urlscan.io logo urlscan.io
SecurityTrails logo

impostor.fan Open in urlscan Pro
2606:4700:3034::6815:4e68  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://impostor.fan/
Effective URL: https://impostor.fan/
Submission: On August 05 via manual from SG
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 37 IPs in 10 countries across 30 domains to perform 69 HTTP transactions. The main IP is 2606:4700:3034::6815:4e68, located in United States and belongs to CLOUDFLARENET, US. The main domain is impostor.fan.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on January 12th 2021. Valid for: a year.
This is the only time impostor.fan was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 9 2606:4700:303... 13335 (CLOUDFLAR...)
1 13.224.96.46 16509 (AMAZON-02)
3 7 2a02:6b8::1:119 13238 (YANDEX)
3 35.190.9.86 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 205.185.216.10 20446 (HIGHWINDS3)
2 2600:9000:206... 16509 (AMAZON-02)
1 147.135.36.195 16276 (OVH)
2 2606:4700:303... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
3 142.250.184.226 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 35.233.56.88 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
1 1 2a02:2638:1::13 44788 (ASN-CRITE...)
1 178.250.2.146 44788 (ASN-CRITE...)
1 51.89.21.20 16276 (OVH)
1 18.193.213.131 16509 (AMAZON-02)
3 6 37.252.172.36 29990 (ASN-APPNEX)
1 185.64.189.112 62713 (AS-PUBMATIC)
1 185.86.139.96 201081 (SMARTADSE...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 151.101.13.108 54113 (FASTLY)
2 2.18.233.180 16625 (AKAMAI-AS)
1 185.64.189.115 62713 (AS-PUBMATIC)
1 3 37.157.6.251 198622 (ADFORM)
2 2 213.155.156.168 1299 (TELIANET ...)
4 185.64.189.110 62713 (AS-PUBMATIC)
1 178.250.2.151 44788 (ASN-CRITE...)
3 3 142.250.185.194 15169 (GOOGLE)
2 2 185.29.135.190 30419 (MEDIAMATH...)
1 185.64.189.114 62713 (AS-PUBMATIC)
1 159.253.128.183 36351 (SOFTLAYER)
2 185.64.190.80 62713 (AS-PUBMATIC)
2 2 13.248.242.197 16509 (AMAZON-02)
1 2a00:1288:110... 34010 (YAHOO-IRD)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
69 37
9    2606:4700:3034::6815:4e68 (United States)

ASN13335 (CLOUDFLARENET, US)
impostor.fan
1    13.224.96.46 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-96-46.zrh50.r.cloudfront.net
html5.api.gamedistribution.com
7    2a02:6b8::1:119 (Moscow, Russian Federation)

ASN13238 (YANDEX, RU)
mc.yandex.ru
mc.yandex.com
3    35.190.9.86 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 86.9.190.35.bc.googleusercontent.com
game.api.gamedistribution.com
msgrt.gamedistribution.com
1    2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    205.185.216.10 (United States)

ASN20446 (HIGHWINDS3, US)
PTR: map2.hwcdn.net
cdn.gamedock.io
2    2600:9000:206f:1200:4:cd76:8580:93a1 (United States)

ASN16509 (AMAZON-02, US)
hb.improvedigital.com
1    147.135.36.195 (Hillsboro, United States)

ASN16276 (OVH, FR)
PTR: ns102499.ip-147-135-36.us
topgamedata.com
2    2606:4700:3035::ac43:bdfd (United States)

ASN13335 (CLOUDFLARENET, US)
pub.headerlift.com
1    2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
2    2a00:1450:4001:80f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
imasdk.googleapis.com
3    142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net
securepubads.g.doubleclick.net
1    2a00:1450:4001:827::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
s0.2mdn.net
2    35.233.56.88 (Brussels, Belgium)

ASN15169 (GOOGLE, US)
PTR: 88.56.233.35.bc.googleusercontent.com
tag.atom.gamedistribution.com
4    2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
1    2a02:2638:1::13 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
gum.criteo.com
1    178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
mug.criteo.com
1    51.89.21.20 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: p14.id5-sync.com
id5-sync.com
1    18.193.213.131 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-193-213-131.eu-central-1.compute.amazonaws.com
ice.360yield.com
6    37.252.172.36 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
ib.adnxs.com
1    185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
hbopenbid.pubmatic.com
1    185.86.139.96 (France)

ASN201081 (SMARTADSERVER, FR)
prg.smartadserver.com
1    2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
1    2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
1    2a00:1450:4001:800::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ead745335b1653bbebe33060f2bf42d4.safeframe.googlesyndication.com
1    151.101.13.108 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
acdn.adnxs.com
2    2.18.233.180 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-180.deploy.static.akamaitechnologies.com
ads.pubmatic.com
1    185.64.189.115 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image6.pubmatic.com
3    37.157.6.251 (Denmark)

ASN198622 (ADFORM, DK)
PTR: s1.adform.net
c1.adform.net
2    213.155.156.168 (Uppsala, Sweden)

ASN1299 (TELIANET Telia Carrier, SE)
PTR: 213-155-156-168.teliacarrier-cust.com
d5p.de17a.com
4    185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image2.pubmatic.com
1    178.250.2.151 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
dis.criteo.com
3    142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net
cm.g.doubleclick.net
2    185.29.135.190 (United Kingdom)

ASN30419 (MEDIAMATH-INC, US)
sync.mathtag.com
1    185.64.189.114 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image4.pubmatic.com
1    159.253.128.183 (Amsterdam, Netherlands)

ASN36351 (SOFTLAYER, US)
PTR: b7.80.fd9f.ip4.static.sl-reverse.com
um.simpli.fi
2    185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
simage2.pubmatic.com
2    13.248.242.197 (United States)

ASN16509 (AMAZON-02, US)
PTR: a97adde81b00f2ca4.awsglobalaccelerator.com
match.adsrvr.org
1    2a00:1288:110:c305::8000 (Dublin, Ireland)

ASN34010 (YAHOO-IRD, GB)
pr-bh.ybp.yahoo.com
2    2a00:1450:4001:801::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
1    2a00:1450:4001:813::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
Apex Domain
Subdomains		 Transfer
11 pubmatic.com
hbopenbid.pubmatic.com
ads.pubmatic.com
image6.pubmatic.com
image2.pubmatic.com
image4.pubmatic.com
simage2.pubmatic.com
37 KB
9 impostor.fan
impostor.fan
105 KB
7 adnxs.com
ib.adnxs.com
acdn.adnxs.com
22 KB
7 googlesyndication.com
pagead2.googlesyndication.com
ead745335b1653bbebe33060f2bf42d4.safeframe.googlesyndication.com
tpc.googlesyndication.com
50 KB
6 doubleclick.net
securepubads.g.doubleclick.net
cm.g.doubleclick.net
117 KB
6 gamedistribution.com
html5.api.gamedistribution.com
game.api.gamedistribution.com
msgrt.gamedistribution.com
tag.atom.gamedistribution.com
77 KB
5 yandex.com
mc.yandex.com
2 KB
3 adform.net
c1.adform.net
1 KB
3 criteo.com
gum.criteo.com
mug.criteo.com
dis.criteo.com
2 KB
2 adsrvr.org
match.adsrvr.org
1017 B
2 mathtag.com
sync.mathtag.com
1 KB
2 de17a.com
d5p.de17a.com
701 B
2 google.com
adservice.google.com
www.google.com
1 KB
2 googleapis.com
imasdk.googleapis.com
307 KB
2 headerlift.com
pub.headerlift.com
1 KB
2 improvedigital.com
hb.improvedigital.com
108 KB
2 yandex.ru
mc.yandex.ru
71 KB
1 yahoo.com
pr-bh.ybp.yahoo.com
299 B
1 simpli.fi
um.simpli.fi
609 B
1 google.de
adservice.google.de
853 B
1 smartadserver.com
prg.smartadserver.com
320 B
1 360yield.com
ice.360yield.com
512 B
1 id5-sync.com
id5-sync.com
1 KB
1 2mdn.net
s0.2mdn.net
17 KB
1 googletagservices.com
www.googletagservices.com
25 KB
1 topgamedata.com
topgamedata.com
725 B
1 gamedock.io
cdn.gamedock.io
9 KB
1 google-analytics.com
www.google-analytics.com
19 KB
0 onaudience.com Failed
pixel.onaudience.com Failed
0 gameads.io Failed
node.gameads.io Failed
69 30
Domain Requested by
9 impostor.fan 1 redirects impostor.fan
6 ib.adnxs.com 3 redirects hb.improvedigital.com
acdn.adnxs.com
impostor.fan
5 mc.yandex.com 2 redirects impostor.fan
4 image2.pubmatic.com ads.pubmatic.com
4 pagead2.googlesyndication.com srcdoc
securepubads.g.doubleclick.net
tpc.googlesyndication.com
3 cm.g.doubleclick.net 3 redirects
3 c1.adform.net 1 redirects ads.pubmatic.com
3 securepubads.g.doubleclick.net www.googletagservices.com
securepubads.g.doubleclick.net
2 tpc.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
2 match.adsrvr.org 2 redirects
2 simage2.pubmatic.com ads.pubmatic.com
2 sync.mathtag.com 2 redirects
2 d5p.de17a.com 2 redirects
2 ads.pubmatic.com hb.improvedigital.com
ads.pubmatic.com
2 tag.atom.gamedistribution.com html5.api.gamedistribution.com
2 msgrt.gamedistribution.com html5.api.gamedistribution.com
2 imasdk.googleapis.com html5.api.gamedistribution.com
imasdk.googleapis.com
2 pub.headerlift.com hb.improvedigital.com
2 hb.improvedigital.com html5.api.gamedistribution.com
hb.improvedigital.com
2 mc.yandex.ru 1 redirects impostor.fan
1 www.google.com tpc.googlesyndication.com
1 pr-bh.ybp.yahoo.com ads.pubmatic.com
1 um.simpli.fi ads.pubmatic.com
1 image4.pubmatic.com ads.pubmatic.com
1 dis.criteo.com ads.pubmatic.com
1 image6.pubmatic.com ads.pubmatic.com
1 acdn.adnxs.com hb.improvedigital.com
1 ead745335b1653bbebe33060f2bf42d4.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 adservice.google.com securepubads.g.doubleclick.net
1 adservice.google.de securepubads.g.doubleclick.net
1 prg.smartadserver.com hb.improvedigital.com
1 hbopenbid.pubmatic.com hb.improvedigital.com
1 ice.360yield.com hb.improvedigital.com
1 id5-sync.com hb.improvedigital.com
1 mug.criteo.com impostor.fan
1 gum.criteo.com 1 redirects
1 s0.2mdn.net imasdk.googleapis.com
1 www.googletagservices.com hb.improvedigital.com
1 topgamedata.com impostor.fan
1 cdn.gamedock.io html5.api.gamedistribution.com
1 www.google-analytics.com html5.api.gamedistribution.com
1 game.api.gamedistribution.com html5.api.gamedistribution.com
1 html5.api.gamedistribution.com impostor.fan
0 pixel.onaudience.com Failed ads.pubmatic.com
0 node.gameads.io Failed impostor.fan
69 45

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-01-12 -
2022-01-11		 a year crt.sh
gamedistribution.com
Amazon		 2021-03-23 -
2022-04-21		 a year crt.sh
mc.yandex.ru
Yandex CA		 2021-07-28 -
2022-01-07		 5 months crt.sh
*.api.gamedistribution.com
R3		 2021-07-08 -
2021-10-06		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-07-12 -
2021-10-04		 3 months crt.sh
*.gamedock.io
Sectigo RSA Domain Validation Secure Server CA		 2021-07-27 -
2022-07-27		 a year crt.sh
improvedigital.com
Amazon		 2021-05-05 -
2022-06-03		 a year crt.sh
topgamedata.com
R3		 2021-06-23 -
2021-09-21		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-07-12 -
2021-10-04		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2021-07-12 -
2021-10-04		 3 months crt.sh
*.doubleclick.net
GTS CA 1C3		 2021-07-12 -
2021-10-04		 3 months crt.sh
tag.atom.gamedistribution.com
R3		 2021-06-24 -
2021-09-22		 3 months crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2021-06-27 -
2021-09-24		 3 months crt.sh
*.id5-sync.com
R3		 2021-07-13 -
2021-10-11		 3 months crt.sh
*.360yield.com
Amazon		 2021-07-29 -
2022-08-27		 a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2021-03-05 -
2022-02-19		 a year crt.sh
*.pubmatic.com
DigiCert Baltimore TLS RSA SHA256 2020 CA1		 2020-12-07 -
2021-12-14		 a year crt.sh
*.smartadserver.com
DigiCert ECC Secure Server CA		 2020-01-30 -
2022-02-03		 2 years crt.sh
*.google.de
GTS CA 1C3		 2021-06-28 -
2021-09-20		 3 months crt.sh
*.google.com
GTS CA 1C3		 2021-07-12 -
2021-10-04		 3 months crt.sh
cdn.adnxs.com
GlobalSign Organization Validated CA - SHA256 - G4		 2021-05-10 -
2022-06-11		 a year crt.sh
track.adform.net
DigiCert SHA2 Secure Server CA		 2019-09-16 -
2021-09-20		 2 years crt.sh
*.simpli.fi
DigiCert SHA2 Secure Server CA		 2019-09-18 -
2021-12-12		 2 years crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2021-03-29 -
2021-09-22		 6 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2021-07-12 -
2021-10-04		 3 months crt.sh
www.google.com
GTS CA 1C3		 2021-07-12 -
2021-10-04		 3 months crt.sh

This page contains 11 frames:

Primary Page: https://impostor.fan/
Frame ID: 858135F8AC3DC6E2796D41AE7922294E
Requests: 43 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.473.0_en.html
Frame ID: 9C262F69FDBB27AC5D5C0A841100D4E8
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 63DA16BBC260FCF64A931F6FD304A62B
Requests: 1 HTTP requests in this frame

Frame: https://ead745335b1653bbebe33060f2bf42d4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 7868616FF1681AF45A90E8A563113C5C
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: C3FACC23209044F3EA9146BA1296FDA7
Requests: 3 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: F34A369C76D136CEF8955BF2608CB362
Requests: 13 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=D9825F5A-A19C-4F97-9FA9-5BA0804D9A97
Frame ID: CFBED8DEC2819E9A12EAD1807069374C
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=1&gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA&piggybackCookie=7360624910493289049
Frame ID: D6DA3651B473FECD682476667D5D6E81
Requests: 1 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=1&gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: 21833D35775D5D434CB15C0795E5F4A1
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 9F058B0091FAF011E6F619D4AB9D5471
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 6273D0EEAD2EAED8B7D1F71EAE524985
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://impostor.fan/ HTTP 301
    https://impostor.fan/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i
Overall confidence: 100%
Detected patterns
  • script /2mdn\.net/i
Overall confidence: 100%
Detected patterns
  • script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i
Overall confidence: 100%
Detected patterns
  • script /2mdn\.net/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

69
Requests

96 %
HTTPS

39 %
IPv6

30
Domains

45
Subdomains

37
IPs

10
Countries

969 kB
Transfer

2752 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://impostor.fan/ HTTP 301
    https://impostor.fan/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10
  • https://mc.yandex.com/sync_cookie_image_check HTTP 302
  • https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9356.dFG5_BBeAs0TmKWaLTtL6JDSsZkwnFSFM8e8QuZhu_qzpWO4X5lx5EQ0ltRkCaJu.NuYb-C0fa_wap-0fB5lBGig8RxE%2C HTTP 302
  • https://mc.yandex.com/sync_cookie_image_decide?token=9356.Q8Yw_ENFTKskyB9MOSMLjWwciILzT5XQXwnCs6FwzGdc7Jc-2_Ra8H-dMbpyD2EIU65rl5rQ8-HQSOJWGKPOeg%2C%2C.mkj_by_mzmV_YvC3RUc0ZHVYeeY%2C
Request Chain 13
  • https://mc.yandex.com/watch/71169778?wmode=7&page-url=https%3A%2F%2Fimpostor.fan%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A4uzkmd4e35cd16k0n%3Afp%3A668%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A608%3Acn%3A1%3Adp%3A0%3Als%3A250023848028%3Ahid%3A941001479%3Az%3A120%3Ai%3A20210805144458%3Aet%3A1628167499%3Ac%3A1%3Arn%3A806234755%3Au%3A1628167499988715622%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1628167498012%3Ads%3A0%2C25%2C312%2C1%2C49%2C0%2C%2C277%2C0%2C%2C%2C%2C725%3Adsn%3A0%2C25%2C313%2C1%2C48%2C0%2C%2C280%2C0%2C%2C%2C%2C724%3Awv%3A2%3Arqnl%3A1%3Aadb%3A2%3Ati%3A2%3Ast%3A1628167499%3At%3AImpostor%20-%20Among%20Us%20inspired%20fan%20game HTTP 302
  • https://mc.yandex.com/watch/71169778/1?wmode=7&page-url=https%3A%2F%2Fimpostor.fan%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A4uzkmd4e35cd16k0n%3Afp%3A668%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A608%3Acn%3A1%3Adp%3A0%3Als%3A250023848028%3Ahid%3A941001479%3Az%3A120%3Ai%3A20210805144458%3Aet%3A1628167499%3Ac%3A1%3Arn%3A806234755%3Au%3A1628167499988715622%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1628167498012%3Ads%3A0%2C25%2C312%2C1%2C49%2C0%2C%2C277%2C0%2C%2C%2C%2C725%3Adsn%3A0%2C25%2C313%2C1%2C48%2C0%2C%2C280%2C0%2C%2C%2C%2C724%3Awv%3A2%3Arqnl%3A1%3Aadb%3A2%3Ati%3A2%3Ast%3A1628167499%3At%3AImpostor%20-%20Among%20Us%20inspired%20fan%20game
Request Chain 31
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fimpostor.fan%2F&domain=impostor.fan&gdprString=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA&cw=1 HTTP 302
  • https://mug.criteo.com/sid?cpp=17bMPHx6L3pQMlZZUU9SNnBmSFlkbUJYcGFDNW1VK2JqcWtpbERqRDZhT0xWN0l4TXZWUEhmRDFjTDN5RWFQVDdJMUNTaThYL0tQR3N6cEtFTGZNSVR5My9nQ1pkMEplSi9OL2FSdGIybXBKMDdZaG85TlZBcnQwL3FqOTVhOUx2eGhLR3RQNHBHV204bzdNMzlxQ251a0VoclpvMGM2WkV3dWNEbVZvcE5nZWNLMUhyb2pkb2tPOEltdnVLYXdRdTVxamRrQXEzL2pERU5DQlptZ2JsNjAyM2JLRVBDTmZ0cE1yMGdnODZkZzFoQ3VvPXw&cppv=2
Request Chain 45
  • https://ib.adnxs.com/async_usersync?cbfn=queuePixels HTTP 307
  • https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
Request Chain 46
  • https://c1.adform.net/serving/cookie/match?party=14&cid=D9825F5A-A19C-4F97-9FA9-5BA0804D9A97 HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=D9825F5A-A19C-4F97-9FA9-5BA0804D9A97
Request Chain 47
  • https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=1&gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA&piggybackCookie=$UID HTTP 302
  • https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=1&gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA&piggybackCookie=$UID HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=1&gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA&piggybackCookie=7360624910493289049
Request Chain 49
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=2YJfWqGcT5efqVuggE2alw%3D%3D HTTP 302
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Request Chain 50
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=1fed610b-dd4f-4100-a392-7242de6cf88a
Request Chain 52
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RDk4MjVGNUEtQTE5Qy00Rjk3LTlGQTktNUJBMDgwNEQ5QTk3&gdpr=1&gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=1&gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA
Request Chain 53
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=1&gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=1&gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA&piggybackCookie=CAESEB8Sqq95HckP1aF9EV8QDSw&google_cver=1
Request Chain 55
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=1&gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:1535610b-dd4f-4500-b5b2-d97fdfc070be&gdpr=1&gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA
Request Chain 57
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=1&gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=1&gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=27c09c36-09d2-4f45-ae54-5dbd52f8f6ff
Request Chain 58
  • https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=1&gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=1124520241559471664&gdpr=1&gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA
Request Chain 60
  • https://ib.adnxs.com/async_usersync?cbfn=queuePixels HTTP 307
  • https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels

69 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
impostor.fan/
Redirect Chain
  • http://impostor.fan/
  • https://impostor.fan/
6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://impostor.fan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:4e68 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6b9b06d1c452ca87177d3daf46675701fdb0740d43cb85b3e6a6e1f562d41737

Request headers

:method
GET
:authority
impostor.fan
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 05 Aug 2021 12:44:58 GMT
content-type
text/html; charset=UTF-8
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
expires
Thu, 20 Sep 2018 00:00:00 GMT
set-cookie
player_id=897741744; expires=Mon, 22-Oct-2029 12:44:58 GMT; Max-Age=259200000
vary
Accept-Encoding
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0UL0kxFb2Ctpf73jf2gLcML%2BujcKcfBSqsgsTodkuPB%2F%2FIfZdHUFg%2BNmAzhj2mGvYLx4U1nxcapXV%2Fd4Cvrjex1sLRG9uk8g3bWokb6VLMkl6%2F%2B2eOUWaaQqu3b5%2FkSbev0%2BATb%2BCvfNL50%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
67a01eaf0c1f4e1a-FRA
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

Redirect headers

Date
Thu, 05 Aug 2021 12:44:58 GMT
Transfer-Encoding
chunked
Connection
keep-alive
Cache-Control
max-age=3600
Expires
Thu, 05 Aug 2021 13:44:58 GMT
Location
https://impostor.fan/
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V4%2BI3CnFvomT8n0RAG1u%2Bc1VkON7VkcXqJ3XHqHFT04vrfDaYoeKg4rH3le7y%2FT%2B1Y3TCUb1WDgeXlJY73Yu9OQP51k%2FJUKaHgzDO8JG3M8IBWevWuhclC9SZ2CnT2yex1QIh2YXGa1Lr8Y%3D"}],"group":"cf-nel","max_age":604800}
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary
Accept-Encoding
Server
cloudflare
CF-RAY
67a01eaecd7b535d-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
style.css
impostor.fan/ 		826 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://impostor.fan/style.css?v3
Requested by
Host: impostor.fan
URL: https://impostor.fan/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::6815:4e68 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cbe34ab4ffe57d55576ce120cab08f2290f36519f660372737a1eb15f3f699c8

Request headers

:path
/style.css?v3
pragma
no-cache
cookie
player_id=897741744
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
impostor.fan
referer
https://impostor.fan/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://impostor.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 05 Aug 2021 12:44:58 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 01 Jan 2021 10:25:45 GMT
server
cloudflare
age
4024
etag
W/"33a-5b7d429c0bc40-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Na7eaIhVqqN7BjeVlYSpXVlsohvz48PV55%2BUHEbCiclrTox423yhxgdbidez44HpEl14dTPQD2VG8hDhtc8Dpv293NxXpKcOQudJoM3zM239CmNiQmAbhtr4KHH7dKfyocurM6e1kbsLdP0%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
67a01eb129855363-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
style-menu.css
impostor.fan/ 		3 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://impostor.fan/style-menu.css?a1
Requested by
Host: impostor.fan
URL: https://impostor.fan/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::6815:4e68 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8e335af44c274f353579e18fff27ec2114c0735d6b96869813f6cd49bed2b1b2

Request headers

:path
/style-menu.css?a1
pragma
no-cache
cookie
player_id=897741744
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
impostor.fan
referer
https://impostor.fan/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://impostor.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 05 Aug 2021 12:44:58 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 24 Feb 2021 14:37:08 GMT
server
cloudflare
age
6409
etag
W/"cf0-5bc15f8334d00-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RzPtl68CeC8okldl6iHJl0MCljDUL2ey5VpW%2B9J4babzv2gfGRpPmhThrX9eADK%2BvQVNUlyxmf4sR17wbyj1LJ4qRuaLyw87syJbVqCu%2B72Udh%2BL%2BnzUw%2F9PEuQLJ0zOCKRNMevkD6yMsdY%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
67a01eb129765363-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
netapifan14.js
impostor.fan/ 		163 KB
66 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://impostor.fan/netapifan14.js?v1
Requested by
Host: impostor.fan
URL: https://impostor.fan/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::6815:4e68 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5f54ecda2218eb58b48e365546b7088a2e36364e29e7be1d7a9482b503653766

Request headers

:path
/netapifan14.js?v1
pragma
no-cache
cookie
player_id=897741744
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
impostor.fan
referer
https://impostor.fan/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://impostor.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 05 Aug 2021 12:44:58 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 17 Feb 2021 10:49:44 GMT
server
cloudflare
age
4024
etag
W/"28b8a-5bb85fa10c200-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1tstHagtRfFsxDodREFdZUxrVWMqjOp%2FQwktgSNeIlmvJ73RRZk2zTw21PpKv7ScUDLUJH%2BRr%2F2BUcvycXD4F3g4JDVYbFDJsHVMISx6dvIlmaxVFjCDyUJY%2B64aPovdDda12%2BW2mbLuN44%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
67a01eb129705363-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
supportcheck.js
impostor.fan/scripts/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://impostor.fan/scripts/supportcheck.js?v3
Requested by
Host: impostor.fan
URL: https://impostor.fan/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::6815:4e68 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a030981bf7307ccfb24a49649c249df5021662c99903be6d44619f0c5779964c

Request headers

:path
/scripts/supportcheck.js?v3
pragma
no-cache
cookie
player_id=897741744
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
impostor.fan
referer
https://impostor.fan/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://impostor.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 05 Aug 2021 12:44:58 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 17 Apr 2021 19:06:02 GMT
server
cloudflare
age
4024
etag
W/"90a-5c02fc99c1a80-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LKdGI6As1nQ92JMlOMC276vYQvaM6YQAOif6S9jKgWoBHolcIdBzy849LQ48mHlDefyy4HwRNKv225fHWTE7wkT4mxH1rlvuqKVbaRhCFwB%2FG6TA75th0%2BupcBS0dssEueL%2BnLlMFvaqbqk%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
67a01eb129845363-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
offlineclient.js
impostor.fan/scripts/ 		603 B
846 B 		Script
General
Check archive.org
Download Go to
Full URL
https://impostor.fan/scripts/offlineclient.js?v2
Requested by
Host: impostor.fan
URL: https://impostor.fan/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::6815:4e68 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dfaba9f1fa0ea22c703a1aba1dd90faa1abc07ca63b4d36830e61ec3fa18e34d

Request headers

sec-fetch-mode
cors
origin
https://impostor.fan
accept-encoding
gzip, deflate, br
accept-language
en-US
sec-fetch-dest
script
cookie
player_id=897741744
:path
/scripts/offlineclient.js?v2
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
impostor.fan
referer
https://impostor.fan/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://impostor.fan
Referer
https://impostor.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 05 Aug 2021 12:44:58 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 17 Apr 2021 19:05:59 GMT
server
cloudflare
age
4024
etag
W/"25b-5c02fc96e53c0-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uPt6pqdgBJPkeecKPBAhZvsEmnhk1%2F37%2BbzAtGyFOonJeERwXd0%2FzaqbHilzcZG6%2F%2BPDHEbUJeQmtyV1aZZRyhR9Q0yIs%2BU121SGJWVrXAgorl8%2F5qG0UN9cGdf12mGKg6ucECBdzH01oL4%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
67a01eb129755363-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
main.js
impostor.fan/scripts/ 		124 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://impostor.fan/scripts/main.js?v2
Requested by
Host: impostor.fan
URL: https://impostor.fan/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::6815:4e68 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
19696bf737d2a4e90f20326264fe67117eaa3c064ff774a9db8ea4cda1eb1067

Request headers

sec-fetch-mode
cors
origin
https://impostor.fan
accept-encoding
gzip, deflate, br
accept-language
en-US
sec-fetch-dest
script
cookie
player_id=897741744
:path
/scripts/main.js?v2
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
impostor.fan
referer
https://impostor.fan/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://impostor.fan
Referer
https://impostor.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 05 Aug 2021 12:44:58 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 17 Apr 2021 19:05:59 GMT
server
cloudflare
age
4024
etag
W/"1f1f4-5c02fc96e53c0-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iax6TydLCOwTMitwYSTDTaXNvAEizg3UVxjWMr%2BkaTEgmU9V5xeqQvICAKDAIQbxroveXaWU9NXfm5kdKcDq%2FoI6z%2Br7y3mb4zD7tAqGrZAJCu3CtCwq1pgtCVXBH9yPHJ0z7zKzYJAqFbA%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
67a01eb129735363-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
register-sw.js
impostor.fan/scripts/ 		303 B
777 B 		Script
General
Check archive.org
Download Go to
Full URL
https://impostor.fan/scripts/register-sw.js?v2
Requested by
Host: impostor.fan
URL: https://impostor.fan/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::6815:4e68 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
74ffbf6f2239666e2d741cf383c0a7d2e144df82ec09018203b925b147206953

Request headers

sec-fetch-mode
cors
origin
https://impostor.fan
accept-encoding
gzip, deflate, br
accept-language
en-US
sec-fetch-dest
script
cookie
player_id=897741744
:path
/scripts/register-sw.js?v2
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
impostor.fan
referer
https://impostor.fan/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://impostor.fan
Referer
https://impostor.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 05 Aug 2021 12:44:58 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 17 Apr 2021 19:06:01 GMT
server
cloudflare
age
4024
etag
W/"12f-5c02fc98cd840-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MgDjzg8xxDsTjPMGMYTv8M8VJPpJ8rQiGtCslvnzcQFowWa9XIZg3qQvvCwtvpmU9N6yW%2BU03ZblbbwbFRtCHMuBDNJJQ51QxDzr99HkBYgv%2F1VSJLrQ2%2B%2BxvArEj53%2B4Slb5uZkQGYEuNc%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
67a01eb129785363-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
main.min.js
html5.api.gamedistribution.com/ 		231 KB
73 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://html5.api.gamedistribution.com/main.min.js
Requested by
Host: impostor.fan
URL: https://impostor.fan/netapifan14.js?v1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.96.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-96-46.zrh50.r.cloudfront.net
Software
UploadServer /
Resource Hash
97d20546c664cf9c1276f9b45f2eeea585cae65832c2952669080da7a296affc

Request headers

Referer
https://impostor.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 05 Aug 2021 12:26:55 GMT
content-encoding
gzip
age
1083
x-guploader-uploadid
ADPycdus6HYArVKF8nZL-V8LSiJVNioe9rKOZvhVIpnanNFZgewODOn3No8Fybpy4jHGhCJXS_39dDjlA8bnuuMTgzl0G0W3UA
x-cache
Hit from cloudfront
x-goog-storage-class
MULTI_REGIONAL
x-goog-meta-surrogate-key
gcs
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
content-length
74280
access-control-allow-origin
*
last-modified
Wed, 04 Aug 2021 09:36:52 GMT
server
UploadServer
etag
"818e1ddf365188ccd00a0c9f559b2ea2"
vary
accept-encoding
x-goog-hash
crc32c=afgMbA==, md5=gY4d3zZRiMzQCgyfVZsuog==
x-goog-generation
1628069812333286
via
1.1 08c5e904e2f0226b2d9c1417f32b12f2.cloudfront.net (CloudFront)
access-control-expose-headers
Content-Type
cache-control
public, max-age=3600
x-goog-stored-content-length
74280
x-amz-cf-pop
ZRH50-C1
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
x-amz-cf-id
uaIYtcdkdPpC-GXEoQSlnb8_LfAEJ5teL9G1mqWBJsXJBZZ-YUcxOg==
expires
Thu, 05 Aug 2021 13:26:55 GMT
getcode
node.gameads.io/ 		0
0
tag.js
mc.yandex.ru/metrika/ 		224 KB
71 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/metrika/tag.js
Requested by
Host: impostor.fan
URL: https://impostor.fan/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
/
Resource Hash
70f9104f32191ca7f434f01af2eb5e6cb3f126788c4868874c1336c0f6cd2929
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://impostor.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 05 Aug 2021 12:44:58 GMT
content-encoding
br
last-modified
Tue, 03 Aug 2021 10:32:13 GMT
etag
"61029ac0-11be7"
strict-transport-security
max-age=31536000
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600
content-length
72679
expires
Thu, 05 Aug 2021 13:44:58 GMT
sync_cookie_image_decide
mc.yandex.com/
Redirect Chain
  • https://mc.yandex.com/sync_cookie_image_check
  • https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9356.dFG5_BBeAs0TmKWaLTtL6JDSsZkwnFSFM8e8QuZhu_qzpWO4X5lx5EQ0ltRkCaJu.NuYb-C0fa_wap-0fB5lBGig8RxE%2C
  • https://mc.yandex.com/sync_cookie_image_decide?token=9356.Q8Yw_ENFTKskyB9MOSMLjWwciILzT5XQXwnCs6FwzGdc7Jc-2_Ra8H-dMbpyD2EIU65rl5rQ8-HQSOJWGKPOeg%2C%2C.mkj_by_mzmV_YvC3RUc0ZHVYeeY%2C
75 B
75 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mc.yandex.com/sync_cookie_image_decide?token=9356.Q8Yw_ENFTKskyB9MOSMLjWwciILzT5XQXwnCs6FwzGdc7Jc-2_Ra8H-dMbpyD2EIU65rl5rQ8-HQSOJWGKPOeg%2C%2C.mkj_by_mzmV_YvC3RUc0ZHVYeeY%2C
Requested by
Host: impostor.fan
URL: https://impostor.fan/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
/
Resource Hash
8398a026313c016324f186d1c9b24a46813109d4bc5477d910a683079cbf1434
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://impostor.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 05 Aug 2021 12:44:59 GMT
strict-transport-security
max-age=31536000
content-length
75
x-xss-protection
1; mode=block
content-type
text/html; charset=utf-8

Redirect headers

location
https://mc.yandex.com/sync_cookie_image_decide?token=9356.Q8Yw_ENFTKskyB9MOSMLjWwciILzT5XQXwnCs6FwzGdc7Jc-2_Ra8H-dMbpyD2EIU65rl5rQ8-HQSOJWGKPOeg%2C%2C.mkj_by_mzmV_YvC3RUc0ZHVYeeY%2C
date
Thu, 05 Aug 2021 12:44:58 GMT
strict-transport-security
max-age=31536000
x-xss-protection
1; mode=block
advert.gif
mc.yandex.com/metrika/ 		43 B
99 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mc.yandex.com/metrika/advert.gif
Requested by
Host: impostor.fan
URL: https://impostor.fan/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://impostor.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 05 Aug 2021 12:44:58 GMT
last-modified
Tue, 03 Aug 2021 10:32:13 GMT
etag
"61029ac0-2b"
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=3600
accept-ranges
bytes
content-length
43
expires
Thu, 05 Aug 2021 13:44:58 GMT
/
game.api.gamedistribution.com/game/v4/get/9abe6af0fbb440b98a3e24bf7fb0636a/ 		2 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://game.api.gamedistribution.com/game/v4/get/9abe6af0fbb440b98a3e24bf7fb0636a/?domain=impostor.fan&v=1.12.2&localTime=14
Requested by
Host: html5.api.gamedistribution.com
URL: https://html5.api.gamedistribution.com/main.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.9.86 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
86.9.190.35.bc.googleusercontent.com
Software
/ Express
Resource Hash
4024defe0e6a94f81a74fd7614e7909ab256b2c0a1b034aaa1bc8a016bd9c237

Request headers

Referer
https://impostor.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 05 Aug 2021 12:44:59 GMT
via
1.1 google
etag
W/"9f2-5N5BdzeQGBbCYJhjt/+G97lL+yw"
x-powered-by
Express
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age 3600
alt-svc
clear
content-length
2546
1
mc.yandex.com/watch/71169778/
Redirect Chain
  • https://mc.yandex.com/watch/71169778?wmode=7&page-url=https%3A%2F%2Fimpostor.fan%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A4uzkmd4e35cd16k0n%3Afp%3A668%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen...
  • https://mc.yandex.com/watch/71169778/1?wmode=7&page-url=https%3A%2F%2Fimpostor.fan%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A4uzkmd4e35cd16k0n%3Afp%3A668%3Afu%3A0%3Aen%3Autf-8%3Ala%3A...
316 B
535 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.com/watch/71169778/1?wmode=7&page-url=https%3A%2F%2Fimpostor.fan%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A4uzkmd4e35cd16k0n%3Afp%3A668%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A608%3Acn%3A1%3Adp%3A0%3Als%3A250023848028%3Ahid%3A941001479%3Az%3A120%3Ai%3A20210805144458%3Aet%3A1628167499%3Ac%3A1%3Arn%3A806234755%3Au%3A1628167499988715622%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1628167498012%3Ads%3A0%2C25%2C312%2C1%2C49%2C0%2C%2C277%2C0%2C%2C%2C%2C725%3Adsn%3A0%2C25%2C313%2C1%2C48%2C0%2C%2C280%2C0%2C%2C%2C%2C724%3Awv%3A2%3Arqnl%3A1%3Aadb%3A2%3Ati%3A2%3Ast%3A1628167499%3At%3AImpostor%20-%20Among%20Us%20inspired%20fan%20game
Requested by
Host: impostor.fan
URL: https://impostor.fan/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
/
Resource Hash
8737d2b106986bcaac98470b1f91251d26f228b0be6e8546a0298e36b6ffa31b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://impostor.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 05 Aug 2021 12:44:59 GMT
x-content-type-options
nosniff
last-modified
Thu, 05-Aug-2021 12:44:59 GMT
strict-transport-security
max-age=31536000
content-type
application/json; charset=utf-8
access-control-allow-origin
https://impostor.fan
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
316
x-xss-protection
1; mode=block
expires
Thu, 05-Aug-2021 12:44:59 GMT

Redirect headers

pragma
no-cache
date
Thu, 05 Aug 2021 12:44:59 GMT
last-modified
Thu, 05-Aug-2021 12:44:59 GMT
location
/watch/71169778/1?wmode=7&page-url=https%3A%2F%2Fimpostor.fan%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A4uzkmd4e35cd16k0n%3Afp%3A668%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A608%3Acn%3A1%3Adp%3A0%3Als%3A250023848028%3Ahid%3A941001479%3Az%3A120%3Ai%3A20210805144458%3Aet%3A1628167499%3Ac%3A1%3Arn%3A806234755%3Au%3A1628167499988715622%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1628167498012%3Ads%3A0%2C25%2C312%2C1%2C49%2C0%2C%2C277%2C0%2C%2C%2C%2C725%3Adsn%3A0%2C25%2C313%2C1%2C48%2C0%2C%2C280%2C0%2C%2C%2C%2C724%3Awv%3A2%3Arqnl%3A1%3Aadb%3A2%3Ati%3A2%3Ast%3A1628167499%3At%3AImpostor%20-%20Among%20Us%20inspired%20fan%20game
strict-transport-security
max-age=31536000
access-control-allow-origin
https://impostor.fan
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
x-xss-protection
1; mode=block
expires
Thu, 05-Aug-2021 12:44:59 GMT
analytics.js
www.google-analytics.com/ 		48 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: html5.api.gamedistribution.com
URL: https://html5.api.gamedistribution.com/main.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://impostor.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 13 Jul 2021 18:24:06 GMT
server
Golfe2
age
5478
date
Thu, 05 Aug 2021 11:13:41 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19672
expires
Thu, 05 Aug 2021 13:13:41 GMT
gamedock-sdk.min.js
cdn.gamedock.io/gamedock-web-tracker/4.3.0/script/ 		9 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.gamedock.io/gamedock-web-tracker/4.3.0/script/gamedock-sdk.min.js
Requested by
Host: html5.api.gamedistribution.com
URL: https://html5.api.gamedistribution.com/main.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
6633b8a073de0ad0d5faaaa139cf28da6d705612d5edefc9b4d69a56343f60f2

Request headers

Referer
https://impostor.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 05 Aug 2021 12:44:59 GMT
last-modified
Tue, 03 Nov 2020 08:00:43 GMT
etag
"1604390443"
x-hw
1628167499.dop004.sk1.t,1628167499.cds221.sk1.hn,1628167499.cds220.sk1.c
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3887
accept-ranges
bytes
content-length
9185
gameDistributionV1.3.min.js
hb.improvedigital.com/pbw/ 		61 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hb.improvedigital.com/pbw/gameDistributionV1.3.min.js
Requested by
Host: html5.api.gamedistribution.com
URL: https://html5.api.gamedistribution.com/main.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:1200:4:cd76:8580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
UploadServer /
Resource Hash
e71797102d81d0d90cb0406f89f72c84d432fbd0d928e74d54a3989f05f9e15a

Request headers

Referer
https://impostor.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 05 Aug 2021 12:41:37 GMT
content-encoding
gzip
age
202
x-guploader-uploadid
ADPycdvFFtP8FxPnvtzTt1gZxYqht9pGRkiL_hSfmwcLh5yOX1TxifBhi-Vylfmk-jBiYDbaxaTJ5nrRAISu_UtDXzlnrPrzow
x-cache
Hit from cloudfront
x-goog-storage-class
REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
content-length
19180
last-modified
Mon, 12 Jul 2021 10:23:33 GMT
server
UploadServer
etag
W/"0d424032a6be50c66a03446ad0df9805"
vary
Accept-Encoding
x-goog-hash
crc32c=pHsoHQ==, md5=DUJAMqa+UMZqA0Rq0N+YBQ==
x-goog-generation
1626085413971341
via
1.1 fdd677a35b242f0199586a71e2f6859f.cloudfront.net (CloudFront)
cache-control
public, max-age=3600
x-goog-stored-content-length
19180
x-amz-cf-pop
FRA56-C1
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
x-amz-cf-id
AQTFwDT5-HvAn2-4wEvezjtP0VcljeXcUfmfAmP_e14gmOM0WhfbCA==
expires
Thu, 05 Aug 2021 13:41:37 GMT
amongus_kills_1.json
topgamedata.com/json/ 		2 KB
725 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://topgamedata.com/json/amongus_kills_1.json
Requested by
Host: impostor.fan
URL: https://impostor.fan/netapifan14.js?v1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
147.135.36.195 Hillsboro, United States, ASN16276 (OVH, FR),
Reverse DNS
ns102499.ip-147-135-36.us
Software
nginx /
Resource Hash
f02c84573c616e3505a26bba7521d801ef5b9ccc2461149082c5a80e84aeb942

Request headers

Referer
https://impostor.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 05 Aug 2021 12:44:59 GMT
content-encoding
gzip
access-control
allow <*>
last-modified
Thursday, 05-Aug-2021 12:44:59 GMT
server
nginx
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
x-robots-tag
noindex, nofollow
prebid-idhb-v3.26e.min.js
hb.improvedigital.com/pbw/prebid/ 		284 KB
89 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hb.improvedigital.com/pbw/prebid/prebid-idhb-v3.26e.min.js
Requested by
Host: hb.improvedigital.com
URL: https://hb.improvedigital.com/pbw/gameDistributionV1.3.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:1200:4:cd76:8580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
UploadServer /
Resource Hash
b1c9552ff946c8d6ed8b4a6879aed0d758c5c1bdffe3e284de7e3bb4c4e3b950

Request headers

Referer
https://impostor.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 04 Aug 2021 20:40:40 GMT
content-encoding
gzip
age
57859
x-guploader-uploadid
ADPycdtAqv3WME1rMuUw8ayG6z-XBAHbZPXTHEVobysZG3hT8QveC_6GEg9zelcAsEjmB5c1sWevi4cICGsYLZjhKuKpJTfwNQ
x-cache
Hit from cloudfront
x-goog-storage-class
REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
content-length
90098
last-modified
Thu, 05 Nov 2020 08:29:15 GMT
server
UploadServer
etag
"fa0ba9b450799331a299a9af17a79471"
x-goog-hash
crc32c=r7rY6g==, md5=+guptFB5kzGimamvF6eUcQ==
content-language
en
via
1.1 fdd677a35b242f0199586a71e2f6859f.cloudfront.net (CloudFront)
x-goog-generation
1604564955188688
cache-control
public, max-age=172800,no-transform
x-goog-stored-content-length
90098
x-amz-cf-pop
FRA56-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
CiVDvvz0vza4Sp3r1757kaTKkYIe-dmdUdDm0H25quTzdx-wV3Yo1Q==
expires
Fri, 06 Aug 2021 20:40:40 GMT
opphb
pub.headerlift.com/ 		338 B
511 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pub.headerlift.com/opphb?page_url=https%3A%2F%2Fimpostor.fan%2F&game_id=9abe6af0fbb440b98a3e24bf7fb0636a&ad_position=gdbanner
Requested by
Host: hb.improvedigital.com
URL: https://hb.improvedigital.com/pbw/gameDistributionV1.3.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:bdfd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fd2a5690e1b06c8fac3266475b0639b35d6a6cebd6f677de012b834e30f55637

Request headers

Referer
https://impostor.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 05 Aug 2021 12:44:59 GMT
via
1.1 google
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-methods
*
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
pragma
no-cache
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s5J5ovvMeVidbJh5VRNc7fQGywGmRWv%2FOPsMPgd8CiYVLTW3rhn2S9N1X%2BPcxMUtYQbfPZBB1SGBH%2BsLPWpcR5OCO7DFb0e0HAV9PStXpT2lOS0HksT6xgcssOKXZ46PRf40cDae1b%2F2kdGgnUp4bmw%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
access-control-allow-origin
https://impostor.fan
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cf-ray
67a01eb64a5a435d-FRA
access-control-allow-headers
*
opphb
pub.headerlift.com/ 		343 B
951 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pub.headerlift.com/opphb?page_url=https%3A%2F%2Fimpostor.fan%2F&game_id=9abe6af0fbb440b98a3e24bf7fb0636a&ad_position=gdprerollbanner
Requested by
Host: hb.improvedigital.com
URL: https://hb.improvedigital.com/pbw/gameDistributionV1.3.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:bdfd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
79e0196cb18a33305536297de3ededb4bf389820c47a9cdc5e678c0b16c02dc4

Request headers

Referer
https://impostor.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 05 Aug 2021 12:44:59 GMT
via
1.1 google
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-methods
*
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
pragma
no-cache
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JEMwxycP1MUDzf40gxw2WRhDhqjlr1VwFlur0qWpqksQYFgByu6czOqq26w1wGC9w9XF8av4P97S7ZyJ%2BCLoTs57eFwaA4rMSsY5f8Wiku6a3aoKRG23Qc6mLdF%2Fev%2BEIODD%2BeY2esSVj%2FCMENP7t6A%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
access-control-allow-origin
https://impostor.fan
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cf-ray
67a01eb64a5f435d-FRA
access-control-allow-headers
*
gpt.js
www.googletagservices.com/tag/js/ 		70 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: hb.improvedigital.com
URL: https://hb.improvedigital.com/pbw/gameDistributionV1.3.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f50d533405a428e7a4cf916f282c90c49f30fc31d31cd1402a80fd38fd2e52b2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://impostor.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 05 Aug 2021 12:44:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"949 / 181 of 1000 / last-modified: 1628161892"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24827
x-xss-protection
0
expires
Thu, 05 Aug 2021 12:44:59 GMT
ima3.js
imasdk.googleapis.com/js/sdkloader/ 		340 KB
117 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: html5.api.gamedistribution.com
URL: https://html5.api.gamedistribution.com/main.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
691589a940c9030b5397bdbdc082cb8abb2d15671502a6dd66bafafb4de3b599
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://impostor.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 05 Aug 2021 12:44:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
119640
x-xss-protection
0
expires
Thu, 05 Aug 2021 12:44:59 GMT
collect
msgrt.gamedistribution.com/ 		2 B
112 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://msgrt.gamedistribution.com/collect?tp=com.gdsdk.error&ar=W3siZ21pZCI6IjlhYmU2YWYwZmJiNDQwYjk4YTNlMjRiZjdmYjA2MzZhIiwidGRtbiI6ImltcG9zdG9yLmZhbiIsImRvbW4iOiJpbXBvc3Rvci5mYW4iLCJyZnJyIjoiaHR0cHM6Ly9pbXBvc3Rvci5mYW4vIiwibHRociI6MTQsImN0cnkiOiJTRSIsImRwdGgiOjAsInZlcnMiOiIxLjEyLjIiLCJwbGF0IjoiIiwidHBjdCI6MSwiYXJncyI6eyJtZXNzYWdlIjoiQ2Fubm90IHJlYWQgcHJvcGVydHkgJ2dldEl0ZW0nIG9mIG51bGwifSwidHRsZSI6IkltcG9zdG9yIC0gQW1vbmcgVXMgaW5zcGlyZWQgZmFuIGdhbWUiLCJzaXplIjoiMTYwMCB4IDExNTIiLCJicm5tIjoiQ2hyb21lIiwiYnJtaiI6Ijg5Iiwib3NubSI6IldpbmRvd3MiLCJvc3ZyIjoiMTAiLCJieWxkIjpmYWxzZSwiaW1ndSI6ZmFsc2UsImllZ3UiOmZhbHNlLCJpdGd1IjpmYWxzZSwiY21wZSI6ZmFsc2UsImhvc3QiOiJpbXBvc3Rvci5mYW4ifV0%3D&ts=1628167499276
Requested by
Host: html5.api.gamedistribution.com
URL: https://html5.api.gamedistribution.com/main.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.9.86 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
86.9.190.35.bc.googleusercontent.com
Software
/ Express
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer
https://impostor.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 05 Aug 2021 12:44:59 GMT
via
1.1 google
etag
W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
x-powered-by
Express
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
alt-svc
clear
content-length
2
pubads_impl_2021080201.js
securepubads.g.doubleclick.net/gpt/ 		328 KB
115 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080201.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
sffe /
Resource Hash
f19ec923daf7d72e5f2f155ba6229ffde0afd953ce121b44c1ad55e332db58f0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://impostor.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 05 Aug 2021 12:44:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 02 Aug 2021 08:47:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, immutable, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
116893
x-xss-protection
0
expires
Thu, 05 Aug 2021 12:44:59 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/ 		31 B
704 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=impostor.fan
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
cafe /
Resource Hash
1ba018149c9f912f9b5f85775d316a39b1b0f020fe23eba3e34e696ca6b9ba39
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://impostor.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 05 Aug 2021 12:44:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47
x-xss-protection
0
expires
Thu, 05 Aug 2021 12:44:59 GMT
bridge3.473.0_en.html
imasdk.googleapis.com/js/core/ Frame 9C26 		578 KB
190 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.473.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6f0b81586105c3fc3ba29f2eef900dd2c50b2b26722c6220e961df8bf1d529ba
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
imasdk.googleapis.com
:scheme
https
:path
/js/core/bridge3.473.0_en.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://impostor.fan/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://impostor.fan/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
content-length
194074
date
Thu, 05 Aug 2021 08:40:55 GMT
expires
Fri, 05 Aug 2022 08:40:55 GMT
last-modified
Tue, 27 Jul 2021 18:08:21 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
14644
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
client.js
s0.2mdn.net/instream/video/ 		44 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/instream/video/client.js
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://impostor.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 05 Aug 2021 12:44:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16746
x-xss-protection
0
expires
Thu, 05 Aug 2021 12:44:59 GMT
atm
tag.atom.gamedistribution.com/v1/ 		9 B
641 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tag.atom.gamedistribution.com/v1/atm?ar=eyJpZCI6ImltcG9zdG9yLmZhbiIsImF1IjoiZGlzcGxheSIsInR5IjoiZGlzcGxheSIsImFpZCI6IjlhYmU2YWYwZmJiNDQwYjk4YTNlMjRiZjdmYjA2MzZhIn0%3D
Requested by
Host: html5.api.gamedistribution.com
URL: https://html5.api.gamedistribution.com/main.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.233.56.88 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
88.56.233.35.bc.googleusercontent.com
Software
/
Resource Hash
f2e0c3faac5b7a28b59173c696a50a6c5ca170b3f1bd41a803ddf870d8736e89
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://impostor.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 05 Aug 2021 12:44:59 GMT
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
x-dns-prefetch-control
off
content-length
9
x-xss-protection
0
referrer-policy
no-referrer
x-frame-options
SAMEORIGIN
etag
W/"9-PW2OLzV/08TWI1x4B2vg8lRgOU0"
expect-ct
max-age=0
strict-transport-security
max-age=15724800; includeSubDomains
x-download-options
noopen
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
content-security-policy
default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 63DA 		36 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://impostor.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 05 Aug 2021 11:54:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3009
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12603
x-xss-protection
0
last-modified
Mon, 14 Dec 2020 16:45:56 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Thu, 05 Aug 2021 12:54:50 GMT
collect
msgrt.gamedistribution.com/ 		2 B
62 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://msgrt.gamedistribution.com/collect?tp=com.gdsdk.dp.fp&ar=W3siZ21pZCI6IjlhYmU2YWYwZmJiNDQwYjk4YTNlMjRiZjdmYjA2MzZhIiwidGRtbiI6ImltcG9zdG9yLmZhbiIsImRvbW4iOiJpbXBvc3Rvci5mYW4iLCJyZnJyIjoiaHR0cHM6Ly9pbXBvc3Rvci5mYW4vIiwibHRociI6MTQsImN0cnkiOiJTRSIsImRwdGgiOjAsInZlcnMiOiIxLjEyLjIiLCJwbGF0IjoiIiwidHBjdCI6MSwiYXJncyI6eyJtZXNzYWdlIjoxLjM1fSwidHRsZSI6IkltcG9zdG9yIC0gQW1vbmcgVXMgaW5zcGlyZWQgZmFuIGdhbWUiLCJzaXplIjoiMTYwMCB4IDExNTIiLCJicm5tIjoiQ2hyb21lIiwiYnJtaiI6Ijg5Iiwib3NubSI6IldpbmRvd3MiLCJvc3ZyIjoiMTAiLCJieWxkIjpmYWxzZSwiaW1ndSI6ZmFsc2UsImllZ3UiOmZhbHNlLCJpdGd1IjpmYWxzZSwiY21wZSI6ZmFsc2UsImhvc3QiOiJpbXBvc3Rvci5mYW4ifV0%3D&ts=1628167499533
Requested by
Host: html5.api.gamedistribution.com
URL: https://html5.api.gamedistribution.com/main.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.9.86 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
86.9.190.35.bc.googleusercontent.com
Software
/ Express
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer
https://impostor.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 05 Aug 2021 12:44:59 GMT
via
1.1 google
etag
W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
x-powered-by
Express
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
alt-svc
clear
content-length
2
sid
mug.criteo.com/
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fimpostor.fan%2F&domain=impostor.fan&gdprString=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA&cw=1
  • https://mug.criteo.com/sid?cpp=17bMPHx6L3pQMlZZUU9SNnBmSFlkbUJYcGFDNW1VK2JqcWtpbERqRDZhT0xWN0l4TXZWUEhmRDFjTDN5RWFQVDdJMUNTaThYL0tQR3N6cEtFTGZNSVR5My9nQ1pkMEplSi9OL2FSdGIybXBKMDdZaG85TlZBcnQwL3FqOT...
355 B
609 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=17bMPHx6L3pQMlZZUU9SNnBmSFlkbUJYcGFDNW1VK2JqcWtpbERqRDZhT0xWN0l4TXZWUEhmRDFjTDN5RWFQVDdJMUNTaThYL0tQR3N6cEtFTGZNSVR5My9nQ1pkMEplSi9OL2FSdGIybXBKMDdZaG85TlZBcnQwL3FqOTVhOUx2eGhLR3RQNHBHV204bzdNMzlxQ251a0VoclpvMGM2WkV3dWNEbVZvcE5nZWNLMUhyb2pkb2tPOEltdnVLYXdRdTVxamRrQXEzL2pERU5DQlptZ2JsNjAyM2JLRVBDTmZ0cE1yMGdnODZkZzFoQ3VvPXw&cppv=2
Requested by
Host: impostor.fan
URL: https://impostor.fan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
75fd37fbbee422cd9c9c6fa07938705d0e15fc005639bf0831b5d017d9e66755
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://impostor.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000
content-encoding
gzip
date
Thu, 05 Aug 2021 12:44:59 GMT
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
2155
expires
0

Redirect headers

pragma
no-cache
strict-transport-security
max-age=31536000
date
Thu, 05 Aug 2021 12:44:59 GMT
location
https://mug.criteo.com/sid?cpp=17bMPHx6L3pQMlZZUU9SNnBmSFlkbUJYcGFDNW1VK2JqcWtpbERqRDZhT0xWN0l4TXZWUEhmRDFjTDN5RWFQVDdJMUNTaThYL0tQR3N6cEtFTGZNSVR5My9nQ1pkMEplSi9OL2FSdGIybXBKMDdZaG85TlZBcnQwL3FqOTVhOUx2eGhLR3RQNHBHV204bzdNMzlxQ251a0VoclpvMGM2WkV3dWNEbVZvcE5nZWNLMUhyb2pkb2tPOEltdnVLYXdRdTVxamRrQXEzL2pERU5DQlptZ2JsNjAyM2JLRVBDTmZ0cE1yMGdnODZkZzFoQ3VvPXw&cppv=2
access-control-allow-methods
GET
content-type
text/html; charset=utf-8
access-control-allow-origin
https://impostor.fan
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
2109
content-length
482
expires
0
396.json
id5-sync.com/g/v2/ 		546 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/g/v2/396.json?gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA&gdpr=1
Requested by
Host: hb.improvedigital.com
URL: https://hb.improvedigital.com/pbw/prebid/prebid-idhb-v3.26e.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
51.89.21.20 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
p14.id5-sync.com
Software
/
Resource Hash
e6ae7fa5c3f964b40a48b15c5b5af3c211f94a4eecca28c415e19267a3e26aa8
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://impostor.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

Date
Thu, 05 Aug 2021 12:44:59 GMT
Vary
Origin
P3P
CP="CAO PSA OUR"
Access-Control-Allow-Origin
https://impostor.fan
Access-Control-Allow-Credentials
true
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Content-Type
application/json;charset=UTF-8
Transfer-Encoding
chunked
hb
ice.360yield.com/ 		97 B
512 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ice.360yield.com/hb?jsonp=%7B%22bid_request%22%3A%7B%22secure%22%3A1%2C%22id%22%3A%22959c2c77f537c3%22%2C%22version%22%3A%227.1.0-JS-6.3.0%22%2C%22referrer%22%3A%22https%3A%2F%2Fimpostor.fan%2F%22%2C%22gdpr%22%3A%22BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA%22%2C%22user%22%3A%7B%22ext%22%3A%7B%22eids%22%3A%5B%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22ID5-ZHMOoWs-8KT28ZpHIPAntbH_vW8hndAhqE_NWjYlxw!ID5*O5ugfcC408LFJRyoJvMdFdRiEo8O8nDiQHui_zvlyPUAALzve1Jf5_3BGKGmMcSA%22%2C%22atype%22%3A1%7D%5D%7D%5D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%222d66e60f568a42%22%2C%22currency%22%3A%22EUR%22%2C%22pid%22%3A22130471%2C%22tid%22%3A%22cc25e982-9fe1-4be9-8965-cabd90edade3%22%2C%22kvw%22%3A%7B%22hb%22%3A%5B%22true%22%5D%2C%22gdGameId%22%3A%5B%229abe6af0fbb440b98a3e24bf7fb0636a%22%5D%7D%2C%22banner%22%3A%7B%22format%22%3A%5B%7B%22w%22%3A250%2C%22h%22%3A250%7D%2C%7B%22w%22%3A300%2C%22h%22%3A250%7D%2C%7B%22w%22%3A336%2C%22h%22%3A280%7D%5D%7D%7D%5D%7D%7D
Requested by
Host: hb.improvedigital.com
URL: https://hb.improvedigital.com/pbw/prebid/prebid-idhb-v3.26e.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.193.213.131 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-193-213-131.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
2ad503b02ea9c79a56cca51667494ed70a6f9310ac9ddfbe6fd80e3d73e6a489

Request headers

Referer
https://impostor.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://impostor.fan
date
Thu, 05 Aug 2021 12:45:00 GMT
access-control-allow-credentials
true
content-type
application/json; charset=UTF-8
content-length
97
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
prebid
ib.adnxs.com/ut/v3/ 		144 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: hb.improvedigital.com
URL: https://hb.improvedigital.com/pbw/prebid/prebid-idhb-v3.26e.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.36 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
3dbc5b37f3a34e82b97c7f1714417e07d8752a8000adaa02511856fcbd7160da
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://impostor.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 05 Aug 2021 12:45:00 GMT
X-Proxy-Origin
185.236.42.29; 185.236.42.29; 692.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
597c0e9c-9907-4b51-b4f5-cb37a2864ccb
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://impostor.fan
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
144
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
translator
hbopenbid.pubmatic.com/ 		2 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: hb.improvedigital.com
URL: https://hb.improvedigital.com/pbw/prebid/prebid-idhb-v3.26e.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
c12c7992db2135838d9efc2bc8704801c1390fbc1e70e00e569cc0f552482935

Request headers

Referer
https://impostor.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://impostor.fan
date
Thu, 05 Aug 2021 12:45:00 GMT
cache-control
no-cache, no-store, must-revalidate
x-openrtb-version
2.3
access-control-allow-credentials
true
content-type
application/json
v1
prg.smartadserver.com/prebid/ 		0
320 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: hb.improvedigital.com
URL: https://hb.improvedigital.com/pbw/prebid/prebid-idhb-v3.26e.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.96 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://impostor.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 05 Aug 2021 12:44:59 GMT
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin
https://impostor.fan
cache-control
no-cache,no-store
access-control-allow-credentials
true
content-type
application/json; charset=UTF-8
content-length
0
integrator.js
adservice.google.de/adsid/ 		107 B
853 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=impostor.fan
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080201.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://impostor.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 05 Aug 2021 12:45:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
570 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=impostor.fan
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080201.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://impostor.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 05 Aug 2021 12:45:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		468 B
276 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=160148833994257&correlator=3980665083782373&output=ldjh&impl=fif&eid=31062148%2C21068030%2C20211866&vrg=2021080201&ptt=17&sc=1&sfv=1-0-38&ecs=20210805&iu_parts=1015413%2CTNL_NS-19091800066%2CTNL_T-210218117486&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=250x250%7C300x250%7C336x280&prev_scp=hbw_pbjs%3Dpbjsidhb%26fp%3D1.35%26hbw_url%3Dimpostor.fan%252F%26pbct%3D2%26tnl_asset_id%3D9abe6af0fbb440b98a3e24bf7fb0636a%26tnl_system%3D1%26tnl_tid%3DT-210218117486%26tnl_pt%3D22%26tnl_pid%3DP-21021814096%26tnl_paid%3D2888%26tnl_ad_type%3Dvideo_image%26tnl_ad_pos%3Dgdbanner%26tnl_skippable%3D2%26hb_format_pubmatic%3Dbanner%26hb_source_pubmatic%3Dclient%26hb_size_pubmatic%3D300x250%26hb_pb_pubmatic%3D0.05%26hb_adid_pubmatic%3D11493a62f5458a3%26hb_bidder_pubmatic%3Dpubmatic%26hb_format%3Dbanner%26hb_source%3Dclient%26hb_size%3D300x250%26hb_pb%3D0.05%26hb_adid%3D11493a62f5458a3%26hb_bidder%3Dpubmatic&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1628167500&dt=1628167500166&dlt=1628167498407&idt=1203&frm=20&biw=1600&bih=1200&oid=3&adxs=675&adys=1060&adks=3602460436&ucis=1&ifi=1&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fimpostor.fan%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=336x-1&msz=336x-1&ga_vid=1892478167.1628167499&ga_sid=1628167500&ga_hid=1192621757&ga_fc=false&fws=4&ohw=1600&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080201.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
cafe /
Resource Hash
2c1786d4a490d0ff27f1dd2f55650c6ae288f976ed260bed4d4a672f9a985f09
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://impostor.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 05 Aug 2021 12:45:00 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
246
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://impostor.fan
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
ead745335b1653bbebe33060f2bf42d4.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 7868 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ead745335b1653bbebe33060f2bf42d4.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080201.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
ead745335b1653bbebe33060f2bf42d4.safeframe.googlesyndication.com
:scheme
https
:path
/safeframe/1-0-38/html/container.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://impostor.fan/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://impostor.fan/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
3108
date
Thu, 05 Aug 2021 12:45:00 GMT
expires
Fri, 05 Aug 2022 12:45:00 GMT
cache-control
public, immutable, max-age=31536000
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
err
tag.atom.gamedistribution.com/v1/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tag.atom.gamedistribution.com/v1/err?ar=eyJpZCI6ImltcG9zdG9yLmZhbiIsImF1IjoiZGlzcGxheSIsInR5IjoiZGlzcGxheSIsImFpZCI6IjlhYmU2YWYwZmJiNDQwYjk4YTNlMjRiZjdmYjA2MzZhIn0%3D
Requested by
Host: html5.api.gamedistribution.com
URL: https://html5.api.gamedistribution.com/main.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.233.56.88 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
88.56.233.35.bc.googleusercontent.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://impostor.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 05 Aug 2021 12:45:00 GMT
referrer-policy
no-referrer
x-permitted-cross-domain-policies
none
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
x-download-options
noopen
access-control-allow-origin
*
x-xss-protection
0
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
content-security-policy
default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
strict-transport-security
max-age=15724800; includeSubDomains
x-dns-prefetch-control
off
content-length
0
x-content-type-options
nosniff
async_usersync.html
acdn.adnxs.com/dmp/ Frame C3FA 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: hb.improvedigital.com
URL: https://hb.improvedigital.com/pbw/prebid/prebid-idhb-v3.26e.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.13.108 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.13.10 /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host
acdn.adnxs.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://impostor.fan/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://impostor.fan/

Response headers

Connection
keep-alive
Content-Length
17053
Server
nginx/1.13.10
Content-Type
text/html
Last-Modified
Wed, 02 Dec 2020 20:56:47 GMT
ETag
W/"5fc7ff8f-cf34"
Expires
Fri, 30 Jul 2021 04:43:13 GMT
Cache-Control
max-age=86402
Access-Control-Allow-Origin
*
Content-Encoding
gzip
Via
1.1 varnish, 1.1 varnish
Accept-Ranges
bytes
Date
Thu, 05 Aug 2021 12:45:03 GMT
Age
28897
X-Served-By
cache-lga13624-LGA, cache-fra19121-FRA
X-Cache
HIT, HIT
X-Cache-Hits
1, 258338
X-Timer
S1628167503.291309,VS0,VE0
Vary
Accept-Encoding
showad.js
ads.pubmatic.com/AdServer/js/ Frame F34A 		38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/showad.js
Requested by
Host: hb.improvedigital.com
URL: https://hb.improvedigital.com/pbw/prebid/prebid-idhb-v3.26e.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
9005ef18fcfb3897cd13c7ec73f90d2b0da0cc7d6153be58cdbe90ad5e2741c8

Request headers

:method
GET
:authority
ads.pubmatic.com
:scheme
https
:path
/AdServer/js/showad.js
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://impostor.fan/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://impostor.fan/

Response headers

last-modified
Tue, 15 Jun 2021 06:07:52 GMT
etag
"13006b6-974e-5c4c7cb53d8cb"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
13946
content-type
text/html; charset=UTF-8
cache-control
public, max-age=95964
expires
Fri, 06 Aug 2021 15:24:27 GMT
date
Thu, 05 Aug 2021 12:45:03 GMT
vary
Accept-Encoding
PugMaster
image6.pubmatic.com/AdServer/ Frame F34A 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=67240818&p=156946&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=1&gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.115 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
b6c74ed628b22787d0411217918a89da7f53ef11d2774290a02dac0fb07bc716

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 05 Aug 2021 12:45:02 GMT
content-type
text/html; charset=UTF-8
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
bounce
ib.adnxs.com/ Frame C3FA
Redirect Chain
  • https://ib.adnxs.com/async_usersync?cbfn=queuePixels
  • https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
0
803 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.36 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 05 Aug 2021 12:45:03 GMT
X-Proxy-Origin
185.236.42.29; 185.236.42.29; 692.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
5cad72e4-e733-49c0-992b-5f1c6c2fed2e
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 05 Aug 2021 12:45:03 GMT
X-Proxy-Origin
185.236.42.29; 185.236.42.29; 692.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
130d31c4-2bab-4af4-99c8-e7ef8a771ed6
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
match
c1.adform.net/serving/cookie/ Frame CFBE
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=14&cid=D9825F5A-A19C-4F97-9FA9-5BA0804D9A97
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=D9825F5A-A19C-4F97-9FA9-5BA0804D9A97
35 B
467 B 		Document
General
Check archive.org
Download Go to
Full URL
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=D9825F5A-A19C-4F97-9FA9-5BA0804D9A97
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.251 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
s1.adform.net
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

:method
GET
:authority
c1.adform.net
:scheme
https
:path
/serving/cookie/match?CC=1&party=14&cid=D9825F5A-A19C-4F97-9FA9-5BA0804D9A97
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
C=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Thu, 05 Aug 2021 12:45:03 GMT
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate, no-transform
pragma
no-cache
expires
-1
set-cookie
uid=1354984072112952426; expires=Mon, 04 Oct 2021 12:45:03 GMT; domain=adform.net; path=/; secure; samesite=none
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
strict-transport-security
max-age=31536000; includeSubDomains

Redirect headers

server
nginx
date
Thu, 05 Aug 2021 12:45:03 GMT
content-length
0
location
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=D9825F5A-A19C-4F97-9FA9-5BA0804D9A97
cache-control
no-cache, no-store, must-revalidate, no-transform
pragma
no-cache
expires
-1
set-cookie
C=1; expires=Sun, 05 Sep 2021 12:45:03 GMT; domain=adform.net; path=/; secure; samesite=none
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
strict-transport-security
max-age=31536000; includeSubDomains
Pug
image2.pubmatic.com/AdServer/ Frame D6DA
Redirect Chain
  • https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=1&gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA&piggybackCookie=$UID
  • https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=1&gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA&piggybackCookie=...
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=1&gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA&piggybackCookie=7360624910493289049
42 B
520 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=1&gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA&piggybackCookie=7360624910493289049
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method
GET
:authority
image2.pubmatic.com
:scheme
https
:path
/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=1&gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA&piggybackCookie=7360624910493289049
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
KADUSERCOOKIE=D9825F5A-A19C-4F97-9FA9-5BA0804D9A97; chkChromeAb67Sec=1; DPSync3=1628208000%3A174%7C1629331200%3A197_219_201; SyncRTB3=1629417600%3A35%7C1629331200%3A220_13_7_54_3_21_161_56_71
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Thu, 05 Aug 2021 12:45:02 GMT
content-type
image/gif; charset=utf-8
content-length
42
set-cookie
KRTBCOOKIE_336=5844-7360624910493289049; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 04-Sep-2021 12:45:02 GMT; path=/ PugT=1628167502; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 04-Sep-2021 12:45:02 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Wed, 03-Nov-2021 12:45:02 GMT; path=/
x-lat
amspug016:0:379
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=1&gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA&piggybackCookie=7360624910493289049
content-length
0
p3p
CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV
usersync.aspx
dis.criteo.com/dis/ Frame 2183 		43 B
360 B 		Document
General
Check archive.org
Download Go to
Full URL
https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=1&gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.151 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

:method
GET
:authority
dis.criteo.com
:scheme
https
:path
/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=1&gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://ads.pubmatic.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://ads.pubmatic.com/

Response headers

cache-control
no-cache
pragma
no-cache
content-type
image/gif
expires
Thu, 05 Aug 2021 00:00:00 GMT
server
Microsoft-IIS/10.0
x-errorlevel
0
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
1204
x-powered-by
ASP.NET
date
Thu, 05 Aug 2021 12:45:03 GMT
content-length
43
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame F34A
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=2YJfWqGcT5efqVuggE2alw%3D%3D
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 05 Aug 2021 12:45:03 GMT
content-encoding
gzip
last-modified
Tue, 15 Jun 2021 06:08:03 GMT
server
Apache/2.2.15 (CentOS)
etag
"1300708-3945-5c4c7cc02bd56"
vary
Accept-Encoding
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
max-age=136583
accept-ranges
bytes
content-type
text/html; charset=UTF-8
content-length
5054
expires
Sat, 07 Aug 2021 02:41:26 GMT

Redirect headers

pragma
no-cache
date
Thu, 05 Aug 2021 12:45:03 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
272
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
SPug
image4.pubmatic.com/AdServer/ Frame F34A
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=1fed610b-dd4f-4100-a392-7242de6cf88a
0
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=1fed610b-dd4f-4100-a392-7242de6cf88a
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.114 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 05 Aug 2021 12:45:02 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date
Thu, 05 Aug 2021 12:45:00 GMT
Server
MT3 3820 7698daf master cdg-pixel-x13
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=1fed610b-dd4f-4100-a392-7242de6cf88a
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Thu, 05 Aug 2021 12:44:59 GMT
/
pixel.onaudience.com/ Frame F34A 		0
0
Pug
image2.pubmatic.com/AdServer/ Frame F34A
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RDk4MjVGNUEtQTE5Qy00Rjk3LTlGQTktNUJBMDgwNEQ5QTk3&gdpr=1&gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=1&gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA
42 B
110 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=1&gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 05 Aug 2021 12:45:02 GMT
cache-control
no-store, no-cache, private
x-lat
amspug013:0:284
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Thu, 05 Aug 2021 12:45:03 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=1&gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
345
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame F34A
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=1&gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=1&gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA&piggybackCookie=CAESEB8Sqq95HckP1aF9EV8QDSw&google_cver=1
42 B
439 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=1&gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA&piggybackCookie=CAESEB8Sqq95HckP1aF9EV8QDSw&google_cver=1
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 05 Aug 2021 12:45:03 GMT
cache-control
no-store, no-cache, private
x-lat
amspug014:0:423
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Thu, 05 Aug 2021 12:45:03 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=1&gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA&piggybackCookie=CAESEB8Sqq95HckP1aF9EV8QDSw&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
411
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubmatic
um.simpli.fi/ Frame F34A 		43 B
609 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=1&gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.253.128.183 Amsterdam, Netherlands, ASN36351 (SOFTLAYER, US),
Reverse DNS
b7.80.fd9f.ip4.static.sl-reverse.com
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 05 Aug 2021 12:45:03 GMT
x-content-type-options
nosniff
last-modified
Mon, 28 Sep 1970 06:00:00 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
43
expires
Wed, 04 Aug 2021 12:45:03 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame F34A
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=1&gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:1535610b-dd4f-4500-b5b2-d97fdfc070be&gdpr=1&gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA
42 B
651 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:1535610b-dd4f-4500-b5b2-d97fdfc070be&gdpr=1&gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 05 Aug 2021 12:45:03 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug001:0:783
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date
Thu, 05 Aug 2021 12:45:00 GMT
Server
MT3 3820 7698daf master cdg-pixel-x28
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:1535610b-dd4f-4500-b5b2-d97fdfc070be&gdpr=1&gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Thu, 05 Aug 2021 12:44:59 GMT
match
c1.adform.net/serving/cookie/ Frame F34A 		0
330 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=1&gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.251 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
s1.adform.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 05 Aug 2021 12:45:03 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
Pug
simage2.pubmatic.com/AdServer/ Frame F34A
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=1&gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=1&gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=27c09c36-09d2-4f45-ae54-5dbd52f8f6ff
42 B
295 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=27c09c36-09d2-4f45-ae54-5dbd52f8f6ff
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 05 Aug 2021 12:45:03 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug007:0:1159
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Thu, 05 Aug 2021 12:45:03 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=27c09c36-09d2-4f45-ae54-5dbd52f8f6ff
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
313
Pug
image2.pubmatic.com/AdServer/ Frame F34A
Redirect Chain
  • https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=1&gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=1124520241559471664&gdpr=1&gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA
42 B
209 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=1124520241559471664&gdpr=1&gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 05 Aug 2021 12:45:02 GMT
cache-control
no-store, no-cache, private
x-lat
amspug004:0:378
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma
no-cache
Date
Thu, 05 Aug 2021 12:45:03 GMT
X-Proxy-Origin
185.236.42.29; 185.236.42.29; 692.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
331a14d5-ecc4-4f88-a9a7-cb47117814a3
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=1124520241559471664&gdpr=1&gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
D9825F5A-A19C-4F97-9FA9-5BA0804D9A97
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame F34A 		43 B
299 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/pubmatic/D9825F5A-A19C-4F97-9FA9-5BA0804D9A97?gdpr=1&gdpr_consent=BOWJjG9OWJjG9CLAAAENBx-AAAAiDAAA
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1288:110:c305::8000 Dublin, Ireland, ASN34010 (YAHOO-IRD, GB),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 05 Aug 2021 12:45:03 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
bounce
ib.adnxs.com/ Frame C3FA
Redirect Chain
  • https://ib.adnxs.com/async_usersync?cbfn=queuePixels
  • https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
0
803 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
Requested by
Host: impostor.fan
URL: https://impostor.fan/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.36 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 05 Aug 2021 12:45:05 GMT
X-Proxy-Origin
185.236.42.29; 185.236.42.29; 692.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
29d46d5a-11d6-4862-ba3e-b043cb3e9b0b
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 05 Aug 2021 12:45:04 GMT
X-Proxy-Origin
185.236.42.29; 185.236.42.29; 692.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
aa1af1f1-d455-4d8b-9916-cfec374aef46
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sodar
pagead2.googlesyndication.com/getconfig/ 		11 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021080201&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080201.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
906572f8cf9a3b0d2c00b544e1083fc1d2b23aac1a0649ae32e0fe9d0581e496
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://impostor.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 05 Aug 2021 12:45:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8706
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080201.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://impostor.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 05 Aug 2021 12:45:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1624308425655142"
vary
Accept-Encoding
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6467
x-xss-protection
0
expires
Thu, 05 Aug 2021 12:45:05 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 9F05 		12 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/224/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://impostor.fan/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://impostor.fan/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
content-length
5029
date
Thu, 05 Aug 2021 12:35:15 GMT
expires
Fri, 05 Aug 2022 12:35:15 GMT
last-modified
Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
590
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame 6273 		783 B
818 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
2616934897e323974047a9520ec1667e4efbac26c2e483df3ec13317058379ed
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-CNvHSt4KfwLIrgO3Ew4+YQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/aframe
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://impostor.fan/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://impostor.fan/

Response headers

expires
Thu, 05 Aug 2021 12:45:05 GMT
date
Thu, 05 Aug 2021 12:45:05 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-CNvHSt4KfwLIrgO3Ew4+YQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
513
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Y_O2WQQ68U2CiOGiM48gS2ev59GvBpIPMT_iTLKbJ0M.js
pagead2.googlesyndication.com/bg/ Frame 9F05 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/Y_O2WQQ68U2CiOGiM48gS2ev59GvBpIPMT_iTLKbJ0M.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
63f3b659043af14d8288e1a2338f204b67afe7d1af06920f313fe24cb29b2743
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 04 Aug 2021 11:02:44 GMT
content-encoding
br
x-content-type-options
nosniff
age
92541
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13367
x-xss-protection
0
last-modified
Mon, 26 Jul 2021 08:58:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 04 Aug 2022 11:02:44 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021080201&jk=160148833994257&bg=!lZalltLNAAals0SOpbM7ACkAdvg8WoGmzOzMYWh2k_GtYY4dBuxNGKQRrtsgTaDB-U3GDYACkMxLrwIAAABgUgAAAAxoAQcKAGlpGowYE4nDStXnox87hcUoJNpoOXnQ1IEYISLXIaotly8rKcNPGkngCjFbUBh5Bg47fhYMiDQrvCx9Is486aO7NKky_gepzSTcs3OnRIj1zztWyqMIsDQu0DDI6i7o2D4MZeB3blv-0daZAmk94nxDvivjEYyK8zW297qeb4BaTcflErvLTkV-zv1-eOmdXFgwHT4L0-rwblIItW0YF0t-TvrG8QcbBh1P7aHH-2yzbIO28yvhvqLdmfPmE69eZdm2TWf9ZAAJaewa6FbJUrhasbG6t46mcIzrd2mMYPLmu3A5_fqkuqPXj0b0xwFAQ6BbwYSJ5sNskvWyr979t7XSA9IY5PPJ96Lg3hJ4LG9tKEulVUjeMsHOU7X3786LrFjEnRiCQC9YWs3OKQFb1jc3OiNXwxzEojYUpwNex8aTOsI9LmAQ3JitBh5lc0Yc0E5ohcP0q_dG1Ra2V6pWMmN9A0ffP_MNuU5NlNPq1D559SxMJ-j9Ble5gKPlycfQOn5Pd7EF9i_zhY2LtdEc76kwGO9JVu5XGVdj5HtJE7VUeZuhj2aE97qyJJcY-t6T60RInHWwsErztcYoNqbNiE_kLaAwz07z9PM_p2247G-qBAqg4tZAhG5lCj_8tO_5MbtTrcAVuxiNicmK4TeqagJv_03GkRgPBdosdcRp8pLngbWN23NGQLWlEN6pNHsN4H3RcoS07U9hjsT_ANqKf8ThK7yI4DnlAfACPPoEFQf7OE-3Wthmo3gzvhH1s_dYay34BeAC1QL33PNlxZjkbdcKXFBAq3b3nKBtcZcxCqsf6V3wfHa0c2WdvXVs45YCbd4AGzDJavh-nsHTe8bPksJ1hjwSw7Ww6cu1WNufSk9uGLdsG-m0qTbkpxJoAUWVpmPIzskhGYUaalzDZWou2trrUVm6oW9M4fNYeREykAX2wj0OBQPUXlwfr1-Np6oErN4sba9BJA
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://impostor.fan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 05 Aug 2021 12:45:05 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
node.gameads.io
URL
https://node.gameads.io/getcode?objid=gameadsbanner&jsdate=1628167498644&lang=en-US&rfunc=GameAdsRenew&fromhost=impostor.fan&refr=&fromurl=https%3A%2F%2Fimpostor.fan%2F
Domain
pixel.onaudience.com
URL
https://pixel.onaudience.com/?partner=214&mapped=D9825F5A-A19C-4F97-9FA9-5BA0804D9A97

Verdicts & Comments Add Verdict or Comment

156 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| _0x2af0 function| _0x5110 function| _0xeaf297 function| _0x322dc1 function| _0x1cd7b4 function| _0x1acc33 number| DisplayAdsShown number| StartReadyAds number| ResizeEnabled function| CreateRoom function| LaunchGame function| ActuallyLaunchGame function| TitleOpened function| PlayPressed function| SharePressed function| GameOver function| ReloadGame function| ShowDisplayAd function| HideAds function| ShowPreroll function| ShowAbout function| HideAbout function| ShowLeaderboard function| onBodyResize function| setCookie function| getCookie function| eraseCookie function| _0x49a36 string| c1 string| c2 string| c3 string| c4 string| c5 string| c6 string| c7 string| c8 string| c9 function| c10 string| c11 string| c12 string| c13 string| c14 string| c15 string| c16 string| c17 string| c18 string| c19 string| c20 function| c22 object| lastTimeAds function| checktimeForAds function| updateLastAdsTime object| GD_OPTIONS function| GameAdsRenew function| ShowInvite function| HideInvite function| inviteCopyLink number| player_id string| player_name function| ym object| OfflineClientInfo function| DOMHandler function| RateLimiter function| DOMElementHandler function| RealFile function| runOnStartup function| RuntimeInterface function| C3_GetSvgImageSize function| C3_RasterSvgImageBlob function| JobSchedulerDOM function| AudioDOMHandler function| C3AudioBuffer function| C3Html5AudioBuffer function| C3WebAudioBuffer function| C3AudioInstance function| C3Html5AudioInstance function| C3WebAudioInstance function| C3AudioFilterFX function| C3AudioDelayFX function| C3AudioConvolveFX function| C3AudioFlangerFX function| C3AudioPhaserFX function| C3AudioGainFX function| C3AudioTremoloFX function| C3AudioRingModFX function| C3AudioDistortionFX function| C3AudioCompressorFX function| C3AudioAnalyserFX function| C3_RegisterSW object| Ya object| yaCounter71169778 object| regeneratorRuntime object| Base64 object| gdsdk object| gdApi object| HB_OPTIONSgd object| google_tag_data function| ga object| gaplugins object| gaGlobal object| gaData object| idhb object| pbjsidhb object| googletag function| pbjsidhbChunk object| _pbjsGlobals function| GamedockSDK object| ggeac object| google_js_reporting_queue object| _google_rum_ns_ object| google_persistent_state_async number| google_global_correlator number| google_srt function| mb function| Goog_AdSense_Lidar_sendVastEvent function| Goog_AdSense_Lidar_getViewability function| Goog_AdSense_Lidar_getUrlSignalsArray function| Goog_AdSense_Lidar_getUrlSignalsList object| module$contents$ima$CompanionAdSelectionSettings_CompanionAdSelectionSettings object| ima object| module$contents$ima$AdsRenderingSettings_AdsRenderingSettings object| module$contents$ima$AdCuePoints_AdCuePoints object| module$contents$ima$AdError_AdError object| module$contents$ima$AdErrorEvent_AdErrorEvent object| module$contents$ima$AdEvent_AdEvent object| module$contents$ima$AdsManagerLoadedEvent_AdsManagerLoadedEvent object| google object| closure_lm_594203 object| closure_lm_473847 function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter undefined| google_measure_js_timing object| googleToken object| googleIMState function| processGoogleToken number| __google_ad_urls_id number| google_unique_id object| GoogleGcLKhOms object| google_image_requests

1 Cookies

Domain/Path Name / Value
.adnxs.com/ Name: uuid2
Value: 1235798943906297022

8 Console Messages

Source Level URL
Text
console-api log URL: https://impostor.fan/netapifan14.js?v1(Line 1)
Message:
playimpostor-20210216 initialized
console-api log URL: https://impostor.fan/(Line 50)
Message:
fan v177
console-api log URL: https://html5.api.gamedistribution.com/main.min.js(Line 8)
Message:
%c %c %c GameDistribution.com HTML5 SDK | Version: 1.12.2 %c %c %c background: #9854d8 background: #6c2ca7 color: #fff; background: #450f78; background: #6c2ca7 background: #9854d8 background: #ffffff
console-api warning URL: https://hb.improvedigital.com/pbw/prebid/prebid-idhb-v3.26e.min.js(Line 3)
Message:
fun-hooks: referenced 'registerAdserver' but it was never created
console-api info URL: https://impostor.fan/netapifan14.js?v1(Line 1)
Message:
showAd(window.gdsdk.AdType.Display) resolved.
console-api warning URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080201.js(Line 6)
Message:
[GPT] Error in googletag.display: could not find div with id "gd__banner" in DOM for slot: /1015413/TNL_NS-19091800066/TNL_T-210218117486.
console-api warning URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080201.js(Line 6)
Message:
[GPT] Error in googletag.display: could not find div with id "gd__preroll_banner" in DOM for slot: /1015413/TNL_NS-200304119/TNL_T-210218117486.
console-api warning URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080201.js(Line 6)
Message:
[GPT] Error in googletag.display: could not find div with id "gd__banner_test" in DOM for slot: /1015413/gd_banner_test.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

acdn.adnxs.com
ads.pubmatic.com
adservice.google.com
adservice.google.de
c1.adform.net
cdn.gamedock.io
cm.g.doubleclick.net
d5p.de17a.com
dis.criteo.com
ead745335b1653bbebe33060f2bf42d4.safeframe.googlesyndication.com
game.api.gamedistribution.com
gum.criteo.com
hb.improvedigital.com
hbopenbid.pubmatic.com
html5.api.gamedistribution.com
ib.adnxs.com
ice.360yield.com
id5-sync.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
imasdk.googleapis.com
impostor.fan
match.adsrvr.org
mc.yandex.com
mc.yandex.ru
msgrt.gamedistribution.com
mug.criteo.com
node.gameads.io
pagead2.googlesyndication.com
pixel.onaudience.com
pr-bh.ybp.yahoo.com
prg.smartadserver.com
pub.headerlift.com
s0.2mdn.net
securepubads.g.doubleclick.net
simage2.pubmatic.com
sync.mathtag.com
tag.atom.gamedistribution.com
topgamedata.com
tpc.googlesyndication.com
um.simpli.fi
www.google-analytics.com
www.google.com
www.googletagservices.com
node.gameads.io
pixel.onaudience.com
13.224.96.46
13.248.242.197
142.250.184.226
142.250.185.194
147.135.36.195
151.101.13.108
159.253.128.183
178.250.2.146
178.250.2.151
18.193.213.131
185.29.135.190
185.64.189.110
185.64.189.112
185.64.189.114
185.64.189.115
185.64.190.80
185.86.139.96
2.18.233.180
205.185.216.10
213.155.156.168
2600:9000:206f:1200:4:cd76:8580:93a1
2606:4700:3034::6815:4e68
2606:4700:3035::ac43:bdfd
2a00:1288:110:c305::8000
2a00:1450:4001:800::2001
2a00:1450:4001:801::2001
2a00:1450:4001:802::2002
2a00:1450:4001:80f::200a
2a00:1450:4001:810::2002
2a00:1450:4001:813::2004
2a00:1450:4001:827::2006
2a00:1450:4001:828::200e
2a00:1450:4001:82b::2002
2a00:1450:4001:82f::2002
2a02:2638:1::13
2a02:6b8::1:119
35.190.9.86
35.233.56.88
37.157.6.251
37.252.172.36
51.89.21.20
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
19696bf737d2a4e90f20326264fe67117eaa3c064ff774a9db8ea4cda1eb1067
1ba018149c9f912f9b5f85775d316a39b1b0f020fe23eba3e34e696ca6b9ba39
2405bd02584cae91a0a4c434fec3e72f392d07e1bedc993c3b16baa7800bbdfd
2616934897e323974047a9520ec1667e4efbac26c2e483df3ec13317058379ed
2ad503b02ea9c79a56cca51667494ed70a6f9310ac9ddfbe6fd80e3d73e6a489
2c1786d4a490d0ff27f1dd2f55650c6ae288f976ed260bed4d4a672f9a985f09
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3dbc5b37f3a34e82b97c7f1714417e07d8752a8000adaa02511856fcbd7160da
4024defe0e6a94f81a74fd7614e7909ab256b2c0a1b034aaa1bc8a016bd9c237
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5f54ecda2218eb58b48e365546b7088a2e36364e29e7be1d7a9482b503653766
63f3b659043af14d8288e1a2338f204b67afe7d1af06920f313fe24cb29b2743
6633b8a073de0ad0d5faaaa139cf28da6d705612d5edefc9b4d69a56343f60f2
691589a940c9030b5397bdbdc082cb8abb2d15671502a6dd66bafafb4de3b599
6b9b06d1c452ca87177d3daf46675701fdb0740d43cb85b3e6a6e1f562d41737
6f0b81586105c3fc3ba29f2eef900dd2c50b2b26722c6220e961df8bf1d529ba
70f9104f32191ca7f434f01af2eb5e6cb3f126788c4868874c1336c0f6cd2929
74ffbf6f2239666e2d741cf383c0a7d2e144df82ec09018203b925b147206953
75fd37fbbee422cd9c9c6fa07938705d0e15fc005639bf0831b5d017d9e66755
79e0196cb18a33305536297de3ededb4bf389820c47a9cdc5e678c0b16c02dc4
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8398a026313c016324f186d1c9b24a46813109d4bc5477d910a683079cbf1434
8737d2b106986bcaac98470b1f91251d26f228b0be6e8546a0298e36b6ffa31b
8e335af44c274f353579e18fff27ec2114c0735d6b96869813f6cd49bed2b1b2
9005ef18fcfb3897cd13c7ec73f90d2b0da0cc7d6153be58cdbe90ad5e2741c8
906572f8cf9a3b0d2c00b544e1083fc1d2b23aac1a0649ae32e0fe9d0581e496
97d20546c664cf9c1276f9b45f2eeea585cae65832c2952669080da7a296affc
a030981bf7307ccfb24a49649c249df5021662c99903be6d44619f0c5779964c
a11f37584d425c821f06a42bb6a20546c9ceaf34bbf5d4d776afbaef40148e6e
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
b1c9552ff946c8d6ed8b4a6879aed0d758c5c1bdffe3e284de7e3bb4c4e3b950
b6c74ed628b22787d0411217918a89da7f53ef11d2774290a02dac0fb07bc716
c12c7992db2135838d9efc2bc8704801c1390fbc1e70e00e569cc0f552482935
cbe34ab4ffe57d55576ce120cab08f2290f36519f660372737a1eb15f3f699c8
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
dfaba9f1fa0ea22c703a1aba1dd90faa1abc07ca63b4d36830e61ec3fa18e34d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd
e6ae7fa5c3f964b40a48b15c5b5af3c211f94a4eecca28c415e19267a3e26aa8
e71797102d81d0d90cb0406f89f72c84d432fbd0d928e74d54a3989f05f9e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f02c84573c616e3505a26bba7521d801ef5b9ccc2461149082c5a80e84aeb942
f19ec923daf7d72e5f2f155ba6229ffde0afd953ce121b44c1ad55e332db58f0
f2e0c3faac5b7a28b59173c696a50a6c5ca170b3f1bd41a803ddf870d8736e89
f50d533405a428e7a4cf916f282c90c49f30fc31d31cd1402a80fd38fd2e52b2
fd2a5690e1b06c8fac3266475b0639b35d6a6cebd6f677de012b834e30f55637