYI&google_cver=1
Requested by: Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/
Protocol: HTTP/1.1
Server: 69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 42
X-RPHost: 83041abbe8494cb29eff3083edd6dff6
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Tue, 14 Nov 2023 14:44:56 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEISnN6Lu04hMNpOqvQLQIYI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame F8C2
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NmY4ZjNiNGQ3MDM2OGUwOWM3NjVkNjdmZWYyYTcxY2ZiOTlmYjBjZQ

170 B
244 B

124ms
49ms

Image
image/png

142.251.167.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NmY4ZjNiNGQ3MDM2OGUwOWM3NjVkNjdmZWYyYTcxY2ZiOTlmYjBjZQ

Requested by

Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/

Protocol

Server

142.251.167.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Nov 2023 14:44:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NmY4ZjNiNGQ3MDM2OGUwOWM3NjVkNjdmZWYyYTcxY2ZiOTlmYjBjZQ
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: d67ad46d58ddbab9fb03c088eabaaff8
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame F8C2
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=RN0EAmvjQAyyIf3q0_6mxA&rk=usync-na
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=RN0EAmvjQAyyIf3q0_6mxA

43 B
479 B

56ms
56ms

Image
image/gif

52.46.151.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=RN0EAmvjQAyyIf3q0_6mxA

Requested by

Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/

Protocol

HTTP/1.1

Server

52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 14 Nov 2023 14:44:57 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: AEXBTTK1ZMVRCJ30MPYT
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=RN0EAmvjQAyyIf3q0_6mxA
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 574abe46412f7df61ec8713ff1a5b646
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame F8C2
Redirect Chain

https://token.rubiconproject.com/token?pid=25470
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_cm&google_hm=TE9ZRzM4NFAtMUEtM1RIMg==
https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESELlYVcOjuqG2fL76L27r1KM&google_cver=1
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TE9ZRzM4NFAtMUEtM1RIMg==&google_push=

170 B
233 B

49ms
48ms

Image
image/png

142.251.167.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TE9ZRzM4NFAtMUEtM1RIMg==&google_push=

Requested by

Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/

Protocol

Server

142.251.167.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Nov 2023 14:44:57 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TE9ZRzM4NFAtMUEtM1RIMg==&google_push=
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 8bab65602db075726861004da5629947
Expires: 0

GET
H2

200

setuid
px.ads.linkedin.com/ Frame F8C2
Redirect Chain

https://token.rubiconproject.com/token?pid=36584
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LOYG384P-1A-3TH2

0
515 B

413ms
97ms

Image
text/plain

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LOYG384P-1A-3TH2
Requested by: Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:56 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: CF54576611264B37B0932A822B8252D9 Ref B: CHGEDGE1209 Ref C: 2023-11-14T14:44:57Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYKHdSUndP5NDvK/hhMyA==

Redirect headers

Location: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LOYG384P-1A-3TH2
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: c1df09169f58a071f2a391dff1b3307b
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame F8C2
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
https://pr-bh.ybp.yahoo.com/sync/rubicon/25nbXaRoq_34SXkp4VzCGMn5EUdSAgOZEtemQ7w0kco?csrc=
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-ko.4W6ZE2oLcCfvwHCADcXpNqmbvaSK27tDXGA--~A

42 B
691 B

40ms
40ms

Image
image/gif

69.173.151.100
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-ko.4W6ZE2oLcCfvwHCADcXpNqmbvaSK27tDXGA--~A
Requested by: Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/
Protocol: HTTP/1.1
Server: 69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 42
X-RPHost: 84e0f527cd81a00b0210e20b4ee7ed94
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

date: Tue, 14 Nov 2023 14:44:58 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-ko.4W6ZE2oLcCfvwHCADcXpNqmbvaSK27tDXGA--~A
content-length: 0

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame F8C2
Redirect Chain

https://match.prod.bidr.io/cookie-sync/rp?bee_sync_partners=rp
https://match.prod.bidr.io/cookie-sync/rp?bee_sync_partners=rp&_bee_ppp=1
https://pixel.rubiconproject.com/tap.php?v=183462&nid=4114&put=AAEIVU7KpxAAABM06dQw6w&expires=30

42 B
711 B

40ms
40ms

Image
image/gif

69.173.151.100
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=183462&nid=4114&put=AAEIVU7KpxAAABM06dQw6w&expires=30
Requested by: Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/
Protocol: HTTP/1.1
Server: 69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 42
X-RPHost: 382e2818ca015d35b02cd449aa60881d
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

location: https://pixel.rubiconproject.com/tap.php?v=183462&nid=4114&put=AAEIVU7KpxAAABM06dQw6w&expires=30
Date: Tue, 14 Nov 2023 14:44:59 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame F8C2
Redirect Chain

https://sync.ipredictive.com/d/sync/cookie/generic?https://pixel.rubiconproject.com/tap.php?v=17149&nid=2861&put=${ADELPHIC_CUID}&expires=30
https://pixel.rubiconproject.com/tap.php?v=17149&nid=2861&put=2920fc55-75ab-4f73-a094-67a0e0ccbbb2&expires=30

42 B
691 B

123ms
38ms

Image
image/gif

69.173.151.100
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=17149&nid=2861&put=2920fc55-75ab-4f73-a094-67a0e0ccbbb2&expires=30
Requested by: Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/
Protocol: HTTP/1.1
Server: 69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 42
X-RPHost: 19c1ac3b9706c83a73951eba4d239689
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

Location: https://pixel.rubiconproject.com/tap.php?v=17149&nid=2861&put=2920fc55-75ab-4f73-a094-67a0e0ccbbb2&expires=30
Date: Tue, 14 Nov 2023 14:44:57 GMT
Connection: keep-alive
X-CI-RTID: 67b791ea-a9ba-490f-a74c-0855bf7437d1
Content-Length: 144
Content-Type: text/html; charset=utf-8

GET
H2

200

ProfilesEngineServlet
sync1.intentiq.com/profiles_engine/ Frame F8C2
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=primis
https://live.primis.tech/live/liveCS.php?source=external&advId=100&advUuid=LOYG384P-1A-3TH2
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1725065545&3rdpcid=LOYG384P-1A-3TH2
https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1725065545&3rdpcid=LOYG384P-1A-3TH2&ckls=true&ci=Si0lTT6idM&nc=false&trid=-1410515309

43 B
1 KB

57ms
40ms

Image
image/gif

52.85.132.68
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1725065545&3rdpcid=LOYG384P-1A-3TH2&ckls=true&ci=Si0lTT6idM&nc=false&trid=-1410515309
Requested by: Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/
Protocol: H2
Server: 52.85.132.68 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-132-68.iad50.r.cloudfront.net
Software: Apache-Coyote/1.1 /
Resource Hash: caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Nov 2023 14:44:57 GMT
via: 1.1 ec8b1bfbf511818c606f196b49f871e2.cloudfront.net (CloudFront)
server: Apache-Coyote/1.1
x-amz-cf-pop: IAD50-C2
x-cache: Miss from cloudfront
p3p: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=86400
content-length: 43
x-amz-cf-id: 4mf_xkhSggdewHCK05Be1iAWlf34W4pGVRqVa07RZcNt7o8pUPuJRw==
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 14 Nov 2023 14:44:57 GMT
via: 1.1 ec8b1bfbf511818c606f196b49f871e2.cloudfront.net (CloudFront)
server: Apache-Coyote/1.1
x-amz-cf-pop: IAD50-C2
x-cache: Miss from cloudfront
p3p: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
location: https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1725065545&3rdpcid=LOYG384P-1A-3TH2&ckls=true&ci=Si0lTT6idM&nc=false&trid=-1410515309
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
patent: https://www.almondnet.com/ip
alt-svc: h3=":443"; ma=86400
content-length: 43
x-amz-cf-id: EpoR6gj-cMh9ztWHao6gjk-hH-I2wQzYP82kg4TR5RSbDh2IqtqaJg==
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/prebid/ Frame F8C2
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-apn
https://ib.adnxs.com/prebid/setuid?bidder=rubicon&uid=LOYG384P-1A-3TH2

43 B
1 KB

42ms
42ms

Image
image/gif

68.67.160.114
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/prebid/setuid?bidder=rubicon&uid=LOYG384P-1A-3TH2

Requested by

Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/

Protocol

Server

68.67.160.114 Brooklyn, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Nov 2023 14:44:57 GMT
an-x-request-uuid: f783fa74-eda4-468c-8f3c-1139f23dbffb
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 62.3.36.111; 62.3.36.111; 672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://ib.adnxs.com/prebid/setuid?bidder=rubicon&uid=LOYG384P-1A-3TH2
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 19c1ac3b9706c83a73951eba4d239689
Expires: 0

GET
H2

200

v1
match.sharethrough.com/sync/ Frame F8C2
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=18694
https://match.sharethrough.com/sync/v1?source_id=UiRtTsXAfjmfSDAKnR1FjWsu&source_user_id=LOYG384P-1A-3TH2

68 B
279 B

3195ms
63ms

Image
image/png

34.224.189.64
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/sync/v1?source_id=UiRtTsXAfjmfSDAKnR1FjWsu&source_user_id=LOYG384P-1A-3TH2
Requested by: Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/
Protocol: H2
Server: 34.224.189.64 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-224-189-64.compute-1.amazonaws.com
Software: /
Resource Hash: 6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:45:00 GMT
cache-control: no-cache
content-length: 68
content-type: image/png

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://match.sharethrough.com/sync/v1?source_id=UiRtTsXAfjmfSDAKnR1FjWsu&source_user_id=LOYG384P-1A-3TH2
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 19c1ac3b9706c83a73951eba4d239689
Expires: 0

GET
H2

204

magnite
prebid.a-mo.net/setuid/ Frame F8C2
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-adaptmx
https://prebid.a-mo.net/setuid/magnite?uid=LOYG384P-1A-3TH2

0
152 B

33ms
32ms

Image
text/plain

147.75.195.55
PACKET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prebid.a-mo.net/setuid/magnite?uid=LOYG384P-1A-3TH2
Requested by: Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/
Protocol: H2
Server: 147.75.195.55 Parsippany, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:56 GMT
cache-control: max-age=0, private, must-revalidate
x-envoy-upstream-service-time: 3
server: envoy
vary: Accept-Encoding

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://prebid.a-mo.net/setuid/magnite?uid=LOYG384P-1A-3TH2
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: c1df09169f58a071f2a391dff1b3307b
Expires: 0

GET
H2

200

cksync
hb.yahoo.net/ Frame F8C2
Redirect Chain

https://token.rubiconproject.com/token?pid=26594
https://ups.analytics.yahoo.com/ups/58160/sync?_origin=1&uid=LOYG384P-1A-3TH2&redir=true
https://ups.analytics.yahoo.com/ups/58160/sync?_origin=1&uid=LOYG384P-1A-3TH2&redir=true&verify=true
https://ups.analytics.yahoo.com/ups/58824/sync?_origin=0&dpid=58160&ovsid=LOYG384P-1A-3TH2&redir=true
https://hb.yahoo.net/cksync?cs=63&axid_e=eS1BLm95MWh0RTJ1RXpuWUJfUy5lQy5aVEthMno2ZXB5Y35B&ovsid=LOYG384P-1A-3TH2&dpid=58160

53 B
648 B

180ms
64ms

Image
image/gif

23.46.156.26
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hb.yahoo.net/cksync?cs=63&axid_e=eS1BLm95MWh0RTJ1RXpuWUJfUy5lQy5aVEthMno2ZXB5Y35B&ovsid=LOYG384P-1A-3TH2&dpid=58160

Requested by

Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/

Protocol

Server

23.46.156.26 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-46-156-26.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

9d96b2fe2d8d4a398a846ebee84e5e70ec37e0fc613b3e2a5aaa81b1bf2d8470

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains, max-age=604800

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=86400 ; includeSubDomains, max-age=604800
date: Tue, 14 Nov 2023 14:44:58 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 53
x-mnet-hl2: E
expires: Tue, 14 Nov 2023 14:44:58 GMT

Redirect headers

location: https://hb.yahoo.net/cksync?cs=63&axid_e=eS1BLm95MWh0RTJ1RXpuWUJfUy5lQy5aVEthMno2ZXB5Y35B&ovsid=LOYG384P-1A-3TH2&dpid=58160
date: Tue, 14 Nov 2023 14:44:58 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.87
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

pixel
capi.connatix.com/us/ Frame F8C2
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=19564
https://capi.connatix.com/us/pixel?puid=LOYG384P-1A-3TH2&pId=11&gdpr=&gdpr_consent=&us_privacy=
https://capi.connatix.com/us/pixel?puid=LOYG384P-1A-3TH2&pId=11&gdpr=&gdpr_consent=&us_privacy=&final=true

82 B
82 B

52ms
51ms

Image
image/gif

104.18.41.104
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://capi.connatix.com/us/pixel?puid=LOYG384P-1A-3TH2&pId=11&gdpr=&gdpr_consent=&us_privacy=&final=true
Requested by: Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/
Protocol: H2
Server: 104.18.41.104 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:57 GMT
cf-cache-status: DYNAMIC
server: cloudflare
surrogate-control: no-cache, no-store, must-revalidate, max-age=0
vary: Accept-Encoding
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate, max-age=0
cf-ray: 82600912f986711a-YYZ
access-control-allow-headers: x-sec-ch-ua-platform-version, x-sec-ch-ua-full-version-list, x-sec-ch-ua-arch, x-sec-ch-ua-bitness, x-sec-ch-ua-model
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Tue, 14 Nov 2023 14:44:57 GMT
cf-cache-status: DYNAMIC
server: cloudflare
location: https://capi.connatix.com/us/pixel?puid=LOYG384P-1A-3TH2&pId=11&gdpr=&gdpr_consent=&us_privacy=&final=true
cache-control: no-cache, no-store, must-revalidate, max-age=0
cf-ray: 82600912a912711a-YYZ
access-control-allow-headers: x-sec-ch-ua-platform-version, x-sec-ch-ua-full-version-list, x-sec-ch-ua-arch, x-sec-ch-ua-bitness, x-sec-ch-ua-model
content-length: 0
alt-svc: h3=":443"; ma=86400

GET
H3 200 ea8IacM9Wef3EJPWRrHjgE4B6CnlZxHVBg3etBD7TA.woff2
fonts.gstatic.com/s/googlesansdisplay/v21/ Frame 831D 21 KB
21 KB 39ms
39ms Font
font/woff2 142.251.111.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesansdisplay/v21/ea8IacM9Wef3EJPWRrHjgE4B6CnlZxHVBg3etBD7TA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.111.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bk-in-f94.1e100.net

Software

sffe /

Resource Hash

92a7f8224a1ba2ccfa92d3e1fc55ee5aa7ae20a0fcd80d3331bd660878a090f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Thu, 09 Nov 2023 18:52:00 GMT
x-content-type-options: nosniff
age: 417176
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21428
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 19:32:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 08 Nov 2024 18:52:00 GMT

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame B917 0
43 B 1370ms
34ms Script
text/plain 8.28.7.81
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=37242187&p=156011&s=165626&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 8.28.7.81 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:57 GMT
content-length: 0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 215D 15 KB
6 KB 48ms
47ms Document
text/html 184.24.36.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159110&predirect=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D(PM_UID)
Requested by: Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.24.36.205 Lithia Springs, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-24-36-205.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 94061a925c5d84bf776554ac894020c407a9a4c89b979d538de3cf45591fe423

Request headers

Referer: https://plugins4free.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=35788
content-encoding: gzip
content-length: 5606
content-type: text/html
date: Tue, 14 Nov 2023 14:44:56 GMT
expires: Wed, 15 Nov 2023 00:41:24 GMT
last-modified: Fri, 01 Sep 2023 11:18:33 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2 200 container.html Show response
9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 612E 6 KB
3 KB 40ms
39ms Document
text/html 172.253.62.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.62.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f132.1e100.net

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://plugins4free.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 14 Nov 2023 14:44:57 GMT
expires: Wed, 13 Nov 2024 14:44:57 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cc.jpeg
px.vliplatform.com/imp-v4/ 0
525 B 85ms
85ms Image
image/jpeg 104.21.82.134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.vliplatform.com/imp-v4/cc.jpeg?e=rNTYaMARrtNrtl0zghRzodtgxzNTAAAR_qkyNBAAAAR_ksdNloufqsR_hgeNgfR_cysNgfR_udgrNqsvqnlR_qszNsqmn_sgqrR_hwkNoykqdtR_wktjNryhR_cktjNryhR_qdmNgfRzdNePayBtPe-qaPY-PUtt-wBqP-PPKyYMTUTrPURqxeNRwNqrb_TZYdtroqRhNARlmNxfrtyoftrbxfrtyoftrRdzNwqfftkRrdzNuggustRwkhNzkxtRmNZAPPMRleNplR_yszuNyqslt
Requested by: Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.82.134 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:57 GMT
cf-cache-status: MISS
last-modified: Tue, 14 Nov 2023 14:44:57 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jwFXlM4MZ9V62W61P%2Fp2n22%2F%2B1PxmmuL8Lv%2Bjro6HAJXua9j%2BrkzK15S7JklqBiB7qYZAYtcchxsFbc38A%2F4oa2Tdgdi16fjXQqabP44ktzomLrvucAjK%2B0562z6AbXc7h1voQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=864000, immutable
accept-ranges: bytes
x-robots-tag: noindex, nofollow, noarchive, nosnippet
cf-ray: 82600912face36c7-YYZ
content-length: 0
alt-svc: h3=":443"; ma=86400

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 612E 3 KB
1 KB 37ms
37ms Script
text/javascript 142.251.167.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: 9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com
URL: https://9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f132.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 15:52:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 82321
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 27 Nov 2023 15:52:56 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 403C 1 KB
643 B 39ms
39ms Document
text/html 142.251.111.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com
URL: https://9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.111.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bk-in-f154.1e100.net

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 82617
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 13 Nov 2023 15:48:00 GMT
etag: 48472445140208031
expires: Tue, 14 Nov 2023 15:48:00 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 612E 20 KB
8 KB 38ms
37ms Script
text/javascript 142.251.167.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com
URL: https://9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f132.1e100.net

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 15:53:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 82317
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 27 Nov 2023 15:53:00 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 612E 0
0 49ms
48ms Image
text/html 142.251.16.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSccxpjg2ol3tYRR3qNdaVtDSSHfl_7Lvzj64WkDOSzM2xhyLsGOk-8Rgpt-wo_DNaLSdCm4YIug6yxYqjb2JWQAOcTug
Requested by: Host: 9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com
URL: https://9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.16.103 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: bl-in-f103.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 612E 24 KB
6 KB 38ms
37ms Script
text/javascript 142.251.167.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com
URL: https://9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f132.1e100.net

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Thu, 09 Nov 2023 18:23:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 418872
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 08 Nov 2024 18:23:45 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 612E 199 KB
63 KB 42ms
42ms Script
text/javascript 142.251.179.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com
URL: https://9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.179.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

pd-in-f155.1e100.net

Software

sffe /

Resource Hash

ef3bb29709966d129ee7c25526332d37e9c80a66f90be3953bcff733d420f82d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64401
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1699878811805094"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 14 Nov 2023 14:44:57 GMT

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 403C
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESENI4_fnodHnhONcsoxHV2ZU&google_cver=1&google_push=AXcoOmR2ZWrbtDwCH1aTPy80XEa-0NveKvTdumeLIO0dK0KpK2uHhYvU0aiFjHHXwaz-2gotvz-VFQ8d_3mj_6t2QLiVpA1E3JCARDM
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzcxMzQzNzM1MzY4OTM2OTc3MQ==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESENI4_fnodHnhONcsoxHV2ZU&google_cver=1

43 B
407 B

74ms
54ms

Image
image/gif

50.116.194.21
TURN-US-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESENI4_fnodHnhONcsoxHV2ZU&google_cver=1
Requested by: Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/
Protocol: H2
Server: 50.116.194.21 , United States, ASN6336 (TURN-US-ASN, US),
Reverse DNS: presentation-atl1.turn.com
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 14 Nov 2023 14:44:57 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Tue, 14 Nov 2023 14:44:57 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESENI4_fnodHnhONcsoxHV2ZU&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 403C
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEFDMK_mTdQipmoApsOJ831I&google_cver=1&google_push=AXcoOmTa8xWUNvkjUdsIvkO5Vm8ngrlMHao0PXSmRgAKa9PTgJybxyWQRvhyAqS1CA_DZ-pxIlQrsfJsEPkU-SYz7ZvTr3sH2jh8FDU
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=43FCC97914064CD3BEEBB4ABF83F6B53&google_push=AXcoOmTa8xWUNvkjUdsIvkO5Vm8ngrlMHao0PXSmRgAKa9PTgJybxyWQRvhyAqS1CA_DZ-pxIlQrsfJsEPkU-SY...

170 B
188 B

48ms
48ms

Image
image/png

142.251.167.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=43FCC97914064CD3BEEBB4ABF83F6B53&google_push=AXcoOmTa8xWUNvkjUdsIvkO5Vm8ngrlMHao0PXSmRgAKa9PTgJybxyWQRvhyAqS1CA_DZ-pxIlQrsfJsEPkU-SYz7ZvTr3sH2jh8FDU

Requested by

Host: 9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com
URL: https://9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.251.167.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Nov 2023 14:44:57 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 14 Nov 2023 14:44:57 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=43FCC97914064CD3BEEBB4ABF83F6B53&google_push=AXcoOmTa8xWUNvkjUdsIvkO5Vm8ngrlMHao0PXSmRgAKa9PTgJybxyWQRvhyAqS1CA_DZ-pxIlQrsfJsEPkU-SYz7ZvTr3sH2jh8FDU
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Mon, 13 Nov 2023 14:44:57 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 403C
Redirect Chain

https://px.ads.linkedin.com/setuid?partner=googleadxdb&google_gid=CAESEKm15HIk2xggz0X3f3uXQRM&google_cver=1&google_push=AXcoOmR6Vv1YwgMZVxcXYH8VnGOYsr_8hZ1QHYHiHYBTDYOnU8LprLhRZpDVcWae1LcyLHtSuK2Kv...
https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AXcoOmR6Vv1YwgMZVxcXYH8VnGOYsr_8hZ1QHYHiHYBTDYOnU8LprLhRZpDVcWae1LcyLHtSuK2Kv5fd7y-Jms5ZEP3luUH25oF-4YY

170 B
188 B

62ms
62ms

Image
image/png

142.251.167.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AXcoOmR6Vv1YwgMZVxcXYH8VnGOYsr_8hZ1QHYHiHYBTDYOnU8LprLhRZpDVcWae1LcyLHtSuK2Kv5fd7y-Jms5ZEP3luUH25oF-4YY

Requested by

Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/

Protocol

Server

142.251.167.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Nov 2023 14:44:57 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 14 Nov 2023 14:44:57 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 82CFC3B7373346D09135CD1BA3405E77 Ref B: CHGEDGE1209 Ref C: 2023-11-14T14:44:57Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AXcoOmR6Vv1YwgMZVxcXYH8VnGOYsr_8hZ1QHYHiHYBTDYOnU8LprLhRZpDVcWae1LcyLHtSuK2Kv5fd7y-Jms5ZEP3luUH25oF-4YY
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYKHdSb59N7IDNjgLndGQ==

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 403C
Redirect Chain

https://match.adsrvr.org/track/cmf/google?google_gid=CAESEBKTQX6nMiT_a-K6nqG8tN0&google_cver=1&google_push=AXcoOmQXsGvKkFt3r9gFg3IZz4DnOzaagiey7a7SAdOgXWHWNQyqUJxscIL9dvnEUiY5MH-NjL_NeYSBl6PkE2JW0p...
https://match.adsrvr.org/track/cmb/google?google_gid=CAESEBKTQX6nMiT_a-K6nqG8tN0&google_cver=1&google_push=AXcoOmQXsGvKkFt3r9gFg3IZz4DnOzaagiey7a7SAdOgXWHWNQyqUJxscIL9dvnEUiY5MH-NjL_NeYSBl6PkE2JW0p...
https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_hm=MWY4NGU0MmEtMzg1Ny00ZTE0LThkMDktY2Y4YmE5ZjkwNDY4&google_push&gdpr=0&gdpr_consent=&ttd_tdid=1f84e42a-3857-4e14-8d09-cf8ba9f90468

170 B
188 B

48ms
48ms

Image
image/png

142.251.167.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_hm=MWY4NGU0MmEtMzg1Ny00ZTE0LThkMDktY2Y4YmE5ZjkwNDY4&google_push&gdpr=0&gdpr_consent=&ttd_tdid=1f84e42a-3857-4e14-8d09-cf8ba9f90468

Requested by

Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/

Protocol

Server

142.251.167.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Nov 2023 14:45:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_hm=MWY4NGU0MmEtMzg1Ny00ZTE0LThkMDktY2Y4YmE5ZjkwNDY4&google_push&gdpr=0&gdpr_consent=&ttd_tdid=1f84e42a-3857-4e14-8d09-cf8ba9f90468
date: Tue, 14 Nov 2023 14:45:00 GMT
server: Kestrel
content-length: 423

GET
H2 204 CookieSyncAdX
rtb.adentifi.com/ Frame 403C 0
36 B 1413ms
45ms Image
text/plain 52.87.97.21
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.adentifi.com/CookieSyncAdX?google_gid=CAESEGNSEPhptFeVaqwnMXE-kjg&google_cver=1&google_push=AXcoOmREJ1RLBSZsfQIvaoK3qfQG5xTLDlVHRjDvO1meHfufY-Xx73Qj7Kg_V5OuC1taEvdl97yi-4_Uv6_X6GMyXVnvY6aGv8jpbpU
Requested by: Host: 9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com
URL: https://9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.87.97.21 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-87-97-21.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:58 GMT

GET usersync.aspx
dis.criteo.com/dis/ Frame 403C 0
0

GET gg_cookie_matching
analytics.pangle-ads.com/api/ad/union/ Frame 403C 0
0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 403C 0
12 B 46ms
46ms Image
text/html 142.251.167.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LTUK6SmzVhyEKbcQqt-9O4d8i8y4KX3BJMZfCF6siu0-neCpJOjRHBFcdNe7VoLF_3nbcOXw

Requested by

Host: 9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com
URL: https://9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:57 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
DATA 200
OK truncated
/ Frame 612E 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fcb71ec5827dc40e240dbd3e06416dc12e8e6d0e0ff4ba74e7caa036f4b78b97

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 612E 0
0 82ms
81ms Image
text/html 172.253.122.156
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cbj8c6IdTZe_2Iq_VzLUP4MOVuAfSkbaNbbnQrsqWD8CNtwEQASAAYP2gmYHoA4IBF2NhLXB1Yi04Mjc4NDE2OTM5Mzc3ODk2yAEJ4AIAqAMByAMCqgSDAk_QE8sW1UuZ4QtWy0WGCEQK_yA7f-W5veyePshegaJczP8s3RL2PFepXGSUPuQkfh7kwkz9vScLIPu9joSgOOEnq9JwcITSoKxpievle3uxcPXoCxtCHQMbXTd_cEdbKeQrBzGHe7IKNgXFpXM4f1DNE57wTHYCZnEOEm16u2Ynz6uQ4-m0n1IBK6Ugg1U0sb_ILzp6lMeiJFmPvnrdvLKFlMsxSO44VXKsjoHh-IJLtNXSg-ChqZE6WSSROrUqDgDPTfn7dL034d2BPxBYHI_FFnziV8T9YHa2kKYmNOxwF-IaVSjjX_Ff6UhB20XV-9EW6c58m_p2XffpntjpICbgnEzgBAGABt_ei7yor5ug7gGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggSCIBhEAEyAooCOgKAQEi9_cE6gAoB-gsCCAGADAHiDRMIj_uwpN3DggMVryqzAB3gYQV30BUBgBcBshccChoSFHB1Yi04Mjc4NDE2OTM5Mzc3ODk2GNKubQ&sigh=tFOJgVo1jH0&uach_m=[UACH]&cid=CAQSOwDICaaNAGLr8bvq0DKLBa2-gQwRqzp6oqyr_9oWI94behDe4WbaTsEoqyKrtrHg36QiITikw9W43QxaGAE&cbvp=2&vis=1
Requested by: Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.253.122.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: bh-in-f156.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

GET
H2 204 rtimp
g.bidbrain.app/ Frame 612E 0
380 B 1198ms
62ms Image
text/plain 34.149.135.28
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://g.bidbrain.app/rtimp?sid=610cce0d-82fc-11ee-a3d6-be8dcf04c0a8&d=plugins4free.com&cr=ext_ng_start_fires6__0&gid=CAESEGP88Z03aiYvcI_JhvTiuts&a=imp&p=ZVOH6AAIu28AsyqvAAVh4Kg_zvpewtnxzH_12A&im=XuR_r21VE5BQSzeF01CJB__mWCzLOckKcSbsqgFlfiL-EEULn1W74qbJOxtT9fNVPYlHTrDBNnY6ZDAxMW8HuQXALFH_zpzDiafbFOxKuXukyH0YMo1jwq66aEu56ZTxk1rSoH9QAE3mne8v3jBVdbwEeqxZJ4TKFxTRjJ-eSTQkVVdW8zNl2xMN2Vo1Oj6cJ48WkZyCV7KdjqJ_b15kIHgJX1gXEw_EBs1ek7vfbzKnbhBmogneyuGMMz_z1LPhbYtB4v_eqhQfFSffpeiTqoSzS3enhRiXDj_8WwzAGfKpAynxC10gRSUIndiCOjlK&cbvp=2
Requested by: Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.135.28 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 28.135.149.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Nov 2023 14:44:58 GMT
via: 1.1 google
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Access-Control-Allow-Headers, Access-Control-Allow-Origin, Origin, Accept, X-Requested-With, X-Forwarded-For, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization, Configs-Guid, X-Service-Auth, X-Client-Version
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: 0

GET Roboto-Regular.ttf
cdn.rtbrain.app/fonts/ Frame 612E 0
0

GET Roboto-Bold-700.ttf
cdn.rtbrain.app/fonts/ Frame 612E 0
0

GET
H2 204 increment Show response
id5-sync.com/api/esp/ 0
232 B 1348ms
114ms XHR
text/plain 162.19.138.117
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/esp/increment?counter=no-config

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.117 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533568.ip-162-19-138.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://plugins4free.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://plugins4free.com
date: Tue, 14 Nov 2023 14:44:58 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

POST
H2 204 rtimp
g.bidbrain.app/ Frame 612E 0
804 B 1118ms
59ms Ping
text/plain 34.149.135.28
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://g.bidbrain.app/rtimp
Requested by: Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.135.28 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 28.135.149.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 14 Nov 2023 14:44:58 GMT
via: 1.1 google
access-control-allow-methods: GET,HEAD,OPTIONS,POST,PUT
access-control-allow-origin: https://9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Access-Control-Allow-Headers, Access-Control-Allow-Origin, Origin, Accept, X-Requested-With, X-Forwarded-For, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization, Configs-Guid, X-Service-Auth, X-Client-Version
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: 0

GET
H3 200 cc.jpeg
px.vliplatform.com/iv-v4/ 0
489 B 82ms
82ms Image
image/jpeg 104.21.82.134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.vliplatform.com/iv-v4/cc.jpeg?e=rNTYaMARrtNrtl0zghRzodtgxzNTAAAR_qkyNBAAAAR_ksdNloufqsR_hgeNgfR_cysNgfR_udgrNqsvqnlR_qszNsqmn_sgqrR_hwkNoykqdtR_wktjNryhR_cktjNryhR_qdmNgfRzdNoc-ePayBtPe-qaPY-PUtt-wBqP-PPKyYMTUTrPURqxeNRwNqrb_TZYdtroqRlmNxfrtyoftrbxfrtyoftrRdzNwqfftkRrdzNuggustRmNZAPPMRleNplR_yszuNyqslt
Requested by: Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.82.134 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://plugins4free.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:57 GMT
cf-cache-status: MISS
last-modified: Tue, 14 Nov 2023 14:44:57 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M73FTZt6brJ2IFR9mXXdhiNEdssNJ9Uk%2BZR%2FgbT7Zjj2oOn5zWwaGAZsSEFyxDlo0qss873IafiRa%2BEThfJs5eQjNDTTkZpuPEe0BkTzlwyux%2BJTDUi12O9fwiXt%2Ft8hZisqwQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=864000, immutable
accept-ranges: bytes
x-robots-tag: noindex, nofollow, noarchive, nosnippet
cf-ray: 82600914bd4936c7-YYZ
content-length: 0
alt-svc: h3=":443"; ma=86400

GET
H2

200

/ Show response
hde.tynt.com/deb/ Frame B291
Redirect Chain

https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0015a00002oUk4aAAC&ru=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X
https://de.tynt.com/deb/?m=xch&rt=html&id=0015a00002oUk4aAAC&ru=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X
https://hde.tynt.com/deb/?m=xch&rt=html&id=0015a00002oUk4aAAC&ru=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X&b=1

2 KB
2 KB

35ms
33ms

Document
text/html

67.202.105.34
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://hde.tynt.com/deb/?m=xch&rt=html&id=0015a00002oUk4aAAC&ru=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X&b=1
Requested by: Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.34 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip34.67-202-105.static.steadfastdns.net
Software: /
Resource Hash: d1c09071c4921298c020eb4afbe0ceacbc85c0cda8103deb8af706bc0763857f

Request headers

Referer: https://plugins4free.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Model, Sec-CH-UA-Full-Version-List, Sec-CH-UA, Sec-CH-UA-Mobile
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false
content-length: 1596
content-type: text/html
date: Tue, 14 Nov 2023 14:44:58 GMT
expires: Sat, 26 Jul 1997 05:00:00 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
referrer-policy: unsafe-url

Redirect headers

accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Model, Sec-CH-UA-Full-Version-List, Sec-CH-UA, Sec-CH-UA-Mobile
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false
content-length: 0
date: Tue, 14 Nov 2023 14:44:57 GMT
expires: Sat, 26 Jul 1997 05:00:00 GMT
location: https://hde.tynt.com/deb/?m=xch&rt=html&id=0015a00002oUk4aAAC&ru=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X&b=1
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
referrer-policy: unsafe-url

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame D852
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=33across&endpoint=us-east&us_privacy=
https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=

281 B
555 B

42ms
41ms

Document
text/html

23.220.141.176
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=
Requested by: Host: hde.tynt.com
URL: https://hde.tynt.com/deb/?m=xch&rt=html&id=0015a00002oUk4aAAC&ru=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X&b=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.220.141.176 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-220-141-176.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://hde.tynt.com/deb/?m=xch&rt=html&id=0015a00002oUk4aAAC&ru=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X&b=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Tue, 14 Nov 2023 14:44:58 GMT
ETag: "280525-119-60930cbd3cec0"
Last-Modified: Thu, 02 Nov 2023 19:57:23 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Tue, 14 Nov 2023 14:44:58 GMT
location: https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=
server: AkamaiGHost

GET
H2

200

user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 68BC
Redirect Chain

https://ssc-cms.33across.com/ps/?us_privacy=&ts=1699973098326.7&ri=25&ru=https%3A%2F%2Fads.pubmatic.com%2FAdServer%2Fjs%2Fuser_sync.html%3F%26p%3D156423%26us_privacy%3D%24%7BUS_PRIVACY%7D%26predire...
https://ads.pubmatic.com/AdServer/js/user_sync.html?&p=156423&us_privacy=&predirect=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dh%26us_privacy%3D%26bidder_id%3D25%26external_user_id%3D

15 KB
6 KB

48ms
47ms

Document
text/html

184.24.36.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?&p=156423&us_privacy=&predirect=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dh%26us_privacy%3D%26bidder_id%3D25%26external_user_id%3D
Requested by: Host: hde.tynt.com
URL: https://hde.tynt.com/deb/?m=xch&rt=html&id=0015a00002oUk4aAAC&ru=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X&b=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.24.36.205 Lithia Springs, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-24-36-205.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 94061a925c5d84bf776554ac894020c407a9a4c89b979d538de3cf45591fe423

Request headers

Referer: https://hde.tynt.com/deb/?m=xch&rt=html&id=0015a00002oUk4aAAC&ru=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X&b=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=35786
content-encoding: gzip
content-length: 5606
content-type: text/html
date: Tue, 14 Nov 2023 14:44:58 GMT
expires: Wed, 15 Nov 2023 00:41:24 GMT
last-modified: Fri, 01 Sep 2023 11:18:33 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

Redirect headers

cache-control: no-store, no-cache, must-revalidate
content-length: 0
date: Tue, 14 Nov 2023 14:44:57 GMT
expires: Thu, 01-Jan-70 00:00:01 GMT
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?&p=156423&us_privacy=&predirect=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dh%26us_privacy%3D%26bidder_id%3D25%26external_user_id%3D
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
pragma: no-cache
referrer-policy: unsafe-url
server: 33XP018
x-33x-status: 40000000008200000A

GET
H2

200

setuid
u.4dex.io/ Frame B291
Redirect Chain

https://ssc-cms.33across.com/ps/?_=1699973098326.&ri=0015a00002oUk4aAAC&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X
https://u.4dex.io/setuid?bidder=33across&uid=212343793359664

0
655 B

83ms
82ms

Image
text/plain

34.149.40.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://u.4dex.io/setuid?bidder=33across&uid=212343793359664
Requested by: Host: hde.tynt.com
URL: https://hde.tynt.com/deb/?m=xch&rt=html&id=0015a00002oUk4aAAC&ru=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X&b=1
Protocol: H2
Server: 34.149.40.38 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 38.40.149.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://hde.tynt.com/deb/?m=xch&rt=html&id=0015a00002oUk4aAAC&ru=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X&b=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Nov 2023 14:44:58 GMT
via: 1.1 google
vary: Origin, Accept-Encoding
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 14 Nov 2023 14:44:58 GMT
referrer-policy: unsafe-url
server: 33XP001
x-33x-status: 100000000008200000A
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location: https://u.4dex.io/setuid?bidder=33across&uid=212343793359664
cache-control: no-store, no-cache, must-revalidate
content-length: 0
expires: Thu, 01-Jan-70 00:00:01 GMT

GET
H3

200

match
events-ssc.33across.com/ Frame B291
Redirect Chain

https://x.bidswitch.net/sync?ssp=the33across&us_privacy=
https://x.bidswitch.net/ul_cb/sync?ssp=the33across&us_privacy=
https://t.pswec.com/bsw_sync?ssp=the33across&bsw_user_id=f0c97ce2-cff2-4fe8-8a14-1660a8904835
https://t.pswec.com/ul_cb/bsw_sync?ssp=the33across&bsw_user_id=f0c97ce2-cff2-4fe8-8a14-1660a8904835
https://x.bidswitch.net/sync?dsp_id=2&user_id=2b0c7282-f9b5-41bf-8c41-b30e8ebb060b&expires=3&user_group=1&ssp=the33across
https://ssc-cms.33across.com/ps/?xi=10&us_privacy=&xu=f0c97ce2-cff2-4fe8-8a14-1660a8904835
https://events-ssc.33across.com/match?bidder_id=10&external_user_id=f0c97ce2-cff2-4fe8-8a14-1660a8904835&ts=1699973099&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

68 B
82 B

88ms
88ms

Image
image/png

34.117.239.71
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events-ssc.33across.com/match?bidder_id=10&external_user_id=f0c97ce2-cff2-4fe8-8a14-1660a8904835&ts=1699973099&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: hde.tynt.com
URL: https://hde.tynt.com/deb/?m=xch&rt=html&id=0015a00002oUk4aAAC&ru=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X&b=1
Protocol: H3
Server: 34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 71.239.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://hde.tynt.com/deb/?m=xch&rt=html&id=0015a00002oUk4aAAC&ru=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X&b=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:59 GMT
cache-control: no-cache, no-store, max-age=0, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68
content-type: image/png

Redirect headers

pragma: no-cache
date: Tue, 14 Nov 2023 14:44:59 GMT
referrer-policy: unsafe-url
server: 33XP001
x-33x-status: 8000000008200000A
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location: https://events-ssc.33across.com/match?bidder_id=10&external_user_id=f0c97ce2-cff2-4fe8-8a14-1660a8904835&ts=1699973099&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
cache-control: no-store, no-cache, must-revalidate
content-length: 0
expires: Thu, 01-Jan-70 00:00:01 GMT

GET
H2

200

match
events-ssc.33across.com/ Frame B291
Redirect Chain

https://ups.analytics.yahoo.com/ups/58350/sync?redir=true
https://ssc-cms.33across.com/ps/?xi=99&us_privacy=&xu=y-GrN1oadE2uEsbsdSTR5zqsQzItCZFyzT~A
https://events-ssc.33across.com/match?bidder_id=99&external_user_id=y-GrN1oadE2uEsbsdSTR5zqsQzItCZFyzT%7EA&ts=1699973098&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

68 B
226 B

86ms
42ms

Image
image/png

34.117.239.71
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events-ssc.33across.com/match?bidder_id=99&external_user_id=y-GrN1oadE2uEsbsdSTR5zqsQzItCZFyzT%7EA&ts=1699973098&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: hde.tynt.com
URL: https://hde.tynt.com/deb/?m=xch&rt=html&id=0015a00002oUk4aAAC&ru=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X&b=1
Protocol: H2
Server: 34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 71.239.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://hde.tynt.com/deb/?m=xch&rt=html&id=0015a00002oUk4aAAC&ru=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X&b=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:58 GMT
cache-control: no-cache, no-store, max-age=0, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68
content-type: image/png

Redirect headers

pragma: no-cache
date: Tue, 14 Nov 2023 14:44:57 GMT
referrer-policy: unsafe-url
server: 33XP020
x-33x-status: 8000000008200000A
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location: https://events-ssc.33across.com/match?bidder_id=99&external_user_id=y-GrN1oadE2uEsbsdSTR5zqsQzItCZFyzT%7EA&ts=1699973098&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
cache-control: no-store, no-cache, must-revalidate
content-length: 0
expires: Thu, 01-Jan-70 00:00:01 GMT

GET
H2

200

match
events-ssc.33across.com/ Frame B291
Redirect Chain

https://33across-match.dotomi.com/match/bounce/current?networkId=78390&version=1&us_privacy=
https://33across-match.dotomi.com/match/bounce/current?DotomiTest=69aed65e44351037&is_secure=true&networkId=78390&version=1&us_privacy=
https://ssc-cms.33across.com/ps?xi=64&xu=AAAHaBv4Gr3N5wN07OSKAAAAAAA&expiration=1700059498&is_secure=true&us_privacy=
https://events-ssc.33across.com/match?bidder_id=64&external_user_id=AAAHaBv4Gr3N5wN07OSKAAAAAAA&ts=1699973098&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

68 B
127 B

50ms
43ms

Image
image/png

34.117.239.71
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events-ssc.33across.com/match?bidder_id=64&external_user_id=AAAHaBv4Gr3N5wN07OSKAAAAAAA&ts=1699973098&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: hde.tynt.com
URL: https://hde.tynt.com/deb/?m=xch&rt=html&id=0015a00002oUk4aAAC&ru=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X&b=1
Protocol: H2
Server: 34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 71.239.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://hde.tynt.com/deb/?m=xch&rt=html&id=0015a00002oUk4aAAC&ru=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X&b=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:58 GMT
cache-control: no-cache, no-store, max-age=0, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68
content-type: image/png

Redirect headers

pragma: no-cache
date: Tue, 14 Nov 2023 14:44:57 GMT
referrer-policy: unsafe-url
server: 33XP007
x-33x-status: 8000000008200000A
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location: https://events-ssc.33across.com/match?bidder_id=64&external_user_id=AAAHaBv4Gr3N5wN07OSKAAAAAAA&ts=1699973098&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
cache-control: no-store, no-cache, must-revalidate
content-length: 0
expires: Thu, 01-Jan-70 00:00:01 GMT

GET
H2

200

match
events-ssc.33across.com/ Frame B291
Redirect Chain

https://eb2.3lift.com/getuid?gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fssc-cms.33across.com%2Fps%2F%3Fus_privacy%3D%26xi%3D33%26xu%3D%24UID
https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fssc-cms.33across.com%2Fps%2F%3Fus_privacy%3D%26xi%3D33%26xu%3D%24UID
https://ssc-cms.33across.com/ps/?us_privacy=&xi=33&xu=3187032228587469864208
https://events-ssc.33across.com/match?bidder_id=33&external_user_id=3187032228587469864208&ts=1699973098&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

68 B
118 B

43ms
42ms

Image
image/png

34.117.239.71
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events-ssc.33across.com/match?bidder_id=33&external_user_id=3187032228587469864208&ts=1699973098&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: hde.tynt.com
URL: https://hde.tynt.com/deb/?m=xch&rt=html&id=0015a00002oUk4aAAC&ru=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X&b=1
Protocol: H2
Server: 34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 71.239.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://hde.tynt.com/deb/?m=xch&rt=html&id=0015a00002oUk4aAAC&ru=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X&b=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:58 GMT
cache-control: no-cache, no-store, max-age=0, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68
content-type: image/png

Redirect headers

pragma: no-cache
date: Tue, 14 Nov 2023 14:44:58 GMT
referrer-policy: unsafe-url
server: 33XP016
x-33x-status: 8000000008200000A
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location: https://events-ssc.33across.com/match?bidder_id=33&external_user_id=3187032228587469864208&ts=1699973098&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
cache-control: no-store, no-cache, must-revalidate
content-length: 0
expires: Thu, 01-Jan-70 00:00:01 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame D852 46 KB
13 KB 73ms
73ms Script
text/html 23.220.141.176
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.220.141.176 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-220-141-176.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 01fb9092480a65465992a1f6ef9bdd2fab30d431f3c19b9924e604844bb56d5a

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date: Tue, 14 Nov 2023 14:44:58 GMT
Content-Encoding: gzip
Last-Modified: Mon, 13 Nov 2023 20:05:38 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=19240
Connection: keep-alive
Content-Length: 13280
Expires: Tue, 14 Nov 2023 20:05:38 GMT

GET
H/1.1 200
OK khaos.json Show response
token.rubiconproject.com/ Frame D852 7 B
798 B 41ms
40ms XHR
application/json 69.173.151.100
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://token.rubiconproject.com/khaos.json?khaos=LOYG384P-1A-3TH2
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: a1dd48c657971696c2087f2a6beb489ee65b25320b763222f10718dd93e9149e

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://eus.rubiconproject.com
Cache-Control: no-cache,no-store,must-revalidate
access-control-allow-credentials: true
content-length: 7
X-RPHost: 0b388c490ecfef74be7d13328a4f3ac3
Expires: 0

GET
H2

200

match
events-ssc.33across.com/ Frame D852
Redirect Chain

https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=33across&us_privacy=&khaos=LOYG384P-1A-3TH2
https://ssc-cms.33across.com/ps/?xi=1&xu=LOYG384P-1A-3TH2
https://events-ssc.33across.com/match?bidder_id=30&external_user_id=LOYG384P-1A-3TH2&ts=1699973098&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

68 B
127 B

43ms
42ms

Image
image/png

34.117.239.71
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events-ssc.33across.com/match?bidder_id=30&external_user_id=LOYG384P-1A-3TH2&ts=1699973098&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: hde.tynt.com
URL: https://hde.tynt.com/deb/?m=xch&rt=html&id=0015a00002oUk4aAAC&ru=https%3A%2F%2Fu.4dex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X&b=1
Protocol: H2
Server: 34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 71.239.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:58 GMT
cache-control: no-cache, no-store, max-age=0, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68
content-type: image/png

Redirect headers

pragma: no-cache
date: Tue, 14 Nov 2023 14:44:58 GMT
referrer-policy: unsafe-url
server: 33XP006
x-33x-status: 8000000008200000A
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location: https://events-ssc.33across.com/match?bidder_id=30&external_user_id=LOYG384P-1A-3TH2&ts=1699973098&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
cache-control: no-store, no-cache, must-revalidate
content-length: 0
expires: Thu, 01-Jan-70 00:00:01 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 612E 42 B
64 B 138ms
64ms Fetch
image/gif 142.251.111.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv4e6mVBZ5U8kUiiHmw4xaLn44EMZjIhf1BGvaR35sjz_e_g4jqzIpzIo8Nrl4Kjmbho5zZ89oghgmtluAWljnfvnDB5xYN7q2469nrRdssaeZs8KEUMw&sig=Cg0ArKJSzCqT1xQTXquuEAE&id=lidar2&mcvt=1000&p=189,1152,789,1272&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231113&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3069661672&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1699973097415&rpt=204&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.111.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bk-in-f154.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Nov 2023 14:44:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 /
onetag-sys.com/usync/ Frame 5E55 0
0 332ms
26ms Document
text/plain 51.222.39.184
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=6b859b96c564fbe&gdpr=0&gdpr_consent=&us_privacy=

Requested by

Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.222.39.184 , Canada, ASN16276 (OVH, FR),

Reverse DNS

ip184.ip-51-222-39.net

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://plugins4free.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
cache-control: no-store
strict-transport-security: max-age=15552000

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 111ms
35ms Preflight
application/json 74.119.119.139
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fplugins4free.com%2F&domain=plugins4free.com&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.119.139 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://plugins4free.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://plugins4free.com
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Tue, 14 Nov 2023 14:44:59 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 327065
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET /
id.a-mx.com/sync/ 0
0

GET json
gum.criteo.com/sid/ 0
0

POST
H2 200 prebid Show response
id5-sync.com/api/config/ 135 B
416 B 113ms
112ms Fetch
application/json 162.19.138.117
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/config/prebid

Requested by

Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-8.21.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.117 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533568.ip-162-19-138.eu

Software

Resource Hash

919c98e15e2d018403dcd1bd6c6501a6646518001a15f399c003711fcd808f44

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://plugins4free.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: https://plugins4free.com
date: Tue, 14 Nov 2023 14:44:58 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
content-type: application/json;charset=UTF-8

GET
H2 200 pbjs Show response
sync.quantumdex.io/usersync/ Frame 38FE 5 KB
1 KB 48ms
43ms Document
text/html 104.22.36.96
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.quantumdex.io/usersync/pbjs
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-8.21.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.22.36.96 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 87975c3b8e2865a56251e701de5ef48d0c7cb7776b365e91204d0317bbe56159

Request headers

Referer: https://plugins4free.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cf-cache-status: DYNAMIC
cf-ray: 8260091fcb93a241-YYZ
content-encoding: gzip
content-type: text/html
date: Tue, 14 Nov 2023 14:44:59 GMT
server: cloudflare

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame AD42 52 KB
17 KB 1185ms
52ms Document
text/html 184.24.36.191
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-8.21.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.24.36.191 Lithia Springs, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-24-36-191.deploy.static.akamaitechnologies.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://plugins4free.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Origin: *
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Tue, 14 Nov 2023 14:45:00 GMT
ETag: "623de86a-cf34"
Expires: Wed, 15 Nov 2023 14:45:02 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding

GET
H2 200 isyn Show response
prebid.a-mo.net/ Frame AC9A 2 KB
745 B 30ms
30ms Document
text/html 147.75.195.55
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/isyn?gdpr_consent=&gdpr=0&us_privacy=&gpp=&gpp_sid=
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-8.21.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.75.195.55 Parsippany, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e638a2b793e89090f809c41f419eca3216554288b4bff7b45b01183cdf3697c0

Request headers

Referer: https://plugins4free.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: max-age=0, private, must-revalidate
content-encoding: gzip
content-length: 654
content-type: text/html; charset=utf-8
date: Tue, 14 Nov 2023 14:44:58 GMT
server: envoy
vary: accept-encoding
x-envoy-upstream-service-time: 1

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame D996 15 KB
6 KB 47ms
47ms Document
text/html 184.24.36.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=157940
Requested by: Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-8.21.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.24.36.205 Lithia Springs, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-24-36-205.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 94061a925c5d84bf776554ac894020c407a9a4c89b979d538de3cf45591fe423

Request headers

Referer: https://plugins4free.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=35785
content-encoding: gzip
content-length: 5606
content-type: text/html
date: Tue, 14 Nov 2023 14:44:59 GMT
expires: Wed, 15 Nov 2023 00:41:24 GMT
last-modified: Fri, 01 Sep 2023 11:18:33 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET cframe.js
assets.a-mo.net/js/ Frame AC9A 0
0

GET
H2

200

setuid
sync.quantumdex.io/ Frame 38FE
Redirect Chain

https://match.sharethrough.com/FGMrCMMc/v1?redirectUri=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsharethrough%26uid%3D%24UID
https://sync.quantumdex.io/setuid?bidder=sharethrough&uid=87fb8ab2-46d1-4802-8255-c4160004c6c0

43 B
94 B

40ms
39ms

Image
image/gif

104.22.36.96
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=sharethrough&uid=87fb8ab2-46d1-4802-8255-c4160004c6c0
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: H2
Server: 104.22.36.96 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:45:00 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 82600925fbb7a241-YYZ
content-length: 43
content-type: image/gif

Redirect headers

location: https://sync.quantumdex.io/setuid?bidder=sharethrough&uid=87fb8ab2-46d1-4802-8255-c4160004c6c0
date: Tue, 14 Nov 2023 14:45:00 GMT
content-length: 0

GET
H2

200

setuid
sync.quantumdex.io/ Frame 38FE
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dappnexus%26uid%3D%24UID
https://sync.quantumdex.io/setuid?bidder=appnexus&uid=3384027298418322803

43 B
105 B

40ms
40ms

Image
image/gif

104.22.36.96
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=appnexus&uid=3384027298418322803
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: H2
Server: 104.22.36.96 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:59 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 826009204c67a241-YYZ
content-length: 43
content-type: image/gif

Redirect headers

pragma: no-cache
date: Tue, 14 Nov 2023 14:44:59 GMT
an-x-request-uuid: a723974a-a1fe-4428-8378-4be6e39eb55f
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://sync.quantumdex.io/setuid?bidder=appnexus&uid=3384027298418322803
x-proxy-origin: 62.3.36.111; 62.3.36.111; 672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET match
ads.betweendigital.com/ Frame 38FE 0
0

GET pixel
ap.lijit.com/ Frame 38FE 0
0

GET
H2

200

setuid
sync.quantumdex.io/ Frame 38FE
Redirect Chain

https://s.ad.smaato.net/c/?adExInit=p&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsmaato%26uid%3D%24UID
https://sync.quantumdex.io/setuid?bidder=smaato&uid=29dc6481b8

43 B
94 B

43ms
43ms

Image
image/gif

104.22.36.96
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=smaato&uid=29dc6481b8
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: H2
Server: 104.22.36.96 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:59 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 826009205c79a241-YYZ
content-length: 43
content-type: image/gif

Redirect headers

date: Tue, 14 Nov 2023 14:44:55 GMT
via: 1.1 782e548cb0b1b64c63d995fc59568b48.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: IAD89-P2
age: 4
x-cache: Hit from cloudfront
location: https://sync.quantumdex.io/setuid?bidder=smaato&uid=29dc6481b8
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: B3X9N6xqyAImZRyUNb5JS-_AIBLKADpP-kmcGOYU61l-4Z-TJ8gXhQ==

GET /
ssp.disqus.com/redirectuser/ Frame 38FE 0
0

GET
H2

200

setuid
sync.quantumdex.io/ Frame 38FE
Redirect Chain

https://id5-sync.com/i/495/0.gif?callback=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dinmobi%26uid%3D%7BID5UID%7D
https://id5-sync.com/c/495/0/0/1.gif?gdpr=0&gdpr_consent=&us_privacy=
https://sync.quantumdex.io/setuid?bidder=inmobi&uid=ID5-08db39uvLHYOsB9Byz6RB1tDic9g9cDpyuYkRSHuhA

43 B
117 B

47ms
46ms

Image
image/gif

104.22.36.96
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=inmobi&uid=ID5-08db39uvLHYOsB9Byz6RB1tDic9g9cDpyuYkRSHuhA
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: H2
Server: 104.22.36.96 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:45:00 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8260092479dfa241-YYZ
content-length: 43
content-type: image/gif

Redirect headers

location: https://sync.quantumdex.io/setuid?bidder=inmobi&uid=ID5-08db39uvLHYOsB9Byz6RB1tDic9g9cDpyuYkRSHuhA
date: Tue, 14 Nov 2023 14:44:59 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"

GET usermatch
ssum-sec.casalemedia.com/ Frame 9A08 0
0

GET rmphb
sync.1rx.io/usersync2/ Frame C980 0
0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 70D0 15 KB
6 KB 47ms
47ms Document
text/html 184.24.36.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.24.36.205 Lithia Springs, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-24-36-205.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 94061a925c5d84bf776554ac894020c407a9a4c89b979d538de3cf45591fe423

Request headers

Referer: https://sync.quantumdex.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=35785
content-encoding: gzip
content-length: 5606
content-type: text/html
date: Tue, 14 Nov 2023 14:44:59 GMT
expires: Wed, 15 Nov 2023 00:41:24 GMT
last-modified: Fri, 01 Sep 2023 11:18:33 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2 200 sync Show response
eb2.3lift.com/ Frame D1EC 1 KB
2 KB 41ms
41ms Document
text/html 35.71.139.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&gpp=&gpp_sid=&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dtriplelift%26uid%3D%24UID
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.71.139.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: afb83dd09526a6517.awsglobalaccelerator.com
Software: /
Resource Hash: 8b81a319760eaecc03ba89a79e30082e21ee5d18c0c995cd43745a9ce1167192

Request headers

Referer: https://sync.quantumdex.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 1343
content-type: text/html; charset=utf-8
date: Tue, 14 Nov 2023 14:44:59 GMT
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1 200
OK user-sync Show response
sync.adkernel.com/ Frame C66A 341 B
667 B 1126ms
38ms Document
text/html 174.137.133.32
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.adkernel.com/user-sync?zone=185416&r=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dxapads-mw%26uid%3D%7BUID%7D
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 174.137.133.32 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: c269169b3e779c611da9b3c56a267d4c827da507c29b6c0c0661155255f797e8

Request headers

Referer: https://sync.quantumdex.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Age: 0
Cache-Control: no-store
Connection: close
Content-Length: 341
Content-Type: text/html; charset=utf-8
Date: Tue, 14 Nov 2023 14:45:00 GMT
Pragma: no-cache
Server: nginx

GET
H/1.1 200
OK user-sync Show response
sync.adkernel.com/ Frame 5E2E 342 B
669 B 1127ms
41ms Document
text/html 174.137.133.32
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.adkernel.com/user-sync?zone=148144&r=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dxapads-mw%26uid%3D%7BUID%7D
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 174.137.133.32 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: 0c18b408af483727b22580fa149ae1d47a04f97c824ca7eabae3bcf113acf2d0

Request headers

Referer: https://sync.quantumdex.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Age: 0
Cache-Control: no-store
Connection: close
Content-Length: 342
Content-Type: text/html; charset=utf-8
Date: Tue, 14 Nov 2023 14:45:00 GMT
Pragma: no-cache
Server: nginx

GET
H/1.1 200
OK user-sync Show response
sync.adkernel.com/ Frame C014 706 B
1 KB 1190ms
62ms Document
text/html 174.137.133.32
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.adkernel.com/user-sync?zone=149271&r=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dxapads-mw%26uid%3D%7BUID%7D
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 174.137.133.32 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: 133e3ee4a34fcab01f73c33663b16d8df46df87e0ab51b199d1aa84cad67f5b8

Request headers

Referer: https://sync.quantumdex.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Age: 0
Cache-Control: no-store
Connection: close
Content-Length: 706
Content-Type: text/html; charset=utf-8
Date: Tue, 14 Nov 2023 14:45:00 GMT
Pragma: no-cache
Server: nginx

GET
H2 204 /
onetag-sys.com/usync/ Frame 461C 0
0 28ms
27ms Document
text/plain 51.222.39.184
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=2bb78272a859ca6

Requested by

Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.222.39.184 , Canada, ASN16276 (OVH, FR),

Reverse DNS

ip184.ip-51-222-39.net

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://sync.quantumdex.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
cache-control: no-store
strict-transport-security: max-age=15552000

GET
H2 200 sync-iframe Show response
cs-server-s2s.yellowblue.io/ Frame C0EF 2 KB
3 KB 1122ms
42ms Document
text/html 34.198.150.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://cs-server-s2s.yellowblue.io/sync-iframe?gdpr=&gdpr_consent=&redirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Drise%26uid%3D%7BpartnerId%7D
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 34.198.150.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-198-150-224.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash: 8ad4979def44438bd872867112f36987bbde36da030c2f3730931d7dba11abe0

Request headers

Referer: https://sync.quantumdex.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://sync.quantumdex.io/
content-type: text/html
date: Tue, 14 Nov 2023 14:45:00 GMT
server: istio-envoy
x-envoy-upstream-service-time: 2

GET
H/1.1 200
OK user-sync Show response
sync.adkernel.com/ Frame DEF5 439 B
909 B 1871ms
55ms Document
text/html 174.137.133.32
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.adkernel.com/user-sync?zone=184388&r=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dxap-184388%26uid%3D%7BUID%7D
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/pbjs
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 174.137.133.32 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: 22a0698e99f012d227a2e1cdbf8fc0586806efe9bbb601ae455e4c53eff7fe66

Request headers

Referer: https://sync.quantumdex.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Age: 0
Cache-Control: no-store
Connection: close
Content-Length: 439
Content-Type: text/html; charset=utf-8
Date: Tue, 14 Nov 2023 14:45:01 GMT
Pragma: no-cache
Server: nginx

GET
H2 200 v1 Show response
lb.eu-1-id5-sync.com/lb/ 33 B
276 B 350ms
116ms Fetch
application/json 162.19.138.120
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://lb.eu-1-id5-sync.com/lb/v1

Requested by

Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-8.21.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.120 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533571.ip-162-19-138.eu

Software

Resource Hash

6241154e2a92e9fb73d8f76ccc19a491d3f185772a970b0d6ad959bb6248cdf9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://plugins4free.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: https://plugins4free.com
date: Tue, 14 Nov 2023 14:44:59 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
content-type: application/json;charset=UTF-8

GET
H2

200

xuid
eb2.3lift.com/ Frame D1EC
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=0&gdpr_consent=
https://eb2.3lift.com/xuid?mid=3658&xuid=1f84e42a-3857-4e14-8d09-cf8ba9f90468&dongle=0cfd&gdpr=0&gdpr_consent=

37 B
354 B

44ms
43ms

Image
image/gif

35.71.139.29
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=3658&xuid=1f84e42a-3857-4e14-8d09-cf8ba9f90468&dongle=0cfd&gdpr=0&gdpr_consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&gpp=&gpp_sid=&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dtriplelift%26uid%3D%24UID
Protocol: H2
Server: 35.71.139.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: afb83dd09526a6517.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

content-type: image/gif
date: Tue, 14 Nov 2023 14:45:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: https://eb2.3lift.com/xuid?mid=3658&xuid=1f84e42a-3857-4e14-8d09-cf8ba9f90468&dongle=0cfd&gdpr=0&gdpr_consent=
date: Tue, 14 Nov 2023 14:45:00 GMT
server: Kestrel
content-length: 251

GET
H2

200

ebda
eb2.3lift.com/ Frame D1EC
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&gdpr=0&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=0&gdpr_consent=&us_privacy=&google_hm=MzE4NzAzMjIyODU4NzQ2OTg2NDIwOA%3D%3D
https://eb2.3lift.com/ebda?gdpr=0&gdpr_consent=

37 B
140 B

40ms
40ms

Image
image/gif

35.71.139.29
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/ebda?gdpr=0&gdpr_consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&gpp=&gpp_sid=&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dtriplelift%26uid%3D%24UID
Protocol: H2
Server: 35.71.139.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: afb83dd09526a6517.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:59 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

Redirect headers

pragma: no-cache
date: Tue, 14 Nov 2023 14:44:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://eb2.3lift.com/ebda?gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 248
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

xuid
eb2.3lift.com/ Frame D1EC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=0&gdpr_consent=
https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEFe7I5ClshJIgCzKpfJYzYU&dongle=c627&gdpr=0&gdpr_consent=&google_cver=1

37 B
355 B

43ms
42ms

Image
image/gif

35.71.139.29
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEFe7I5ClshJIgCzKpfJYzYU&dongle=c627&gdpr=0&gdpr_consent=&google_cver=1
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&gpp=&gpp_sid=&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dtriplelift%26uid%3D%24UID
Protocol: H2
Server: 35.71.139.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: afb83dd09526a6517.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

content-type: image/gif
date: Tue, 14 Nov 2023 14:44:59 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma: no-cache
date: Tue, 14 Nov 2023 14:44:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEFe7I5ClshJIgCzKpfJYzYU&dongle=c627&gdpr=0&gdpr_consent=&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 332
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D1EC
Redirect Chain

https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=0&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=0&gdpr_consent=&us_privacy=&google_hm=MzE4NzAzMjIyODU4NzQ2OTg2NDIwOA%3D%3D

170 B
188 B

48ms
48ms

Image
image/png

142.251.167.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=0&gdpr_consent=&us_privacy=&google_hm=MzE4NzAzMjIyODU4NzQ2OTg2NDIwOA%3D%3D

Requested by

Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&gpp=&gpp_sid=&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dtriplelift%26uid%3D%24UID

Protocol

Server

142.251.167.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Nov 2023 14:44:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=0&gdpr_consent=&us_privacy=&google_hm=MzE4NzAzMjIyODU4NzQ2OTg2NDIwOA%3D%3D
date: Tue, 14 Nov 2023 14:44:59 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 setuid
px.ads.linkedin.com/ Frame D1EC 0
367 B 101ms
99ms Image
text/plain 13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/setuid?partner=tripleliftdbredirect&tlUid=3187032228587469864208&dbredirect=true&gdpr=0&consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&gpp=&gpp_sid=&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dtriplelift%26uid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:59 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: F00B42830FA146989BAFCFCABDAB9A7A Ref B: CHGEDGE1209 Ref C: 2023-11-14T14:44:59Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYKHdS7BaJ7HmDE2EXUzw==

GET
H2

200

xuid
eb2.3lift.com/ Frame D1EC
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/triplelift/3187032228587469864208?gdpr=0&gdpr_consent=
https://eb2.3lift.com/xuid?mid=2662&xuid=y-CteISJpE2oTB5jYYiYKb.nt3vatWXpnXu6lfz8tH3Q--~A&dongle=0883

37 B
355 B

43ms
43ms

Image
image/gif

35.71.139.29
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=2662&xuid=y-CteISJpE2oTB5jYYiYKb.nt3vatWXpnXu6lfz8tH3Q--~A&dongle=0883
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&gpp=&gpp_sid=&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dtriplelift%26uid%3D%24UID
Protocol: H2
Server: 35.71.139.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: afb83dd09526a6517.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

content-type: image/gif
date: Tue, 14 Nov 2023 14:44:59 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

date: Tue, 14 Nov 2023 14:44:59 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://eb2.3lift.com/xuid?mid=2662&xuid=y-CteISJpE2oTB5jYYiYKb.nt3vatWXpnXu6lfz8tH3Q--~A&dongle=0883
content-length: 0

GET
H2

200

xuid
eb2.3lift.com/ Frame D1EC
Redirect Chain

https://x.bidswitch.net/sync?ssp=triplelift&user_id=3187032228587469864208&gdpr=0&gdpr_consent=${GDPR_CONSENT}
https://beacon.lynx.cognitivlabs.com/bidSwitch.gif?bidswitch_ssp_id=triplelift&bsw_custom_parameter=f0c97ce2-cff2-4fe8-8a14-1660a8904835
https://x.bidswitch.net/sync?dsp_id=425&user_group=1&expires=365&user_id=a3de0b85-807a-417a-92da-6288943555ad&ssp=triplelift&bsw_param=f0c97ce2-cff2-4fe8-8a14-1660a8904835
https://eb2.3lift.com/xuid?mid=2409&xuid=f0c97ce2-cff2-4fe8-8a14-1660a8904835&dongle=d3d3&gdpr=&gdpr_consent=&gdpr_pd=

37 B
354 B

43ms
43ms

Image
image/gif

35.71.139.29
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=2409&xuid=f0c97ce2-cff2-4fe8-8a14-1660a8904835&dongle=d3d3&gdpr=&gdpr_consent=&gdpr_pd=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&gpp=&gpp_sid=&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dtriplelift%26uid%3D%24UID
Protocol: H2
Server: 35.71.139.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: afb83dd09526a6517.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

content-type: image/gif
date: Tue, 14 Nov 2023 14:45:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Location: //eb2.3lift.com/xuid?mid=2409&xuid=f0c97ce2-cff2-4fe8-8a14-1660a8904835&dongle=d3d3&gdpr=&gdpr_consent=&gdpr_pd=
Date: Tue, 14 Nov 2023 14:45:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET usersync.aspx
dis.criteo.com/dis/ Frame D1EC 0
0

GET
H2

200

xuid
eb2.3lift.com/ Frame D1EC
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D3335%26xuid%3D%24UID%26dongle%3D4d58%26gdpr=0%26gdpr_consent=
https://eb2.3lift.com/xuid?mid=3335&xuid=3384027298418322803&dongle=4d58&gdpr=0&gdpr_consent=

37 B
355 B

43ms
42ms

Image
image/gif

35.71.139.29
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=3335&xuid=3384027298418322803&dongle=4d58&gdpr=0&gdpr_consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&gpp=&gpp_sid=&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dtriplelift%26uid%3D%24UID
Protocol: H2
Server: 35.71.139.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: afb83dd09526a6517.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

content-type: image/gif
date: Tue, 14 Nov 2023 14:44:59 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma: no-cache
date: Tue, 14 Nov 2023 14:44:59 GMT
an-x-request-uuid: 36e7cd67-8a85-4fdc-af7b-73c4a202365a
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://eb2.3lift.com/xuid?mid=3335&xuid=3384027298418322803&dongle=4d58&gdpr=0&gdpr_consent=
x-proxy-origin: 62.3.36.111; 62.3.36.111; 672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 setuid
ib.adnxs.com/prebid/ Frame D1EC 43 B
1 KB 39ms
37ms Image
image/gif 68.67.160.114
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/prebid/setuid?bidder=triplelift_native&gdpr=0&gdpr_consent=&uid=3187032228587469864208

Requested by

Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&gpp=&gpp_sid=&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dtriplelift%26uid%3D%24UID

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.160.114 Brooklyn, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Nov 2023 14:44:59 GMT
an-x-request-uuid: 49f0804b-4290-41d5-a767-f53b52d754ee
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 62.3.36.111; 62.3.36.111; 672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 70D0 0
40 B 34ms
34ms Script
text/plain 8.28.7.81
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=13672237&p=0&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 8.28.7.81 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:44:59 GMT
content-length: 0

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 831D
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CNpK054dTZY2QHsnCxtYP6d6w0AWj6seMdNGr4K_UEWQQASDCkZocYP2gmYHoA6AB6qf15APIAQmoAwHIA8sEqgTUAU_QzD8Gcx5BHGtRERbq6tCXC6nerV-sICu5PdlxWYgGTBO-EIeQj_M...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xa05050a60223603b0000000000000000%22,%222%22:%220xd73862c2e35eddeb0000000000000000%22,%223%22:%220x88a889...

0
0

63ms
63ms

Fetch
text/css

142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xa05050a60223603b0000000000000000%22,%222%22:%220xd73862c2e35eddeb0000000000000000%22,%223%22:%220x88a889134529c30b0000000000000000%22,%224%22:%220x17f5f6d07f3bcc0000000000000000%22,%225%22:%220xd5ad11027c5ffd890000000000000000%22},%22debug_key%22:%2214436223436664855225%22,%22debug_reporting%22:true,%22destination%22:%22https://appsumo.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%221016943594%22],%224%22:[%2211-14%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2210709300583103654609%22}&andc=true

Requested by

Host: plugins4free.com
URL: https://plugins4free.com/plugin/2593/

Protocol

Server

142.251.16.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:45:00 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"1":"0xa05050a60223603b0000000000000000","2":"0xd73862c2e35eddeb0000000000000000","3":"0x88a889134529c30b0000000000000000","4":"0x17f5f6d07f3bcc0000000000000000","5":"0xd5ad11027c5ffd890000000000000000"},"debug_key":"14436223436664855225","debug_reporting":true,"destination":"https://appsumo.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["1016943594"],"4":["11-14"],"6":["true"]},"priority":"500","source_event_id":"10709300583103654609"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 14 Nov 2023 14:45:00 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 14 Nov 2023 14:44:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0xa05050a60223603b0000000000000000","2":"0xd73862c2e35eddeb0000000000000000","3":"0x88a889134529c30b0000000000000000","4":"0x17f5f6d07f3bcc0000000000000000","5":"0xd5ad11027c5ffd890000000000000000"},"debug_key":"14436223436664855225","debug_reporting":true,"destination":"https://appsumo.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["1016943594"],"4":["11-14"],"6":["true"]},"priority":"500","source_event_id":"10709300583103654609"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 IgLScqdiOg8g0FW65X_u-4WKM1KDPqNvzEOKiVhX0wc.js Show response
pagead2.googlesyndication.com/bg/ Frame D122 39 KB
15 KB 39ms
39ms Script
text/javascript 142.251.111.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IgLScqdiOg8g0FW65X_u-4WKM1KDPqNvzEOKiVhX0wc.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.111.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bk-in-f154.1e100.net

Software

sffe /

Resource Hash

2202d272a7623a0f20d055bae57feefb858a3352833ea36fcc438a895857d307

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Thu, 09 Nov 2023 22:10:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 405265
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15051
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 08 Nov 2024 22:10:34 GMT

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 387ms
61ms Preflight
text/html 142.251.16.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f157.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 14 Nov 2023 14:45:00 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 696.json Show response
id5-sync.com/g/v2/ 603 B
1 KB 187ms
113ms Fetch
application/json 162.19.138.117
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/696.json

Requested by

Host: assets.vlitag.com
URL: https://assets.vlitag.com/prebid/default/prebid-8.21.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.117 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533568.ip-162-19-138.eu

Software

Resource Hash

bd15bb8104eb62ad332e29dc576fefcfd491712c15d599a8f2fac66ea8ca90c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://plugins4free.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: https://plugins4free.com
date: Tue, 14 Nov 2023 14:44:59 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
p3p: CP="CAO PSA OUR"
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
content-type: application/json;charset=UTF-8

GET
H2

200

cs
cs.yellowblue.io/ Frame C0EF
Redirect Chain

https://match.sharethrough.com/universal/v1?supply_id=5926d422&gdpr=0&gdpr_consent=
https://cs.yellowblue.io/cs?aid=11587&uid=0f68a618-c705-4253-95b1-8f2bb1107349&gdpr=0

0
329 B

50ms
38ms

Image
application/javascript

34.198.150.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.yellowblue.io/cs?aid=11587&uid=0f68a618-c705-4253-95b1-8f2bb1107349&gdpr=0
Requested by: Host: cs-server-s2s.yellowblue.io
URL: https://cs-server-s2s.yellowblue.io/sync-iframe?gdpr=&gdpr_consent=&redirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Drise%26uid%3D%7BpartnerId%7D
Protocol: H2
Server: 34.198.150.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-198-150-224.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://cs-server-s2s.yellowblue.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:45:00 GMT
server: istio-envoy
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/javascript
access-control-allow-origin: https://cs-server-s2s.yellowblue.io/
access-control-allow-credentials: true
x-envoy-upstream-service-time: 0
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
content-length: 0

Redirect headers

location: https://cs.yellowblue.io/cs?aid=11587&uid=0f68a618-c705-4253-95b1-8f2bb1107349&gdpr=0
date: Tue, 14 Nov 2023 14:45:00 GMT
content-length: 0

GET
H2 200 ImgSync
image8.pubmatic.com/AdServer/ Frame C0EF 0
42 B 1115ms
29ms Image
text/plain 162.248.18.32

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image8.pubmatic.com/AdServer/ImgSync?p=160295&gdpr=0&gdpr_consent=&pu=https%3A%2F%2Fcs-server-s2s.yellowblue.io%2Fcs%3Faid%3D11576%26id%3D%23PMUID
Requested by: Host: cs-server-s2s.yellowblue.io
URL: https://cs-server-s2s.yellowblue.io/sync-iframe?gdpr=&gdpr_consent=&redirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Drise%26uid%3D%7BpartnerId%7D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.248.18.32 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://cs-server-s2s.yellowblue.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:45:01 GMT
content-length: 0

GET
H2

200

cs
cs.yellowblue.io/ Frame C0EF
Redirect Chain

https://ads.stickyadstv.com/user-matching?id=3663&gdpr=0&gdpr_consent=
https://cs.yellowblue.io/cs?aid=11601&id=53f46e8d69e48ef4c514fdc2611ac4a8&gdpr_consent=&gdpr=0

0
329 B

39ms
38ms

Image
application/javascript

34.198.150.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.yellowblue.io/cs?aid=11601&id=53f46e8d69e48ef4c514fdc2611ac4a8&gdpr_consent=&gdpr=0
Requested by: Host: cs-server-s2s.yellowblue.io
URL: https://cs-server-s2s.yellowblue.io/sync-iframe?gdpr=&gdpr_consent=&redirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Drise%26uid%3D%7BpartnerId%7D
Protocol: H2
Server: 34.198.150.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-198-150-224.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://cs-server-s2s.yellowblue.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:45:00 GMT
server: istio-envoy
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/javascript
access-control-allow-origin: https://cs-server-s2s.yellowblue.io/
access-control-allow-credentials: true
x-envoy-upstream-service-time: 0
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
content-length: 0

Redirect headers

Pragma: no-cache
Date: Tue, 14 Nov 2023 14:45:00 GMT
Server: nginx
Access-Control-Allow-Origin: *
Location: https://cs.yellowblue.io/cs?aid=11601&id=53f46e8d69e48ef4c514fdc2611ac4a8&gdpr_consent=&gdpr=0
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
x-sticky-vk: 1699973100770066-322

GET
H2

200

cs
cs-server-s2s.yellowblue.io/ Frame C0EF
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=58ceaaf5-c766-4c17-869a-d76e43401714&gdpr=0&gdpr_consent=&r=https%3A%2F%2Fcs-server-s2s.yellowblue.io%2Fcs%3Faid%3D11563%26id%3D
https://us-u.openx.net/w/1.0/cm?cc=1&id=58ceaaf5-c766-4c17-869a-d76e43401714&gdpr=0&gdpr_consent=&r=https%3A%2F%2Fcs-server-s2s.yellowblue.io%2Fcs%3Faid%3D11563%26id%3D
https://cs-server-s2s.yellowblue.io/cs?aid=11563&id=0da10372-245a-47c4-9e93-692363ef549d

0
329 B

40ms
40ms

Image
application/javascript

34.198.150.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs-server-s2s.yellowblue.io/cs?aid=11563&id=0da10372-245a-47c4-9e93-692363ef549d
Requested by: Host: cs-server-s2s.yellowblue.io
URL: https://cs-server-s2s.yellowblue.io/sync-iframe?gdpr=&gdpr_consent=&redirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Drise%26uid%3D%7BpartnerId%7D
Protocol: H2
Server: 34.198.150.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-198-150-224.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://cs-server-s2s.yellowblue.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:45:00 GMT
server: istio-envoy
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/javascript
access-control-allow-origin: https://cs-server-s2s.yellowblue.io/
access-control-allow-credentials: true
x-envoy-upstream-service-time: 3
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
content-length: 0

Redirect headers

date: Tue, 14 Nov 2023 14:45:00 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
location: https://cs-server-s2s.yellowblue.io/cs?aid=11563&id=0da10372-245a-47c4-9e93-692363ef549d
p3p: CP="CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 cksync.php
contextual.media.net/ Frame C0EF 53 B
614 B 1208ms
103ms Image
image/gif 23.220.116.33

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=25&type=ris&ovsid=%7B%7BAPID%7D%7D&redirect=https%3A%2F%2Fcs-server-s2s.yellowblue.io%2Fcs%3Faid%3D11585%26id%3D%3Cvsid%3E

Requested by

Host: cs-server-s2s.yellowblue.io
URL: https://cs-server-s2s.yellowblue.io/sync-iframe?gdpr=&gdpr_consent=&redirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Drise%26uid%3D%7BpartnerId%7D

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.220.116.33 -, , ASN (),

Reverse DNS

Software

Apache /

Resource Hash

9d96b2fe2d8d4a398a846ebee84e5e70ec37e0fc613b3e2a5aaa81b1bf2d8470

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://cs-server-s2s.yellowblue.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Tue, 14 Nov 2023 14:45:01 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 53
x-mnet-hl2: E
expires: Tue, 14 Nov 2023 14:45:01 GMT

GET
H2

200

cs
cs-server-s2s.yellowblue.io/ Frame C0EF
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fcs-server-s2s.yellowblue.io%2Fcs%3Faid%3D11596%26id%3D$UID&gdpr=0&gdpr_consent=
https://cs-server-s2s.yellowblue.io/cs?aid=11596&id=3384027298418322803&gdpr=0&gdpr_consent=

0
329 B

39ms
38ms

Image
application/javascript

34.198.150.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs-server-s2s.yellowblue.io/cs?aid=11596&id=3384027298418322803&gdpr=0&gdpr_consent=
Requested by: Host: cs-server-s2s.yellowblue.io
URL: https://cs-server-s2s.yellowblue.io/sync-iframe?gdpr=&gdpr_consent=&redirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Drise%26uid%3D%7BpartnerId%7D
Protocol: H2
Server: 34.198.150.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-198-150-224.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://cs-server-s2s.yellowblue.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:45:00 GMT
server: istio-envoy
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/javascript
access-control-allow-origin: https://cs-server-s2s.yellowblue.io/
access-control-allow-credentials: true
x-envoy-upstream-service-time: 0
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
content-length: 0

Redirect headers

pragma: no-cache
date: Tue, 14 Nov 2023 14:45:00 GMT
an-x-request-uuid: 363e1a4a-0c45-457c-bc84-2fd5867ebaca
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cs-server-s2s.yellowblue.io/cs?aid=11596&id=3384027298418322803&gdpr=0&gdpr_consent=
x-proxy-origin: 62.3.36.111; 62.3.36.111; 672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

cs
cs-server-s2s.yellowblue.io/ Frame C0EF
Redirect Chain

https://csync.loopme.me/?pubid=11362&gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fcs-server-s2s.yellowblue.io%2Fcs%3Faid%3D11571%26id%3D%7Bdevice_id%7D
https://cs-server-s2s.yellowblue.io/cs?aid=11571&id=ee22485a-1279-4ca6-abe3-d023a923a966&gdpr_consent=null&gdpr=0

0
329 B

39ms
39ms

Image
application/javascript

34.198.150.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs-server-s2s.yellowblue.io/cs?aid=11571&id=ee22485a-1279-4ca6-abe3-d023a923a966&gdpr_consent=null&gdpr=0
Requested by: Host: cs-server-s2s.yellowblue.io
URL: https://cs-server-s2s.yellowblue.io/sync-iframe?gdpr=&gdpr_consent=&redirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Drise%26uid%3D%7BpartnerId%7D
Protocol: H2
Server: 34.198.150.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-198-150-224.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://cs-server-s2s.yellowblue.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:45:01 GMT
server: istio-envoy
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/javascript
access-control-allow-origin: https://cs-server-s2s.yellowblue.io/
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
content-length: 0

Redirect headers

location: https://cs-server-s2s.yellowblue.io/cs?aid=11571&id=ee22485a-1279-4ca6-abe3-d023a923a966&gdpr_consent=null&gdpr=0
date: Tue, 14 Nov 2023 14:45:01 GMT
server: _
content-length: 0

GET
H2

200

cs
cs-server-s2s.yellowblue.io/ Frame C0EF
Redirect Chain

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcs-server-s2s.yellowblue.io%2Fcs%3Faid%3D11603%26gdpr%3D%5BGDPR%5D%26gdpr_consent%3D%5BUSER_CONSENT%5D%26uid%3D$%7BBSW_UUID%7D
https://cs-server-s2s.yellowblue.io/cs?aid=11603&gdpr=[GDPR]&gdpr_consent=[USER_CONSENT]&uid=f0c97ce2-cff2-4fe8-8a14-1660a8904835

0
329 B

39ms
39ms

Image
application/javascript

34.198.150.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs-server-s2s.yellowblue.io/cs?aid=11603&gdpr=[GDPR]&gdpr_consent=[USER_CONSENT]&uid=f0c97ce2-cff2-4fe8-8a14-1660a8904835
Requested by: Host: cs-server-s2s.yellowblue.io
URL: https://cs-server-s2s.yellowblue.io/sync-iframe?gdpr=&gdpr_consent=&redirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Drise%26uid%3D%7BpartnerId%7D
Protocol: H2
Server: 34.198.150.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-198-150-224.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://cs-server-s2s.yellowblue.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:45:00 GMT
server: istio-envoy
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/javascript
access-control-allow-origin: https://cs-server-s2s.yellowblue.io/
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
content-length: 0

Redirect headers

Location: https://cs-server-s2s.yellowblue.io/cs?aid=11603&gdpr=[GDPR]&gdpr_consent=[USER_CONSENT]&uid=f0c97ce2-cff2-4fe8-8a14-1660a8904835
Date: Tue, 14 Nov 2023 14:45:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H2

200

cs
cs-server-s2s.yellowblue.io/ Frame C0EF
Redirect Chain

https://sync.go.sonobi.com/us?gdpr=0&consent_string=&loc=https%3A%2F%2Fcs-server-s2s.yellowblue.io%2Fcs%3Faid%3D115667%26uid%3D%5BUID%5D
https://cs-server-s2s.yellowblue.io/cs?aid=115667&uid=a590c2b2-42e0-4915-8aa0-74beaccd5eb7

0
329 B

38ms
38ms

Image
application/javascript

34.198.150.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs-server-s2s.yellowblue.io/cs?aid=115667&uid=a590c2b2-42e0-4915-8aa0-74beaccd5eb7
Requested by: Host: cs-server-s2s.yellowblue.io
URL: https://cs-server-s2s.yellowblue.io/sync-iframe?gdpr=&gdpr_consent=&redirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Drise%26uid%3D%7BpartnerId%7D
Protocol: H2
Server: 34.198.150.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-198-150-224.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://cs-server-s2s.yellowblue.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:45:01 GMT
server: istio-envoy
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/javascript
access-control-allow-origin: https://cs-server-s2s.yellowblue.io/
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
content-length: 0

Redirect headers

pragma: no-cache
date: Tue, 14 Nov 2023 14:45:01 GMT
server: sonobi-go
vary: negotiate,Accept-Encoding
x-go-server: go-iad-2-6-83
content-type: text/plain; charset=utf8
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cs-server-s2s.yellowblue.io/cs?aid=115667&uid=a590c2b2-42e0-4915-8aa0-74beaccd5eb7
cache-control: no-cache, no-store, private
tcn: Choice
content-length: 0
x-xss-protection: 0
expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2

200

cs
cs-server-s2s.yellowblue.io/ Frame C0EF
Redirect Chain

https://ssc-cms.33across.com/ps/?ri=0015a00002hdV5tAAE&ru=https%3A%2F%2Fcs-server-s2s.yellowblue.io%2Fcs%3Faid%3D11580%26puid%3D33XUSERID33X
https://cs-server-s2s.yellowblue.io/cs?aid=11580&puid=212343793359664

0
329 B

39ms
38ms

Image
application/javascript

34.198.150.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs-server-s2s.yellowblue.io/cs?aid=11580&puid=212343793359664
Requested by: Host: cs-server-s2s.yellowblue.io
URL: https://cs-server-s2s.yellowblue.io/sync-iframe?gdpr=&gdpr_consent=&redirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Drise%26uid%3D%7BpartnerId%7D
Protocol: H2
Server: 34.198.150.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-198-150-224.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://cs-server-s2s.yellowblue.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:45:00 GMT
server: istio-envoy
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/javascript
access-control-allow-origin: https://cs-server-s2s.yellowblue.io/
access-control-allow-credentials: true
x-envoy-upstream-service-time: 0
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
content-length: 0

Redirect headers

pragma: no-cache
date: Tue, 14 Nov 2023 14:44:59 GMT
referrer-policy: unsafe-url
server: 33XP020
x-33x-status: 100000000008200000A
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location: https://cs-server-s2s.yellowblue.io/cs?aid=11580&puid=212343793359664
cache-control: no-store, no-cache, must-revalidate
content-length: 0
expires: Thu, 01-Jan-70 00:00:01 GMT

GET
H2 200 setuid
sync.quantumdex.io/ Frame C0EF 43 B
94 B 44ms
42ms Image
image/gif 104.22.36.96
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=rise&uid=wTamQn-zkp_s
Requested by: Host: cs-server-s2s.yellowblue.io
URL: https://cs-server-s2s.yellowblue.io/sync-iframe?gdpr=&gdpr_consent=&redirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Drise%26uid%3D%7BpartnerId%7D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.22.36.96 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://cs-server-s2s.yellowblue.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:45:00 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 826009274d5ca241-YYZ
content-length: 43
content-type: image/gif

GET
H2 200 setuid Show response
sync.quantumdex.io/ Frame C66A 43 B
94 B 43ms
40ms Document
image/gif 104.22.36.96
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.quantumdex.io/setuid?bidder=xapads-mw&uid=A668282022425806367
Requested by: Host: sync.adkernel.com
URL: https://sync.adkernel.com/user-sync?zone=185416&r=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dxapads-mw%26uid%3D%7BUID%7D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.22.36.96 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.adkernel.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cf-cache-status: DYNAMIC
cf-ray: 826009274d5ba241-YYZ
content-length: 43
content-type: image/gif
date: Tue, 14 Nov 2023 14:45:00 GMT
server: cloudflare

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame D844
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=rise_engage&endpoint=us-east
https://eus.rubiconproject.com/usync.html?p=rise_engage&endpoint=us-east

281 B
555 B

41ms
41ms

Document
text/html

23.220.141.176
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=rise_engage&endpoint=us-east
Requested by: Host: cs-server-s2s.yellowblue.io
URL: https://cs-server-s2s.yellowblue.io/sync-iframe?gdpr=&gdpr_consent=&redirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Drise%26uid%3D%7BpartnerId%7D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.220.141.176 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-220-141-176.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://cs-server-s2s.yellowblue.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Tue, 14 Nov 2023 14:45:00 GMT
ETag: "280525-119-60930cbd3cec0"
Last-Modified: Thu, 02 Nov 2023 19:57:23 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Tue, 14 Nov 2023 14:45:00 GMT
location: https://eus.rubiconproject.com/usync.html?p=rise_engage&endpoint=us-east
server: AkamaiGHost

GET
H2 204 /
onetag-sys.com/usync/ Frame 82A1 0
0 27ms
26ms Document
text/plain 51.222.39.184
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=69f48c2160c8113&gdpr=0&gdpr_consent=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.222.39.184 , Canada, ASN16276 (OVH, FR),

Reverse DNS

ip184.ip-51-222-39.net

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://cs-server-s2s.yellowblue.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
cache-control: no-store
strict-transport-security: max-age=15552000

GET
H2 200 setuid Show response
sync.quantumdex.io/ Frame 5E2E 43 B
94 B 43ms
43ms Document
image/gif 104.22.36.96
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.quantumdex.io/setuid?bidder=xapads-mw&uid=A5055803793460674223
Requested by: Host: sync.adkernel.com
URL: https://sync.adkernel.com/user-sync?zone=148144&r=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dxapads-mw%26uid%3D%7BUID%7D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.22.36.96 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.adkernel.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cf-cache-status: DYNAMIC
cf-ray: 826009275d6da241-YYZ
content-length: 43
content-type: image/gif
date: Tue, 14 Nov 2023 14:45:00 GMT
server: cloudflare

GET
H2 200 async_usersync Show response
ib.adnxs.com/ Frame AD42 0
592 B 38ms
37ms Script
text/html 68.67.160.114
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.160.114 Brooklyn, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Nov 2023 14:45:00 GMT
an-x-request-uuid: c904546f-0c85-404e-a6d2-8563054b3137
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
cache-control: no-store, no-cache, private
x-proxy-origin: 62.3.36.111; 62.3.36.111; 672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

user-sync
sync.adkernel.com/ Frame C014
Redirect Chain

https://x.bidswitch.net/sync?ssp=xapads&user_id=A3697800832230668502
https://sync-dmp.mobtrakk.com/match/bidswitch?id=${user_id}&gdpr=&consent=&usp=&ssp=xapads&bsw=f0c97ce2-cff2-4fe8-8a14-1660a8904835
https://sync-dmp.mobtrakk.com/match/bidswitch?id=%24%7Buser_id%7D&gdpr=&consent=&usp=&ssp=xapads&bsw=f0c97ce2-cff2-4fe8-8a14-1660a8904835&chk=1
https://x.bidswitch.net/sync?dsp_id=457&user_id=YjViZGM1MDNhZDMwNjZk&gdpr=&gdpr_consent=&us_privacy=&ssp=xapads&bsw_param=f0c97ce2-cff2-4fe8-8a14-1660a8904835
https://sync.adkernel.com/user-sync?dsp=3&t=image&uid=f0c97ce2-cff2-4fe8-8a14-1660a8904835

42 B
353 B

624ms
44ms

Image
image/gif

174.137.133.32
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.adkernel.com/user-sync?dsp=3&t=image&uid=f0c97ce2-cff2-4fe8-8a14-1660a8904835
Requested by: Host: sync.adkernel.com
URL: https://sync.adkernel.com/user-sync?zone=149271&r=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dxapads-mw%26uid%3D%7BUID%7D
Protocol: HTTP/1.1
Server: 174.137.133.32 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://sync.adkernel.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 14 Nov 2023 14:45:01 GMT
Server: nginx
Age: 0
Content-Type: image/gif
Cache-Control: no-store
Connection: close
Content-Length: 42

Redirect headers

Location: //sync.adkernel.com/user-sync?dsp=3&t=image&uid=f0c97ce2-cff2-4fe8-8a14-1660a8904835
Date: Tue, 14 Nov 2023 14:45:01 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame FD60 15 KB
6 KB 47ms
47ms Document
text/html 184.24.36.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162882&userIdMacro=PM_UID&predirect=%2F%2Fsync.adkernel.com%2Fuser-sync%3Fzone%3D149271%26dsp%3D614719%26t%3Diframe%26uid%3DPM_UID
Requested by: Host: sync.adkernel.com
URL: https://sync.adkernel.com/user-sync?zone=149271&r=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dxapads-mw%26uid%3D%7BUID%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.24.36.205 Lithia Springs, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-24-36-205.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 94061a925c5d84bf776554ac894020c407a9a4c89b979d538de3cf45591fe423

Request headers

Referer: https://sync.adkernel.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=35784
content-encoding: gzip
content-length: 5606
content-type: text/html
date: Tue, 14 Nov 2023 14:45:00 GMT
expires: Wed, 15 Nov 2023 00:41:24 GMT
last-modified: Fri, 01 Sep 2023 11:18:33 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame D844 46 KB
13 KB 46ms
46ms Script
text/html 23.220.141.176
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=rise_engage&endpoint=us-east
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.220.141.176 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-220-141-176.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 01fb9092480a65465992a1f6ef9bdd2fab30d431f3c19b9924e604844bb56d5a

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=rise_engage&endpoint=us-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date: Tue, 14 Nov 2023 14:45:00 GMT
Content-Encoding: gzip
Last-Modified: Mon, 13 Nov 2023 20:05:38 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=19238
Connection: keep-alive
Content-Length: 13280
Expires: Tue, 14 Nov 2023 20:05:38 GMT

GET
H/1.1 200
OK khaos.json Show response
token.rubiconproject.com/ Frame D844 7 B
798 B 40ms
40ms XHR
application/json 69.173.151.100
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://token.rubiconproject.com/khaos.json?khaos=LOYG384P-1A-3TH2
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: a1dd48c657971696c2087f2a6beb489ee65b25320b763222f10718dd93e9149e

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://eus.rubiconproject.com
Cache-Control: no-cache,no-store,must-revalidate
access-control-allow-credentials: true
content-length: 7
X-RPHost: c1df09169f58a071f2a391dff1b3307b
Expires: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 831D 42 B
64 B 65ms
64ms Fetch
image/gif 142.251.111.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv-vxBVRgx6uE1Y_0kiGJ-Lk-giCkCf1TrMSHlNphrFt_Q_dNKACDc_-DLdT2NvfA_4URky5qgh6ODS7zWX4L4EIDk_35iWQh2_Lzg9yHMX2ICNjRrtRmmCdDUgNiN2aQ11EOlyLFfiyQ&sai=AMfl-YQJTA8XEAPN5qSaXVW2QXu97YITH4bBgMcPIzr83uweGJLRYfN2yn4YVJXiIfnJbe6dMgilP7HxIaXD9M5Bcmph4LyJbCEGzkhK0i2NZJwthkGVdYH0S2GyyRSSNW5VYw4YVsyx3-t-6PF3j__U6Q&sig=Cg0ArKJSzBwhXMrcUNL4EAE&cid=CAQSTwDICaaNB5XlZlWjTutcel3vNUH_NpO7MEjGJ0Azf_hB5Ddsyc0JQUGo4tqXfpcyuXWT9zDd5AKZFbtlyfGpMad-FUmxnOnEwNHvF7BSb8UYAQ&id=lidar2&mcvt=1000&p=0,0,280,812&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&v=20231113&bin=7&avms=nio&bs=0,0&mc=0.54&if=1&vu=1&app=0&itpl=22&adk=2121505350&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1699973095457&rpt=4372&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.111.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bk-in-f154.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Nov 2023 14:45:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

cs
cs.yellowblue.io/ Frame D844
Redirect Chain

https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=rise_engage&khaos=LOYG384P-1A-3TH2
https://cs.yellowblue.io/cs?aid=11590&id=LOYG384P-1A-3TH2

0
325 B

38ms
38ms

Image
application/javascript

34.198.150.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.yellowblue.io/cs?aid=11590&id=LOYG384P-1A-3TH2
Requested by: Host: cs-server-s2s.yellowblue.io
URL: https://cs-server-s2s.yellowblue.io/sync-iframe?gdpr=&gdpr_consent=&redirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Drise%26uid%3D%7BpartnerId%7D
Protocol: H2
Server: 34.198.150.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-198-150-224.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Tue, 14 Nov 2023 14:45:00 GMT
server: istio-envoy
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/javascript
access-control-allow-origin: https://eus.rubiconproject.com/
access-control-allow-credentials: true
x-envoy-upstream-service-time: 0
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
content-length: 0

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cs.yellowblue.io/cs?aid=11590&id=LOYG384P-1A-3TH2
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 9ef75ea4f1dd62e53c52f84d8070c378
Expires: 0

GET

user-sync
sync.adkernel.com/ Frame DEF5
Redirect Chain

https://x.bidswitch.net/sync?ssp=xapads&user_id=A1361858343689971236
https://rtb.mfadsrvr.com/sync?ssp=bidswitch&bidswitch_ssp_id=xapads&bsw_user_id=f0c97ce2-cff2-4fe8-8a14-1660a8904835&gdpr=&gdpr_consent=&us_privacy=
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=xapads&bsw_user_id=f0c97ce2-cff2-4fe8-8a14-1660a8904835&gdpr=&gdpr_consent=&us_privacy=
https://x.bidswitch.net/sync?dsp_id=250&expires=14&user_id=3ac614de-e77c-4a6b-8dc7-afc82e334443&ssp=xapads
https://sync.adkernel.com/user-sync?dsp=3&t=image&uid=f0c97ce2-cff2-4fe8-8a14-1660a8904835

0
0

GET
H2 200 async_usersync Show response
ib.adnxs.com/ Frame AD42 0
593 B 39ms
39ms Script
text/html 68.67.160.114
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.160.114 Brooklyn, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Nov 2023 14:45:01 GMT
an-x-request-uuid: ad9b6807-4747-483b-8cd9-283f3b8e2537
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
cache-control: no-store, no-cache, private
x-proxy-origin: 62.3.36.111; 62.3.36.111; 672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 setuid Show response
sync.quantumdex.io/ Frame C014 43 B
117 B 45ms
45ms Document
image/gif 104.22.36.96
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.quantumdex.io/setuid?bidder=xapads-mw&uid=A3697800832230668502
Requested by: Host: sync.adkernel.com
URL: https://sync.adkernel.com/user-sync?zone=149271&r=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dxapads-mw%26uid%3D%7BUID%7D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.22.36.96 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.adkernel.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cf-cache-status: DYNAMIC
cf-ray: 8260092eee8aa241-YYZ
content-length: 43
content-type: image/gif
date: Tue, 14 Nov 2023 14:45:01 GMT
server: cloudflare

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js

Domain: encrypted-tbn3.gstatic.com
URL: https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcQDXS5pgxNUhF22s80pn4yfLmuym4Bg131lArkYVYKZP_X2qsO2mnz5a7fYJJw&usqp=CAI

Domain: encrypted-tbn3.gstatic.com
URL: https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcTwxc5CsA73GMEI-ETkKbescheH95lenLX5IZTxbB4qhqwN0Z_GgO79CY_hGg&usqp=CAI

Domain: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=

Domain: dis.criteo.com
URL: https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmTPIg7xw8gL9avKfTi6XMMdeUEzDCoENqDqJ2kQGzzizs_C-x6Xw-NYRd1kgNnMlrvyf6v3Fx__hO7-D-obrI71hlfVcrZTGA&google_gid=CAESENLlvDtbi17yk0kOMKCOYiE&google_cver=1

Domain: analytics.pangle-ads.com
URL: https://analytics.pangle-ads.com/api/ad/union/gg_cookie_matching?google_gid=CAESEOadDDn9oQmL7VAE1uwjA-k&google_cver=1&google_push=AXcoOmSKswKNbHvTgek8WL4wx91h6JmPoG41B9S7kvH2tMsCbkxHgUgAPd4DOEPGsQUHE8kyJP9ci4hDumobo61F91w9SVAOSh2oiuI

Domain: cdn.rtbrain.app
URL: https://cdn.rtbrain.app/fonts/Roboto-Regular.ttf

Domain: cdn.rtbrain.app
URL: https://cdn.rtbrain.app/fonts/Roboto-Bold-700.ttf

Domain: id.a-mx.com
URL: https://id.a-mx.com/sync/?tagId=&ref=null&u=https://plugins4free.com/plugin/2593/&tl=https://plugins4free.com/plugin/2593/&nf=0&rt=true&v=8.21.0&av=2.0&vg=vlipb&us_privacy=null&am=null&gdpr=0&gdpr_consent=

Domain: gum.criteo.com
URL: https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fplugins4free.com%2F&domain=plugins4free.com&cw=1&lsw=1

Domain: assets.a-mo.net
URL: https://assets.a-mo.net/js/cframe.js

Domain: ads.betweendigital.com
URL: https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D

Domain: ap.lijit.com
URL: https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsovrn%26uid%3D%24UID

Domain: ssp.disqus.com
URL: https://ssp.disqus.com/redirectuser/?partner=valueimpression&r=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dzeta-global%26uid%3DBUYERUID

Domain: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D

Domain: sync.1rx.io
URL: https://sync.1rx.io/usersync2/rmphb?gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT}&us_privacy=${US_PRIVACY}&redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dunruly%26uid%3D%5BRX_UUID%5D

Domain: dis.criteo.com
URL: https://dis.criteo.com/dis/usersync.aspx?r=44&p=75&cp=triplelift&cu=1&gdpr=0&gdpr_consent=&us_privacy=&gpp=${GPP_STRING_28}&gpp_sid=&url=https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D2711%26xuid%3D%40%40CRITEO_USERID%40%40%26dongle%3D013b

Domain: sync.adkernel.com
URL: https://sync.adkernel.com/user-sync?dsp=3&t=image&uid=f0c97ce2-cff2-4fe8-8a14-1660a8904835

Verdicts & Comments Add Verdict or Comment

114 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

85 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.3lift.com/sync	1970-01-20 18:22:29	Name: sync Value: CgoIoQEQnOCr8rwxCgoIkQIQnOCr8rwxCgoItAIQnOCr8rwxCgoI5gEQnOCr8rwxCgoIhwIQnOCr8rwxCgoItwIQnOCr8rwxCgkIOhCc4KvyvDEKCgiMAhCc4KvyvDEKCQhfEJzgq_K8MQoJCB8QnOCr8rwx
.plugins4free.com/	1970-01-21 01:48:53	Name: _ga_62G8H12RK3 Value: GS1.1.1699973095.1.0.1699973095.0.0.0
plugins4free.com/	1970-01-20 17:39:17	Name: __ppIdCC Value: pkufiba4dree_xon210...739.5410
.plugins4free.com/	1970-01-21 01:48:53	Name: _ga Value: GA1.2.1601140643.1699973095
.plugins4free.com/	1970-01-20 16:14:19	Name: _gid Value: GA1.2.1578176856.1699973095
.plugins4free.com/	1970-01-20 16:12:53	Name: _gat_gtag_UA_1440877_1 Value: 1
.plugins4free.com/	1970-01-20 16:53:12	Name: sharedid Value: 4439927c-5f23-49af-844b-eb6e6afa428c
.plugins4free.com/	1970-01-20 16:53:12	Name: sharedid_cst Value: zix7LPQsHA%3D%3D
.prebid.a-mo.net/	1970-01-21 00:58:29	Name: __amc Value: 1_1699973095_1699973095
.a-mo.net/	1970-01-21 00:58:29	Name: amuid2 Value: 3301c89d-97fa-407d-9d1c-676635b222ac
.prebid.a-mo.net/	1970-01-21 00:58:29	Name: sd_amuid2 Value: 3301c89d-97fa-407d-9d1c-676635b222ac
.script.ac/	1970-01-20 16:12:54	Name: __cf_bm Value: WKiVb3LVgB3YRA1LvCjt4MR5sWcqVpAli0DWcx6LCYg-1699973095-0-ASe6izNlw7i3j7yCiESI9qNV5WrtwR/Oy1fOobQemjQv3b7WiU05WlDejIlA1p5Hd0JdumnPwTDVRwOziqft+m0=
.quantumdex.io/	1970-01-20 16:27:17	Name: uid Value: 8aba30e4-5d93-4c43-b21f-51aa9acf665a
.adnxs.com/	1970-01-20 18:22:29	Name: icu Value: ChgI1YVfEAoYASABKAEw54_OqgY4AUABSAEQ54_OqgYYAA..
.adnxs.com/	1970-01-20 18:22:29	Name: uuid2 Value: 3384027298418322803
.amazon-adsystem.com/	1970-01-20 21:44:05	Name: ad-id Value: AyG0QuMXOELOrVgssuxl4lE
.amazon-adsystem.com/	1970-01-21 01:48:53	Name: ad-privacy Value: 0
.plugins4free.com/	1970-01-21 01:34:29	Name: __gads Value: ID=258855900b5a40f1:T=1699973095:RT=1699973095:S=ALNI_MZ7GcO9NunHRDRibUSn0yHrVc1zZA
.plugins4free.com/	1970-01-21 01:34:29	Name: __gpi Value: UID=00000da1bfc1dc5e:T=1699973095:RT=1699973095:S=ALNI_MaTPHpLVJ_o7nYC7eachUZlKYeqrQ
.smaato.net/	1970-01-20 16:43:07	Name: SCM Value: 29dc6481b8
.smaato.net/	1970-01-20 16:43:07	Name: SCMaps Value: 29dc6481b8
.simpli.fi/	1970-01-21 00:59:55	Name: suid Value: 43FCC97914064CD3BEEBB4ABF83F6B53
.mediago.io/	1970-01-21 00:58:29	Name: __mguid_ Value: 4df39c49eb81752b26bzk200loyg381j
.doubleclick.net/	1970-01-20 16:12:56	Name: DSID Value: NO_DATA
.rubiconproject.com/	1970-01-21 00:58:29	Name: khaos Value: LOYG384P-1A-3TH2
.csync.loopme.me/	1970-01-20 18:25:21	Name: viewer_token Value: ee22485a-1279-4ca6-abe3-d023a923a966
.smartadserver.com/	1970-01-21 01:43:07	Name: pid Value: 8426327288077849638
.linkedin.com/	1970-01-21 00:58:29	Name: bcookie Value: "v=2&9119ba5b-8aa5-4c3d-8232-0dd3ee6635d6"
.linkedin.com/	1970-01-20 16:14:19	Name: lidc Value: "b=OGST00:s=O:r=O:a=O:p=O:g=3133:u=1:x=1:i=1699973097:t=1700059497:v=2:sig=AQEmFJF8Sckg713913ISgCZo6QVXnloy"
.ipredictive.com/	1970-01-21 00:58:29	Name: cu Value: 2920fc55-75ab-4f73-a094-67a0e0ccbbb2\|1699973097171
.prebid.a-mo.net/	1970-01-20 16:14:19	Name: _sv3_7 Value: 1
.primis.tech/	1970-01-20 16:48:53	Name: csuuid Value: 655387e94911d
.doubleclick.net/	1970-01-21 01:48:53	Name: IDE Value: AHWqTUnze8iVgQbtt6fLpqYS8MReKCye0FCVwNQ6MGO21ZRLRYwZP3c5aO4ZiguMrr0
.connatix.com/	1970-01-20 16:56:05	Name: cnx_userId Value: 187717e78eb24f0f9050d02a155d9ebb
.zemanta.com/	1970-01-21 00:58:29	Name: zuid Value: BftKPLoSJ3NZuyCz6bZE
.intentiq.com/	1970-01-21 01:48:53	Name: intentIQ Value: Si0lTT6idM
.intentiq.com/	1970-01-21 01:48:53	Name: IQver Value: 1.9
.intentiq.com/	1970-01-21 01:48:53	Name: CSDT Value: UEQ6MTUxMDZfMCZUdmF6c0JG
.intentiq.com/	1970-01-21 01:48:53	Name: IQPData Value: 1040393327#1699973097733#0#1699973097733
.intentiq.com/	1970-01-21 01:48:53	Name: intentIQCDate Value: 1699973097736
.intentiq.com/	1970-01-21 01:48:53	Name: ASDT Value: 0
.turn.com/	1970-01-20 20:32:05	Name: uid Value: 3713437353689369771
.33across.com/	1970-01-21 00:58:29	Name: 33x_ps Value: u%3D212343793359664%3As1%3D1699973097940%3Ats%3D1699973097940
.tynt.com/	1970-01-21 00:58:29	Name: uid Value: 64DgdmVTh+rrDlAxIJnLAg==
.tynt.com/	1970-01-20 18:22:29	Name: pids Value: %5B%7B%22p%22%3A%22797f54a72d%22%2C%22f%22%3A1%2C%22ts%22%3A1699973098326%7D%2C%7B%22p%22%3A%224bee518595%22%2C%22f%22%3A1%2C%22ts%22%3A1699973098326%7D%2C%7B%22p%22%3A%227daaa56bb0%22%2C%22f%22%3A1%2C%22ts%22%3A1699973098326%7D%2C%7B%22p%22%3A%2224c05c7b76%22%2C%22f%22%3A1%2C%22ts%22%3A1699973098326%7D%2C%7B%22p%22%3A%22d26852f088%22%2C%22f%22%3A1%2C%22ts%22%3A1699973098326%7D%2C%7B%22p%22%3A%22f9a4a8fd15%22%2C%22f%22%3A1%2C%22ts%22%3A1699973098326%7D%5D
.dotomi.com/	1970-01-20 16:12:53	Name: DotomiTest Value: 69aed65e44351037
.yahoo.com/	1970-01-21 00:58:50	Name: A3 Value: d=AQABBOqHU2UCEEuQiXFzWS7SKWOw6xo2ZkkFEgEBAQHZVGVdZSXaxyMA_eMAAA&S=AQAAAoR4KtnYwJ5NMo7957uBR3M
.analytics.yahoo.com/	1970-01-21 00:58:29	Name: IDSYNC Value: "18vk~2f1q:19e0~2f1q"
.4dex.io/	1970-01-20 17:39:17	Name: uids Value: eyJzeW5jcyI6eyIzM2Fjcm9zcyI6IjIwMjMtMTEtMTRUMTQ6NDQ6NTUuNzcxMDM0MDUxWiIsIm9uZXRhZyI6IjIwMjMtMTEtMTRUMTQ6NDQ6NTUuNzcxMDM2MzUzWiIsInB1Ym1hdGljIjoiMjAyMy0xMS0xNFQxNDo0NDo1NS43NzEwMzMzNzdaIiwicnViaWNvbiI6IjIwMjMtMTEtMTRUMTQ6NDQ6NTUuNzcxMDMwNjk0WiJ9LCJ1aWRzIjp7IjMzYWNyb3NzIjp7InVpZCI6IjIxMjM0Mzc5MzM1OTY2NCIsImV4cGlyZXMiOiIyMDI0LTAxLTEzVDE0OjQ0OjU4LjQ1MjAwNDk3N1oifSwiYWRhZ2lvIjp7InVpZCI6ImUwNmUxZjRjLWIyNDAtNDRmNy05YzE5LTEyNTc5ODFmN2M4ZCIsImV4cGlyZXMiOiIyMDI0LTAxLTEzVDE0OjQ0OjU1Ljc3MDU4MTY4NloifSwicnViaWNvbiI6eyJ1aWQiOiJMT1lHMzg0UC0xQS0zVEgyIiwiZXhwaXJlcyI6IjIwMjQtMDEtMTNUMTQ6NDQ6NTYuOTI2MTIxMDIzWiJ9fSwiYmRheSI6IjIwMjMtMTEtMTRUMTQ6NDQ6NTUuNzcwNTEyODRaIn0=
.3lift.com/	1970-01-20 18:22:29	Name: tluid Value: 3187032228587469864208
.hb.yahoo.net/	1970-01-20 20:32:05	Name: visitor-id Value: 3429746989332776000V10
.hb.yahoo.net/	1970-01-21 00:58:29	Name: data-mag Value: LOYG384P-1A-3TH2~~63
.bidswitch.net/	1970-01-21 00:58:29	Name: tuuid Value: f0c97ce2-cff2-4fe8-8a14-1660a8904835
.bidswitch.net/	1970-01-21 00:58:29	Name: c Value: 1699973098
.bidswitch.net/	1970-01-21 00:58:29	Name: tuuid_lu Value: 1699973098
.bidbrain.app/	1970-01-20 16:13:00	Name: sid_cross Value: 610cce0d-82fc-11ee-a3d6-be8dcf04c0a8
.bidbrain.app/	1970-01-21 01:48:53	Name: uid_cross Value: 624fce92-82fc-11ee-8c9c-e63ba21ac854
.pswec.com/	1970-01-21 01:48:53	Name: tuuid Value: 2b0c7282-f9b5-41bf-8c41-b30e8ebb060b
.pswec.com/	1970-01-21 01:48:53	Name: c Value: 1699973098
.pswec.com/	1970-01-21 01:48:53	Name: tuuid_lu Value: 1699973099
.bidr.io/	1970-01-21 01:41:23	Name: bitoIsSecure Value: ok
.bidr.io/	1970-01-21 01:41:23	Name: bito Value: AAEIVU7KpxAAABM06dQw6w
.smaato.net/	1970-01-20 16:43:07	Name: SCMp Value: 29dc6481b8
.adnxs.com/	1970-01-20 18:22:29	Name: anj Value: dTM7k!M4/0DunaTF']wIg2E>9wlc$S!]tcs8bhzs#DNAqPYwUbU`p0LYv@rh<Z!y?YXWXrPUXFvwhB0r/X+aH66s8TaE]A<2c._dRNwkM=N.MdgYgCn=X3F5#GAKu)jw_E!!#]?+>EOg
.adnxs.com/	1970-01-20 18:22:29	Name: uids Value: eyJ0ZW1wVUlEcyI6eyJydWJpY29uIjp7InVpZCI6IkxPWUczODRQLTFBLTNUSDIiLCJleHBpcmVzIjoiMjAyNC0wMi0xMlQxNDo0NDo1N1oifSwidHJpcGxlbGlmdF9uYXRpdmUiOnsidWlkIjoiMzE4NzAzMjIyODU4NzQ2OTg2NDIwOCIsImV4cGlyZXMiOiIyMDI0LTAyLTEyVDE0OjQ0OjU5WiJ9fSwiYmlydGhkYXkiOiIyMDIzLTExLTE0VDE0OjQ0OjU3WiJ9
.linkedin.com/	1970-01-20 18:22:29	Name: li_sugr Value: bbcd4e56-0dfd-41a7-bf6b-05907745b2bd
.ads.pubmatic.com/	1970-01-20 16:14:19	Name: KCCH Value: YES
.adsrvr.org/	1970-01-21 00:59:55	Name: TDID Value: 1f84e42a-3857-4e14-8d09-cf8ba9f90468
.adsrvr.org/	1970-01-21 00:59:55	Name: TDCPM Value: CAESFgoHc3Z4OXQ1MBILCKbnpPnJyrI8EAUYBSABKAIyCwiAu-Cl4MqyPBAFOAE.
.id5-sync.com/	1970-01-20 18:22:29	Name: 3pi Value:
.id5-sync.com/	1970-01-20 18:22:29	Name: id5 Value: 183cc8d0-75f8-784d-9f2d-468ffe2f214b#1699973100048#2
.googleadservices.com/	1970-01-20 18:22:29	Name: ar_debug Value: 1
.sharethrough.com/	1970-01-20 16:56:05	Name: stx_user_id Value: 0f68a618-c705-4253-95b1-8f2bb1107349
.yellowblue.io/	1970-01-20 16:56:05	Name: wrvUserID Value: wTamQn-zkp_s
.adkernel.com/	1969-12-31 23:59:59	Name: SSPZ Value: 149271
.adkernel.com/	1969-12-31 23:59:59	Name: DSP2F_76 Value: 614719
.adkernel.com/	1969-12-31 23:59:59	Name: DSP2F_3 Value: 645839
.adkernel.com/	1970-01-20 16:56:05	Name: ADKUID Value: A3697800832230668502
.openx.net/	1970-01-21 00:58:29	Name: i Value: 360d20bd-5a32-4576-8f02-fd592661b323\|1699973100
beacon.lynx.cognitivlabs.com/	1970-01-21 00:59:55	Name: UID Value: a3de0b85-807a-417a-92da-6288943555ad
beacon.lynx.cognitivlabs.com/	1970-01-21 00:59:55	Name: ss Value: IPPy%2FsCquipPmgyE9zOOuRFlLdquHSHhVjvah2KKAzWhP%2FaytJZyddVDqumtpm%2BHkcCIn2SED%2Fb%2FVmouvutaFg%3D%3D
.ads.stickyadstv.com/	1970-01-20 16:56:05	Name: UID Value: 53f46e8d69e48ef4c514fdc2611ac4a8
.rubiconproject.com/	1970-01-21 00:58:29	Name: audit Value: 1\|ThQ8yUuyWESHyV+fGEnuGkVv8L4j6u5OYPIi+ZJ9iC+dab+/sg9o+RLdoK7rj4ZTkUr8qbboLS3qFTrNE4+z9p1xIeFU+VSqtw/WIzQvuiIKijMWX7fRJJ3Kmi4ZbN8+
sync-dmp.mobtrakk.com/	1969-12-31 23:59:59	Name: chk Value: 1
sync-dmp.mobtrakk.com/	1970-01-21 01:48:53	Name: pid Value: YjViZGM1MDNhZDMwNjZk

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

33across-match.dotomi.com
9f78c149081eeda08d0a640b1afb21f5.safeframe.googlesyndication.com
aax-eu.amazon-adsystem.com
aax.amazon-adsystem.com
acdn.adnxs.com
ad.turn.com
ads.betweendigital.com
ads.pubmatic.com
ads.stickyadstv.com
amazon-tam-match.dotomi.com
analytics.pangle-ads.com
ap.lijit.com
assets.a-mo.net
assets.vlitag.com
b1sync.zemanta.com
beacon.lynx.cognitivlabs.com
c.amazon-adsystem.com
cadmus.script.ac
capi.connatix.com
cdn.id5-sync.com
cdn.jsdelivr.net
cdn.rtbrain.app
cm.g.doubleclick.net
config.aps.amazon-adsystem.com
contextual.media.net
cs-server-s2s.yellowblue.io
cs.yellowblue.io
csync.loopme.me
de.tynt.com
dis.criteo.com
eb2.3lift.com
encrypted-tbn0.gstatic.com
encrypted-tbn1.gstatic.com
encrypted-tbn2.gstatic.com
encrypted-tbn3.gstatic.com
eus.rubiconproject.com
events-ssc.33across.com
fonts.googleapis.com
fonts.gstatic.com
g.bidbrain.app
googleads.g.doubleclick.net
gum.criteo.com
hb.yahoo.net
hbopenbid.pubmatic.com
hde.tynt.com
i.clean.gg
ib.adnxs.com
id.a-mx.com
id5-sync.com
image6.pubmatic.com
image8.pubmatic.com
imasdk.googleapis.com
lb.eu-1-id5-sync.com
live.primis.tech
match.adsrvr.org
match.prod.bidr.io
match.sharethrough.com
media.plugins4free.com
mp.4dex.io
onetag-sys.com
pagead2.googlesyndication.com
pixel-us-east.rubiconproject.com
pixel-us-west.rubiconproject.com
pixel.rubiconproject.com
plugins4free.com
pr-bh.ybp.yahoo.com
prebid-asia.creativecdn.com
prebid.a-mo.net
px.ads.linkedin.com
px.vliplatform.com
r.turn.com
rtb.adentifi.com
s.ad.smaato.net
s.amazon-adsystem.com
script.4dex.io
secure-assets.rubiconproject.com
securepubads.g.doubleclick.net
services.vlitag.com
ssbsync-us.smartadserver.com
ssc-cms.33across.com
ssp.disqus.com
ssum-sec.casalemedia.com
static.criteo.net
storage.ko-fi.com
sync-dmp.mobtrakk.com
sync.1rx.io
sync.adkernel.com
sync.go.sonobi.com
sync.intentiq.com
sync.ipredictive.com
sync.outbrain.com
sync.quantumdex.io
sync1.intentiq.com
t.pswec.com
token.rubiconproject.com
tpc.googlesyndication.com
trace.mediago.io
u.4dex.io
u.openx.net
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
useast.quantumdex.io
www.google-analytics.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
aax-eu.amazon-adsystem.com
ads.betweendigital.com
analytics.pangle-ads.com
ap.lijit.com
assets.a-mo.net
cdn.rtbrain.app
dis.criteo.com
encrypted-tbn3.gstatic.com
gum.criteo.com
id.a-mx.com
ssp.disqus.com
ssum-sec.casalemedia.com
static.criteo.net
sync.1rx.io
sync.adkernel.com
103.132.192.30
104.18.23.145
104.18.41.104
104.21.82.134
104.22.36.96
104.26.9.169
104.36.115.111
13.107.42.14
142.251.111.154
142.251.111.94
142.251.16.100
142.251.16.103
142.251.16.157
142.251.163.95
142.251.167.101
142.251.167.132
142.251.167.155
142.251.179.155
147.75.195.55
15.197.193.217
151.101.129.229
159.127.42.204
162.19.138.117
162.19.138.120
162.248.18.32
172.253.122.101
172.253.122.139
172.253.122.156
172.253.122.94
172.253.62.132
172.253.63.95
172.253.63.97
172.64.153.78
172.67.21.227
172.67.26.21
172.67.38.106
174.137.133.32
18.160.10.20
18.160.53.102
18.165.97.179
18.165.98.56
18.67.76.108
184.24.36.191
184.24.36.205
216.22.16.53
23.220.116.33
23.220.141.176
23.32.172.185
23.46.156.26
3.213.43.55
3.225.218.10
34.117.239.71
34.149.135.28
34.149.40.38
34.198.150.224
34.224.189.64
34.95.69.49
34.98.64.218
35.208.249.213
35.211.178.172
35.214.180.112
35.236.220.17
35.71.139.29
5.161.188.99
50.116.194.21
51.222.39.184
51.79.20.70
52.206.205.175
52.46.151.131
52.5.102.125
52.85.132.68
52.87.97.21
54.144.102.175
54.162.222.197
63.251.28.233
64.202.112.191
67.202.105.24
67.202.105.34
68.67.160.114
69.166.1.34
69.173.151.100
70.42.32.63
74.119.119.139
8.28.7.81
8.39.36.141
8.43.72.98
01bc94eace248cc63c0a8d0310a58823e49c52e536348b593929f503740874a1
01fb9092480a65465992a1f6ef9bdd2fab30d431f3c19b9924e604844bb56d5a
05109ea6f0f4537f9bce8ec24c6dc2ba20673d7aa3542b1788b23405d0f29398
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
07cb669499529025b5a10db9362634c3b8d0cd1ce0bf5b388493cc0e3fef62a0
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
09ed391c987b3b27df5080114e00377ff1a748793cb417a809b33f22d737fe55
0a1f8da6b54cadc8fe60b1fb6b3409878bdee6a43e0d266fb55d617fc7172499
0a41318e8676f624371fc38baf7a8970fb1231d4ea525b59e6b98bd94591946c
0b73ec2a2ca35c612778e0fca9eb72d746bc0d9995390007df8f19f5f01557a1
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c18b408af483727b22580fa149ae1d47a04f97c824ca7eabae3bcf113acf2d0
0c21f21f7b1658ed6ab5c0461020a21d62f9e0a7cd7cf3d9e6ef61a2c481f31e
0cc47c554971e1f8a3d9acadeab1ce4850fa99423aebf64761fd7658fda25c8c
0f303f31706d39866cced9dcc17b61fb8423674278d7f6051d66b3a79ffbca18
133e3ee4a34fcab01f73c33663b16d8df46df87e0ab51b199d1aa84cad67f5b8
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1916cf4455a526aadafd82710bf7304154905dcdf69dd9e0b516a63cc82e27e0
1a48b70f97555c13f84b8f088a417f9179d99b5101250819350acaf6e91bb92f
1c7cc924d2b269a29c975a2865cd427ade7fd4a536ce7c70d3e8678da1ea2b86
1ca0a5d97c64f0be7c238096ab137be3d8be1f27d27db12625051c0ae2a67c2a
20d2894978cc2bac6fcc0e9f3d0fbc7a0469ec99277b6db68262b328debadb78
2202d272a7623a0f20d055bae57feefb858a3352833ea36fcc438a895857d307
22a0698e99f012d227a2e1cdbf8fc0586806efe9bbb601ae455e4c53eff7fe66
2349e7d13c826053c8777c43dd423aa47bf36136c76ef78826e2c40b0d4a65cc
25b1b4e9934aa4cb8e8bdf5fd7911f6ec67acde6b6b39f1561aec2244f7826af
25b6629e40e3e53db003591a3797d6f0759fdf29a7908d1e6f528776bad7274a
2881d8eadc298102d2462e8d32e40792adce37b6cd89d99045f574eb3ecbb748
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31d14bfc9ca856450535d66b080bad45ac084d458bc58d589f8de65de87734de
366ba6d93da77118048890738a5b20a69682bd120da180ab75417dcb82eba530
380570786b3b7753ef9345ce1c8754e704302d3244cc7b06d7c0650108c4224d
3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658
3d40a8ef9c005f288d5126ae0c0de2ecce598b0ca20caf4328c9ed76419dd101
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
457554ad286ecf6fd5f5e79e6c883602d57638d50f96fb060f6edc19de027834
4681d619f677c1b314814309a6f00a5e0ec3f12968e807ee71def1cf42bd7808
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4b4ae7afdb864bc500adbf359606074abea52b8e99d913f998ce1898a828d02f
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
543741ea808dbd5f2ccfa4f1d37253c180d07948085dad8eeb73b33492ea5461
54bf5af24434f9006216242e7b12b9ff58c736f4e1a4d47f08c433971800b565
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5d3ad1935c5cda74ba872946bddff25d6be856df56b2ecce1f4edfe7289f207d
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824
61496aa1a9c3d26cfc292b41fc451a597a47468117c1fb258226a57296390433
623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016
623e70e203da8107308cea966abd42be29a2ec09445728474432a82581fd6415
6241154e2a92e9fb73d8f76ccc19a491d3f185772a970b0d6ad959bb6248cdf9
6813397ada52c55a6d0a3d60891a35c861778518088b4b23528f38fdc716de73
6857ffa808c066dc61ba4241d12bc22b993628bfa868991d32e9ea8458807149
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6fbd7d1149c9f72c6bb763246db80c9e5fa384b2264c5e5cd53f1c543ae5f7c9
719e1505d4ec154422d1b5c6b863be721929042b4f39cd39f5aa642b3a720f21
74363270720b2c701d396b7d76bd9ac3f6d91330c62c97248f116078773fc644
74ab137d1b9f0d42f6a123f08f4c59d5ef8814488e5ae8bea092ef78e6938b02
76aacba4eece592e3a3281e69a5762c6f10b527a29fbba5eae5ac091f47ae554
8264bf30b0dfc41d19bf53d2c63a8fc9326b427cf3ea9cd9b6be2696fc55b118
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
85a8c75fdf88c5cecd850c7da6726f989585e565b7e634a5f3722a24286ee739
8631009651fb60c5c9ee85bc965d9ff8a5b61b343293ab8c297e642966b80b2a
863a6a0276355b433d9298e51dbebe611e1c487dd15f1f1f11b506ec2ee2379d
86d2cfd2f5e28e7b51313f46edbd6ebb1041e483d3c2c25739ef60e8f15128b1
87975c3b8e2865a56251e701de5ef48d0c7cb7776b365e91204d0317bbe56159
8ad4979def44438bd872867112f36987bbde36da030c2f3730931d7dba11abe0
8b81a319760eaecc03ba89a79e30082e21ee5d18c0c995cd43745a9ce1167192
8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a
919c98e15e2d018403dcd1bd6c6501a6646518001a15f399c003711fcd808f44
91d090cc39d39e25632d9ba218f551f022892895a1db2f103ed8062e63a18b2c
92a7f8224a1ba2ccfa92d3e1fc55ee5aa7ae20a0fcd80d3331bd660878a090f5
9382e93cffaa15c546e1e8d39bd3fd04e940857ab1c755368e4e6581458c95eb
93d32884d6f3238598cb851e1df730612e85343b59ade0dd4a6c2d740f1639bd
94061a925c5d84bf776554ac894020c407a9a4c89b979d538de3cf45591fe423
9417bb3ab7db32c02d410157f6db3f8410063aa01f826e3a960d87384a50f7d8
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9cfd23232261089c19c99663238583cd777f7b4eb1ebbdf611b3b5b4ce036ae9
9d96b2fe2d8d4a398a846ebee84e5e70ec37e0fc613b3e2a5aaa81b1bf2d8470
a1dd48c657971696c2087f2a6beb489ee65b25320b763222f10718dd93e9149e
a3531c1a6993ccc3e7b0f3e1495768e3464aecd55193ef112cb5555422ae6c90
a3cd40a666fece2a2899f76f738f41239765f4b1b6af4ac5f9880f44f5a034f5
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
a5e89961ae0964c9c4170b02397ae303d7a08083e88edf7045325a447fa2892e
a630c8169a8704a104ef727eb706506aeacd032e0301ab495cf2299716d38f16
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b02f712bafaaaf093abcbe50187969700636642c4a9b659974eae2da90b2f914
b04dfae5d49297b8b6a514bd8bf1c7bea7ebe622232401a5abed5a92809a2b66
b92f631c8cf38be6724c9b0ef9dcc762b7314ee2197ced3608efb40e02618fac
b9be7158c22e6b491bf8e343b9de0b503588d232c5d6bce3deca1bb5b3c02020
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bd15bb8104eb62ad332e29dc576fefcfd491712c15d599a8f2fac66ea8ca90c1
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c269169b3e779c611da9b3c56a267d4c827da507c29b6c0c0661155255f797e8
c3311d6f7aaeb427077eb7b4867b71e8c27d546b073c1f9a75ffd06a0b226340
c484c78d502a9769494d9fe87c9a826618b36fd60b567dee2cfa0f4e9163d79d
c745962f0e708ea8ef49da627bbf71889e2e474ce6847b275b12fdc0e82ad530
c7bb90368efa98cc3c3d57b40e7b6764a40f3d0780704ad99591702094348b45
c7efc2fb43ed5119b250a8db182c34d4fcada6de81a56bf0c230f1f689547ae2
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cb2dfbbfd24fecba9abff19d709fa131125ed847c6bcd29d41938f539d391243
cbf0afd95d90bb6e3d843abb3e0650bdbb399425330b0f752abbbcde5eb5bc20
cced72a5fc90de9cbfa59c691d65be471f67d2aae3e3ed37ebe476bf2b0c7030
cde3f48a75106d9686698a27d3eca6389f4c42e14973866c72c474c1a36264f0
cfe5efcc9712f5d697d7f6c543ce9c20508efbbe3a49740c6c352f9963a3668f
d1c09071c4921298c020eb4afbe0ceacbc85c0cda8103deb8af706bc0763857f
d5a230724df7e22d94976809c0362185fb4a2bf861af72f03ab265ea38b7e496
d74bb875198085803154ebbf3685df531232cec9c96d47259dd4e7325132cedd
d95ba86fa0391a4a86a6388088e53e1a0bfa52fa6f3c7c1e057e898522a30570
dcc779c4f41253e3ec85bc7010aa7dbe89b484cfe084cf3f8c5a23e83fe4903a
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e638a2b793e89090f809c41f419eca3216554288b4bff7b45b01183cdf3697c0
e695977d0348645637e7ecc405883195175ec7e2dd7b55b30ef98c1ab9e14254
ec14e5eb7512e49e5b837e67d515af4f6bf5efdf4957a2fb93bf6dfa878294c4
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef3bb29709966d129ee7c25526332d37e9c80a66f90be3953bcff733d420f82d
efb87121d6b515fa367f2db4a23ba65429b64f12e32b2438e36229d6e125db7c
f0e435535ad00d5f95dcea11de2d87f3a738d49fec323296cf5cd725bc8a92ae
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f6fc72d5a06fc6a495dfa314828bd68c1a112db58097e2442b52b7d4de96766d
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
fcb71ec5827dc40e240dbd3e06416dc12e8e6d0e0ff4ba74e7caa036f4b78b97
ffb218cb3150e45c6d8003f6f421845b044bf05126627666f18fed11b99f559c

plugins4free.com Open in urlscan Pro 51.79.20.70 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

267 Requests

72 %HTTPS

0 %IPv6

71 Domains

110 Subdomains

64 IPs

6 Countries

3010 kBTransfer

8691 kBSize

85 Cookies

4 Outgoing links

Redirected requests

267 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

plugins4free.com Open in urlscan Pro
51.79.20.70 Public Scan

Screenshot
Live screenshot

Full Image

267
Requests

72 %
HTTPS

0 %
IPv6

71
Domains

110
Subdomains

64
IPs

6
Countries

3010 kB
Transfer

8691 kB
Size

85
Cookies

267 HTTP transactions
3 data transactions