www.upi.com Open in urlscan Pro
151.101.66.132 Public Scan

URL: https://twitter.com/upi

URL: https://instagram.com/upi

URL: https://www.pinterest.com/upi/

URL: https://www.linkedin.com/company/united-press-international

URL: https://about.upi.com/
Title: About UPI

URL: https://about.upi.com/contact/
Title: Contact

URL: https://about.upi.com/contact/corrections
Title: Corrections

URL: https://about.upi.com/advertising/advertise-online
Title: Advertisements

URL: https://about.upi.com/terms
Title: Terms of Use

URL: https://about.upi.com/privacy-policy
Title: Privacy Policy

URL: https://proper.io/?from=sticky

fra16s52-in-f10.1e100.net

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://upi.com/ HTTP 301
https://upi.com/ HTTP 301
https://www.upi.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 62

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fusync.proper.io%2Fv1%2Fusersync%3Fbidder%3Dmediagrid%26proper_uid%3Db4a7fc0c-db4e-4b6f-b365-335ad6fe45d4%26uid%3D%24%7BBSW_UUID%7D?&callback=window.proper_b7539fd6_a3aac3f8_1 HTTP 302
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fusync.proper.io%2Fv1%2Fusersync%3Fbidder%3Dmediagrid%26proper_uid%3Db4a7fc0c-db4e-4b6f-b365-335ad6fe45d4%26uid%3D%24%7BBSW_UUID%7D?&callback=window.proper_b7539fd6_a3aac3f8_1 HTTP 302
https://usync.proper.io/v1/usersync?bidder=mediagrid&proper_uid=b4a7fc0c-db4e-4b6f-b365-335ad6fe45d4&uid=afd4d911-869d-4e32-ac0a-b1787ac2e19d

Request Chain 63

https://pixel.advertising.com/ups/58316/sync?redir=true&&callback=window.proper_5c202e33_ca5caa3a_2 HTTP 302
https://pixel.advertising.com/ups/58316/sync?redir=true&&callback=window.proper_5c202e33_ca5caa3a_2&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/58316/sync?redir=true&&callback=window.proper_5c202e33_ca5caa3a_2&apid=UP37a4eea0-36e1-11ec-b5f6-064e7a5ce4b6 HTTP 302
https://usync.proper.io/v1/usersync?bidder=aol_instream_s2s&uid=y-yUgf77tE2uFsPIFQww2mDsVk5sWvxxU9~A~UP37a4eea0-36e1-11ec-b5f6-064e7a5ce4b6

Request Chain 64

https://pixel.advertising.com/ups/58316/sync?redir=true&&callback=window.proper_fb19af0b_e8f8e2d4_3 HTTP 302
https://pixel.advertising.com/ups/58316/sync?redir=true&&callback=window.proper_fb19af0b_e8f8e2d4_3&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/58316/sync?redir=true&&callback=window.proper_fb19af0b_e8f8e2d4_3&apid=UP37a4eea0-36e1-11ec-b5f6-064e7a5ce4b6 HTTP 302
https://usync.proper.io/v1/usersync?bidder=aol_instream_s2s&uid=y-yUgf77tE2uFsPIFQww2mDsVk5sWvxxU9~A~UP37a4eea0-36e1-11ec-b5f6-064e7a5ce4b6

Request Chain 65

https://ups.analytics.yahoo.com/ups/58355/sync?redir=true&callback=window.proper_b26bc380_38864333_4 HTTP 302
https://ups.analytics.yahoo.com/ups/58355/sync?redir=true&callback=window.proper_b26bc380_38864333_4&verify=true HTTP 302
https://usync.proper.io/v1/usersync?bidder=verizon_media_s2s&uid=y-yUgf77tE2uFsPIFQww2mDsVk5sWvxxU9~A

Request Chain 150

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJzA-skMWdIU4205xRSYuyI&google_cver=1

Request Chain 151

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YXjaRpXQmuOuZY9HwJMH2wAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJzA-skMWdIU4205xRSYuyI&google_cver=1

Request Chain 152

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEI0Z0rsXGyo_-WDcFjj3pYA&google_cver=1

Request Chain 153

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjgwNTMyMzM3NDg4Njk3MTAzNg%3D%3D

Request Chain 157

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJzA-skMWdIU4205xRSYuyI&google_cver=1

Request Chain 158

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YXjaRpXQmuOuZY9HwJMH2wAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJzA-skMWdIU4205xRSYuyI&google_cver=1

Request Chain 159

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEI0Z0rsXGyo_-WDcFjj3pYA&google_cver=1

Request Chain 160

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjgwNTMyMzM3NDg4Njk3MTAzNg%3D%3D

Request Chain 165

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJzA-skMWdIU4205xRSYuyI&google_cver=1

Request Chain 166

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YXjaRpXQmuOuZY9HwJMH2wAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJzA-skMWdIU4205xRSYuyI&google_cver=1

Request Chain 167

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEI0Z0rsXGyo_-WDcFjj3pYA&google_cver=1

Request Chain 168

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjgwNTMyMzM3NDg4Njk3MTAzNg%3D%3D

Request Chain 178

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJzA-skMWdIU4205xRSYuyI&google_cver=1

Request Chain 179

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YXjaRpXQmuOuZY9HwJMH2wAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJzA-skMWdIU4205xRSYuyI&google_cver=1

Request Chain 180

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEI0Z0rsXGyo_-WDcFjj3pYA&google_cver=1

Request Chain 181

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjgwNTMyMzM3NDg4Njk3MTAzNg%3D%3D

Request Chain 250

https://ad.360yield.com/server_match?r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fid%3Frid%3Dr-6496db2f-7e91-476d-aa64-2f4d212be258-5315-241795146%26jp_uid%3Dr-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836%26ex_uid%3D%7BPUB_USER_ID%7D%26partner_id%3D2 HTTP 302
https://ad.360yield.com/ul_cb/server_match?r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fid%3Frid%3Dr-6496db2f-7e91-476d-aa64-2f4d212be258-5315-241795146%26jp_uid%3Dr-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836%26ex_uid%3D%7BPUB_USER_ID%7D%26partner_id%3D2 HTTP 302
https://match.justpremium.com/match/id?rid=r-6496db2f-7e91-476d-aa64-2f4d212be258-5315-241795146&jp_uid=r-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836&ex_uid=e9f5e252-1313-4f3a-a36f-893c110b039c&partner_id=2

Request Chain 251

https://ib.adnxs.com/getuid?https://match.justpremium.com/match/an?rid=r-6496db2f-7e91-476d-aa64-2f4d212be258-5315-241795146&jp_uid=r-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836&ex_uid=$UID HTTP 302
https://match.justpremium.com/match/an?rid=r-6496db2f-7e91-476d-aa64-2f4d212be258-5315-241795146&jp_uid=r-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836&ex_uid=6805323374886971036

Request Chain 252

https://sync.1rx.io/usersync2/rmpssp?sub=justpremium&redir=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fun%3Frid%3Dr-6496db2f-7e91-476d-aa64-2f4d212be258-5315-241795146%26jp_uid%3Dr-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836%26ex_uid%3D%5BRX_UUID%5D HTTP 302
https://match.justpremium.com/match/un?rid=r-6496db2f-7e91-476d-aa64-2f4d212be258-5315-241795146&jp_uid=r-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836&ex_uid=OPTOUT

Request Chain 253

https://rtb.gumgum.com/getuid/jp?r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fgg%3Fjp_uid%3Dr-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836%26ex_uid%3D%5BUID%5D&us_privacy= HTTP 302
https://match.justpremium.com/match/gg?jp_uid=r-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836&ex_uid=e_c9834dae-12fd-4ffe-9115-46c5eb37d7fd

Request Chain 258

https://match.adsrvr.org/track/cmf/generic?ttd_pid=rjrqv8k&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=rjrqv8k&ttd_tpi=1 HTTP 302
https://ecs.mantisadnetwork.com/sync/pixel/query?source=tradedesk&id=2992f751-d465-4a45-95c7-c5768165b468

Request Chain 260

https://pm.w55c.net/ping_match.gif?ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_ HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_ HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537072979&val=Col95Um01MFASd5

Request Chain 261

https://x.bidswitch.net/sync?ssp=openx HTTP 302
https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=openx&bsw_custom_parameter=afd4d911-869d-4e32-ac0a-b1787ac2e19d HTTP 302
https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=openx&bsw_custom_parameter=afd4d911-869d-4e32-ac0a-b1787ac2e19d HTTP 302
https://x.bidswitch.net/sync?dsp_id=4&user_id=38f30d7e-f32f-4093-8620-313f7196e6bf&ssp=openx&expires=30&user_group=5&bsw_param=afd4d911-869d-4e32-ac0a-b1787ac2e19d HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072968&val=afd4d911-869d-4e32-ac0a-b1787ac2e19d

Request Chain 262

https://ib.adnxs.com/getuid?https://eu-u.openx.net/w/1.0/sd?id=537072399&val=$UID HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537072399&val=6805323374886971036

Request Chain 263

https://match.prod.bidr.io/cookie-sync/ox HTTP 303
https://match.prod.bidr.io/cookie-sync/ox?_bee_ppp=1 HTTP 303
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFDdjlVN0M4YlVBQUMzSkd5M0tUQQ&bee_sync_partners=pm%2Cpp%2Csas%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1 HTTP 302
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pm%2Cpp%2Csas%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1 HTTP 303
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AACv9U7C8bUAAC3JGy3KTA&r=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Csas%252Cox%26bee_sync_current_partner%3Dpm%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2 HTTP 302
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=pp%2Csas%2Cox&bee_sync_current_partner=pm&bee_sync_initiator=adx&bee_sync_hop_count=2 HTTP 303
https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AACv9U7C8bUAAC3JGy3KTA&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cox%26bee_sync_current_partner%3Dpp%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3 HTTP 302
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cox&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=3&ev=AACv9U7C8bUAAC3JGy3KTA&pid=558502&do=add HTTP 303
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AACv9U7C8bUAAC3JGy3KTA&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dox%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D4%26userid%3DSMART_USER_ID HTTP 302
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=ox&bee_sync_current_partner=sas&bee_sync_initiator=adx&bee_sync_hop_count=4&userid=7413582993066672420 HTTP 303
https://us-u.openx.net/w/1.0/sd?id=537125688&val=AACv9U7C8bUAAC3JGy3KTA

Request Chain 264

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=28476178-da49-4f00-abe7-e4cf0b1f6601

Request Chain 265

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=qwBq9vlQafywBmX2qwVwq69TPPewBmSrrgEH0OE8

Request Chain 266

https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=8529334507576409661

Request Chain 269

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEBog-h7nvYbHQJ7oR1xf5gE&google_cver=1

Request Chain 271

https://c1.adform.net/serving/cookie/match?party=14&cid=CB6BA316-A186-40C8-9AA6-51D4A8370322 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=CB6BA316-A186-40C8-9AA6-51D4A8370322

Request Chain 272

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=1354140506078291191

Request Chain 274

https://dsp.adfarm1.adition.com/cookie/?ssp=9 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7023603625964599441

Request Chain 275

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=y2ujFqGGQMiaplHUqDcDIg%3D%3D HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

Request Chain 276

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=33606178-da49-4300-bd74-f677e175a13a

Request Chain 277

https://pixel.onaudience.com/?partner=214&mapped=CB6BA316-A186-40C8-9AA6-51D4A8370322 HTTP 302
https://sync.crwdcntrl.net/map/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D HTTP 302
https://sync.crwdcntrl.net/map/ct=y/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D HTTP 302
https://pixel.onaudience.com/?partner=104&icm&cver&mapped=14ab4fca88c52aadd3779c1342e24000 HTTP 302
https://spl.zeotap.com/?zdid=1332&zcluid=71f6af944ac8bf6b HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=1f544863-ad0b-468d-5ed8-64a5de7e2cb0&reqId=8bef58c9-a522-41ba-465a-fdf88254ca35&zcluid=71f6af944ac8bf6b&zdid=1332 HTTP 302
https://mwzeom.zeotap.com/mw?google_gid=CAESELoaEjvAPrSgTnriTsuk5kk&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=1f544863-ad0b-468d-5ed8-64a5de7e2cb0&reqId=8bef58c9-a522-41ba-465a-fdf88254ca35&zcluid=71f6af944ac8bf6b&zdid=1332

Request Chain 278

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=Q0I2QkEzMTYtQTE4Ni00MEM4LTlBQTYtNTFENEE4MzcwMzIy&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

Request Chain 279

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEG5SmXJEiV8M_l8bclkOyCw&google_cver=1

Request Chain 281

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:017e6178-da49-4400-b43d-2acbde00dfe7&gdpr=0&gdpr_consent=

Request Chain 282

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=8094520430828782822

Request Chain 283

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=2992f751-d465-4a45-95c7-c5768165b468

Request Chain 284

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=6805323374886971036&gdpr=0&gdpr_consent=

Request Chain 285

https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=wp82JZDPNS_ZmTklwposeMbMYCTZmTh4x56ahKy6

Request Chain 286

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=CB6BA316-A186-40C8-9AA6-51D4A8370322&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-qaKLBKJE2uUFNpmO2WtmlgrIUGZHSEA-~A&gdpr=0&gdpr_consent=

Request Chain 288

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YXjaRpXQmuOuZY9HwJMH2wAABIQAAAAB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YXjaRpXQmuOuZY9HwJMH2wAABIQAAAAB&dcc=t

Request Chain 289

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YXjaRpXQmuOuZY9HwJMH2wAABIQAAAAB&gdpr_consent=&us_privacy=&gdpr=1 HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEGSU2IkwLxk1f1Ja6P-xBbI&google_cver=1

Request Chain 291

https://ums.acuityplatform.com/tum?umid=8 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=10&external_user_id=617664515375

Request Chain 293

https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&gdpr=1 HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&gdpr=1&_test=YXjaSgAMKiO5XwAR HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YXjaSgAMKiO5XwAR&gdpr=1&_test=YXjaSgAMKiO5XwAR

Request Chain 303

https://um.simpli.fi/ox_match HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072966&val=1BC4E2D97ECD49269C86CC0D692AABA9

Request Chain 304

https://j.mrpdata.net/c.html?ex=OpenX HTTP 302
https://j.mrpdata.net/c.html?ac=1&test=1&pd=IiJDEhk64oNJNGE8hhJnLaIH&ex=OpenX

Request Chain 306

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=4&gdpr=0 HTTP 302
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=4&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072977&val=e0c0c6d3-b36a-43dc-85d6-a80c9ba2ae76-6178da4a-5553&gdpr=0&gdpr_consent=

Request Chain 308

https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537148856&val=YXjaSgAMKiO5XwAR

Request Chain 309

https://green.erne.co/openx/cm HTTP 302
https://pixel.onaudience.com/?mapped=h8bzAmbfEsicrZPN7mzaXtxB&partner=2&redirect=green.erne.co%2Fct%2Fcm%3Fred%3Dhttps%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253D537072998%2526rtb%253Dh8bzAmbfEsicrZPN7mzaXtxB HTTP 302
https://pixel.onaudience.com/?partner=109&icm&cver&smartmap=1&redirect=tags.bluekai.com%2Fsite%2F33141%3F%26id%3D%25m%26redir%3Dhttps%253A%252F%252Fgreen.erne.co%252Fct%252Fcm%253Fred%253Dhttps%25253A%25252F%25252Fus-u.openx.net%25252Fw%25252F1.0%25252Fsd%25253Fid%25253D537072998%252526rtb%25253Dh8bzAmbfEsicrZPN7mzaXtxB HTTP 302
https://tags.bluekai.com/site/33141?&id=b07798573145e517&redir=https%3A%2F%2Fgreen.erne.co%2Fct%2Fcm%3Fred%3Dhttps%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253D537072998%2526rtb%253Dh8bzAmbfEsicrZPN7mzaXtxB HTTP 302
https://green.erne.co/ct/cm?red=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072998%26rtb%3Dh8bzAmbfEsicrZPN7mzaXtxB HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072998&rtb=h8bzAmbfEsicrZPN7mzaXtxB

Request Chain 310

https://ad.turn.com/r/cs?pid=9&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537073061&val=4323442822391727503&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 311

https://rtb.openx.net/sync/dds HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_hm=Niojvw_Oh7mMoHWCCSLHyw==&ox_sc=1&ox_init=1 HTTP 302
https://rtb.openx.net/sync/dds?ox_sc=1&ox_init=1

Request Chain 315

https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ZjU4MDNlYWQyZWQxMjQxZDY0YzdlMmY4YjBiMjZkZmJjMDM2YWExMw

Request Chain 316

https://token.rubiconproject.com/token?pid=26594 HTTP 302
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KV91FTBC-V-17DH&sigv=1&esig=2~873aeb5fa674b1f842107316c492bc771ba065f2

Request Chain 317

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D HTTP 302
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YXjaSgAMKiO5XwAR

Request Chain 318

https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D HTTP 302
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=28476178-da49-4f00-abe7-e4cf0b1f6601&expires=28

Request Chain 319

https://token.rubiconproject.com/token?pid=25470 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1Y5MUZUQkMtVi0xN0RI

Request Chain 320

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/rubicon/CZoyRAGepCqZMiIYR9wwSQ?csrc= HTTP 302
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=3750593883680554906

Request Chain 327

https://de.tynt.com/deb/v2?m=xch&rt=html&id=dikp1mZFOr66bCaKj0P0Le&gdpr_consent=undefined&us_privacy=undefined HTTP 307
https://de.tynt.com/deb/v2?m=xch&rt=html&id=dikp1mZFOr66bCaKj0P0Le&gdpr_consent=undefined&us_privacy=undefined&b=1

Request Chain 328

https://de.tynt.com/deb/v2?m=xch&rt=html&id=dxcRH4ZFOr66bCaKj0P0Le&gdpr_consent=undefined&us_privacy=undefined HTTP 307
https://de.tynt.com/deb/v2?m=xch&rt=html&id=dxcRH4ZFOr66bCaKj0P0Le&gdpr_consent=undefined&us_privacy=undefined&b=1

Request Chain 329

https://de.tynt.com/deb/v2?m=xch&rt=html&id=dBSR_eZFOr66bCaKj0P0Le&gdpr_consent=undefined&us_privacy=undefined HTTP 307
https://de.tynt.com/deb/v2?m=xch&rt=html&id=dBSR_eZFOr66bCaKj0P0Le&gdpr_consent=undefined&us_privacy=undefined&b=1

Request Chain 330

https://de.tynt.com/deb/v2?m=xch&rt=html&id=dsmFFgZFOr66bCaKj0P0Le&gdpr_consent=undefined&us_privacy=undefined HTTP 307
https://de.tynt.com/deb/v2?m=xch&rt=html&id=dsmFFgZFOr66bCaKj0P0Le&gdpr_consent=undefined&us_privacy=undefined&b=1

Request Chain 333

https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent= HTTP 303
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AACv9U7C8bUAAC3JGy3KTA

Request Chain 334

https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={device_id}&gdpr=0&gdpr_consent= HTTP 307
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0

Request Chain 335

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=OPTOUT

Request Chain 337

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=CB6BA316-A186-40C8-9AA6-51D4A8370322&gdpr= HTTP 302
https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=CB6BA316-A186-40C8-9AA6-51D4A8370322&gdpr=&fbounce=1 HTTP 302
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=CB6BA316-A186-40C8-9AA6-51D4A8370322&addseg=19,36,42

Request Chain 338

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=CB6BA316-A186-40C8-9AA6-51D4A8370322&sInitiator=external&gdpr=0&gdpr_consent= HTTP 302
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=CB6BA316-A186-40C8-9AA6-51D4A8370322&sInitiator=external&gdpr=0&gdpr_consent=

Request Chain 340

https://a.audrte.com/match?gdpr=0&gdpr_consent=&p=M1717054901&uid=CB6BA316-A186-40C8-9AA6-51D4A8370322 HTTP 302
https://a.audrte.com/p

Request Chain 342

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=afd4d911-869d-4e32-ac0a-b1787ac2e19d HTTP 302
https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=afd4d911-869d-4e32-ac0a-b1787ac2e19d HTTP 302
https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=890c7b6b-9986-4964-89f9-6dd2e02956ac&user_group=1&ssp=pubmatic&bsw_param=afd4d911-869d-4e32-ac0a-b1787ac2e19d HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=afd4d911-869d-4e32-ac0a-b1787ac2e19d&gdpr=&gdpr_consent=&gdpr_pd=

Request Chain 343

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YXjaSgAMKiO5XwAR&gdpr=0&gdpr_consent=

Request Chain 345

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=4323442822391727503&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 346

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=e0c0c6d3-b36a-43dc-85d6-a80c9ba2ae76-6178da4a-5553&gdpr=0&gdpr_consent=

Request Chain 347

https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:f3929bf1-61b9-4bd9-814d-f15620006cfe&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw

Request Chain 348

https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=6805323374886971036

362 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.upi.com/
Redirect Chain

http://upi.com/
https://upi.com/
https://www.upi.com/

306 KB
75 KB

42ms
7ms

Document
text/html

151.101.66.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.upi.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.66.132 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Apache /

Resource Hash

3dd75d6182b7ac98cdab5ab6d49b686c9bc647335d7a2c1f251bdfabdb827920

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors frame-ancestors 'self'
X-Frame-Options	'SAMEORIGIN'

Request headers

:method: GET
:authority: www.upi.com
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

server: Apache
pragma: public
cache-control: max-age=60, stale-while-revalidate=60, stale-if-error=1209600
expires: Wed, 27 Oct 2021 04:50:02 GMT
content-security-policy: frame-ancestors frame-ancestors 'self'
x-frame-options: 'SAMEORIGIN'
content-encoding: gzip
content-type: text/html; charset=UTF-8
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 27 Oct 2021 04:49:05 GMT
age: 17
x-served-by: cache-bwi5154-BWI, cache-hhn4023-HHN
x-cache: HIT, HIT
x-cache-hits: 1, 1
x-timer: S1635310145.058076,VS0,VE1
vary: Accept-Encoding,X-Device
content-length: 76092

Redirect headers

Date: Wed, 27 Oct 2021 04:48:47 GMT
Server: Apache
Location: https://www.upi.com/
Content-Length: 228
Content-Type: text/html; charset=iso-8859-1
X-Cacheable: Y
X-Varnish: 15396693 15396650
Age: 17
Via: 1.1 varnish (Varnish/6.6)
X-Cached: 1

GET
H2 200 site.v1635278154.css
www.upi.com/inc/css/ 171 KB
25 KB 9ms
8ms Stylesheet
text/css 151.101.66.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.upi.com/inc/css/site.v1635278154.css?fp=1&ss=1
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache /
Resource Hash: 6264bf1208e9ece3be247a8e3f2b8c6e430ea662ace4f9d50898ab4ed0f3f6a2

Request headers

:path: /inc/css/site.v1635278154.css?fp=1&ss=1
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.upi.com
referer: https://www.upi.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:05 GMT
via: 1.1 varnish, 1.1 varnish
age: 31790
x-cache: HIT, HIT
x-cache-hits: 2, 1
content-encoding: gzip
content-length: 25507
x-served-by: cache-bwi5125-BWI, cache-hhn4023-HHN
pragma: public
server: Apache
x-timer: S1635310145.099341,VS0,VE1
vary: Accept-Encoding,X-Device
content-type: text/css;charset=UTF-8
cache-control: maxage=51840000
accept-ranges: bytes
expires: Sun, 18 Jun 2023 19:58:57 GMT

GET
H2 200 css
fonts.googleapis.com/ 14 KB
2 KB 97ms
34ms Stylesheet
text/css 142.250.185.202
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Arimo:400,700|Montserrat:400,500,600,700|Lato:300,400,700&display=swap

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.202 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8b1c77d8b3d53d8065b098b5c1c34e84dd38c3da02d7e0a78150d0235d3edf89

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 27 Oct 2021 04:49:05 GMT
server: ESF
date: Wed, 27 Oct 2021 04:49:05 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"
expires: Wed, 27 Oct 2021 04:49:05 GMT

GET
H2 200 site.v1792730564.js Show response
www.upi.com/inc/js/ 55 KB
19 KB 10ms
6ms Script
application/x-javascript 151.101.66.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.upi.com/inc/js/site.v1792730564.js
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache /
Resource Hash: 81065a5108bcee6fbc930d47c8d807f05149f6b249d256c118620d794a19b87b

Request headers

:path: /inc/js/site.v1792730564.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.upi.com
referer: https://www.upi.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:05 GMT
via: 1.1 varnish, 1.1 varnish
age: 534438
x-cache: HIT, HIT
x-cache-hits: 289, 1
content-encoding: gzip
content-length: 18815
x-served-by: cache-bwi5162-BWI, cache-hhn4023-HHN
pragma: public
server: Apache
x-timer: S1635310145.204505,VS0,VE0
vary: Accept-Encoding,X-Device
content-type: application/x-javascript
cache-control: maxage=3600
accept-ranges: bytes
expires: Wed, 20 Oct 2021 13:22:56 GMT

GET
H2 200 script.js Show response
d3terveqlssriz.cloudfront.net/ 117 KB
38 KB 39ms
8ms Script
application/javascript 13.32.118.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3terveqlssriz.cloudfront.net/script.js
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.118.38 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-118-38.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bf6860ac9148098752f05575bc0209607482986822d634c19f8fec214fdcc8a6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:48:50 GMT
content-encoding: gzip
last-modified: Tue, 26 Oct 2021 14:42:27 GMT
server: AmazonS3
age: 16
etag: W/"322f85e3e09582993d3945ea4bf5281e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 3141f89cca62ae5784a211a8d1176d1c.cloudfront.net (CloudFront)
cache-control: max-age=600,public,must-revalidate
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: _cnJOAHPJY5G-Pf1_odtkPCzb619l9eUYIGkE2mfM3z-E6KJXU4MUw==

GET
H2 200 ss_la.png
www.upi.com/upi/dw/img/ 902 B
1 KB 11ms
7ms Image
image/png 151.101.66.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.upi.com/upi/dw/img/ss_la.png
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache /
Resource Hash: 38e7a6e16426441763900de1d3d44b17d1a5505b65840e1436d986d2e927263a

Request headers

:path: /upi/dw/img/ss_la.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.upi.com
referer: https://www.upi.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:05 GMT
via: 1.1 varnish, 1.1 varnish
last-modified: Thu, 20 Oct 2016 14:46:11 GMT
server: Apache
age: 2279163
etag: "386-53f4cfc9152c0"
x-served-by: cache-bwi5135-BWI, cache-hhn4023-HHN
vary: X-Device
x-cache: HIT, HIT
content-type: image/png
cache-control: max-age=864000, public, must-revalidate
accept-ranges: bytes
x-timer: S1635310145.204590,VS0,VE0
content-length: 902
x-cache-hits: 3, 1

GET
H2 200 ss_ra.png
www.upi.com/upi/dw/img/ 891 B
1009 B 11ms
8ms Image
image/png 151.101.66.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.upi.com/upi/dw/img/ss_ra.png
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache /
Resource Hash: 9b7d7f00f9cfab9ef26c0d958383012cf93149e8a27fc98d0eb76e6ae6d77510

Request headers

:path: /upi/dw/img/ss_ra.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.upi.com
referer: https://www.upi.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:05 GMT
via: 1.1 varnish, 1.1 varnish
last-modified: Thu, 20 Oct 2016 14:46:11 GMT
server: Apache
age: 2277333
etag: "37b-53f4cfc9152c0"
x-served-by: cache-bwi5153-BWI, cache-hhn4023-HHN
vary: X-Device
x-cache: HIT, HIT
content-type: image/png
cache-control: max-age=864000, public, must-revalidate
accept-ranges: bytes
x-timer: S1635310145.204633,VS0,VE1
content-length: 891
x-cache-hits: 5, 1

GET
H2 200 Fuel-price-surge-hits-Lebanon-worsening-struggle-for-food-transport.jpg
cdnph.upi.com/related/6851635295298/1/v1.2/9321c590d187eb5da28c2a7d77bb309d/upi_com/ 95 KB
95 KB 158ms
56ms Image
image/jpeg 151.101.66.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdnph.upi.com/related/6851635295298/1/v1.2/9321c590d187eb5da28c2a7d77bb309d/upi_com/Fuel-price-surge-hits-Lebanon-worsening-struggle-for-food-transport.jpg
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache /
Resource Hash: 45eaddc31ade6c96faa952dc5caba86cd001f67df32622560fd7f5cbbd22b298

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:05 GMT
via: 1.1 varnish, 1.1 varnish
age: 14553
x-cache: HIT, HIT
x-cache-hits: 1, 1
content-length: 96873
x-served-by: cache-dca17764-DCA, cache-hhn4023-HHN
pragma: public
last-modified: Wed, 27 Oct 2021 00:43:09 GMT
server: Apache
x-timer: S1635310145.304729,VS0,VE1
vary: X-Device
content-type: image/jpeg
cache-control: maxage=34560000
accept-ranges: bytes
expires: Thu, 01 Dec 2022 00:43:09 GMT

GET
H2 200 jquery.ph_ss.v6.js Show response
www.upi.com/upi/dw/js/ 17 KB
6 KB 8ms
7ms Script
text/javascript 151.101.66.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.upi.com/upi/dw/js/jquery.ph_ss.v6.js
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache /
Resource Hash: 573e456fa680ad921e4a931cb7dd22f83a4eaa462417ed14e5fd9f6c53b97818

Request headers

:path: /upi/dw/js/jquery.ph_ss.v6.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.upi.com
referer: https://www.upi.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:05 GMT
via: 1.1 varnish, 1.1 varnish
age: 577452
x-cache: HIT, HIT
x-cache-hits: 1, 1
content-encoding: gzip
content-length: 5666
x-served-by: cache-bwi5178-BWI, cache-hhn4023-HHN
pragma: public
server: Apache
x-timer: S1635310145.174638,VS0,VE1
vary: Accept-Encoding,X-Device
content-type: text/javascript;charset=UTF-8
cache-control: maxage=34560000
accept-ranges: bytes
expires: Thu, 24 Nov 2022 12:23:06 GMT

GET
H2 200 Senate-Democrats-unveil-15-corporate-minimum-tax-proposal.jpg
cdnph.upi.com/related/6851635295298/2/v1.2/cbeb82d040d6380e39f179f36fd778b0/upi/ 41 KB
41 KB 127ms
26ms Image
image/jpeg 151.101.66.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdnph.upi.com/related/6851635295298/2/v1.2/cbeb82d040d6380e39f179f36fd778b0/upi/Senate-Democrats-unveil-15-corporate-minimum-tax-proposal.jpg
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache /
Resource Hash: 2851d2e721afdb8bf4fae732b9e08e84b9c3ed9ace18ccdd7cb88fe95c52b430

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:05 GMT
via: 1.1 varnish, 1.1 varnish
age: 14553
x-cache: HIT, HIT
x-cache-hits: 1, 1
content-length: 41646
x-served-by: cache-dca17763-DCA, cache-hhn4023-HHN
pragma: public
last-modified: Wed, 27 Oct 2021 00:43:24 GMT
server: Apache
x-timer: S1635310145.304630,VS0,VE1
vary: X-Device
content-type: image/jpeg
cache-control: maxage=34560000
accept-ranges: bytes
expires: Thu, 01 Dec 2022 00:43:24 GMT

GET
H2 200 Major-noreaster-pounds-NY-NJ-both-states-see-heavy-rains-floods.jpg
cdnph.upi.com/related/6851635295298/3/v1.2/16352631237702/i/ 52 KB
52 KB 158ms
56ms Image
image/jpeg 151.101.66.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdnph.upi.com/related/6851635295298/3/v1.2/16352631237702/i/Major-noreaster-pounds-NY-NJ-both-states-see-heavy-rains-floods.jpg
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache /
Resource Hash: 3a33ae9aab67d7045bcf70e2e50fa69d29226145e2c664836400a6a71fe49442

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:05 GMT
via: 1.1 varnish, 1.1 varnish
age: 14553
x-cache: HIT, HIT
x-cache-hits: 1, 1
content-length: 52894
x-served-by: cache-dca17763-DCA, cache-hhn4023-HHN
pragma: public
last-modified: Wed, 27 Oct 2021 00:43:09 GMT
server: Apache
x-timer: S1635310145.304681,VS0,VE1
vary: X-Device
content-type: image/jpeg
cache-control: maxage=34560000
accept-ranges: bytes
expires: Thu, 01 Dec 2022 00:43:09 GMT

GET
H2 200 FDA-panel-recommends-Pfizer-COVID-19-vaccine-for-kids-5-11.jpg
cdnph.upi.com/related/6851635295298/4/v1.2/a09e1301b01f7bf24a0d237859bba3dd/upi/ 56 KB
56 KB 140ms
39ms Image
image/jpeg 151.101.66.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdnph.upi.com/related/6851635295298/4/v1.2/a09e1301b01f7bf24a0d237859bba3dd/upi/FDA-panel-recommends-Pfizer-COVID-19-vaccine-for-kids-5-11.jpg
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache /
Resource Hash: 2a20b0251c2264d9b2b03d65ee2e84b40c58731f84de061b436904027eb7c181

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:05 GMT
via: 1.1 varnish, 1.1 varnish
age: 14553
x-cache: HIT, HIT
x-cache-hits: 1, 1
content-length: 56971
x-served-by: cache-dca17757-DCA, cache-hhn4023-HHN
pragma: public
last-modified: Wed, 27 Oct 2021 00:43:09 GMT
server: Apache
x-timer: S1635310145.304436,VS0,VE1
vary: X-Device
content-type: image/jpeg
cache-control: maxage=34560000
accept-ranges: bytes
expires: Thu, 01 Dec 2022 00:43:09 GMT

GET
H2 200 Houston-Astros-Atlanta-Braves-set-to-start-2021-World-Series.jpg
cdnph.upi.com/related/6851635295298/5/v1.2/0f761a28268677fb889a61e14e41df1c/upi/ 98 KB
98 KB 124ms
23ms Image
image/jpeg 151.101.66.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdnph.upi.com/related/6851635295298/5/v1.2/0f761a28268677fb889a61e14e41df1c/upi/Houston-Astros-Atlanta-Braves-set-to-start-2021-World-Series.jpg
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache /
Resource Hash: ca54d72d0ebcf1a4dc5cd53d186bd42bc0f25d9e59bd039b40cf700db33ace93

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:05 GMT
via: 1.1 varnish, 1.1 varnish
age: 14553
x-cache: HIT, HIT
x-cache-hits: 3, 1
content-length: 100084
x-served-by: cache-dca17731-DCA, cache-hhn4023-HHN
pragma: public
last-modified: Wed, 27 Oct 2021 00:43:09 GMT
server: Apache
x-timer: S1635310145.304512,VS0,VE1
vary: X-Device
content-type: image/jpeg
cache-control: maxage=34560000
accept-ranges: bytes
expires: Thu, 01 Dec 2022 00:43:09 GMT

GET
H2 200 Statins-do-not-lower-risk-for-death-from-COVID-19-but-may-increase-it-study-finds.jpg
cdnph.upi.com/related/8991635282458/1/v1.2/e071c99e290bf0d884975a9c8e47a368/upi_com/ 34 KB
34 KB 139ms
38ms Image
image/jpeg 151.101.66.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdnph.upi.com/related/8991635282458/1/v1.2/e071c99e290bf0d884975a9c8e47a368/upi_com/Statins-do-not-lower-risk-for-death-from-COVID-19-but-may-increase-it-study-finds.jpg
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache /
Resource Hash: 6feaf456eebc8d6164cfdf78797d8770013b953bfd0d3904bcdb99327df1e281

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:05 GMT
via: 1.1 varnish, 1.1 varnish
age: 27111
x-cache: HIT, HIT
x-cache-hits: 1, 1
content-length: 34911
x-served-by: cache-dca17730-DCA, cache-hhn4023-HHN
pragma: public
last-modified: Tue, 26 Oct 2021 21:08:53 GMT
server: Apache
x-timer: S1635310145.304583,VS0,VE1
vary: X-Device
content-type: image/jpeg
cache-control: maxage=34560000
accept-ranges: bytes
expires: Wed, 30 Nov 2022 21:08:53 GMT

GET
H2 200 Anya-Taylor-Joy-Thomasin-McKenzie-attend-Last-Night-in-Soho-premiere.jpg
cdnph.upi.com/related/9591635263969/1/v1.5/3c9e95d9cc69e3b3186a117e6859f0c3/upi/ 81 KB
81 KB 24ms
13ms Image
image/jpeg 151.101.66.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdnph.upi.com/related/9591635263969/1/v1.5/3c9e95d9cc69e3b3186a117e6859f0c3/upi/Anya-Taylor-Joy-Thomasin-McKenzie-attend-Last-Night-in-Soho-premiere.jpg?lg=3
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache /
Resource Hash: a618514438ae062127207aed5814e92dacd94b9bcbc51111465b217b2d83f531

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:05 GMT
via: 1.1 varnish, 1.1 varnish
age: 45835
x-cache: HIT, HIT
x-cache-hits: 1, 1
content-length: 82544
x-served-by: cache-dca17736-DCA, cache-hhn4023-HHN
pragma: public
last-modified: Tue, 26 Oct 2021 16:00:32 GMT
server: Apache
x-timer: S1635310145.368169,VS0,VE1
vary: X-Device
content-type: image/jpeg
cache-control: maxage=34560000
accept-ranges: bytes
expires: Wed, 30 Nov 2022 16:00:32 GMT

GET
H2 200 Treat-Kiernan-Shipka-says-she-dug-deep-to-voice-podcast.jpg
cdnph.upi.com/related/7961635263517/1/v1.2/970af96d0e2a50edd62310847d281ce9/upi/ 20 KB
20 KB 22ms
12ms Image
image/jpeg 151.101.66.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdnph.upi.com/related/7961635263517/1/v1.2/970af96d0e2a50edd62310847d281ce9/upi/Treat-Kiernan-Shipka-says-she-dug-deep-to-voice-podcast.jpg?rc=1
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache /
Resource Hash: 2001535d1c320ac90d71fe713d8ba0306665e271d134de825a81488288cdbfb8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:05 GMT
via: 1.1 varnish, 1.1 varnish
age: 46291
x-cache: HIT, HIT
x-cache-hits: 1, 1
content-length: 20467
x-served-by: cache-dca17758-DCA, cache-hhn4023-HHN
pragma: public
last-modified: Tue, 26 Oct 2021 15:53:23 GMT
server: Apache
x-timer: S1635310145.368262,VS0,VE0
vary: X-Device
content-type: image/jpeg
cache-control: maxage=34560000
accept-ranges: bytes
expires: Wed, 30 Nov 2022 15:53:23 GMT

GET
H2 200 The-Great-Resignation-American-workers-suffering-a-crisis-of-meaning.jpg
cdnph.upi.com/related/9081635250027/1/v1.2/ce07eb6e0a2243702ec9a2c11815da0f/upi/ 18 KB
18 KB 17ms
15ms Image
image/jpeg 151.101.66.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdnph.upi.com/related/9081635250027/1/v1.2/ce07eb6e0a2243702ec9a2c11815da0f/upi/The-Great-Resignation-American-workers-suffering-a-crisis-of-meaning.jpg?rc=1
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache /
Resource Hash: be94d14477604a8b602a3fb0055f4d29d5593388bc83364d0e5740cbf86e2b35

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:05 GMT
via: 1.1 varnish, 1.1 varnish
age: 59847
x-cache: HIT, HIT
x-cache-hits: 3, 1
content-length: 18767
x-served-by: cache-dca17735-DCA, cache-hhn4023-HHN
pragma: public
last-modified: Tue, 26 Oct 2021 12:08:04 GMT
server: Apache
x-timer: S1635310145.371846,VS0,VE1
vary: X-Device
content-type: image/jpeg
cache-control: maxage=34560000
accept-ranges: bytes
expires: Wed, 30 Nov 2022 12:08:04 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 107ms
26ms Script
text/javascript 142.250.186.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

fc27aed7787a4f63d2feba50e6bc6122ac3c5479456d40c0a445899a08ad92f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 19 Oct 2021 16:47:48 GMT
server: Golfe2
age: 2879
date: Wed, 27 Oct 2021 04:01:06 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 19887
expires: Wed, 27 Oct 2021 06:01:06 GMT

OPTIONS
H2 204 1a
i.clean.gg/ Frame 0
0 148ms
103ms Preflight
text/plain 34.95.69.49
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clean.gg/1a
Protocol: H2
Server: 34.95.69.49 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 49.69.95.34.bc.googleusercontent.com
Software: nginx/1.17.4 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.upi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx/1.17.4
date: Wed, 27 Oct 2021 04:49:05 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Origin,Accept,X-API-Key
access-control-max-age: 1728000
content-type: text/plain; charset=utf-8
content-length: 0
via: 1.1 google
alt-svc: clear

POST
H2 200 1a Show response
i.clean.gg/ 0
104 B 113ms
105ms XHR
application/octet-stream 34.95.69.49
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clean.gg/1a
Requested by: Host: d3terveqlssriz.cloudfront.net
URL: https://d3terveqlssriz.cloudfront.net/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.95.69.49 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 49.69.95.34.bc.googleusercontent.com
Software: nginx/1.17.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.upi.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 27 Oct 2021 04:49:05 GMT
via: 1.1 google
server: nginx/1.17.4
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Origin,Accept,X-API-Key
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/octet-stream
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
alt-svc: clear
content-length: 0

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v20/ 22 KB
23 KB 150ms
58ms Font
font/woff2 142.250.184.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Arimo:400,700|Montserrat:400,500,600,700|Lato:300,400,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.upi.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 24 Oct 2021 10:51:57 GMT
x-content-type-options: nosniff
age: 237428
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22992
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:18:57 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Mon, 24 Oct 2022 10:51:57 GMT

GET
H2 200 P5sMzZCDf9_T_10ZxCE.woff2
fonts.gstatic.com/s/arimo/v17/ 18 KB
19 KB 91ms
15ms Font
font/woff2 142.250.184.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/arimo/v17/P5sMzZCDf9_T_10ZxCE.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Arimo:400,700|Montserrat:400,500,600,700|Lato:300,400,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b0c2a889d07d01755fc1a7818e2d54ba67c7b953b453dc22e8aaedcd29fe0b57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.upi.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 24 Oct 2021 11:52:20 GMT
x-content-type-options: nosniff
age: 233805
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18332
x-xss-protection: 0
last-modified: Thu, 28 Jan 2021 23:11:51 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Mon, 24 Oct 2022 11:52:20 GMT

GET
H2 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v18/ 19 KB
20 KB 109ms
35ms Font
font/woff2 142.250.184.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v18/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Arimo:400,700|Montserrat:400,500,600,700|Lato:300,400,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b26a74f3c0e529bc8fccfa6b1db8e083e738992266359fde1a5bd0aaa81cbc3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.upi.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 21 Oct 2021 04:48:55 GMT
x-content-type-options: nosniff
age: 518410
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19844
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:20:10 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Fri, 21 Oct 2022 04:48:55 GMT

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v20/ 23 KB
23 KB 151ms
78ms Font
font/woff2 142.250.184.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Arimo:400,700|Montserrat:400,500,600,700|Lato:300,400,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.upi.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 21 Oct 2021 12:11:32 GMT
x-content-type-options: nosniff
age: 491853
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23484
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:19:01 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Fri, 21 Oct 2022 12:11:32 GMT

GET
H2 200 JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2
fonts.gstatic.com/s/montserrat/v18/ 20 KB
20 KB 155ms
81ms Font
font/woff2 142.250.184.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v18/JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Arimo:400,700|Montserrat:400,500,600,700|Lato:300,400,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f14.1e100.net

Software

sffe /

Resource Hash

ec7d69015be507ee6045d259f50b6cf8ccb52ec7b41ec1bf50fee681683bea60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.upi.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 01:25:05 GMT
x-content-type-options: nosniff
age: 12240
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20040
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:20:44 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 27 Oct 2022 01:25:05 GMT

GET
H2 200 fontawesome-webfont.woff2
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/ 75 KB
76 KB 58ms
15ms Font
font/woff2 104.18.11.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.11.207 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.upi.com/
Origin: https://www.upi.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:05 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 601, 617, 617, 617, 617
age: 515451
cdn-cachedat: 2021-06-03 12:51:57
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 77160
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: font/woff2
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: e55d6c840d63ea098c3fff5217a5d593
accept-ranges: bytes
cf-ray: 6a494bb9fdac874d-DUS
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H2 200 chartbeat.js Show response
static.chartbeat.com/js/ 36 KB
14 KB 60ms
7ms Script
application/x-javascript 18.66.99.146
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat.js
Requested by: Host: d3terveqlssriz.cloudfront.net
URL: https://d3terveqlssriz.cloudfront.net/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.99.146 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 612e6b00354d56a1726cd40dc9a28d83ffda033d63214eae704d1e61ef59b3b5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 03:20:13 GMT
content-encoding: gzip
last-modified: Fri, 09 Jul 2021 00:11:37 GMT
server: nginx
age: 5332
etag: W/"60e79439-8e96"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 bbd2abbdb134a9d53c0a12f6566e69ff.cloudfront.net (CloudFront)
cache-control: max-age=7200
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: FRA56-P2
x-amz-cf-id: grOPTCT3YgSVVklxrI2tyJFY8YQq_e1K8uFNI2_87r1mVpWhROyghw==
expires: Wed, 27 Oct 2021 05:20:13 GMT

GET
H2 200 sdk.js Show response
embed.ex.co/ 48 KB
12 KB 43ms
7ms Script
text/javascript 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://embed.ex.co/sdk.js
Requested by: Host: d3terveqlssriz.cloudfront.net
URL: https://d3terveqlssriz.cloudfront.net/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: b858ed46bb1e1a0d327161874b1e125f1813d0d01223a7c5f0296483060b71ee

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:05 GMT
content-encoding: gzip
age: 158672
x-cache: HIT, HIT
access-control-max-age: 600
x-surrogate-key: SDK-for-external-purge
content-length: 12062
x-served-by: cache-bwi5180-BWI, cache-hhn4054-HHN
access-control-allow-origin: *
server: nginx
x-timer: S1635310146.721738,VS0,VE1
etag: W/"c056-as2k0WtoTT3MpfHOqm6VY0xOzaw"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: text/javascript; charset=utf-8
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-headers: Accept, Authorization, Content-Type, X-PB-Referer
x-cache-hits: 2, 1

GET
H2 200 upi.min.js Show response
global.proper.io/ 27 KB
7 KB 64ms
22ms Script
application/javascript 104.17.79.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://global.proper.io/upi.min.js
Requested by: Host: d3terveqlssriz.cloudfront.net
URL: https://d3terveqlssriz.cloudfront.net/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.79.34 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b5088c2cfc7d60f139f3d8553a7843e8ae4fcb5ebf0b8931a448672784b37296

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:05 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 26 Oct 2021 18:16:09 GMT
server: cloudflare
age: 37959
etag: W/"617845e9-6c02"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=300
cf-ray: 6a494bbb9ecdc49a-DUS
expires: Wed, 27 Oct 2021 04:54:05 GMT

GET
H2 200 ping
ping.chartbeat.net/ 43 B
201 B 292ms
92ms Image
image/gif 3.90.128.247
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ping.chartbeat.net/ping?h=upi.com&p=%2F&u=B1qMWG2flasCUayEZ&d=upi.com&g=4027&g0=No%20Section&g1=No%20Author&n=1&f=00001&c=0&x=0&m=0&y=6005&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&b=1445&t=Cy6o_mBZFjeGvGB_5CbekTmCSp2tR&V=128&i=Top%20News%2C%20Latest%20headlines%2C%20Latest%20News%2C%20World%20News%20%26%20U.S%20News%20-%20UPI.com&tz=0&sn=1&sv=F2H9FBPFkRYBL8UaHDr7DH4BTq_SJ&sd=1&im=0603040f&_
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.90.128.247 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-90-128-247.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:06 GMT
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
content-length: 43
expires: 0

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
407 B 68ms
23ms XHR
text/plain 108.177.15.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j94&tid=UA-1342607-1&cid=2040292321.1635310146&jid=1582457510&gjid=1878488413&_gid=423574988.1635310146&_u=IGBAgEABAAAAAE~&z=2054282105

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.177.15.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wr-in-f156.1e100.net

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.upi.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 27 Oct 2021 04:49:05 GMT
content-type: text/plain
access-control-allow-origin: https://www.upi.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
194 B 22ms
21ms Image
image/gif 142.250.186.46
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j94&a=512340476&t=pageview&_s=1&dl=https%3A%2F%2Fwww.upi.com%2F&ul=en-us&de=UTF-8&dt=Top%20News%2C%20Latest%20headlines%2C%20Latest%20News%2C%20World%20News%20%26%20U.S%20News%20-%20UPI.com&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IGBAgEAB~&jid=1582457510&gjid=1878488413&cid=2040292321.1635310146&tid=UA-1342607-1&_gid=423574988.1635310146&z=1221747786

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Oct 2021 22:29:55 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 22750
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 US-lawmakers-consider-cybersecurity-measures-for-transportation-sector.jpg
cdnph.upi.com/ph/st/th/7091635289885/2021/upi/6fa10c7ce72d762ec35c4e312e07b8fd/v1.5/ 36 KB
36 KB 16ms
15ms Image
image/jpeg 151.101.66.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdnph.upi.com/ph/st/th/7091635289885/2021/upi/6fa10c7ce72d762ec35c4e312e07b8fd/v1.5/US-lawmakers-consider-cybersecurity-measures-for-transportation-sector.jpg?lg=1
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache /
Resource Hash: 2d9f30f61626597ea7443c34755834d11e11ee166142212ccfe7e4881a68e068

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:05 GMT
via: 1.1 varnish, 1.1 varnish
age: 18455
x-cache: HIT, HIT
x-cache-hits: 1, 1
content-length: 37104
x-served-by: cache-dca17726-DCA, cache-hhn4023-HHN
pragma: public
last-modified: Tue, 26 Oct 2021 23:34:41 GMT
server: Apache
x-timer: S1635310146.952141,VS0,VE1
vary: X-Device
content-type: image/jpeg
cache-control: maxage=34560000
accept-ranges: bytes
expires: Wed, 30 Nov 2022 23:34:41 GMT

GET
H2 200 Boise-mall-shooting-suspect-dies-coroner-identifies-vicitms.jpg
cdnph.upi.com/ph/st/th/9851635302813/2021/i/16353074467147/v1.5/ 32 KB
32 KB 16ms
15ms Image
image/jpeg 151.101.66.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdnph.upi.com/ph/st/th/9851635302813/2021/i/16353074467147/v1.5/Boise-mall-shooting-suspect-dies-coroner-identifies-vicitms.jpg?lg=1
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache /
Resource Hash: 502f4014b6421bd38af95d644ea349ede2ab6f9667e67f39def41b2df8955c59

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:05 GMT
via: 1.1 varnish, 1.1 varnish
age: 1140
x-cache: HIT, HIT
x-cache-hits: 4, 1
content-length: 33025
x-served-by: cache-dca17739-DCA, cache-hhn4023-HHN
pragma: public
last-modified: Wed, 27 Oct 2021 04:12:52 GMT
server: Apache
x-timer: S1635310146.952238,VS0,VE1
vary: X-Device
content-type: image/jpeg
cache-control: maxage=34560000
accept-ranges: bytes
expires: Thu, 01 Dec 2022 04:12:52 GMT

GET
H2 200 Queen-Elizabeth-wont-attend-COP26-in-person-after-hospital-stay.jpg
cdnph.upi.com/ph/st/th/4781635293078/2021/upi/2ae787887133cdc54e3677b3edcf79a1/v1.5/ 49 KB
49 KB 15ms
15ms Image
image/jpeg 151.101.66.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdnph.upi.com/ph/st/th/4781635293078/2021/upi/2ae787887133cdc54e3677b3edcf79a1/v1.5/Queen-Elizabeth-wont-attend-COP26-in-person-after-hospital-stay.jpg?lg=1
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache /
Resource Hash: 37b48befe4583066b0b4fac879316e86e5f7e4418a7195b2f494209a05e445fd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:05 GMT
via: 1.1 varnish, 1.1 varnish
age: 2685
x-cache: HIT, HIT
x-cache-hits: 3, 1
content-length: 50374
x-served-by: cache-dca17748-DCA, cache-hhn4023-HHN
pragma: public
last-modified: Wed, 27 Oct 2021 04:00:25 GMT
server: Apache
x-timer: S1635310146.952308,VS0,VE1
vary: X-Device
content-type: image/jpeg
cache-control: maxage=34560000
accept-ranges: bytes
expires: Thu, 01 Dec 2022 04:00:25 GMT

GET
H2 200 Dune-Part-2-officially-greenlit.jpg
cdnph.upi.com/ph/st/th/5651635278039/2021/upi/8e5872e390c34c8b67e1d7de05411a9e/v1.5/ 44 KB
44 KB 14ms
14ms Image
image/jpeg 151.101.66.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdnph.upi.com/ph/st/th/5651635278039/2021/upi/8e5872e390c34c8b67e1d7de05411a9e/v1.5/Dune-Part-2-officially-greenlit.jpg?lg=1
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache /
Resource Hash: d321db521b497ec2e88d448f61385b51978015e6a6a7d35fe18f5cddd403812a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:05 GMT
via: 1.1 varnish, 1.1 varnish
age: 15197
x-cache: HIT, HIT
x-cache-hits: 2, 1
content-length: 44779
x-served-by: cache-dca12922-DCA, cache-hhn4023-HHN
pragma: public
last-modified: Wed, 27 Oct 2021 00:24:37 GMT
server: Apache
x-timer: S1635310146.952387,VS0,VE1
vary: X-Device
content-type: image/jpeg
cache-control: maxage=34560000
accept-ranges: bytes
expires: Thu, 01 Dec 2022 00:24:37 GMT

GET
H2 200 Canadian-lifts-13000-pounds-in-one-hour-to-break-Guinness-record.jpg
cdnph.upi.com/ph/st/th/4171635281314/2021/i/16352818576311/v1.5/ 23 KB
23 KB 15ms
14ms Image
image/jpeg 151.101.66.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdnph.upi.com/ph/st/th/4171635281314/2021/i/16352818576311/v1.5/Canadian-lifts-13000-pounds-in-one-hour-to-break-Guinness-record.jpg?lg=1
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache /
Resource Hash: 698277d83f1572093e62e1b99108bf80812be5604a66c79c3870ebe79b83bb61

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:05 GMT
via: 1.1 varnish, 1.1 varnish
age: 25433
x-cache: HIT, HIT
x-cache-hits: 3, 1
content-length: 23731
x-served-by: cache-dca12926-DCA, cache-hhn4023-HHN
pragma: public
last-modified: Tue, 26 Oct 2021 21:23:23 GMT
server: Apache
x-timer: S1635310146.952452,VS0,VE1
vary: X-Device
content-type: image/jpeg
cache-control: maxage=34560000
accept-ranges: bytes
expires: Wed, 30 Nov 2022 21:23:23 GMT

GET
H2 200 Expert-panel-More-research-needed-on-glaucoma-screening-benefits.jpg
cdnph.upi.com/ph/st/th/6851635258764/2021/upi_com/8678551491ec528750efc72fc88df1f0/v1.5/ 29 KB
29 KB 13ms
13ms Image
image/jpeg 151.101.66.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdnph.upi.com/ph/st/th/6851635258764/2021/upi_com/8678551491ec528750efc72fc88df1f0/v1.5/Expert-panel-More-research-needed-on-glaucoma-screening-benefits.jpg?lg=1
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache /
Resource Hash: f1cae056ba34d6ab3eda90c05dc61a6ee19237de82f871a5bb04461323740af4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:05 GMT
via: 1.1 varnish, 1.1 varnish
age: 42255
x-cache: HIT, HIT
x-cache-hits: 1, 1
content-length: 29830
x-served-by: cache-dca17729-DCA, cache-hhn4023-HHN
pragma: public
last-modified: Tue, 26 Oct 2021 16:32:48 GMT
server: Apache
x-timer: S1635310146.952693,VS0,VE1
vary: X-Device
content-type: image/jpeg
cache-control: maxage=34560000
accept-ranges: bytes
expires: Wed, 30 Nov 2022 16:32:48 GMT

GET
H2 200 Technology-enables-researchers-to-teach-robots-to-think-like-humans.jpg
cdnph.upi.com/ph/st/th/4311635269971/2021/i/16352754021536/v1.5/ 15 KB
15 KB 12ms
4ms Image
image/jpeg 151.101.66.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdnph.upi.com/ph/st/th/4311635269971/2021/i/16352754021536/v1.5/Technology-enables-researchers-to-teach-robots-to-think-like-humans.jpg?lg=1
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache /
Resource Hash: 57d14e594e54d0a20f92e277d44bc23923a188c95b87e83472033624ff5025ff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:05 GMT
via: 1.1 varnish, 1.1 varnish
age: 34381
x-cache: HIT, HIT
x-cache-hits: 2, 1
content-length: 14887
x-served-by: cache-dca12921-DCA, cache-hhn4023-HHN
pragma: public
last-modified: Tue, 26 Oct 2021 19:11:33 GMT
server: Apache
x-timer: S1635310146.972758,VS0,VE1
vary: X-Device
content-type: image/jpeg
cache-control: maxage=34560000
accept-ranges: bytes
expires: Wed, 30 Nov 2022 19:11:33 GMT

GET
H2 200 On-This-Day-Allied-troops-take-1450-Axis-prisoners-in-Egypt.jpg
cdnph.upi.com/ph/st/th/6481635105127/2021/upi_com/6adceb1c4af62d2ecf13b8c4eac5e38f/v1.5/ 54 KB
54 KB 19ms
11ms Image
image/jpeg 151.101.66.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdnph.upi.com/ph/st/th/6481635105127/2021/upi_com/6adceb1c4af62d2ecf13b8c4eac5e38f/v1.5/On-This-Day-Allied-troops-take-1450-Axis-prisoners-in-Egypt.jpg?lg=1
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache /
Resource Hash: ab35f6c323e70c2f286e21ce6d75278e87d02c6f7721287606e2b7d3735e1858

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:05 GMT
via: 1.1 varnish, 1.1 varnish
age: 78353
x-cache: HIT, HIT
x-cache-hits: 1, 1
content-length: 55230
x-served-by: cache-dca17779-DCA, cache-hhn4023-HHN
pragma: public
last-modified: Tue, 26 Oct 2021 07:01:00 GMT
server: Apache
x-timer: S1635310146.975175,VS0,VE1
vary: X-Device
content-type: image/jpeg
cache-control: maxage=34560000
accept-ranges: bytes
expires: Wed, 30 Nov 2022 07:01:00 GMT

GET
H2 200 Braves-Charlie-Morton-fractures-fibula-in-Game-1-out-for-rest-of-World-Series.jpg
cdnph.upi.com/ph/st/th/3101635303539/2021/upi/4a01b17921a565abc1d4e074007bcc0d/v1.5/ 34 KB
35 KB 19ms
13ms Image
image/jpeg 151.101.66.132
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdnph.upi.com/ph/st/th/3101635303539/2021/upi/4a01b17921a565abc1d4e074007bcc0d/v1.5/Braves-Charlie-Morton-fractures-fibula-in-Game-1-out-for-rest-of-World-Series.jpg?lg=1
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache /
Resource Hash: b02fc085e63cbcb9e9cad7fa922ceee53d597a3e0c00ac47a3ecab37a3b3d9f6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:05 GMT
via: 1.1 varnish, 1.1 varnish
age: 3666
x-cache: HIT, HIT
x-cache-hits: 1, 1
content-length: 35146
x-served-by: cache-dca12922-DCA, cache-hhn4023-HHN
pragma: public
last-modified: Wed, 27 Oct 2021 03:30:22 GMT
server: Apache
x-timer: S1635310146.977266,VS0,VE1
vary: X-Device
content-type: image/jpeg
cache-control: maxage=34560000
accept-ranges: bytes
expires: Thu, 01 Dec 2022 03:30:22 GMT

GET
H2 200 story-viewer.js Show response
static.ex.co/pb-story/production/70a59f4cef49d44c2c9ecb9cf52f990017fe1e6e-2021-10-25-08-33-15/ 574 KB
140 KB 56ms
7ms Script
application/x-javascript 2.16.186.146
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ex.co/pb-story/production/70a59f4cef49d44c2c9ecb9cf52f990017fe1e6e-2021-10-25-08-33-15/story-viewer.js
Requested by: Host: d3terveqlssriz.cloudfront.net
URL: https://d3terveqlssriz.cloudfront.net/script.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.186.146 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-146.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 2cf2b8c3e9beb73234295a6741ce700f334b3f8f0b52f4b2b3721094b1d4220d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:06 GMT
content-encoding: gzip
vary: Accept-Encoding
content-length: 143098
last-modified: Mon, 25 Oct 2021 08:33:16 GMT
server: AmazonS3
etag: "1b64e6e65c70e988ffdff456effaa325"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: *
cache-control: must-revalidate, proxy-revalidate, max-age=604800, s-maxage=31536000
access-control-allow-credentials: false
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 03 Nov 2021 04:49:06 GMT

POST
H2 200 events Show response
prd-collector-platform.ex.co/main/ 0
134 B 292ms
92ms XHR
text/plain 54.164.123.106
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://prd-collector-platform.ex.co/main/events
Requested by: Host: embed.ex.co
URL: https://embed.ex.co/sdk.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.164.123.106 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-164-123-106.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.upi.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.upi.com
date: Wed, 27 Oct 2021 04:49:06 GMT
access-control-allow-credentials: true
content-length: 0
vary: Origin
content-type: text/plain; charset=utf-8

GET
H2 200 html Show response
embed.ex.co/ 173 KB
32 KB 35ms
10ms XHR
text/html 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://embed.ex.co/html?id=093c7e09-6caa-46f2-8e49-ae9542d4fe24
Requested by: Host: embed.ex.co
URL: https://embed.ex.co/sdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 660e9efb47017313a0b691b6b31488600a277461bbd71700de001e5b8ab054ab

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:06 GMT
content-encoding: gzip
etag: W/"2b559-KrHrVF9v4nMbgfcfBswG16IsT5A"
age: 3825
x-cache: HIT, HIT
x-pb-os: windows
access-control-max-age: 600
x-pb-platform: desktop
x-surrogate-key: 093c7e09-6caa-46f2-8e49-ae9542d4fe24 story 6806df02-7427-47d5-8eae-d4709d1b21b0 playbuzz9 www.upi.com
content-length: 31985
x-served-by: cache-bwi5155-BWI, cache-hhn4075-HHN
access-control-allow-origin: *
server: nginx
x-timer: S1635310146.015989,VS0,VE1
x-pb-browser: chrome
vary: X-PB-Campaign,X-PB-Os,X-PB-Platform,X-PB-Browser, Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: text/html; charset=utf-8
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-headers: Accept, Authorization, Content-Type, X-PB-Referer
x-cache-hits: 2, 1

GET
H2 200 latest.js Show response
global.proper.io/payloads/ 410 KB
106 KB 29ms
29ms Script
application/javascript 104.17.79.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://global.proper.io/payloads/latest.js
Requested by: Host: d3terveqlssriz.cloudfront.net
URL: https://d3terveqlssriz.cloudfront.net/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.79.34 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ef71b3b4250fdeae0e4cdadbe5631e1777435f01edfbbe24aea3fa9d7cd323ee

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:06 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 22 Oct 2021 21:57:36 GMT
server: cloudflare
age: 121351
etag: W/"617333d0-668a3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=300
cf-ray: 6a494bbd3f7ac49a-DUS
expires: Wed, 27 Oct 2021 04:54:06 GMT

GET
H3 200 css2
fonts.googleapis.com/ Frame 364F 3 KB
661 B 64ms
35ms Stylesheet
text/css 142.250.185.202
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Poppins&family=Roboto&display=swap

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.202 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f10.1e100.net

Software

ESF /

Resource Hash

bb7b8ee71b4f773281338688673b0eab5b71bf6a97be485a833c4a35374404b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 27 Oct 2021 04:49:06 GMT
server: ESF
date: Wed, 27 Oct 2021 04:49:06 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"
expires: Wed, 27 Oct 2021 04:49:06 GMT

POST
H2 200 events Show response
prd-collector-platform.ex.co/main/ Frame 364F 0
133 B 98ms
98ms XHR
text/plain 54.164.123.106
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://prd-collector-platform.ex.co/main/events
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.164.123.106 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-164-123-106.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.upi.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.upi.com
date: Wed, 27 Oct 2021 04:49:06 GMT
access-control-allow-credentials: true
content-length: 0
vary: Origin
content-type: text/plain; charset=utf-8

GET
H2 200 story-viewer.js Show response
static.ex.co/pb-story/production/70a59f4cef49d44c2c9ecb9cf52f990017fe1e6e-2021-10-25-08-33-15/ Frame 364F 574 KB
140 KB 9ms
9ms Script
application/x-javascript 2.16.186.146
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ex.co/pb-story/production/70a59f4cef49d44c2c9ecb9cf52f990017fe1e6e-2021-10-25-08-33-15/story-viewer.js
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.186.146 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-146.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 2cf2b8c3e9beb73234295a6741ce700f334b3f8f0b52f4b2b3721094b1d4220d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:06 GMT
content-encoding: gzip
vary: Accept-Encoding
content-length: 143098
last-modified: Mon, 25 Oct 2021 08:33:16 GMT
server: AmazonS3
etag: "1b64e6e65c70e988ffdff456effaa325"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: *
cache-control: must-revalidate, proxy-revalidate, max-age=604800, s-maxage=31536000
access-control-allow-credentials: false
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 03 Nov 2021 04:49:06 GMT

GET
H2 200 playbuzz-ads-core.min.js Show response
static.ex.co/cdn/content/monetization/playbuzz-ads-core/production/latest/ Frame 364F 42 KB
12 KB 12ms
12ms Script
application/javascript 2.16.186.146
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ex.co/cdn/content/monetization/playbuzz-ads-core/production/latest/playbuzz-ads-core.min.js
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.186.146 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-146.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 54992cc7785468dc624160738ef6642ed1c220bc5107e3cca971465d4db2e2f8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:06 GMT
content-encoding: gzip
vary: Accept-Encoding
content-length: 11811
last-modified: Wed, 03 Jul 2019 05:57:43 GMT
server: AmazonS3
etag: "b2294dab735d3cbca7a404cdee3e7490"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: application/javascript
access-control-allow-origin: *
cache-control: must-revalidate, proxy-revalidate, max-age=604800, s-maxage=31536000
access-control-allow-credentials: false
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 03 Nov 2021 04:49:06 GMT

GET
H2 200 pixel-sdk.min.js Show response
static.ex.co/cdn/content/monetization/pixel-sdk/production/cf3ecc7e6125d7bf47bb3f9244d2e491bd03dcf3/ Frame 364F 8 KB
3 KB 13ms
12ms Script
application/javascript 2.16.186.146
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ex.co/cdn/content/monetization/pixel-sdk/production/cf3ecc7e6125d7bf47bb3f9244d2e491bd03dcf3/pixel-sdk.min.js
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.186.146 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-146.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: b20467618c120dfd9bdce32b8332271e6e5ada13bfad4c8a4e5390c1021a601e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:06 GMT
content-encoding: gzip
vary: Accept-Encoding
content-length: 2945
last-modified: Mon, 01 Feb 2021 11:00:31 GMT
server: AmazonS3
etag: "9088978c990261c45966bd44478d5c03"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: application/javascript
access-control-allow-origin: *
cache-control: must-revalidate, proxy-revalidate, max-age=604800, s-maxage=31536000
access-control-allow-credentials: false
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 03 Nov 2021 04:49:06 GMT

GET
H2 200 quant.js Show response
secure.quantserve.com/ 26 KB
10 KB 36ms
15ms Script
application/javascript 91.228.74.198
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: d3terveqlssriz.cloudfront.net
URL: https://d3terveqlssriz.cloudfront.net/script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 91.228.74.198 , United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 72d43d4ff0adb982ce42d41ef08e5f88c1854e4c8ea6455771ace93761a067c4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:06 GMT
content-encoding: gzip
etag: "f5gpBRZmwYYTVm3LkZ0l2w=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
expires: Wed, 03 Nov 2021 04:49:06 GMT

GET
H2 200 / Show response
pixel.ex.co/v1/playbuzz-network/ Frame 364F 2 B
200 B 16ms
8ms XHR
application/json 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.ex.co/v1/playbuzz-network/
Requested by: Host: static.ex.co
URL: https://static.ex.co/cdn/content/monetization/pixel-sdk/production/cf3ecc7e6125d7bf47bb3f9244d2e491bd03dcf3/pixel-sdk.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:06 GMT
via: 1.1 varnish
age: 1836
x-cache: HIT
content-length: 2
x-served-by: cache-hhn4075-HHN
server: nginx
x-timer: S1635310146.300902,VS0,VE0
etag: W/"2-l9Fw4VUO7kr8CvBlt4zaMCqXZ0w"
access-control-max-age: 600
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: *
accept-ranges: bytes
access-control-allow-headers: Accept, Authorization, Content-Type
x-cache-hits: 244

GET
H2 200 rules-p-mEzuYq24VEJ-3.js Show response
rules.quantcount.com/ 3 B
437 B 37ms
12ms Script
application/javascript 143.204.98.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-mEzuYq24VEJ-3.js
Requested by: Host: d3terveqlssriz.cloudfront.net
URL: https://d3terveqlssriz.cloudfront.net/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.34 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-34.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:06:00 GMT
via: 1.1 f7b7cf90592cf6a380fd34cc45e9c4b5.cloudfront.net (CloudFront)
age: 2587
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 3
last-modified: Sat, 04 Mar 2017 02:39:21 GMT
server: AmazonS3
etag: "8a80554c91d9fca8acb82f023de02f11"
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-amz-cf-id: bhe4wMZ8wmwTYTCQPU4bCKyMZ_6O6JN0NEubBY0gJ4NL9LToi_yL9w==

GET
H2 200 093c7e09-6caa-46f2-8e49-ae9542d4fe24 Show response
pixel.ex.co/v1/item/ Frame 364F 1 KB
572 B 8ms
8ms XHR
application/json 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.ex.co/v1/item/093c7e09-6caa-46f2-8e49-ae9542d4fe24
Requested by: Host: static.ex.co
URL: https://static.ex.co/cdn/content/monetization/pixel-sdk/production/cf3ecc7e6125d7bf47bb3f9244d2e491bd03dcf3/pixel-sdk.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 4ea471cc6d2642d2f29b0a2b44723838c431c02919aafec809bc50a3022ed0fa

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:06 GMT
content-encoding: gzip
age: 2002
x-cache: HIT
access-control-max-age: 600
content-length: 458
x-served-by: cache-hhn4075-HHN
access-control-allow-origin: *
server: nginx
x-timer: S1635310146.303329,VS0,VE1
etag: W/"5c6-O3zrPZgNio3Vn+SHXFpF671qpQI"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/json; charset=utf-8
via: 1.1 varnish
accept-ranges: bytes
access-control-allow-headers: Accept, Authorization, Content-Type
x-cache-hits: 1

GET
H2 200 xdomain_cookie.html Show response
embed.ex.co/ Frame 8C97 3 KB
1 KB 7ms
7ms Document
text/html 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://embed.ex.co/xdomain_cookie.html
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: ef120b3854dcb45654a41cf35cbfd8bc64c3bf76116276705eb18379956e3ffe

Request headers

:method: GET
:authority: embed.ex.co
:scheme: https
:path: /xdomain_cookie.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.upi.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/

Response headers

content-type: text/html; charset=UTF-8
server: nginx
access-control-allow-origin: *
access-control-allow-headers: Accept, Authorization, Content-Type, X-PB-Referer
access-control-allow-methods: GET, POST, PUT, DELETE
access-control-max-age: 600
cache-control: public, max-age=0
last-modified: Wed, 20 Oct 2021 06:38:13 GMT
etag: W/"a93-17c9c6bf408"
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 27 Oct 2021 04:49:06 GMT
age: 7033
x-served-by: cache-bwi5176-BWI, cache-hhn4054-HHN
x-cache: HIT, HIT
x-cache-hits: 63, 1
x-timer: S1635310146.414321,VS0,VE1
vary: Accept-Encoding
content-length: 1228

GET
H2 200 poll-viewer.js Show response
static.ex.co/pb-story/poll/production/59e55f08c084c746d1e938323a4ba6cae6d65a0d-2021-10-25-08-22-34/ Frame 364F 78 KB
21 KB 12ms
12ms Script
application/javascript 2.16.186.146
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ex.co/pb-story/poll/production/59e55f08c084c746d1e938323a4ba6cae6d65a0d-2021-10-25-08-22-34/poll-viewer.js
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.186.146 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-146.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: aaa50e3a8a84228d884eeff2a8168d848d638435cb9745d02db94f4e03be7223

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:06 GMT
content-encoding: gzip
vary: Accept-Encoding
content-length: 21068
last-modified: Mon, 25 Oct 2021 08:22:35 GMT
server: AmazonS3
etag: "247f2606b345551a249465f5a4075e78"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: application/javascript
access-control-allow-origin: *
cache-control: must-revalidate, proxy-revalidate, max-age=604800, s-maxage=31536000
access-control-allow-credentials: false
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 03 Nov 2021 04:49:06 GMT

GET
H2 200 poll-viewer-svg.js Show response
static.ex.co/pb-story/poll/production/59e55f08c084c746d1e938323a4ba6cae6d65a0d-2021-10-25-08-22-34/ Frame 364F 1 KB
1 KB 13ms
12ms Script
application/javascript 2.16.186.146
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ex.co/pb-story/poll/production/59e55f08c084c746d1e938323a4ba6cae6d65a0d-2021-10-25-08-22-34/poll-viewer-svg.js
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.186.146 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-146.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: b3e30e87c06201710fafe06e22a49e033f9933c520fcae2c510c0b95ac8a557c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:06 GMT
content-encoding: gzip
vary: Accept-Encoding
content-length: 762
last-modified: Mon, 25 Oct 2021 08:22:35 GMT
server: AmazonS3
etag: "af994c3dff63d66839782fc925703a05"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: application/javascript
access-control-allow-origin: *
cache-control: must-revalidate, proxy-revalidate, max-age=604800, s-maxage=31536000
access-control-allow-credentials: false
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 03 Nov 2021 04:49:06 GMT

GET
H2 200 call-to-action-viewer.js Show response
static.ex.co/pb-story/call-to-action/production/0e0db02e95e4c97fc704d3b566f052256c8a9a3e-2021-06-09-11-50-25/ Frame 364F 13 KB
5 KB 12ms
12ms Script
application/javascript 2.16.186.146
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ex.co/pb-story/call-to-action/production/0e0db02e95e4c97fc704d3b566f052256c8a9a3e-2021-06-09-11-50-25/call-to-action-viewer.js
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.186.146 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-146.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 3a186f86f74c992bbd09e0f01bd69d0bccd170b7ab7f4a98f0f86aeebf28095b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:06 GMT
content-encoding: gzip
vary: Accept-Encoding
content-length: 4433
last-modified: Wed, 09 Jun 2021 11:50:26 GMT
server: AmazonS3
etag: "934b9afbcdf9d8c22e4003bdade392ce"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: application/javascript
access-control-allow-origin: *
cache-control: must-revalidate, proxy-revalidate, max-age=604800, s-maxage=31536000
access-control-allow-credentials: false
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 03 Nov 2021 04:49:06 GMT

GET
H2 200 adwords.js Show response
mcd-sdk.playbuzz.com/ Frame 364F 0
404 B 37ms
6ms Script
text/plain 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://mcd-sdk.playbuzz.com/adwords.js
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:06 GMT
via: 1.1 varnish, 1.1 varnish
server: nginx
age: 76129
x-served-by: cache-dca17775-DCA, cache-hhn4054-HHN
vary: x-pb-country, x-pb-embedid, x-pb-itemid, x-pb-videoid, x-pb-player, x-pb-country, x-pb-embedid, x-pb-itemid, x-pb-videoid, x-pb-player
access-control-allow-methods: GET, POST, PUT, DELETE
access-control-allow-origin: *
access-control-max-age: 600
x-cache: MISS, HIT
accept-ranges: bytes
x-timer: S1635310146.458231,VS0,VE0
access-control-allow-headers: Accept, Authorization, Content-Type
content-length: 0
x-cache-hits: 0, 590

GET
H2 200 pixel;r=593676373;rf=0;a=p-mEzuYq24VEJ-3;url=https%3A%2F%2Fwww.upi.com%2F;uht=2;fpan=1;fpa=P0-1392007053-1635310146415;pbc=;ns=0;ce=1;qjs=1;qv=bb78f58d-20211025154311;cm=;gdpr=0;ref=;d=upi.com;je=0...
pixel.quantserve.com/ 35 B
372 B 21ms
11ms Image
image/gif 91.228.74.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=593676373;rf=0;a=p-mEzuYq24VEJ-3;url=https%3A%2F%2Fwww.upi.com%2F;uht=2;fpan=1;fpa=P0-1392007053-1635310146415;pbc=;ns=0;ce=1;qjs=1;qv=bb78f58d-20211025154311;cm=;gdpr=0;ref=;d=upi.com;je=0;sr=1600x1200x24;dst=0;et=1635310146415;tzo=0;ogl=site_name.UPI%2Cimage.%2F%2Fwww%252Eupi%252Ecom%2Fimg%2Fupi-fb%252Epng

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.228.74.198 , United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:06 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 60cb441d-060d-4066-9d37-7e0841dc3a6a Show response
voting.ex.co/poll/2c344154-b35c-410b-9a25-c1f5bd1a3a29/ Frame 364F 187 B
450 B 417ms
104ms Fetch
application/json 3.215.88.85
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://voting.ex.co/poll/2c344154-b35c-410b-9a25-c1f5bd1a3a29/60cb441d-060d-4066-9d37-7e0841dc3a6a?questionId=60cb441d-060d-4066-9d37-7e0841dc3a6a
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.215.88.85 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-215-88-85.compute-1.amazonaws.com
Software: nginx /
Resource Hash: fee75e307acd84d7653f0e89c9a5b8ba09ee7562ffdff94f008d832ba28fa8b5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:07 GMT
server: nginx
etag: W/"bb-aChvIB0OtTQD7caC5olUn6LlbCQ"
access-control-max-age: 600
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: Accept, Authorization, Content-Type
content-length: 187

GET
H2 200 template Show response
ads.playbuzz.com/api/v1/ Frame 364F 67 B
442 B 353ms
106ms Fetch
application/json 151.101.2.132
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.playbuzz.com/api/v1/template?itemId=093c7e09-6caa-46f2-8e49-ae9542d4fe24&referrer=https%3A%2F%2Fwww.upi.com%2F
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.132 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 6aaf7ff9825584d4789034f1e39ada3ab1351b5ccafe4c18cc44394d25213423

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:07 GMT
via: 1.1 varnish
age: 0
x-cache: MISS
access-control-max-age: 600
content-length: 67
x-served-by: cache-hhn4082-HHN
server: nginx
x-timer: S1635310147.944310,VS0,VE98
etag: W/"43-sC0The1Lna+pr/V3rSFM5A"
vary: Origin, x-pb-country
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.upi.com
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: Accept, Authorization, Content-Type
x-cache-hits: 0

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 80 KB
27 KB 113ms
37ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: d3terveqlssriz.cloudfront.net
URL: https://d3terveqlssriz.cloudfront.net/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

32733f3709c257801029afeb0bad74918e80ae8382102a86e5b64dcde4a2b683

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1025 / 316 of 1000 / last-modified: 1635286009"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 27320
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 27 Oct 2021 04:49:07 GMT

GET
H2

200

usersync Show response
usync.proper.io/v1/
Redirect Chain

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fusync.proper.io%2Fv1%2Fusersync%3Fbidder%3Dmediagrid%26proper_uid%3Db4a7fc0c-db4e-4b6f-b365-335ad6fe45d4%26uid%3D%24%7BBSW_UUID%7D?&callback=window....
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fusync.proper.io%2Fv1%2Fusersync%3Fbidder%3Dmediagrid%26proper_uid%3Db4a7fc0c-db4e-4b6f-b365-335ad6fe45d4%26uid%3D%24%7BBSW_UUID%7D?&callback=w...
https://usync.proper.io/v1/usersync?bidder=mediagrid&proper_uid=b4a7fc0c-db4e-4b6f-b365-335ad6fe45d4&uid=afd4d911-869d-4e32-ac0a-b1787ac2e19d

183 B
386 B

586ms
172ms

Script
text/javascript

35.164.52.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://usync.proper.io/v1/usersync?bidder=mediagrid&proper_uid=b4a7fc0c-db4e-4b6f-b365-335ad6fe45d4&uid=afd4d911-869d-4e32-ac0a-b1787ac2e19d
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.164.52.163 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-164-52-163.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 0516eb01079f195180bc1aa7503faf463c1ea99e8f1375e63160d6b1f5060fc1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 27 Oct 2021 04:49:08 GMT
server: nginx/1.18.0
content-length: 183
content-type: text/javascript

Redirect headers

Location: https://usync.proper.io/v1/usersync?bidder=mediagrid&proper_uid=b4a7fc0c-db4e-4b6f-b365-335ad6fe45d4&uid=afd4d911-869d-4e32-ac0a-b1787ac2e19d
Date: Wed, 27 Oct 2021 04:49:07 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H2

200

usersync Show response
usync.proper.io/v1/
Redirect Chain

https://pixel.advertising.com/ups/58316/sync?redir=true&&callback=window.proper_5c202e33_ca5caa3a_2
https://pixel.advertising.com/ups/58316/sync?redir=true&&callback=window.proper_5c202e33_ca5caa3a_2&verify=true
https://ups.analytics.yahoo.com/ups/58316/sync?redir=true&&callback=window.proper_5c202e33_ca5caa3a_2&apid=UP37a4eea0-36e1-11ec-b5f6-064e7a5ce4b6
https://usync.proper.io/v1/usersync?bidder=aol_instream_s2s&uid=y-yUgf77tE2uFsPIFQww2mDsVk5sWvxxU9~A~UP37a4eea0-36e1-11ec-b5f6-064e7a5ce4b6

189 B
426 B

520ms
174ms

Script
text/javascript

35.164.52.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://usync.proper.io/v1/usersync?bidder=aol_instream_s2s&uid=y-yUgf77tE2uFsPIFQww2mDsVk5sWvxxU9~A~UP37a4eea0-36e1-11ec-b5f6-064e7a5ce4b6
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.164.52.163 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-164-52-163.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: ebf1daceff47ca267a1152807d20bd9182771bf67d75f46baa383ba20b069d16

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 27 Oct 2021 04:49:08 GMT
server: nginx/1.18.0
content-length: 189
content-type: text/javascript

Redirect headers

Date: Wed, 27 Oct 2021 04:49:07 GMT
Server: ATS/7.1.2.138
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://usync.proper.io/v1/usersync?bidder=aol_instream_s2s&uid=y-yUgf77tE2uFsPIFQww2mDsVk5sWvxxU9~A~UP37a4eea0-36e1-11ec-b5f6-064e7a5ce4b6
Connection: keep-alive
Content-Length: 0

GET
H2

200

usersync Show response
usync.proper.io/v1/
Redirect Chain

https://pixel.advertising.com/ups/58316/sync?redir=true&&callback=window.proper_fb19af0b_e8f8e2d4_3
https://pixel.advertising.com/ups/58316/sync?redir=true&&callback=window.proper_fb19af0b_e8f8e2d4_3&verify=true
https://ups.analytics.yahoo.com/ups/58316/sync?redir=true&&callback=window.proper_fb19af0b_e8f8e2d4_3&apid=UP37a4eea0-36e1-11ec-b5f6-064e7a5ce4b6
https://usync.proper.io/v1/usersync?bidder=aol_instream_s2s&uid=y-yUgf77tE2uFsPIFQww2mDsVk5sWvxxU9~A~UP37a4eea0-36e1-11ec-b5f6-064e7a5ce4b6

189 B
426 B

473ms
173ms

Script
text/javascript

35.164.52.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://usync.proper.io/v1/usersync?bidder=aol_instream_s2s&uid=y-yUgf77tE2uFsPIFQww2mDsVk5sWvxxU9~A~UP37a4eea0-36e1-11ec-b5f6-064e7a5ce4b6
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.164.52.163 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-164-52-163.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: ebf1daceff47ca267a1152807d20bd9182771bf67d75f46baa383ba20b069d16

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 27 Oct 2021 04:49:08 GMT
server: nginx/1.18.0
content-length: 189
content-type: text/javascript

Redirect headers

Date: Wed, 27 Oct 2021 04:49:07 GMT
Server: ATS/7.1.2.138
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://usync.proper.io/v1/usersync?bidder=aol_instream_s2s&uid=y-yUgf77tE2uFsPIFQww2mDsVk5sWvxxU9~A~UP37a4eea0-36e1-11ec-b5f6-064e7a5ce4b6
Connection: keep-alive
Content-Length: 0

GET
H2

200

usersync Show response
usync.proper.io/v1/
Redirect Chain

https://ups.analytics.yahoo.com/ups/58355/sync?redir=true&callback=window.proper_b26bc380_38864333_4
https://ups.analytics.yahoo.com/ups/58355/sync?redir=true&callback=window.proper_b26bc380_38864333_4&verify=true
https://usync.proper.io/v1/usersync?bidder=verizon_media_s2s&uid=y-yUgf77tE2uFsPIFQww2mDsVk5sWvxxU9~A

151 B
360 B

566ms
173ms

Script
text/javascript

35.164.52.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://usync.proper.io/v1/usersync?bidder=verizon_media_s2s&uid=y-yUgf77tE2uFsPIFQww2mDsVk5sWvxxU9~A
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.164.52.163 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-164-52-163.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: c72b5515a698c23213cdf3e4d3fcc5fcec9448e6e4d3ec35826000fe9d512e06

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 27 Oct 2021 04:49:08 GMT
server: nginx/1.18.0
content-length: 151
content-type: text/javascript

Redirect headers

Date: Wed, 27 Oct 2021 04:49:07 GMT
Server: ATS/7.1.2.138
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://usync.proper.io/v1/usersync?bidder=verizon_media_s2s&uid=y-yUgf77tE2uFsPIFQww2mDsVk5sWvxxU9~A
Connection: keep-alive
Content-Length: 0

POST
H/1.1 200 445.json Show response
id5-sync.com/g/v2/ 212 B
528 B 39ms
8ms XHR
application/json 51.89.7.205
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/445.json

Requested by

Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.89.7.205 , Germany, ASN16276 (OVH, FR),

Reverse DNS

p28.id5-sync.com

Software

Resource Hash

831afde69ab52d29d839de1e47c052fbed6009f7f5d555bfa686607eb9913994

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://www.upi.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.upi.com
Date: Wed, 27 Oct 2021 04:48:59 GMT
Access-Control-Allow-Credentials: true
Vary: Origin
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: application/json;charset=UTF-8

GET
H2 200 id Show response
id.sharedid.org/ 41 B
370 B 588ms
171ms XHR
text/plain 52.42.52.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://id.sharedid.org/id
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.42.52.156 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-42-52-156.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 19895b3985cfc81a26761f006ddaf2a98a51524aa9edaefa9b860e541e3479c8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:07 GMT
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
access-control-allow-origin: https://www.upi.com
cache-control: no-cache,no-store,must-revalidate
access-control-allow-credentials: true
content-length: 41
expires: 0

GET envelope
api.rlcdn.com/api/identity/ 0
0

POST
H/1.1 200
OK bidding Show response
bids.proper.io/api/ 0
171 B 752ms
176ms XHR
application/octet-stream 44.225.168.153
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bids.proper.io/api/bidding
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.225.168.153 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-225-168-153.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.upi.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 27 Oct 2021 04:49:08 GMT
Connection: keep-alive
Content-Length: 0
Content-Type: application/octet-stream

GET
H2 200 display Show response
mantodea.mantisadnetwork.com/prebid/ 56 B
449 B 412ms
123ms XHR
application/javascript 3.214.91.80
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://mantodea.mantisadnetwork.com/prebid/display?tz=0&buster=1635310147212&secure=true&version=9&mobile=false&title=Top%20News%2C%20Latest%20headlines%2C%20Latest%20News%2C%20World%20News%20%26%20U.S%20News%20-%20UPI.com&url=https%3A%2F%2Fwww.upi.com%2F&measurable=true&property=60ae66d26f5619000fb3f1b5&bids[0][bidId]=upi_728x90-1&bids[0][sizes][0][width]=728&bids[0][sizes][0][height]=90&bids[1][bidId]=upi_728x90-2&bids[1][sizes][0][width]=728&bids[1][sizes][0][height]=90&bids[2][bidId]=upi_160x600-1&bids[2][sizes][0][width]=160&bids[2][sizes][0][height]=600&bids[3][bidId]=upi_300x250-1&bids[3][sizes][0][width]=300&bids[3][sizes][0][height]=250&bids[4][bidId]=upi_300x250-2&bids[4][sizes][0][width]=300&bids[4][sizes][0][height]=250&bids[5][bidId]=upi_300x600-1&bids[5][sizes][0][width]=300&bids[5][sizes][0][height]=600&bids[6][bidId]=upi_970x250-1&bids[6][sizes][0][width]=970&bids[6][sizes][0][height]=250&foo
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.214.91.80 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-214-91-80.compute-1.amazonaws.com
Software: / Express
Resource Hash: dca5635aab5a3d3b3c2e65733455a590bd55c651b42cf5a0bb6d01992ee38fbc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:07 GMT
x-powered-by: Express
etag: W/"38-U/MCWUGUo4Fc5ZnD4U4eJtAjdGg"
vary: Origin
content-type: application/javascript; charset=utf-8
access-control-allow-origin: https://www.upi.com
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 56
expires: -1

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
867 B 92ms
38ms XHR
application/json 34.107.148.139
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CUW4K2MG
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 64571b48ede93de36274776bd4b91419735757b5bc1144321464ed3fa22ba804

Request headers

Referer: https://www.upi.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:07 GMT
content-encoding: gzip
server: nginx
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.upi.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

POST
H2 204 mvo Show response
tag.1rx.io/rmp/235414/0/ 0
167 B 82ms
38ms XHR
text/plain 213.19.147.42
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.1rx.io/rmp/235414/0/mvo?z=1r&hbv=5.18,2.1
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.42 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Tengine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.upi.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.upi.com
pragma: no-cache
date: Wed, 27 Oct 2021 04:49:07 GMT
cache-control: private, max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: Tengine

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ 282 B
815 B 155ms
43ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%22cf2bb5411fab49203c78%22%3A%22cf2bb5411fab49203c78%7C728x90%7C0.1%22%2C%2265af045d98064476e433%22%3A%2265af045d98064476e433%7C728x90%7C0.1%22%2C%228ff575ccba39cea32fe3%22%3A%228ff575ccba39cea32fe3%7C160x600%7C0.1%22%2C%22e2af3ca8ed5d3bc9f6c1%22%3A%22e2af3ca8ed5d3bc9f6c1%7C300x250%7C0.1%22%2C%22619cf3af57e11375c2d7%22%3A%22619cf3af57e11375c2d7%7C300x250%7C0.1%22%2C%22be8701653a55fea338b5%22%3A%22be8701653a55fea338b5%7C300x250%7C0.1%22%2C%228d7a181ba5b312ac8522%22%3A%228d7a181ba5b312ac8522%7C300x250%7C0.1%22%2C%229c4c249c50c5f1c2bdf0%22%3A%229c4c249c50c5f1c2bdf0%7C300x600%7C0.1%22%7D&ref=https%3A%2F%2Fwww.upi.com%2F&s=725c24b4-52c8-49e0-b251-39177e33ee73&pv=d4b84d71-eb0b-42b4-95a5-4c5a64e5dd07&vp=desktop&lib_name=prebid&lib_v=5.18.0&us=1&ius=1&userid=%7B%22pubcid%22%3A%22b4a7fc0c-db4e-4b6f-b365-335ad6fe45d4%22%7D&schain=%7B%22ver%22%3A%221.0%22%2C%22nodes%22%3A%5B%7B%22hp%22%3A1%2C%22asi%22%3A%22proper.io%22%2C%22sid%22%3A%22f87d3dee-ba65-11eb-8272-06ef03bc0096%22%7D%5D%2C%22complete%22%3A1%7D

Requested by

Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

a21c56b49a6fcb66349376a5b2eec9f9600cc84e73476b461b539910290fba7d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 27 Oct 2021 04:49:07 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-8
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://www.upi.com
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 209
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2 200 arj Show response
propermedia-d.openx.net/w/1.0/ 174 B
558 B 130ms
60ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://propermedia-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwww.upi.com%2F&ch=UTF-8&res=1600x1200x24&ifr=true&tws=1600x1200&aus=728x90%7C160x600%2C300x250%2C300x600%7C300x250%7C300x250%7C300x250%7C728x90%2C970x250&auid=544095237%2C544095241%2C544095242%2C544095243%2C544095244%2C544095245&aumfs=100%2C100%2C100%2C100%2C100%2C100&dddid=41c995ff-583e-4777-836d-4a6a272244f2%2Cb9578900-a512-4c5a-8b5b-ab8461a6c8dd%2C61e6160d-afc6-4c9f-99f8-b88210e23561%2C26fc08b5-a9d2-430d-9e00-83018b12def2%2C125f0484-82df-462d-b684-afa24e2478cc%2Cf2c8666d-9a6a-4562-bb1e-4eea1570658a&divIds=openx-980d23f0-a008-448e-8fb8-b32ce1e61e2b%2Copenx-5f10e01e-5eb1-46cc-b061-2402f9826c50%2Copenx-334377bc-b8a3-4563-abb4-13f9d8c1096f%2Copenx-766ba8e5-3965-4db8-ad50-de196e6fa1a3%2Copenx-0dc84de8-1bcc-4f99-a804-8548213fba75%2Copenx-f13365db-3c57-482c-bdcd-6172ffd1e88d&be=1&bc=hb_pb_3.0.1&nocache=1635310147226&schain=1.0%2C1!proper.io%2Cf87d3dee-ba65-11eb-8272-06ef03bc0096%2C1&_pubcid=b4a7fc0c-db4e-4b6f-b365-335ad6fe45d4
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.217.1 /
Resource Hash: 8e3a5c3ff3e57aad8c72dfe794662ebdb608177c87021e43f5580f4be5ce9c0d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:07 GMT
content-encoding: gzip
server: OXGW/16.217.1
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://www.upi.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 165
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 200 bid-request Show response
a.teads.tv/hb/ 16 B
245 B 112ms
53ms XHR
application/json 2.18.232.7
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://a.teads.tv/hb/bid-request
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.232.7 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-7.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 6a7b0c8bf87b2bd5ca31557f25cf2a6c80f93af72bf68a6085e9b55a87fe908c

Request headers

Referer: https://www.upi.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:07 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.upi.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 42
expires: Wed, 27 Oct 2021 04:49:07 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 837 B
5 KB 189ms
133ms XHR
application/json 69.173.144.140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=8777&site_id=378202&zone_id=2087932&size_id=2%3B2%3B15%3B15%3B15%3B15&alt_size_ids=57%3B%3B9%2C10%3B%3B%3B&rp_floor=0.1&rp_secure=1&tk_flint=pbjs_lite_v3.2.0&x_source.tid=1864189c-696d-41c9-8e45-e85a578fff77%3B77cb5a6c-ce22-4d5c-94e2-bb2e649f7735%3Bf997f761-5d50-4fec-b0d7-5120f020b6ea%3Bdb980f87-a26e-45fe-bccb-1bc2a4781171%3Beeb3aad5-33d4-43fc-b00c-479ce0784191%3B0447c95d-8ba9-455d-ae86-edeca4c9c2c8&p_screen_res=1600x1200&tg_fl.eid=2087932-6%3B2087932-7%3B2087932-4%3B2087932-1%3B2087932-2%3B2087932-3&rf=https%3A%2F%2Fwww.upi.com%2F&x_source.pchain=proper.io%3Af87d3dee-ba65-11eb-8272-06ef03bc0096&ppuid=b4a7fc0c-db4e-4b6f-b365-335ad6fe45d4&eid_pubcid.org=b4a7fc0c-db4e-4b6f-b365-335ad6fe45d4%5E1&rp_schain=1.0%2C1!proper.io%2Cf87d3dee-ba65-11eb-8272-06ef03bc0096%2C1&slots=6&rand=0.9381671833332308
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: a8c0bf878b46e6330e280d5ce79684fa1fd47040ad36c92a6946ba3dab66cf4b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 27 Oct 2021 04:49:07 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.upi.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 837
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 133 KB
36 KB 71ms
24ms Script
application/javascript 52.222.210.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: d3terveqlssriz.cloudfront.net
URL: https://d3terveqlssriz.cloudfront.net/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.210.175 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-210-175.fra56.r.cloudfront.net
Software: Server /
Resource Hash: da263eff6489f28a35d328a1a5895db9adb14c22c40cd35d0afce85414cac701

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-version-id: PBfT87Jypy1l_3XKxwEwol.gybzOM7El
content-encoding: gzip
etag: e2b905aea413c4d7479fb2bb9cbc6c65
age: 699
x-cache: Hit from cloudfront
server: Server
x-amz-rid: 1H4100KQBDE5S5MEKJ5M
date: Wed, 27 Oct 2021 04:37:32 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 910a343c3141ba3fe805e18bded62491.cloudfront.net (CloudFront)
cache-control: public, max-age=900
x-amz-cf-pop: FRA56-P3
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: h9Tor7LfDqfKDciWukTuBzStbh8mvwq-vB010latnH7kq-xt2aYhSQ==

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 45 B
708 B 126ms
26ms XHR
application/json 216.52.2.19
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.18.0
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: /
Resource Hash: 6f305a4c652d53674969aad80567cda78661a02f11f8d7b458ab69c4316d4166

Request headers

Referer: https://www.upi.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Wed, 27 Oct 2021 04:49:07 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://www.upi.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap4ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 65

POST
H2 200 v1 Show response
hb-api.omnitagjs.com/hb-api/prebid/ 392 B
847 B 312ms
196ms XHR
application/json 185.255.84.150
IGUANE-

General

Check archive.org

Show headers Download Go to

Full URL

https://hb-api.omnitagjs.com/hb-api/prebid/v1

Requested by

Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.255.84.150 , France, ASN200271 (IGUANE-, FR),

Reverse DNS

Software

ayl-lb-fra02 /

Resource Hash

13f06922e13fa3d08d784f75b2f61a5b7985797ebd2a82f398ec57bbfa49bb62

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.upi.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 27 Oct 2021 04:49:07 GMT
x-content-type-options: nosniff
p3p: CP="CAO PSA OUR"
x-envoy-upstream-service-time: 180
vary: Accept-Encoding
content-length: 392
pragma: no-cache
server: ayl-lb-fra02
access-control-max-age: 3600
access-control-allow-methods: OPTIONS, POST
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.upi.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Accept-Encoding, Content-Type
expires: 0

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 706 B
1 KB 345ms
306ms XHR
application/json 185.33.221.11
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.11 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

0eeb4cf7997d41f3d2f672df8d821781066e1d5bb5e68f203894e5c0000d1828

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.upi.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Wed, 27 Oct 2021 04:49:07 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 216.131.111.15; 216.131.111.15; 733.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: bcd59ed3-398c-45c2-810b-5e4ff191a1a2
Server: nginx/1.17.9
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.upi.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 87 B
179 B 227ms
107ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: 89e9e352895d59595699f79d857a155f482fbc7a7ec34b73859f106e97302ccd

Request headers

Referer: https://www.upi.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 27 Oct 2021 04:49:07 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.upi.com
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 87 B
316 B 226ms
107ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: 286edee5dde76aee398f5e9fe804bf5ab81605cf56edc91c01d951ded2538e65

Request headers

Referer: https://www.upi.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 27 Oct 2021 04:49:07 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.upi.com
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 87 B
179 B 227ms
108ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: 71e06c1f5553927942e69a3410de92fba8c8ee7a8c1a2b9f0e30ae158c411ddb

Request headers

Referer: https://www.upi.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 27 Oct 2021 04:49:07 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.upi.com
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 87 B
170 B 228ms
109ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: 7ec71d03a14db972f514cf38a518762b3ebe810235db5060b0f6447acbaa2441

Request headers

Referer: https://www.upi.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 27 Oct 2021 04:49:07 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.upi.com
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 87 B
170 B 227ms
109ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: 573c2a5a00a98df13cad353dedde0dab33ab6fb07167046d3298a83602f6a95a

Request headers

Referer: https://www.upi.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 27 Oct 2021 04:49:07 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.upi.com
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 87 B
179 B 237ms
119ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: cf62dec0c42069848f11e39256e605b7362cfc349edd36830d42820e0c6bf6a1

Request headers

Referer: https://www.upi.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 27 Oct 2021 04:49:07 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.upi.com
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
113 B 122ms
24ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.upi.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.upi.com
date: Wed, 27 Oct 2021 04:49:07 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 200 xhr Show response
pre.ads.justpremium.com/v/2.0/t/ 44 B
893 B 262ms
154ms XHR
application/json 3.126.160.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pre.ads.justpremium.com/v/2.0/t/xhr?i=1635310147274
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.126.160.98 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-160-98.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 39ec78a08a95ab41a3feb710b13f740b7966442651066dae4eea638bd306b4fe

Request headers

Referer: https://www.upi.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.upi.com
date: Wed, 27 Oct 2021 04:49:07 GMT
cache-control: public, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-encoding: gzip
content-type: application/json

POST
H2 200 cdb Show response
bidder.criteo.com/ 18 B
280 B 143ms
38ms XHR
application/json 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=207&av=34&wv=5.18.0&cb=67318293815&im=1
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Request headers

Referer: https://www.upi.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 27 Oct 2021 04:49:07 GMT
content-encoding: gzip
server: Finatra
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.upi.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 44

POST
H2 204 / Show response
hb.emxdgt.com/ 0
156 B 102ms
13ms XHR
text/plain 35.158.25.241
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.emxdgt.com/?t=1000&ts=1635310147276
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.158.25.241 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-158-25-241.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.upi.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.upi.com
date: Wed, 27 Oct 2021 04:49:07 GMT
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: security, Content-Type

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 46 B
391 B 189ms
100ms XHR
application/json 23.37.38.181
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=679380&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%22e0fe46d9-e45d-4f74-a8c4-fb152ce116f0%22%2C%22site%22%3A%7B%22ref%22%3A%22%22%2C%22page%22%3A%22https%3A%2F%2Fwww.upi.com%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22sn%22%3A0%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22728x90-1-eEiJr%22%2C%22bidfloor%22%3A0.1%2C%22bidfloorcur%22%3A%22USD%22%2C%22ext%22%3A%7B%22sid%22%3A%22728x90-1-eEiJr%22%2C%22siteID%22%3A%22679380%22%7D%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22w%22%3A728%2C%22h%22%3A90%7D%7D%2C%7B%22id%22%3A%22728x90-2-eam0V%22%2C%22bidfloor%22%3A0.1%2C%22bidfloorcur%22%3A%22USD%22%2C%22ext%22%3A%7B%22sid%22%3A%22728x90-2-eam0V%22%2C%22siteID%22%3A%22679380%22%7D%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22w%22%3A728%2C%22h%22%3A90%7D%7D%2C%7B%22id%22%3A%22160x600-1-VMhzQ%22%2C%22bidfloor%22%3A0.1%2C%22bidfloorcur%22%3A%22USD%22%2C%22ext%22%3A%7B%22sid%22%3A%22160x600-1-VMhzQ%22%2C%22siteID%22%3A%22679380%22%7D%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22w%22%3A160%2C%22h%22%3A600%7D%7D%2C%7B%22id%22%3A%22300x250-1-5gaZX%22%2C%22bidfloor%22%3A0.1%2C%22bidfloorcur%22%3A%22USD%22%2C%22ext%22%3A%7B%22sid%22%3A%22300x250-1-5gaZX%22%2C%22siteID%22%3A%22679380%22%7D%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22w%22%3A300%2C%22h%22%3A250%7D%7D%2C%7B%22id%22%3A%22300x250-2-0CS5w%22%2C%22bidfloor%22%3A0.1%2C%22bidfloorcur%22%3A%22USD%22%2C%22ext%22%3A%7B%22sid%22%3A%22300x250-2-0CS5w%22%2C%22siteID%22%3A%22679380%22%7D%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22w%22%3A300%2C%22h%22%3A250%7D%7D%2C%7B%22id%22%3A%22300x250-3-1EUBM%22%2C%22bidfloor%22%3A0.1%2C%22bidfloorcur%22%3A%22USD%22%2C%22ext%22%3A%7B%22sid%22%3A%22300x250-3-1EUBM%22%2C%22siteID%22%3A%22679380%22%7D%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22w%22%3A300%2C%22h%22%3A250%7D%7D%2C%7B%22id%22%3A%22300x250-4-fd8R7%22%2C%22bidfloor%22%3A0.1%2C%22bidfloorcur%22%3A%22USD%22%2C%22ext%22%3A%7B%22sid%22%3A%22300x250-4-fd8R7%22%2C%22siteID%22%3A%22679380%22%7D%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22w%22%3A300%2C%22h%22%3A250%7D%7D%2C%7B%22id%22%3A%22300x600-1-V1nJT%22%2C%22bidfloor%22%3A0.1%2C%22bidfloorcur%22%3A%22USD%22%2C%22ext%22%3A%7B%22sid%22%3A%22300x600-1-V1nJT%22%2C%22siteID%22%3A%22679380%22%7D%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22w%22%3A300%2C%22h%22%3A600%7D%7D%2C%7B%22id%22%3A%22970x90-1-u7bo8%22%2C%22bidfloor%22%3A0.1%2C%22bidfloorcur%22%3A%22USD%22%2C%22ext%22%3A%7B%22sid%22%3A%22970x90-1-u7bo8%22%2C%22siteID%22%3A%22679380%22%7D%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22w%22%3A970%2C%22h%22%3A250%7D%7D%5D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22nodes%22%3A%5B%7B%22hp%22%3A1%2C%22asi%22%3A%22proper.io%22%2C%22sid%22%3A%22f87d3dee-ba65-11eb-8272-06ef03bc0096%22%7D%5D%2C%22complete%22%3A1%7D%7D%7D%7D
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.37.38.181 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-38-181.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 0c2dadb13f4b203b9280e859192c2cf0a4aae9879a7f01700e4b3da8475863d2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:07 GMT
content-encoding: gzip
x-ak-initial-geo: CC:[DE], RC:[HE], CN:[EU], CIP:[216.131.111.15], XFF:[]
server: Apache
vary: Is-Traffic-Invalid,Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.upi.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 66
x-ak-client-geo: 12
expires: Wed, 27 Oct 2021 04:49:07 GMT

POST
H2 200 events Show response
prd-collector-anon.playbuzz.com/main/ Frame 364F 0
134 B 720ms
93ms Fetch
text/plain 34.232.94.201
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://prd-collector-anon.playbuzz.com/main/events
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.232.94.201 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-232-94-201.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://www.upi.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.upi.com
date: Wed, 27 Oct 2021 04:49:08 GMT
access-control-allow-credentials: true
content-length: 0
vary: Origin
content-type: text/plain; charset=utf-8

POST
H2 200 events Show response
prd-collector-platform.ex.co/main/ Frame 364F 0
133 B 99ms
96ms Fetch
text/plain 54.164.123.106
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://prd-collector-platform.ex.co/main/events
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.164.123.106 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-164-123-106.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://www.upi.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.upi.com
date: Wed, 27 Oct 2021 04:49:07 GMT
access-control-allow-credentials: true
content-length: 0
vary: Origin
content-type: text/plain; charset=utf-8

GET
H3 200 pubads_impl_2021102501.js Show response
securepubads.g.doubleclick.net/gpt/ 356 KB
120 KB 71ms
31ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102501.js?31063318

Requested by

Host: d3terveqlssriz.cloudfront.net
URL: https://d3terveqlssriz.cloudfront.net/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dcd346804a786db16b40af2672924a5b8787623f71d648a017da7e236e1b19b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 122594
x-xss-protection: 0
last-modified: Mon, 25 Oct 2021 08:35:02 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 27 Oct 2021 04:49:07 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 142 B
127 B 589ms
551ms XHR
application/json 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.upi.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

server-52-222-210-175.fra56.r.cloudfront.net

Software

cafe /

Resource Hash

9506a0fac1f968b60845afa8d68e282f5f1caa3fae2864c19f8b06f0ccf83838

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 27 Oct 2021 04:49:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 102
x-xss-protection: 0
expires: Wed, 27 Oct 2021 04:49:08 GMT

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 26ms
7ms XHR
application/javascript 52.222.210.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.210.175 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-210-175.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-version-id: c91ZTIbLZrDqT0mloV_AD7.LNsTlhW69
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 82006
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Thu, 07 Oct 2021 01:02:33 GMT
server: AmazonS3
date: Tue, 26 Oct 2021 06:02:22 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 474733f16f494ddb794b4f7dfd7de967.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA56-P3
x-amz-cf-id: D9Ighea_E_MvNvflYXK4myMXVfLOSHEvBKrhnd7_i8dGjArwv2qnIg==

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 1 KB
2 KB 13ms
13ms XHR
application/json 52.222.210.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fwww.upi.com%2F&pubid=cb3b5777-430d-4622-b7fc-358cfa27d518
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.210.175 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-210-175.fra56.r.cloudfront.net
Software: Server /
Resource Hash: 1b490f3ed06b7c1f2734d74930bf3f5dee77f473c8e01c703d442c12f49e908f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:04:20 GMT
via: 1.1 910a343c3141ba3fe805e18bded62491.cloudfront.net (CloudFront)
server: Server
age: 2686
x-cache: Hit from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.upi.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P3
content-length: 1347
x-amz-cf-id: mSOYoZbDhoNfvFNrkJhXzWNROsyCo_0gm7wvICjIEao1YL1Zev4oEw==

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 23 B
490 B 45ms
45ms XHR
text/javascript 52.222.210.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.upi.com%2F&pid=662kQSfNS1e8b&cb=0&ws=1600x1200&v=7.69.01&t=2000&slots=%5B%7B%22sd%22%3A%22desktop-6%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x250%22%5D%2C%22fc%22%3A%22USD%22%2C%22fp%22%3A10%7D%2C%7B%22sd%22%3A%22desktop-7%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22fc%22%3A%22USD%22%2C%22fp%22%3A10%7D%2C%7B%22sd%22%3A%22desktop-4%22%2C%22s%22%3A%5B%22160x600%22%2C%22300x250%22%2C%22300x600%22%5D%2C%22fc%22%3A%22USD%22%2C%22fp%22%3A10%7D%2C%7B%22sd%22%3A%22desktop-1%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22fc%22%3A%22USD%22%2C%22fp%22%3A10%7D%2C%7B%22sd%22%3A%22desktop-2%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22fc%22%3A%22USD%22%2C%22fp%22%3A10%7D%2C%7B%22sd%22%3A%22desktop-3%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22fc%22%3A%22USD%22%2C%22fp%22%3A10%7D%5D&schain=1.0%2C1!proper.io%2Cf87d3dee-ba65-11eb-8272-06ef03bc0096%2C1%2C%2C%2C&pubid=cb3b5777-430d-4622-b7fc-358cfa27d518&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.210.175 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:07 GMT
via: 1.1 910a343c3141ba3fe805e18bded62491.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P3
x-amz-rid: HBTQMB2PSZHW46XX9550
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.upi.com
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 23
x-amz-cf-id: MzB_RsG_Ijx9_8_2GbUR3CETOnkr8FP9GfO3uB81WTEEKx_YA9gJQQ==

POST
H2 200 s2s Show response
eb.proper.io/ 267 B
736 B 202ms
179ms XHR
application/json 104.17.79.34
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://eb.proper.io/s2s
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.79.34 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b15f5bacf31ad09cbf6a95266f322fec8f9832a7131c1e2d79785bba7e03c53

Request headers

Referer: https://www.upi.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:08 GMT
content-encoding: br
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.upi.com
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-timing: dur:152
cf-ray: 6a494bc99daac49a-DUS
expires: -1

GET
H2 200 ats.js Show response
ats.rlcdn.com/ 184 KB
57 KB 36ms
8ms Script
application/x-javascript 13.32.99.88

General

Check archive.org

Show headers Download Go to

Full URL: https://ats.rlcdn.com/ats.js
Requested by: Host: d3terveqlssriz.cloudfront.net
URL: https://d3terveqlssriz.cloudfront.net/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.88 Seattle, United States, ASN (),
Reverse DNS: server-13-32-99-88.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 489d91bed61ef8d1c31f9de5b1c13777a03ac0864206094dd594ad82ef266ca7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 10:28:42 GMT
content-encoding: br
age: 66027
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:469675294282:build/ATSLibrary-prod:f3f3bcb1-d653-4795-a242-0bc52f20e334
x-cache: Hit from cloudfront
x-amz-meta-codebuild-content-sha256: 7fac56bbf391534ba4d108d9d1c5ede96a619703863f7695a7d7c98a8fea4662
x-amz-meta-codebuild-content-md5: 99ea7c9ae879eabed07b623c4b48c3a2
last-modified: Tue, 26 Oct 2021 10:28:36 GMT
server: AmazonS3
etag: W/"319188f4e162198ee578ba6e65904ead"
vary: Accept-Encoding
x-amz-version-id: aNI79gymn36SdL1OCQ9XQoRn1j6ap8oY
via: 1.1 74c5b19a4695b76162adbf07ed9ef371.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
content-type: application/x-javascript
x-amz-cf-id: ZmlkWakzyJYrDYN177z6sY7lz5eq75vukSftfDoYEpMi_elKRMCErw==

GET
H2 200 id5-api.js Show response
cdn.id5-sync.com/api/1.0/ 35 KB
10 KB 67ms
40ms Script
text/javascript 46.105.202.126
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/id5-api.js

Requested by

Host: d3terveqlssriz.cloudfront.net
URL: https://d3terveqlssriz.cloudfront.net/script.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

46.105.202.126 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

eb6883bc39782219d9eb3868c4e21acbdf949cc1a13bd35fb86bcb447488a977

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-cacheable: Matched cache
x-cdn-pop-ip: 137.74.120.0/27
date: Wed, 27 Oct 2021 04:34:16 GMT
content-type: text/javascript;charset=utf-8
cache-control: max-age=3600
x-cdn-pop: sbg
content-disposition: attachment;filename="id5-api.js"
accept-ranges: bytes
content-length: 10053
x-request-id: 69828961

GET
H2 200 / Show response
geo.privacymanager.io/ 30 B
596 B 42ms
15ms Fetch
application/json 13.32.99.35

General

Check archive.org

Show headers Download Go to

Full URL: https://geo.privacymanager.io/
Requested by: Host: d3terveqlssriz.cloudfront.net
URL: https://d3terveqlssriz.cloudfront.net/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.35 Seattle, United States, ASN (),
Reverse DNS: server-13-32-99-35.fra60.r.cloudfront.net
Software: /
Resource Hash: e257df7266563e157bb7df93fd09c6d13afb1c9554468b21c7378e09a94d3250

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 14:32:34 GMT
via: 1.1 8af5231b014ab5e8c35000dd4cf4b68d.cloudfront.net (CloudFront), 1.1 b4904c5988fd0eaae341a12cc47f3766.cloudfront.net (CloudFront)
age: 51394
x-amzn-requestid: d87f3495-967f-437d-8078-e94f111dea54
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
content-type: application/json
access-control-allow-origin: *
x-amzn-trace-id: Root=1-61781182-38365ec32fc195c136a748b2;Sampled=0
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA56-P3, FRA60-P3
x-amz-apigw-id: H0esYGB5joEF3VA=
content-length: 30
x-amz-cf-id: K6LlJUsM2g9-_4LXZAXG73QuyFo4l6mb9BU7RLQGzFUjPPGv3UbWMw==
access-control-allow-headers: Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
716 B 748ms
25ms Script
application/javascript 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.upi.com

Requested by

Host: d3terveqlssriz.cloudfront.net
URL: https://d3terveqlssriz.cloudfront.net/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 27 Oct 2021 04:49:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
520 B 1121ms
397ms Script
application/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.upi.com

Requested by

Host: d3terveqlssriz.cloudfront.net
URL: https://d3terveqlssriz.cloudfront.net/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 27 Oct 2021 04:49:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 69 KB
21 KB 321ms
321ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=547274702019240&correlator=355972780172078&output=ldjh&impl=fifs&eid=31063318%2C31062525&vrg=2021102501&ptt=17&tfcd=0&sc=1&sfv=1-0-38&ecs=20211027&iu_parts=5376056%3A1009753%2Cupi_leaderboard%2Cupi_right_1%2Cupi_right_2&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3&prev_iu_szs=1x1%7C970x250%7C728x90%2C1x1%7C300x250%2C1x1%7C300x250&prev_scp=post_id%3Dunknown%26member%3Dno%26split_version%3D9798%26proper_site%3Dupi%26proper_slot%3D1%26tags%3Dh_desktop%252Co_desktop%252Cm_desktop%252Ce_desktop%252Chome%26proper_floor%3D0.10%26s_depth%3D1%26refresh_count%3D0%7Cpost_id%3Dunknown%26member%3Dno%26split_version%3D9798%26proper_site%3Dupi%26proper_slot%3D3%26tags%3Dh_desktop%252Co_desktop%252Cm_desktop%252Ce_desktop%252Chome%26proper_floor%3D0.10%26s_depth%3D1%26refresh_count%3D0%7Cpost_id%3Dunknown%26member%3Dno%26split_version%3D9798%26proper_site%3Dupi%26proper_slot%3D5%26tags%3Dh_desktop%252Co_desktop%252Cm_desktop%252Ce_desktop%252Chome%26proper_floor%3D0.10%26s_depth%3D1%26refresh_count%3D0&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1635310148&dt=1635310148378&dlt=1635310145009&idt=2760&frm=20&biw=1600&bih=1200&oid=2&adxs=309%2C1066%2C1066&adys=166%2C958%2C1920&adks=1840319393%2C1870747140%2C1464917774&ucis=1%7C2%7C3&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.upi.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=982x262%7C357x250%7C357x250&msz=982x-1%7C300x-1%7C300x-1&ga_vid=2040292321.1635310146&ga_sid=1635310148&ga_hid=512340476&ga_fc=true&fws=0%2C0%2C0&ohw=0%2C0%2C0&btvi=0%7C0%7C1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102501.js?31063318

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1655da064c08505df00935ed53ef610b6a31d894f86191cb3552d5a9b9542644

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:08 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 21875
x-xss-protection: 0
google-lineitem-id: -1,-1,-1
pragma: no-cache
server: cafe
google-creative-id: -1,-1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.upi.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame C895 6 KB
4 KB 120ms
31ms Document
text/html 142.250.185.65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: d3terveqlssriz.cloudfront.net
URL: https://d3terveqlssriz.cloudfront.net/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.65 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.upi.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Wed, 27 Oct 2021 04:49:09 GMT
expires: Thu, 27 Oct 2022 04:49:09 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

POST
H2 200 events Show response
prd-collector-anon.playbuzz.com/main/ Frame 364F 0
133 B 93ms
92ms Fetch
text/plain 34.232.94.201
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://prd-collector-anon.playbuzz.com/main/events
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.232.94.201 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-232-94-201.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://www.upi.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.upi.com
date: Wed, 27 Oct 2021 04:49:08 GMT
access-control-allow-credentials: true
content-length: 0
vary: Origin
content-type: text/plain; charset=utf-8

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 23 KB
10 KB 290ms
289ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=547274702019240&correlator=4427322921829426&output=ldjh&impl=fifs&eid=31063318%2C31062525&vrg=2021102501&ptt=17&tfcd=0&sc=1&sfv=1-0-38&ecs=20211027&iu_parts=5376056%3A1009753%2Cupi_sticky&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1%7C728x90%7C970x90&prev_scp=post_id%3Dunknown%26member%3Dno%26split_version%3D9798%26proper_site%3Dupi%26proper_slot%3D8%26tags%3Dh_desktop%252Co_desktop%252Cm_desktop%252Ce_desktop%252Chome%26proper_sticky%3Dtrue%26proper_floor%3D0.10%26s_depth%3D1%26refresh_count%3D0&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1635310148&dt=1635310148450&dlt=1635310145009&idt=2760&frm=20&biw=1600&bih=1200&oid=2&adxs=-12245933&adys=-12245933&adks=784876494&ucis=4&ifi=4&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.upi.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=728x-1&msz=0x-1&ga_vid=2040292321.1635310146&ga_sid=1635310148&ga_hid=512340476&ga_fc=true&fws=640&ohw=0&btvi=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102501.js?31063318

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

382549d98ba387ae375d34d23a57c24710b0451066e79346fda5754e40f92692

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:08 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 10074
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.upi.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 container.html Show response
2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame C711 6 KB
3 KB 59ms
30ms Document
text/html 142.250.185.65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: d3terveqlssriz.cloudfront.net
URL: https://d3terveqlssriz.cloudfront.net/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.65 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.upi.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Wed, 27 Oct 2021 04:49:09 GMT
expires: Thu, 27 Oct 2022 04:49:09 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H3 200 container.html Show response
2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame BA07 6 KB
3 KB 35ms
33ms Document
text/html 142.250.185.65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: d3terveqlssriz.cloudfront.net
URL: https://d3terveqlssriz.cloudfront.net/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.65 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.upi.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Wed, 27 Oct 2021 04:49:09 GMT
expires: Thu, 27 Oct 2022 04:49:09 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H3 200 container.html Show response
2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 1B11 6 KB
3 KB 24ms
24ms Document
text/html 142.250.185.65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: d3terveqlssriz.cloudfront.net
URL: https://d3terveqlssriz.cloudfront.net/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.65 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.upi.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Wed, 27 Oct 2021 04:49:09 GMT
expires: Thu, 27 Oct 2022 04:49:09 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H3 200 container.html Show response
2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 005B 6 KB
3 KB 23ms
23ms Document
text/html 142.250.185.65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: d3terveqlssriz.cloudfront.net
URL: https://d3terveqlssriz.cloudfront.net/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.65 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.upi.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Wed, 27 Oct 2021 04:49:09 GMT
expires: Thu, 27 Oct 2022 04:49:09 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame EF2B 624 B
947 B 92ms
33ms Document
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnoIxCA2vS7Ahit0ZG1ATAB&v=APEucNV2_UxNMiOBpDDUBVA6PW6VZVW6e7APk_NHV4YtQZ8rqopEh4AhwHTwQy3upauN7cbhn7_EF015c_JLvnVcJLCqbsdK9Kw5xyLj9XYeWXUBwjIuR2U_sbD2u-3l20N-5gOx1eXvW_SfnP56IRmLBQe2lyLwYnezTeJBk1FKJDUbtm-zwe_S78JCug7y5r8oNazXgJ0f

Requested by

Host: 2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com
URL: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CPnoIxCA2vS7Ahit0ZG1ATAB&v=APEucNV2_UxNMiOBpDDUBVA6PW6VZVW6e7APk_NHV4YtQZ8rqopEh4AhwHTwQy3upauN7cbhn7_EF015c_JLvnVcJLCqbsdK9Kw5xyLj9XYeWXUBwjIuR2U_sbD2u-3l20N-5gOx1eXvW_SfnP56IRmLBQe2lyLwYnezTeJBk1FKJDUbtm-zwe_S78JCug7y5r8oNazXgJ0f
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 27 Oct 2021 04:49:09 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
set-cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure IDE=AHWqTUlymLHUEOyjPFA0ACvHYj8KPJZIirKjFan0BR4S3xKgdWd8bTCyf_859MNJ; expires=Mon, 21-Nov-2022 04:49:09 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
expires: Wed, 27 Oct 2021 04:49:09 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame C711 12 KB
9 KB 96ms
48ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DEsZhG7TOgXKUKK44INbvWszcT6PXGCLlyZ6wGXdwaSiOtYTy7tFRaXegjt9bv3CFV-KQTBrYryzevH38SsWt1ShPSUm0X2Biy0vg3VVEb3qVFzkdGLjXWFq5LcofdcdVPwVh6w8rMddwOWQJO9lAv-HX0wQ&dbm_d=AKAmf-DAGEbR1VjkeY6xnTreSzuJXrluEw30lQWCaLjexxeUg_uIoKhY1VxZwdUuHKTYS2Gf4AWGtw3kdz3Hf5JU3aSRI4xFTi3nc3QPF7hgBZhH0PEKi-56i8WvIpZRmFRIuveWuY-33abfS_DK2owKWU0mFkvU4-pyA8qjAYPONvZfQp91bcVaEX3vw0dXJxl8U5vBVhqB6FaeZAWlxWNOx7a0fK_itIOJHS9MSWp8HdQEm0QH4bsvmEuNIf8F4G3BjHHZlNq5iROBJInuIW2wG9jGtu_pmxuN-4lji9CwmiP-R5Wj6DXplUyMzHkqojUu4xVJX4bxwm2G29Beax7x0rAqb_M8AU16xvdkpxa2PaegQEoU8r75Y2QsQH5Yb10DHjUBrw-o6azNb8KNV7HGI2BvavajyqA04vCdNk0kz-boJVMHEdBlfH2LgqAAIvdZY3IZRpq9r9Fi9AD3wQJWiLsoKIpl6fmRcK5NbIzcX_eYDX92-xethq-HtMt2VSqEbt7a9srJl2Y4Plg2oxOrEBmebe8SXHk9GacEp-_rNdIUK_VtDCXWa-0OirrG9cRsvk9mqZJtXll8E6bmgKaTRg9FnJG_xFN7mIExtRiby4lkJJvtKN8YPMCF-giEAewqZ7IdWz3pimXplO9rRluWlpQoLuPahZUiwVdsETqgL6tFz6t2MGVk9_2lj5YbodKjXbHszFkMlqgBUAHVskvrkttlPj130Af6ULkHe6BSi5hbrur4U1ApTNetq2e_5srNxf0s-F-2V-ngyNCmsHhnLw3Nu7x3MS25q6ghH437jJLUTWHKKEMtiZEr63MEzvWbtboMLDjRtXskT2Kkh9GS6Ib52wQNeSj2FK7ti6HFgVwAHijDFxdtM6-5oG4eH9r8afZKrqOe-uJFENBTjVHz9ED7osghnjXD39wvOXhmXxWsyq2nBZ-uWUFDHJm7EUiyDe7z-cdhydDezYG-s6YnVmuGlv15fL12M77A22hB-gYWGx_6w9oEEIsVs2Vld1bMdhqDZ6b_q181zlX5I6CzqDnSDdWBEzMch9ACWDwqGiel6HurFdoqeYorHT0SmBKqBfqGiez_PI_9uDB3ySrR5qadkXngBR9PZbBdJZAX42CpqxWtDZpmhsIesCjolJrqYcqdeO-0n7EmlF-GdhKZDnbccenzjdm5hHjWWcQz1DI0kfHnhwNlVMD_-DuzewNU0CnxlrF_ESbP2-twcin6iM-cGEy7op6yEgVe9E1Z-HOhWIGIwFELjNBlZJx4xqsLwwC1XQrZJdrGgESiJzPD501cHJ4cap2dZQZeDpj9lZzYTqTTTfWv9rIAJKoN9uCNH0gje846QpueKxb3efOTiXMKzhu3ZX8J14xHiZboD_6z1bchpFE-7Mwqs_rAXMBVVxBW0auKdxIBYhm8MZ1amuGhvn-e6A08wrWC61KenuhxckxC7bqRzltRCmrLM4FIk1lkB5bexesRXIicRIGsFY06LBUfxrsGNHTenrOnxvfHP_DwjeWK9D6BOoNZRJm47rGRRobn1HD50iYuGD1Ocis_aUg13SWH976IF28unrsBnWSXjL8KKPpii2gOTBH9d1wIgLrjTALVk_bMvZ8qzKTOJAyVtEdwBjxc3hAGxh8srG_BjzhNw2rR6Hmlie1CYzkDEJPwqgvyuA_3sU7BvuYp3520JLiBvAn7eUnno0VamtKoNUn0jfzYe7sD8AmseHMq58ZmqqPGdyFYAM3Bytb8_71BRX8QaN9DTr1DNxMi20FyYWgAMhELMCzc7bOP3B0C-o21gXoGacVRKLMj7WXkfSpxKfk1a_q-hJ803ivrtUnG-gsSXY8yeMUEqCFty7Q934ACEi2im7maVgf6DqLLu8ciDuYbW70Kl9uoW9RqB_RmtIvw-_A_CpOaIuHVl8JfJ10gfHjXqqpS9eF5-xBx1Ge00OZG35fmkhP_Rv2t4CEgIY_-VRlL6c9mxj11gBQLhnrUqAbwIaF9OufSAE-1BZALosK-1jxTE6A-cCRWueOOK2Xkazw-UAUBJ0xKq_ZAQK4NFa893cnTYDPsdBLVZTFnq_xObk9pwiN53sVk8Sw_3R9E3eNTztzboQMAt13Dy15tPKnzGfE8ZLVGtKnFZvv1rBzbYJXBBwVTGzwjIsui_pTy8AL8HIEh63AoXbtQUnTzK9imjZ7KbVb4vdQNehsQGIt52WFC-yMIH_3L1N4yzJ__ql0NG5zr-_MAPw_Mxd4iL4YtD5ZQWVD45LEZv0jw5LbwN-kg_oI0aYN3zROfKJIaS8m0_p29hzEIA7pwPd01OuqyBcTK9FD3aLrSKAdqri20kBMM8Dy8jjMbBBLMH-QPBljA_O9Okr-dMrHirjKInjicRSoZ5A1d__Z5Ci9hEgnBaCG_SmspkvDvaAvbqVB1r8JgR7Ljpl6xbxaPZ2VIxpLZrxrwnQRYAFAAYLsq32RqJhNjjvp33nbRY7dqfekEEKmfqkjoW_apdzE1jm5vhZv0gREwYGo87s9gxSDohFtEfcgRMErzYnAnPuHT0i-dzmdCJu8mjMtMeseDOetmDocOtlTgsOTq6gqs3oCz5Zu99PenQa9YZZimNlYB49mguUmSkUTHMhjZCF3ok3W5gIGu7_vI_S51jEiGyp5A8BrqFx7Vk_c-h4hiQkLlDcYpHYWclMC0Y24aytuX7hZ6MfUVu0WAtCu3eVXE0DmD5ApIhEU-D1x0z9tZv5gNTgQ&cid=CAASFeRoOE12AiTuYkSErhbIH-H9T9eoUQ&rfl=1%2Chttps%253A%252F%252Fwww.upi.com%252F%240

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cee8b19d286930888e13479359a1ab37eae50920604993b4ffa628811a2a1842

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:09 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 8796
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame C711 42 B
465 B 84ms
46ms Image
image/gif 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CaChuMxO1UA_vsoCR815PyF6NJZPUbSie2AIVuBpmuPO46Ajs3ZqYQH7FhqMyWtEdqZKRogPT_2rD3teTyyvkEoM7uhezxD_XB7uzWvSSSLbyH8uY

Requested by

Host: 2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com
URL: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:09 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adj Show response
bid.g.doubleclick.net/xbbe/creative/ Frame C711 57 KB
19 KB 117ms
43ms Script
text/javascript 74.125.133.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNWNOeo0r0O0FyDABGQcgkWRRlcqAIAg8IykKbbaI7cfMd8sov8&d=CnkAoCZ_4Gx_xoxZd2CIAp1RD5GCbWhNuZqUVij38h6hihS_sDI-HiUJ3alF95cj5uEYSHZyZshsJmLg9-Q7GjFcvL29QZuq9XizRtHx3ZbTD3sdtwtC7wZ19gSpBID7ZPbA6wij9bDUHuRUW3N1n-KKhyUWOWsmCAftEokTAKAmf-A_YxRAtbjJO2NPeFCmRWEDBoy1GYIXkpyLTuCavNqSSkJip79NoPh3EqnpjQStqmmSU5ZQWhY6c1eHnFWdKTWj0_-Foo1qzDzePiRAyd4WlctQ4Z2ckHNrbj80d0OySyMZrjmkzziYWzAT42HbDW-dcxIj1BE5rb8ND0FWIb9y-X1Zc6l0Td0dbUSGBGsabcVExI-TwB7gsDNMolQNguIZpBeHYwliQxumNHRERKGIpVW70qtIeN2xaipScYWeBgyh6WzVkd5NgAkRK6UC6cCwIYSRVzNWz7QKvqz2h_AVnE3ICuAeH61WK5OJLKbvRetItCurh0epwGx67Ep6SU93y_WiT7azPo9Xo6q5wpo_lNNyJT3LRgoehipDF9siclei3z0_fAWz6sldjTrp4i4kS1rgdyAJnSH1JLaXpDpD4NKBrLyjB0Gy1_KqqrKDMD_MxnBuDDGvJxSLCghaSW3JtvFHn6va0edAFMcETGYKlKQQTAqT6fVz960Zsbuq2ojpbFzmiBtAjEsEBoYJ2NtE7mdlS7_wITvF6z11A9NrbApaJpk4vxHvhJgau5qYtiDNDHwfuEoMPuKC4vTlJarTEZEfDjUqFKljBjVKbk89pS_JEKtAWDBedBv7o1YbAYRGHXPmou2eb7zGPuuw9SfMSHfyp02jj_Fq5Jv394rdj2gTd_MrTWVy3CIibO0R0YagchOJnpyeKGMgBFwrusMwBlcknewIL6OV9ojRLbZAggq8Sgb4P4lB43t2Csn4wWutuwUwR65HrDCrQgPWjLzOM5ygCWWY9e5oaBoKeFnp2IQhCLv1QVyc3PZfGjCEs3UbHj4YFarLjtzVJqYtU54EQG7_Va298F3aj8HH_rDdGDOmeZzI2J4nxWGzdxKa9w6EyE7SdRvWVXM5weorLR5ahsW_9jm89ZxnWd0OriH8GamhEb4-VimUrPOmoYSvuN7awepEFx8p27mV50_ILJZHzH5GvjUbbjLO1DzwvniyLyKQQGlx1HvpLIKmsgndqsEM5kTq8tn89cE5h5bfy_BDVTyOmor8AbsdoQLAvWddOJH34T_1XovjuqKBRiiTs8CCrxGZxLEw4O2fVPyKC0-z1SZPdPnTQ6-SQPYsEpj_jDIM7a59ZhnDUO1C5G81tU2WImEd9O1LL4AlfUVr7vWjHGrNtpsZ6INhRLaEdhtueRrG_IdT2LgT_OK8NxgPM41MmqJuKk4jZSfqmzA1nAki3KGFfOJ9RkZqZN1gTvR5lnzAqlZR1f95gP5TvJjEzbnhMZosi_bjaKaMtrFrzMiUbtHvXH93qGYl2sR8PKhr_PcTAMgV8407_4GKPwhQXeLiny7wydgNj1BsbSte5boPmvnxam4vTwP8x9PnezFD9-9rrAfMxjAbOHWxCUhS6uPi03DTRAYx1KuHrx_ZcZJzoNfK-wqSWs0Mn95zlrkT0npg-6KTVL3moiskaD8VROclLmGWapVBNHBQsq0p5AOLQz_es4c5q9UZQiRYGwwisvBXYkTIny1qq6GtwT0Qh9GyqWwM_ad6717jEF0UvbfxjWtjWKUwfytR7F2QDxQSEd9p-0RKiADnrX93akJPltJKrCVrCX7e51A2hsfgAe_VOdfogttP1ICN-QpK8XZ96ErDaPtypXn9u6MpLaBgaizx-Icr3CfPK7dscLZtgd37_PB987_fwNpkQOhpNLr1fcoP1XL0kSJwr_K-v8iOpy9bFvDhIXKc7ymrEEm7lpNTrGgi25KaZYcbgVvUqAWL4klHJFGP0_9OvJ16ynmgp-o4E2TIi-AODYoiKJgA6ihqFSHcNzRE4RCNR_ijZ82jhz9kU8YnBrjfw-KlXDNwGXn6XCNifhfJzwo3tVhCttTbJMTawMujahMQwCLmlqpfsFFnyVrgw4QC_sU6JphucOV9qEbiOq6rYR-E-Sod2ZXdCcgUyu_iV7JU6Nea79PnbyHUOFNxteb3ahQZAslqR2uRuebBnBCs44NF9U7LpPVjWnV5Ifj3USebD6U26w3QA8blf2cxMJyNhTSeJqZmOtzU4Xyd7eJZ8Wr9wk34MPtOERp9gxdPGUxwkrqei17R--SAtl9JUeuwULSSL_NDzGdXlvUOWGI3FjOJ999ycCroDCsLEwzSIk27Xb6Jk8tV0DzD2HlQ9djOFSlJBCXfVyzV2hc6f7sbJ2nM-H6aAtfYGqmADdQ91bo-y6hYHSZvCCzSYnIDJLs1TMIPb7G5re-4R5EfLWndXLuyQnybyyFAM22RGloEJSue9nl2BShyUXdO1bAIATpAkHQyiVjZjKvZnMI86OKX3ijf50laQgXfc-Y38PMfAw7akRcZVcFtp01J0KDAJ4-2YNoVjTwYO143dGisxxBwUytdhUAKlp_MYeQfFm_uOwlPJ7XRkJRke4V6N48dxZltAOtcvc718wAxTDR6zLuNNye5Aoc4C05lDSxuzzI5YnPSR2SwCOEA4tlLhvPqEcS8F-XXWp2xBp-6kfVnFzC7D_lZYAicxAbN5buMZk0IAcD12Suv6miT-IEUw6UhaqBvgrqRSGLLwG09eSm5LtH3d32ehIXTw2UTcjQ1ftHl-i6japNYKTx2KyKQ_KsyugHYlRCRbr8qdPLJCZonKNJ0ry1l5NEhl-OHI7bv_d9UtudW-s2yMfb3nyQdQFiAeCj5b4qzR0xHpr8KSxW04LBYosIiOQEGPAYiI4zFH93p407iVswo7WTUxYfCOoyWB6vpnd-hwX_qEP9dUqNTIVeNTb3kXZ956BovfHE6hg9o09JjnJanGnuzH_g7ZZt1EyO1hqDRC4yKZv1lGhB1sr3XBjMT5b53Qs05EtrIY4iB-utGctrjfyquyYJMdAM3ZV-5_7Hvsj6jTw65JQ5G4rscILEsqQXJ-HwLDmynWucA0w5RkC9ScDve1OAJjimSPgmawl20zlaKh0pd-xlIi6Td4iwL8ETRlD002wTEK4IVEp7DI2-CB6uRH9qJlzmvn8J4PVGS6511Of4cRqrBrrcuDH-qC2zbEm-kuoCPpPN1yBoOMtnfPaHg7OsGjhij_z7aWjJwPyS02q96HeIa6EZccNeZTd0dxe-UOVhDvuN6IuACc7R_saHS4spPq-bMBLDq0Ze0K0fjJldxyR9lhNQUtkJe51JH4i98NE1xJcdOodtkxU1bZlwZqTVkJ1bqQEYWBDTPqHVzbTOavS1DYrs7IV_PmU4z8b98CsQGy4xoeRBYBKMACGzBJi-YhM4aGQgAEhXkaDhNdgIk7mJEhK4WyB_h_U_XqFFgAQ

Requested by

Host: 2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com
URL: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.133.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

03d086934486e27d8ec46aeb6989d48638fea231f3583f34bd04b3d7beebcbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:09 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 19044
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ca Show response
choices.truste.com/ Frame C711 27 KB
9 KB 26ms
7ms Script
text/javascript 13.32.121.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.truste.com/ca?pid=digitas01&aid=hpeus01&js=pmw0&cid=2&c=digitas01cont8&w=728&h=90
Requested by: Host: 2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com
URL: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.66 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-66.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 3788fd5bc183eb2e3f1ce97eefe6ddb3ab7dbe23ece37da3258fd8e4718074a0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Oct 2021 09:07:06 GMT
content-encoding: gzip
server: nginx
age: 70923
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 bc0a0f9f99d36a68240a31a25e39addc.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: quEe5GwmTtCFF05p4t1UHP2iaRCYrXSjvoXGCfpaCwKMpdCzjLazVA==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211020/r20110914/client/ Frame C711 3 KB
1 KB 111ms
39ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211020/r20110914/client/window_focus_fy2019.js

Requested by

Host: 2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com
URL: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0bb775e23934c5478dab7517dbf8a614834c96e926c4498b734399eb8a2e640d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:45:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 207
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1426
x-xss-protection: 0
server: cafe
etag: 18061233391346882222
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 10 Nov 2021 04:45:42 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C711 120 KB
37 KB 29ms
28ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com
URL: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eaaa6059ef4c9ca12e78fcc03ae77ad4cbf05dc73c1fedf64b28a632868bd829

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 37344
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1635161763799786"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 27 Oct 2021 04:49:09 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211020/r20110914/client/ Frame C711 14 KB
7 KB 95ms
23ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211020/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com
URL: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2698e1ed89c87280fe92182e5297140eda834b052703156646719cd5e90fc29a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:41:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 481
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 6286
x-xss-protection: 0
server: cafe
etag: 17196531676875957370
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 10 Nov 2021 04:41:08 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 49E8 624 B
558 B 41ms
33ms Document
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnoIxCA2vS7AhiEkpG1ATAB&v=APEucNVJxBIRLkgJjC14eKoDM36IBYCZqK3B4xdi1QTukqPsjP6eYV_fWGt4mtf7Qyu2CyT_pl3fMp2hjir9FM3WXANNrQhuKphKv4hcLT24qPNi2xrGotvzpmLYS4iqef2ehQsyvlnOlG6lRKva3rtvKD0k4qwxbg6b5a7p1tSirgGA1LVf1zYeO-xkrmCN8k_D8lzW4RU7

Requested by

Host: 2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com
URL: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CPnoIxCA2vS7AhiEkpG1ATAB&v=APEucNVJxBIRLkgJjC14eKoDM36IBYCZqK3B4xdi1QTukqPsjP6eYV_fWGt4mtf7Qyu2CyT_pl3fMp2hjir9FM3WXANNrQhuKphKv4hcLT24qPNi2xrGotvzpmLYS4iqef2ehQsyvlnOlG6lRKva3rtvKD0k4qwxbg6b5a7p1tSirgGA1LVf1zYeO-xkrmCN8k_D8lzW4RU7
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 27 Oct 2021 04:49:09 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
set-cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure IDE=AHWqTUn7PMo7X4cQfp0roy4shBX2XzNdvEp_pLuYRQrfNa6SEeWckgy7zxichTho; expires=Mon, 21-Nov-2022 04:49:09 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
expires: Wed, 27 Oct 2021 04:49:09 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame BA07 12 KB
9 KB 57ms
50ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BS9RMFSXRv0fcub75uNmmImfysgmmnwj8IP9ksR6rfZJo1Cci73l5cwakGlPicNROGINLWrAFsR3a-BuwdPowyWC7l3nw_d8hOlHkcYWlQB4eSsfnSvfqF0b4Xj-vFiXFZCfdObmaa2pCW05x9GdXFfNE17A&dbm_d=AKAmf-BLo1Sj3hFSqSurZagj9T0JermA_q9DcTqp03NchlcS7XVZ2kHBU_kPRczzE3odbNS3NuxZ8FUXF9KuDMYcHS0qOF-ZTjELUwDh2H73zzP0VmkT6tJf6u69uu6J5jvrZpwRKrHI3PaWDgcezNJM6rdOEHTCXxmGts_QfR6ytVB6TD-xQbM4_3RaExauQKz3VfunILXahC48mFsMOvU36_8ThlXc1QT5DV9Cti3pE1nUy6sAe98y-yxkkHuCXDew1CCbA08ZFVYh4GcWvwy3mMro8ucHE0eIx2M2V6Sr-PrGjELkUYf2ulHFJ9siLgjmispv697fiAKz3137julSUrI2axy_6m5h2nD60n3-k8o-uxSG36ieyXpOdIeTV5EXqwuCpLwV9CRdK6AeC-jNj5bdHVvtEKih-Miu5uIrP_vYCMJ4ubdT8C8giSCT8mfxmybqD8Y6YUlXtROYFhxPFQPxlPbuqAOlSbZRayu2X1G1sIQqYX7cE2K4Li0cOWgmgoaCi8fuV93FfBpaygRHG-IzTrh7qZfQGCyV4IcaeO-z3ATzVHQoLiOJrG3-kvd8aOV61Roir8falA5-66wfgsLdbSQkK69jK11KbMDT_N4obkn3xCx9fH0fLMR3ly66n0vNiNUeo6PONRE3pDGiMr28-vmPF1RjATA1ePKWacP2jqM8rHwbGAspNij6XX66F0xr33iWH9O27WRnfvVYlOti6O7msBx9-MXxQ4h3Pff7HMTo0e4MBwWuA2YpmMrue6eVzKDFntsZDChM3X4GKQ_pwySqImoqRUtxtW8beQPo3jQOlV3dysFIlgl2KgEjgQIIDGknIG3KY1RiytN5uKc12Qt7V3el-IuZnZ0NZS7KcUXHyn8ayKTIs8IM6vNOL3rU5iCYY1Ua1YQYzZHw1m_c3sQUEdwqDsEJPIPyR7mk45-NC2_v5h1e6-EyApF8UFT186IDaEVqXpvR7jpJXnlFRuR-nH4kD3RRyJLBBY-rE-ICEGq5raeXYFWPBVwYYnyAK8qPl1k6TmS41qOcWGPWhOkL3z91M16bbmDa8KKVlG02L8hBR9SHLWSmABfj39sVcmrAVuW2j4hzNoKkme-1iLLEcJxK8j4a5jdjS_D_K-IOrqIrIko3o9N1bZYjDyKQbP69hP_Pl6rQPRIhQ9dnD4tgA2BzcOdP--RdmW3wjNy1GFGXEJLQkIxUCJV28ZOzJyl4vEC2b6WG3ePb69zCUlVSgK4T0OPpGnVuVQ8u13oKdFnyvW8LxTqouk8RpGUbxc6c7vthbdwjUh71owbPsD1jw6pe9lpCAnGqDMjDZXtjTtdq8pdHleO_WYn5waez92iCRkvdF8hN-dG4k0jJeXxU1zahkrliheIRgKVO_mir3kapkGFH6t2jXcKpQ3uYMoLKCBGblJDW2rlhKUNrMPjbiPRZ24NjSD57BX6Z17Jh9-n2etu_EI951eCDRUq2CfT43KDxknv8ELhUwy_wfb7E9N5zE17o5C_GFfqX5GbMOdYxpoW7EThqs-Kiaj0A7LdTG6jfqKwz1zQ9hlbYJW6GkFrMtB0IbiUbmV6iNSF3sHgyAe0YpQ31bHhs3uBmeBfh5Bakt9CuFSY28LJpCdWC6JLi3OFXbanLWqiMgNyYdP4maNuYc3qd9wdFKnsO3JLINxaByxGacYpasZQsyWQTRFvVFXMJlCVgsj87rFH2MoKKPIdGCZRKARPdvHhoPwq7itDhPbaB-YhwDDxmuphrOc8lys4itBjkKODGPp-rRydomNcTE0tezAGgvheYqLMmZcv_wewzOf0gO2bUTCqKh0BUlr62MN82bq-B3ixkJpDApy4SKClPLDtJiy4D2z1uABri1p0nZqdO8BqoI20ozfwsDmD2b-JseXO-ixz76teRpXXmIJ9j5ooaRygfoL1RUwLN7lDTSveH_ven8YDemOT3MZItHF9zGZHudBEAiScSWAPpnl1UJ39lXT1xlmNlu76GP71jnbyLjCJJ9TcuZ5DSA6ujGISnW5ocp6bX3eN9bFcfUIvfGraJsnNBlCOIzR46edZdJdpg3mq3P-pGlBmpenf1_QIlmm6pj1BqfuVqNSeC2TuOPtp7rwXBISsjjJcyM8_RiC7lydFUrwlRM9zl_NbboRROUc15THnu8oCe5WLxz1vAx8hSmkKxOJzErBE2ibXG_eVEY_z0Fs1ZJPfWdJBU8if3XV40dM8V0S_pZUSdPfuS7ddOL8VXF5vAMv5mP8ohUKNL3NDkUenMcf5dHP-qxyi1xcKkZHhTAxZd6IiwPEzlAUMvjMs6jIMoM_O14J9mdgjFIoA0slOx1mRO_hhtJBb7pN-3_U6WSikLig2IyCXWjLNGOJk0301lqLmPvWtiBb9k-HB4o94RUeWH44sPxyWoxgdrZ9wmRxtuixHl-5zG6sTDL_zVSHuLTn4xLjFGrNywQ2lczECpx8RzZEO1TaP4x_mC5mt2W1uS4Z4Pi4H1FW2a44YW7iT8T_F88ClOKLrLZbHYXKwtEjst0-lLPBBdvz0BeLlHDVVh9QlqfN2q7SnGk9J065WC_AONJYlpEV6F_YnY241puDaRLxWDjFjxDDhUW1G82k7dVfccBLuG0CijLuj5GWO8MHeab5WRO5zoJSncRDvJa535U31GookMe1nI1M82IBn5DhTvrarHvIr_-roy2Lo7gYgT9ZaTErxKGoE1tDTt6zqKJ2oxprDr05nNhHVJaCzVTmBlCiLWeMMDwra0Avq0cnQMl9X_xEqm33QwCCxw4g&cid=CAASFeRokSleujRtWZVTDYKhXZgOTle9DQ&rfl=1%2Chttps%253A%252F%252Fwww.upi.com%252F%240

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4b06c0b804bf4a3a3b7abda41d3de380a863c0250fff82280b960299bb461fb7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:09 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 8760
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame BA07 42 B
107 B 51ms
45ms Image
image/gif 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BRwniGr46sFQoclip2fkCOKdM6DBc8GXtmvQx1wFA2j4f0qG3jhzTUsvijFxPX2ba26X2w4NMdWSLa1XDHXaRIloqTIiZQtYW-558uxjl3wWc4kJw

Requested by

Host: 2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com
URL: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:09 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adj Show response
bid.g.doubleclick.net/xbbe/creative/ Frame BA07 57 KB
19 KB 79ms
73ms Script
text/javascript 74.125.133.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNVLdPOzFTTB6sf8aEPJc2gliaLWUtovRx_Xp6s19gT5I6bmbcU&d=CnkAoCZ_4O4x27clbKFXgjD69Cd7TtHwn_coaBgfZZvx6_kPAH-jap_VoAgaeX4r6dB5I_at-9i6MMRbmPxJ2g5JOmYYV7fUt8ULDBEVTKfFzeJ10QFVBZ0VSQ13N--ghKNdoS4Y23PTvhy4wBwwPmnozNcX-JIi3KwMEpkTAKAmf-CgBOYPd4gmImhuCfZihec9Vg6-C3K3X9tRTuPFIKNRquOd9mMELt6WaWF0NrnLnyzyUxvuBvJy6o1JeyhMmdg5xG7JHioNup_Q_dL-doK9MJfo4flYdsoFIItoopitaVeI07iUb_KZN4i0AdxFPm_aKjCZJxLIfSC26Esx6jULi14A94cp9LsfM7r7xfs9Swx_O-wakaA_l9ag0Khut2wcg8EMW40S4M3Q9v-rR0mWyFFaRn3t-2ESlI_Yz81GfJMv9EeSBYOmuSlOKdLQnu3DhdFJ8CcniiPXutn7P4C_G2qu0Fwa4pcc8-fDCPyuRdMmlkm8hA0e1qJLK0-qyCMesAPYpsgHMciidm8PEWRRj2VJnxm6xDKri1KSMSON83Rj0bCR318RF979kbMnT1Pdr6gk0hSaB_RsZzdccP6etbz38U0sz7s4IzxJVboKSKiNaaNdQmRa6t-LFaWYoL4Bevv6TlfBC-rQLn4zdk9W6gBz5vHxpdoCkkSPYQyzmcPvDf9msJUlbNRQ4GZU6HJo80BeGaZgyAXZJGbgWoDof9reyp229prg_pbdrgLYCS8P0UdHyfOgqk-GPdSanw2mxo9qq0rfDHYOci0KaoD5oVwhlZEib91xNO0aI_TBi4D6DNuEkP4V0zyg1ADSNLTxRhdATv2MuC2_vV3XNd59IUakEfzdw8idMl6jyRkan422wg5PLgRBVM2DH6gQi7hPtNCnuMzQ3dZG806vvSdv5BTySb7Lm8dFSsLPD2yqraOhQ5D-oCPZzjgv-9cvdKbQD_BY4-S80bfm_JDy-GOYnTiLSOnYE9rrs622uvQEAFzg2OwZCsoH8RXRlGf-ajQIHsyuCtkB8AufM_UasgJzRgYWFuxZdv-9D6XLapUSf_EjTRY_NMA2wrDZRp1AmZtPFKjIiBQyqPYj9cFoAlTLpVzGFpXsNoyh2gHiYzGgG_0L4zwye9x36t1uDlDlH7QK34Jg0zBvq2upG3cxBZIS_uJYyE87J8-ftVLLdUTzkMQ8ichgy0b9zhBbb-7ZBBM8VUy-vLzeZRvzy5iTo4fYr88eGr77j6yFIBeIPStsnrVoijVqoMWHEiR-bIw23X8BuM9xtsc-mL_DdDMUaux2w0bLI4SItqVBIxs55XYzubpKe-Vv2Oq1gvBtKXrldM4zDDcSKR0eVzgmm7A2KWMF-ql26JkGRcqWqG2dNPaDetJ5GPSbpvwJpClMfCVHs6dmIryXGrz0n1y5gkhPjk-N7SmfXXs51VSRXqnzvQD5LADPt0P3_WRmK-xrNvnoGA4Tjb7sWRmTwpMsOf2DYMv1_UddLil7rWm_oVd6I9MUIkopyRlu8VSHXONRcN4rO5SzPIezZhaSr5f8ZmkhRsjTXp5dnAsUjP8hUXdiYulb13PqhYO3vrycaNNjd5VIgWSl7r4kDWDKGhFzu829gxQX507b8qVhhEEuoZkptW4ihYjBKkdfStW21oMlPiGqEDMlXN_iVbmbDv8Vp0IDeu27xbqZ5woVe3kENjPgTC0g2b_3yOjc8CZNEk2lBccTnifQ-eu7OrhwXIamZaIl-kf4SqCRtg7I3Vezl4V93_b4Ftjmhq6SK5T78EGf9FEJdUfp969nZq0qw7O6Iv0nggiU4rJsrquhPnUpmW806tgqBdHBA8V1-SvhXES2R_nqwu7WUa_wI9quoSwP1u-GdvYWmsXc0hLPktOjOjOt6lTD7lwfo8M-x9ACK3Oo9aWsmBHmq-ZwIqXz76V0UJBZuUqcAyTysdzHBiEAlkPNu-nCc0SeeCq7xjSGkoC71yURY8YHiIZVRXZdO-LErVys23vymZZ22---unPuIigTd1ifR4DcsRX49IX5XMGTKVoFwZ5Rrl2BimBZi2qFXeq91qMg3RnzBXaf3LlRwKhkvoT4zjigSxRaEFrLPzxvOQ_e_UZOjum3rHztyFhp-jtuUghXZLqOs471n92dverlvnP-G24kGxWt4-gidLNeRokea1MhvoWn_KK0Ddwt-Tv8plzFnqn3RXPGnIoqEfEOVv8MFsr5UOqV7XT-trFrRY1DfzMxDJBYsXJ3vGm6pfeqez0sFU9kY1lRd4oRxhjvfl1t3qtrm9E3oh9e9LZYIrKhXEFM6vdNVN0bO6zP-kIbDdl24l4V908q47MvXXmyLB4VjEzJ_Rqn1WVfbgB911eUM8tpPc3hc1EHdgxWH7zgaCqPHPK82hxpxdi2tQBg7yCju46SjnqdEkcQc0xL-0p12Y5ZvatjFwJGbme_6UdSx02bpJorX0tJeDPIUYjhRIKs_2U6_7TCuqXIkKb8f5uGG8ZJs-GFfn0uTO74w7-BnQ2_nMeLYhWPlKOoKdqHMq3Poc7jnUYls685QjxigMQKplOZ2a563iHbvBd7CoVe3pvfcfz9YbAoM-Tqe-KwhEOgfxJ_M4f64DcY1lZc8cQAnFPYwxotsyHOjOqG0X9gbIixOXsSu5A0xbGzn3KpgrJo9xL0Ey_v7EbcYR7o-rxShynFQvWu8DevtridCAlTYoAEZKLsFnMKEIxHlmDOYvFyjmOgzaaHOUrf1yUFYJzQrH3MVTQ-Pt50qomvUd9CstuuB4j_beSTQI4n85vlt6QUWArjbrXkYeTkeq6a5T7wnBXFG1JO4kHl924gK6q58gFZf-dRFOCEC-Ey4T2KvbmIjv6fXIKwXxciXITkXeRIc_CLo_98rZGLSZXbXi0Hgm0bWpm8lusP4cQhpNSbfnUOCRzKBujaj2hG2PuY7UX3VzZVFG94rSo2iBmqReQVoX7wTlJkxqy6AuqVn27O1Eb0X9pHb9BKKnRD7x8ZVIApzhsQrOoaRkWarOckU0bS37K0hZRIG1zwUPRLbCdKanZnAmSFWskh9FFT_0BJgD9mvtnjiSpSOGY1b2Jc-VM3P7U6YExsp1Lz7gaxzUUzFkLAe51MRewbM32wEUEljz5B6x5DDiZxblef0QjI-xVNXi6TEDigJmWXVxcJi1B2OV0p6K1ocvJ82OWOfc6sFy8P3jyQPS8ehqo2KbtrJ3kNHuaGa0RSM6A6ijDM6sT75NNJVtf2C6cWU1hjKJIfcOoGs6puk6p0U6oVCGPBQxu5AMIQd4dQqYfged1UGUoQ2SdLkGKdqldko6iKWFrxONGOxdUyBhQwLY3ly_FKECLmoNQYQs4OyG1J-oSKEHauW6foP0NYwDe9NvYT0lqxR2aF25GDbxyxc4h3EHpIRH0v2yC6v9mF1w6v3hwayF-Z9TshMOWD81pPGhkIABIV5GiRKV66NG1ZlVMNgqFdmA5OV70NYAE

Requested by

Host: 2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com
URL: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.133.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

197e444391739f451a892de34016f38c745a82dc4743197b4337f37fa11d78d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:09 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 19096
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ca Show response
choices.truste.com/ Frame BA07 27 KB
10 KB 12ms
7ms Script
text/javascript 13.32.121.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.truste.com/ca?pid=digitas01&aid=hpeus01&js=pmw0&cid=2&c=digitas01cont2&w=300&h=250
Requested by: Host: 2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com
URL: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.66 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-66.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: d8c75fe2fe7d984d4bedb7c9188cfcbdf10b34691048a70fac8b643b89d1470d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Oct 2021 09:06:54 GMT
content-encoding: gzip
server: nginx
age: 70935
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 bc0a0f9f99d36a68240a31a25e39addc.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: wWwPism3_j5xutbcNUY8BKSosLXkSWWOA7iQcyEaXAPZKpQkqcO5rw==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211020/r20110914/client/ Frame BA07 3 KB
1 KB 45ms
39ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211020/r20110914/client/window_focus_fy2019.js

Requested by

Host: 2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com
URL: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0bb775e23934c5478dab7517dbf8a614834c96e926c4498b734399eb8a2e640d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:45:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 207
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1426
x-xss-protection: 0
server: cafe
etag: 18061233391346882222
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 10 Nov 2021 04:45:42 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame BA07 120 KB
37 KB 35ms
30ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com
URL: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eaaa6059ef4c9ca12e78fcc03ae77ad4cbf05dc73c1fedf64b28a632868bd829

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 37344
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1635161763799786"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 27 Oct 2021 04:49:09 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211020/r20110914/client/ Frame BA07 14 KB
6 KB 31ms
26ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211020/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com
URL: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2698e1ed89c87280fe92182e5297140eda834b052703156646719cd5e90fc29a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:41:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 481
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 6286
x-xss-protection: 0
server: cafe
etag: 17196531676875957370
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 10 Nov 2021 04:41:08 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 7798 624 B
297 B 65ms
35ms Document
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnoIxCA2vS7AhjsvpG1ATAB&v=APEucNWBSbqcUBOcD1-g5N0bpkjQ5dEA4wc7E6I8QUt7yKxpSejMUhkmZz-bRtQKSoE2LfNJmF7ELbN8aCtbbbrNNqAvtzkbniGw-vN8-yNqytQjf62HrtIwHeW5vNOog079tSXLqEgqzot8rwpcKuIq5wykJpkIKmgm1A7opsqiXKNtu_OPnZGcUWxAoDLGK4eAmjdpQVsT

Requested by

Host: 2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com
URL: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CPnoIxCA2vS7AhjsvpG1ATAB&v=APEucNWBSbqcUBOcD1-g5N0bpkjQ5dEA4wc7E6I8QUt7yKxpSejMUhkmZz-bRtQKSoE2LfNJmF7ELbN8aCtbbbrNNqAvtzkbniGw-vN8-yNqytQjf62HrtIwHeW5vNOog079tSXLqEgqzot8rwpcKuIq5wykJpkIKmgm1A7opsqiXKNtu_OPnZGcUWxAoDLGK4eAmjdpQVsT
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUnW1mra6EUefFdxvaDDKuC9eUlleRWtJGK9hCs8ccVfLL7b6e2xxbJX4uQMxBI
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 27 Oct 2021 04:49:09 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 1B11 12 KB
9 KB 124ms
103ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AJZLEAtXBKhb_fZPAMaWn3iFnBPnB806SkEKrLstNOeN26liFLUiKKRn2I9bwIpkWPr9aKDPBLm4DTmJWWRyVNf9S3cQCMcWAedsl2O5jYZb9h27SlDzn3csc9GwLuGyIyfTCniKjO5h2c1SDtqCKefpcxQg&dbm_d=AKAmf-At4W3rYMGP8fh5idblug2li_Ay_5Oz-hSoLJ4PepcKGVjh3a-4BPUQCyte5EzOQcOJ0N5N4nwW6UINQ2xQLFg1IOqcw7VSVjycY_0xvUxJ52g_zfZ3o9rFrgLYrFjMxPMrXK8gQA6d_z9XLhDxk2E_r9vJLZoy-GxxeWs2VuCpq3Jx37rTdKJtA7frj57SmRn1RyDeOfSXNUJi9Gq60Afv_aF1jf2or2JopyejYiplFVRzMQ0yYZEPE9KwLCpItKKzAVZq_2J90Yb7eN8kmuVeAlZE9tV7d0Q9y5bEQhz-EtG2LJgmB93XI2IwWhNa69fX7JrAOq-QeOphjzhRVizT52rfvN8_0RnqqEg5Qb7IZzebM-oJJPslK_XN2ePljolsr2KkBkWaB8a66-O3DbPe7ri1ZcNGZam5Lb_K2zp-KLRAFNk3N_Bsi3C-fCjF9OVC0qsDQdU0uTN8Eh4ZxJXqan4MOyQ6OJP1Ec5uiBIysnDsWo0Mp8B3RJOvMp76cjaiH7qdrsRyqM8ys4RGNFNSc7zy2R2_wQTFXlYqglbyaDmY4Jh7rPy-BuKu-o7a2IdwmFuCldtDyTPtH1si8j6snmavgjtVGRxiwvPlESPskGbtF__X63LPB3sjIB8mpT05dMtN0STUpA1cUb0BuQcTAltY9xS3ntQMvT4_OQxf5WiTqZUfeQmbFi4iXpL3yvmKGLRlhvZh9c6pbsyZ42BiJztVjEDTAwU85JFF1cTqE8pzKj6TvEJFKiM4DOOPOdLGJvvPRUeZ6Cuqnyo8fHHRq2N-HssbuD8cYfnpa6oR8HBJlB6Um-K3QEZTfbFu_rYT8oFUI2I7oRIboOjPm2bfNSqIsoc53TSFajgCIDDSaf-mVPhPTt19pQfxkgd42EC7QWLd4usJNhEQTSTwLyLaRiUymU-XpCzQTYFgZNdzmyojPidtariNX-jbyvb8dxVxAkYegfBwuUcJnJMauG-dM7vV0BD9tz3R-FleRM7S6CHB9lQrtjM3F-AHY0WpVEOOzx97w1yfDMdlWvcJYk29n_k4Djft39S6U5qhA76L_2zfDZmZMAEbGrRq0A0BucQ55qla4PwkWFU89nN5TFNbd0HzejG0JddIhoPJ2v5SP1rVYFgzjIVrnfQ0W_PU8yDhux8begSIracooXFeeh1lPoMacxvUU7r16OB4nyNtNCG64hPigQ6L1oKfmMqhpbqLlj79G24RDxCtB7a4R7qkGCWiIybId7tPz1QXB3iIEpMz2innW76JAgpOhts0E6AKWuMm5JIOPn1viKMenlLlxAPa8f37As9AW7gXH1Tv3bj-OUhokLOwkrxzakqbGily0FtLtORinHItP0r0EjOmhoU9w0EJFKad6FlS5au08MwwyW8YK1xlciaybKNeb8TO3SDAMe0iWx5qyQTz6ZE2d-duf_tlLBBs4k3wrffwg88F5Nku7pNyCUpD6xYfYbPN5I65cnR6aorAbOWyiZ05yhKpsmSmM-up5Rlrx_VVW2fmx_7_CblzF0pyCXlLXa9Yx5g9ttRFCxiIlZ3Rf3l3t6FqHdYq5njUu07qgkH9bq262diyyFfE5btoaaymh-1iv7X0xOkeh-Vcvicyu9e0Fe2McqniWxmEWhPzzAMGcAKgPzc1W9xeSyOaETQCRia4Yfds1O9wLr-fZaiFlqvcpZSqvqiQAy333DJJbad6TosJTJ144p65sLQxdtbB9bDu-pz6NNL955sxXmGAnfq7n3KbDyNvJ8py5P3fAyOhvTlryxYtZXwYPnKr4pJDMZAZkiAnao5LWFAtzWNw8PsJhZxzZt4T9tZ1JvoryQIG4YzYt8jLkO7rOSuJPE-JIYiC3V-_0xf_r3NHbIUUg2A-H0X11CcVLOOJ2hPor6O2I0bV1BNrOt3wwirIYFhSrzEo983mmw4J9A2-WVnKr7-Dtt2w1vozviDX4uKpBycBC0kAFWSrUyiap85pxt6w0vhR6pMHSJjsrSvIyI6wl-GqdZcL348HMRJGEnU_RV2Ai3ZO15QrEMNGTBPXcGxuTbsgRaJ4msPkV4nmbwFDZOxPV81Miroin4DyqiGs1qYWbizKivyYKagHtkhd_USJI24IKWBdnfowohm9wQUwYr8fVZi1c-vWEMGB5FaMSQ38Hpl8LZrYuzod2WHsjsqthmgnytOTJJsaVXhs8OAl3oIKSnBpkVhRgus3P064niLeK85PyYcJXpC5Bs9kYtiHezRtFUpbPik2TzGuxFX7PgXT9yvxRD78Twj6z8d1ARXvc7vKj35RduF2IeI3PatPqZ6ey_mqzJ-gZRXJxtkIIxbDPrO2m2VrqUqGMm6turokaPmPGBtm7eh3ZEmEmWpjDlRSyprDqMtlmZ4VNJNGgquJtGIlzbbA89EABUnJAgw21eFc-evF8vmoTuF6YSKErw6qp40S49PlwIa8g3W0Z63G1gqwzDnIxJaCcww0hOwNoI71NLul9mRGMhgcPgyxXgY3RmOUjEfENTkr5Dh4pYnS53m2OYxCzqHUWUfAhqiUxzgfcUXCPl04xmFOTxX3iscYoH8EPcxvnTsU9hm8Vu1JI5KGUvLFJZkOR8nwD4hg2lKUO5OAXTKNzo8vVFB-VUNr_ousY7P8mkjf8RM5rXDKdPVJ6mL8If5_VfHboQT07kEU-bSf7oDIyLLoWt2qPyPIpRadouvjNkvCNVLvDRLTLEbxLI-9uVmr2RUQ1aw_MrK19pk&cid=CAASFeRoU0L5c4L1IPnMrxifjjMzpvJF5Q&rfl=1%2Chttps%253A%252F%252Fwww.upi.com%252F%240

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3536bb779d627370917bd34b26569c7bcb6a1c2892ecc5c14b362b539b0cafd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:09 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 8851
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1B11 42 B
63 B 787ms
750ms Image
image/gif 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BurFSc7aIw1jHiDJMs-ZYyX9qgYljZXxXm8CkcruvG8Q1QCP308E9ZgNLShrgbaAxlup3c1gVjWvp37-w5AFdW0nyzWLjqJJuWJ0QFvcJQPGdu0jg

Requested by

Host: 2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com
URL: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adj Show response
bid.g.doubleclick.net/xbbe/creative/ Frame 1B11 57 KB
19 KB 133ms
96ms Script
text/javascript 74.125.133.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNXYj0f9zPxVRagdtsyCKNbCWeQUyx9KLwHG0hU6fUo6AQBC9uY&d=CnkAoCZ_4O6LfbEGKc3y7mm3B6qjVtd7W-MgHDpwk9WYO0FjkIkkeMJTgBne6azZcpcmC8r5JvG60V9mztiiY4f4dH_KXgRH2krkXiLN4jHhdpc-OAgXJXc8S5doEeShJB1EjOBF_ibCptNZTh2JpS4aOBSr2W5f_flVEokTAKAmf-CkNtoBv5huJwXHWFVRYEUYT7WHffD-jJhKiwCb9F2yUE-wkjKWtxdODc-5cEV1-3xOlE41nSjsAX5HHxTEIKSNpKkTugIFYY05vT5ygqlETEEURC_u2PsHouor-20MGBAHWRrvV2QMJ28ELFl5wFNbpZKS33mpm5guquXKUCk1q3StW4pWeJgkjEIU_BPmgqx8pB_aYtKJCnfKg-hj01FCq6O3g-e5uTAgbZDSsxFAIDc65jOOHDTsYCMnXVdaJiZXpwapoeH3tDWE16mc14UslCY077md95PxmIKhpCyBXMImAjWMZOgdQve_IIOZwoPUTDDU-NHHu_b0j9H87Ru1pxhOm3YMPz5zBog9rCWWQJ3_RK1Kh5HTVjLNOucXYv1egOCX_8ZTPAVVx3bBHP8Dl7ttZ6TLIvtnZnjJlii7U9jdLZ8QdcA4W_CHdCyOWAZozCPz4A9KdEOAgZKBR3kEu6vyxHrslor8leAON0y08kJFngHV3xZ5e_soOlPFBxvpIhUwOSCY1Zwg-kiiPwfRuQfAPwH0vQg9apHs-enmpBUIlt72vt-rW_zdq4Ap0zKv8QDeSkx0gmqowDkxmB2MBp2Oc63WPvK0fxNrX1Jq5NaNen-LWCZbcHmCEGsK5WBTq7wzKe2BwsT4NcQvnF4LhrkjvWSmGldqjT8coSqe6CvqrWHppoENz3oCHxRLXhTm5QNmR5dfT_R9eQFBnpd_26LzVL6-QFRMGVgZILl73vFO7BEAYBqAdLj8k-PYvth7QEe_paJs-5BiwNq_8UOBh5OMKVphcuEUNayC74vTtYPArZli13kysVc-OEq9fN4KScUNEChBBlLoh04jnldijp5TTD9A5Pe1qaEVy0rooXCgs7IPcOrdnIpQzQ4jzrkc-Mq502p8vyfy0dHd0IIjfA40XnOb2mnCarSQTZvoac_DvTyPUPzvIWFGy0EVnmhmwMnc84Ivte4hV_UriIOYMqw1X6QB8Ar_pKq8cc96bwnQ4vDNEG2fqfbwdQfKkXW96fq6S4sWKrxvLpq5s_pE3rSEBRQw8ZJNwicy5ZNBjSr8uWHGzj50UBCK-0QHyLYV3_nKdyz4Ayn5a2NNGk0p9zSzscaDU9BtmkUY_JUsDJ6k28iYvWly0pWuXEdGJkUSdJr7Bb9gCYmFwhgeLY8YUjYsV92egplxUZ6TzIl2ohn8fMqdlyFkf5GW4cFiXbHdidg5Bq74vq4xhrTgRi3JZdhCzSOnd9mWu9UL-0Oe0Q4D5WNe_76vYz-odA18UYF8kVFCEsJdQTR_mlgaU8nmxU51QQWEx_FXPHvn7i-H4maOiORJ4aYoOsHia-rj8vd0FOHWt1Ky6zweG9W0XPQPSRyYxxDeONDOCHbPWX60lsv7DDgI0toxQ6qwfTL5Kdh7-JiC38UHjQv_CrTQZ9tLMYJrkmWczdFlibcA03jiu4j1XSo-D0BqvG9dFEuY4ncxepr3thGdm9ZgSbJzbWJnhQSZyDMHXX2Lpy2Ue6WkwX7DJ8Or6lwRd8_D78E7-WIWSPq5Uq4dTKyOMs4-F2IUAY3Q9OBuiRscXMM99Oh0QFXn8QiOaIi8437HM5qWRKczClN9GuAe-wippbuRa99G-35upAaA58p0aVwkioZyAePh2URrRxE3noBo9rSJtf-ZOzziSHz1K8WVQgwLFl1j0KRx_nzMn_mCEw7edudFfeGlXBTFB_07EtAMulLMT99l4HdaBNYrvGCAbXtZua5KBA1D4ypXi5JhyfNPae44YTHWxjMiQlvvNo0lV0fp6eNe_Uh4a3VM9BAduPJPPabz4r96CCa6HbnjwBjS42sFBR4wItU06XFslWGZPDrcvAxE0LhCCHBArWPFRecg151bshCAnwpeSaTAWGV6dWjnQ7Z4cd1VT6jhikeI_BF4Lmwyxw6zYaznB87rTIWfXnnp83SoFYufIwuWR9sFkdw-8226PDm-V87wZK-WIySJg_p6NtPCM2n2Z-nsN7sY--2CKztfgFrlrgpuYLal5gfDUOkpyKtgp3iHMCJpZo7maOUf84lrxewb4CLGeHuJ-oqv2wZ0lk9EMyTZyWSS33aL97P05ad0g1Ant_Xlua9NSt9hpusg_jIM88aJBD3c-7RFxQG4-OpVRpbTwNP5tN7ZqGg89XV79czXy6syQX5mGzhIv59htiFrGJ7kE2VRzFWw77E95pRU2TiTGrZCcPKkRpQBBOYY3OL3xbBalqJPlM788W5mtgIq2pTGVvr7nICQCguU82PEOvb69t2OrSxjB5Fb91R2RsYjuWOmLc-QqkUOraTZ7sZ3OtEADQ62a9QcOpNXRrOsvf5KXSLWml0_LDuOp9ou8_k-nbLXZL5JFclVGKrs6z9ubr3KS9Y5L_GJSlN88TiC1E5eURDG92ny7901k82w6zEook3oL9kW3mCQ4T3mgkdKjVJi3hwLTdnklH1NWfql_29fzUFa0FC0XTZhrHiPf8BXl1bS7n8n8o-kGSDAx1Kr401c7NG0dyGt_sRDYn0yknjTUZel6G5cJWYD5LXSk-BQoQFp3Vywv7BQu3FvrhYejUB2srB0WQWrD6I_IN8z0kOg_D5hrKV1NUpBI8t2xHRN5kbwcIjnpC5F2MoghhGB97AMAnZxYk7ZAPSkzWrzTM3fnn-tHBUnrXKpIGjdm3gN6t5VOsjxthJ2aktqZpJeecsKhEjZ4zY8SlEmbDG6o56Sow5rT1Qonb8LqZJ_rXYsrhOJI4PYhP-nBO8cOsWIfxOLKk8BH8TGLlt12iWtpbXaKzecegdDJwIrXQBFo5ZZuLI6wtE1JbhKrnV4GDp7ovbqumOv_to8AlTlm6kL255TRQQr3QlqX1TyCU_bH-VoVvlPGkTDMYMggrbYh3LMAJZxIpQJjiJBVmfI56G96m6BdK1kDHkHLA-u_dG39c2-hfbuLNglmIUSCSMvRlOLfcyyk5zY5X9wnNw0oDs5vEDPoPOMvwlXrkDANnYxN1yhMtooSyrA9I5zp2pn__h-U8seaT0nd5z0zXjER6vpRLXBHZWMaFBGlES-jwGJ8nOJG4bbq0DaU5sIRB0VU7AsLMKFi7jVq7Gtbj5-Gj_rx7PyALvsPXIp73I5aaZmCNHoHoG1jE4vYAJ1Acq51oiH-K2ln6kFNqzS_9shxdqM88WwMz9mB4Y5lyDPQf6PRK7LnS4dWRAKcNixHR33l2QM_Ub6DXTRP9Wic5slmo9e1qtPgHD_zwl-I8EFBIgaGQgAEhXkaFNC-XOC9SD5zK8Yn44zM6byReVgAQ

Requested by

Host: 2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com
URL: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.133.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9aaa57c9cceb82752f2683e5e3f671dc9b31b07f9034c496461c1985efa44f45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:09 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 19046
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ca Show response
choices.truste.com/ Frame 1B11 27 KB
9 KB 14ms
9ms Script
text/javascript 13.32.121.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.truste.com/ca?pid=digitas01&aid=hpeus01&js=pmw0&cid=2&c=digitas01cont8&w=728&h=90
Requested by: Host: 2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com
URL: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.66 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-66.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 3788fd5bc183eb2e3f1ce97eefe6ddb3ab7dbe23ece37da3258fd8e4718074a0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Oct 2021 09:07:06 GMT
content-encoding: gzip
server: nginx
age: 70923
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 bc0a0f9f99d36a68240a31a25e39addc.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: GnFnEVjxt36ZYwlkYUrqnAW5oS_rHOruH26GN-haa7US8AOpQKsACg==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211020/r20110914/client/ Frame 1B11 3 KB
1 KB 60ms
24ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211020/r20110914/client/window_focus_fy2019.js

Requested by

Host: 2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com
URL: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0bb775e23934c5478dab7517dbf8a614834c96e926c4498b734399eb8a2e640d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:45:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 207
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1426
x-xss-protection: 0
server: cafe
etag: 18061233391346882222
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 10 Nov 2021 04:45:42 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1B11 120 KB
37 KB 37ms
33ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com
URL: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eaaa6059ef4c9ca12e78fcc03ae77ad4cbf05dc73c1fedf64b28a632868bd829

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 37344
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1635161763799786"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 27 Oct 2021 04:49:09 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211020/r20110914/client/ Frame 1B11 14 KB
6 KB 61ms
24ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211020/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com
URL: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2698e1ed89c87280fe92182e5297140eda834b052703156646719cd5e90fc29a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:47:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 123
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 6286
x-xss-protection: 0
server: cafe
etag: 17196531676875957370
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 10 Nov 2021 04:47:06 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 1B11 0
0 201ms
16ms Image
text/html 142.250.185.100
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQQUmJFOPa-MXgCaq9BQiWMl-4ZUj3Am_-VGahE4G57qwhPo0fqcUtZOqkH1PxHlw4K_wOlic1EO6KUSE5jBKxy-Ml7kw
Requested by: Host: 2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com
URL: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.185.100 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s49-in-f4.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame BE0C 624 B
297 B 114ms
113ms Document
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnoIxCA2vS7AhiA1ZG1ATAB&v=APEucNXvp86Fc0YJwkHacZB9nSGrKrnkULJucUEjqdxCcCwk18nXuE4RNH5lANBUL9Sspewb6AToFXHY1WvzV8R0S2d_zTAPGC3WW9RJqdb24hM83Elf2eSgqdu34mRRqlhkYlupVQPYllyY72DvGBhTf-NbHJjT_ELZno651p4K6-22aVPWNseQl3lyjcRUM59pxlAK6NNh

Requested by

Host: 2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com
URL: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CPnoIxCA2vS7AhiA1ZG1ATAB&v=APEucNXvp86Fc0YJwkHacZB9nSGrKrnkULJucUEjqdxCcCwk18nXuE4RNH5lANBUL9Sspewb6AToFXHY1WvzV8R0S2d_zTAPGC3WW9RJqdb24hM83Elf2eSgqdu34mRRqlhkYlupVQPYllyY72DvGBhTf-NbHJjT_ELZno651p4K6-22aVPWNseQl3lyjcRUM59pxlAK6NNh
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUkcrmi-QrS4Z12lRMdt2DyOT4xDO_Kto6MpCevByQjr3nJAUCbDYBbMT37L4tM
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 27 Oct 2021 04:49:09 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 005B 11 KB
9 KB 73ms
50ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D0nnB_-wW-0QKJf4kfBELgsp-VICnWQ9bZWxnxmROc0JCe8gb41MEa27jyblg696Bye3crge-TZorf23VHoPf7QeGEj10THOJ1v4nXxbXWKTuz7TwTFFbuyViIi8AghqbA4Tdkcyo5IYH0Qirs0KULgfk5fw&dbm_d=AKAmf-A4AcZRv6Dh6q1MUwQ_IivrLe_fWDDefzUT6jirPD1TJ2HRdFty113VkFXzqpdTAgpejBlpPGJIdsM1mNmeAJwF7zUyVlCO60yeaG3KP9843RBhybnfctwuGcaY5hzAh64k9LMiqJumgQDIZHbj2Tf87CYcr0S_-l-IbdVhSZpxbRZFwSVpw-AfTjj7FRejN1w-4PfQ4SOEgrteIEw8JbtZVL0WFe8TGfktiSslIiwAs5Q8_mnyp__vZk0vJnS_IMYwxMgYl9EtgyEkePEgLyQBg0BmoKJ09R3WL_l1gOQQUobkKxVQ20igSahF2c2uXSpXon8hZTNo9ReHFVhOzN-O4Rr0Tybc2S7oEyVhKpA-mQafBbIpQNBEuvJZX5x5kzbJJoU_gC6SrcdTM0Bhn_XMP3obrKppakZY2DhJdXo-PAZ3XGe6TNQ7bec9H42hbTWBDQ_M-98b9wPSmoyfomFg0Rk7nGr-WLC2kW9uwFi0wWD2PQ5W20pT0OD93AyZ7jUdiPOYA04CsIkMeZM7sVQdE8brUejc9ez0KFGdT2jH_xku1msqx3CovGKIOYFjGWQhqLgM_CozmqHJzqFVy4Ebur3fN_JNOK1HaPDFKDamCWT3Tze7ee2x1uVHA_qmzsSWhMqeTR2lSsEy6w03JbqOgjeiVMzPDabW85jT71hVmeqHExqiaFVCxcyZ2Z2sZziY55ScMnF8Woy8mF0GlVWVoQejV7YeKgsGZdwdCm2ZQ0QyeWlyVRhuk6Q9ZYwAQV4uD50E9kQWajs_holAfLTOH2EmD7IKfQy3_RJRkLI0juXHWG0LcayfIM0NDqV7zLmGpe8mXnLpyOv4uKmxnNj0Tr0rygD_Cthva8yyehZB1HZmZdX8sDBL-Tuiu3K9x1aG8n1FC3EpR2LHOLvsDOGJgezqjv14j7LCWcxH5Dn9DO0lAuGRsoaXFDHqBDau386owXc8sf_6vZCKMbKVfYtfW3iVMIQ6B2RFVCQpbeFhhVoukkpL_qPpOV5EVKXI67weZQpwTQ1G-IeMQ7SHofIvdRyspNQoKWj_0N41Fbhoq4XXwtewEBuhG9UwAcIJDBN2PneVwz51IXniTeVv0KcOkXEQZBOVkGmL0jz_fEFiEBddfGS8jtWVZIWlSTJzVHv048enBXzv8eqBu1Jm4op7S29vDv4KCuvRlEbIuiqSgzfp96O28S1L_NQhOMWsQVVQDq3REnBLL-x4WczaGXxrUE5NxbbFinOsW_7G_OYrw3uHRYEnbGdHjOXQwzPZFPqM5geZqyKIOG8iyuIPxoAXgsW9z41xKwAeYsgnpvlIhbyiShKVhhuLs8tNpA_mteDRup-UMue7YriuADhod9URmyRFlUCfOaC_mb0onmY3kQYphwqQsx2Rd1ysvX83grTFYsZg-YABPVK_fiVPZKMtmKiA2A3aQqJ91w30JjtZEWjF1VSqaRAV2tfd87MET74JGf6LfNl_t1ObzqVERz7vRU2hq8MXFz2j1kM2rAFJGY_nBPPte7Uly84US_rOrLlJ_Sj6hDGHTySYFVYu3N5uLtrPXZ3HpCcZiKtGrIQQPk36Lptm7rpbHtg9d2W_6KqPKMROf4zIBmibkMXd0NV4RBcCOXqfvVWNIXXP5py6X2_exz2u60s27wHeGaYj6FoLeMZj7pwyvFzPclLMr5bDXhaE6yzbmGLCIWpor5NTOhmqtO3na1Eovh4T3_PEK9lbebss4fD5wyaRWh81hFXpxIEUaE5PrLC_N2_nx6fyH9RoQQHOkFjzqsPDvq91P6tVxN110DoZkOgBxdcKh6TyI5cNpiboFtl_NOVh8odf6vk2d_b5TiBovpx61Pu4EuCEUTLFMRZeTESCSeoktSrJ9hygQ-KFFKMHWaQhixnq13Ybz2ApITUi0hwuI-scq-0aRRJ8nsuAboFFkOKsszM2EkoE2OQ5_qdGhEou6sCItSCgeUUjykdm2-pPUKldRo8fl_O4YUudOZlrLG9oHuxfyyTtln15b-URJlUR0QWTGwhMBWfOC9gUWREu-Zs3SbqTlGX6BIOYbqvhhBN1y1bACvUn-4KL-2S3XUDtDg4SS4p-FW4nQ0ma6hQdrw7augjPm41fbThArErIN-Hauha91HJBXfoIWm2-hByV05EjOQs5st7jY-7Fnxx_BgAqq9Da2MaOtVIjnV0Ehgc84zoQzJm409idKjumXbSUiz789z4cRuxZXDykcYvB8hHcq0ioST0JMBkEWSkWP0Qvb80lMEewKkMYsO-0wLlYvEGR1Sv8zfku7VLEAfhbrSVtA6dJJZh_WL407zFHqQRlijJMa717oLvvyx8mdlVohLEiB8Qf7fpp_i9q11fY4jIew4nBFltp-Dlo2vMLDfUzF5laIx4D5dD_b7Uc3XW5bioF7aUMhq_Jrfq5dGqtdnItoH4ORXbO8XWrLpEwP8dUS7foOEk3xzjnayGPK1wF-3J9oiaj1vymeYvj6s_-ZAfU8FUrUj4kx96p93xc7gAnVl_oOgTBy80ZihW0LN8LytjeFftVhhSKgLGKO7uLFOSRvGYoQ0uaJLGnroY6PYJxgGB4k5xOYWgZl9mT1g2w2GDl1j8lOxkJeaGe01xZJR_1MCNXUvo0rCx_1oNstuBqoSbH-VCou9TsW7mq7KMpt0ujmqtkRDJXS4Y88JQITFu5EQE-KgsvKZ0ZrUkR5z644-Ehs8FyNcTkZGxfnMlddzW8_ctARLxH5MSJZO_CBZQfMP3A_zMUMkl-H9IROhEhlv96A9Ujmw&cid=CAASFeRoelldNnagkfABY_IxV7K1DO8v3Q&rfl=1%2Chttps%253A%252F%252Fwww.upi.com%252F%240

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1890050e312999e40293f95ae4389ec94ba26b976102155a412b4b2dc511f70d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:09 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 8721
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 005B 42 B
63 B 3366ms
3336ms Image
image/gif 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-B_o0JzNojBRuevc12sUOsyg5MEu2gj_OyoB1nZbYhk50ZhmYoZW8NAEOb4TE6akiLha4AVIAJ8atqRT6K2tFYBSLd5efrGMt1UPBiYRC0tJsDFPPw

Requested by

Host: 2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com
URL: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adj Show response
bid.g.doubleclick.net/xbbe/creative/ Frame 005B 57 KB
19 KB 78ms
47ms Script
text/javascript 74.125.133.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNXrOxEziExrNHLTYOmcw_SSn6Q-aFvT-hTnqBMFlQsumNbbWXk&d=CnkAoCZ_4PHr8aJCvVAiwYN9Req12pWaSypxJXOfcJpjsdHHi-wnl7lCujRwmOKIbFAOjpMDmIdcRPxb11ILU2y_fngDp1GIPNq3hHiylsw3j5VtuK9Sb_04IeOsbZnuVaYiKlqR1uiwfdhCAB5GUXQXBVvGTJ9ja1NjEpkTAKAmf-Cyjut6QKgoK7nBIwsX0syw3xyD17NStt8rELzqI1vBqZwnNJtVIe2fvW2LkDD_Y3JOnGvfeXfmgvwdMiBen4yTM6sS3P3viWImKITgaKViiBnzighrDOzFC5p5O1oXeIUA7WY4ae_4vwfBfr-aJrqBDi8ujsbTiFLPzlg2yTbvnWDzVDRE_7gj5XporSVMibCY_uIBSOuFWgkZ3HZNhHXR324HPcYwAkG121FA8apITkiLZbS1Tka6pOAoxNNu1tytTbLeMdClX_27tlfkh4UqvEh4bdXMwNJPKqbyU37CqpWUr3jNUmh7jp8Z66rVknJSacI-n_tiBLfdR0IZdjXCmsx-7XnLeVTtyo-0dmAbm7n3H65NudjOP4O8h2O610_ffdpox1u_ajCPym-svEkLYz1D-AULqGRXzg1zBYHwGZaucU5GPx_zRW3xVzmqxTCinhXHmj5Iey-ySHoATcaDGXEe-q4h5orIRg40n5HAKBF7YfDYblpahYPQ3UZ0EwDZ5-nwt3QkPArr3o1Bev8PLmqP8WxafAjZHi8Gs2L_fGTQIIjoUVlXjh6Q9XCu6YD35X_rQyg67zyu5B1chMFxWvxvUvLQEn0VSMV-DzDSvNSSljiF1VkRi93GsiX6L0JO2aRI60QEDB0aM4PR2uUO-ihJYsi9mdHtv90kZ6LHYuBMD6kQ4ZmRp1wQYRNOPActVG2iGks0VekKxTtO7CzNYxEQoa23tqPqwh89VWIscouwcqkpA1m-r_-IuBY4P5tKTPVanxTt6v5G1jd8U_6mVsat2fQAJ2inMFSoJJdnj85IF2GGL0aimLqB4IBgEjkVCRRpseM0FLqdrw-PyCe7BUWQ_2Rk8N8T7_tmnrDhb5JeunXdqnOIV0FgWX1ibBXIBXXs7waqlocGpPM3tciDsSqv1Ea0MYv4M6vLdMmyQ2E-FPpG8DHVG5tNyjDk9ScCDhPYW8fujqPVWzOC4TVumUITR1m5XYXxM0EEFKc8vOM-8dxfpoHToGfurf6ucTGxy0sdOtx6QFH9eqvmPf-4uk7DBmGsCuYlrpeMqvoQD2Gcu1tfWAFVNrgQlVXBQcNFN6iTnBFZlrdn1V3Q0aSfsJe6ROaIdoEkuXT6u8KFeynyrjKuuXoEKp7tik49TD2q5LErkb_tYSMJ-Irb8kQgtOS2IAnL_AVyzrVnXi_wYTrFGJqY20yanIcK6j1V5iyUyC9_0AlVpFI-HlWZDGiqy8i3Gz41XrFPGMw9yn1XQFy5gqYdEqds5WtJCDDqyxESX2NDIo5BBmUK97ygGGR5PlnhhxPFmbwqyzC9gKKs5eQK1_g7mfaoRS7ElUC5DvePjSHPTx5Xjr3j1dhPTFTadF-bK6pVqs1ESOf4it0IALwDAgDmRmqp3fdWcHmvq3_-RC86vvfQ-L1ZTAdV1RUJTwSDqJKC9a5YLgBZkpAe5JMLwjcYWHP-RgJ1b9MiUE45A8ESZbqVrYrs-Jr78WIzjNJ1qbEckOtvgzecbwlc3RElI0y2uSgrQZqmt4j25c7bSaAZzgs569kVGbFJ6dlheTk1cAULENPy1N3SZCL0KEQ5MFfWl9Fylxr7Xi4kvb0iMWbREvFWOhLIl0HjDm7hC8mrOL59THrgiKsIy1IsC1jqY2oNNI0NLKY_gM73zTLWCitd1Ga1dRENfiqbgYR2WEGCNydMhO4ILtuiv1G0mf011UJGOCnYoDo-mGaogkTyl_omuxIudMQl5CxDlHJGpRuHbkdOKzaD3-Hz15192nlcttGIxNt0rLLG3ZHgG12WSGXjBW_RsvNKosorBKBlUtOp0mNPEooERT4c4UoAn3uws85Rp-3XwwtlQkJQrK0Jc6uecQ50roBF7dnSvFqMnvQiaFMFwVBkPFONuG4YABEFOH_aKrW61b6cIi9jLD2vB0SEaepvnhqVwQiIcMgkvBDeJjTj1AHn5Y1qYiryMEtwqwa51bBy95xbrHs5KiphcU6KXC3yMEiuK3o3rdm-M0Fyx8Ojr7pxFaAC8u6RSj6W_jBoF9FAMnlLoefUzKPVokXHZNs6n7bNRbYd-3cL_EOvTJCiKm7oe3cSFgwvVzS16I6LJl9Nj8rQjxhocKLZRhRHHuNvlTBzYFKcY7N6V8UxG6KNR3ConjglWwGmPBVs9a0U_Utvwn3nN1JsaFfe5dkleDbxkHy8iGUp46NapgzFGcNp5qgttuavmXVxShFyKYupGdwrae5gOfwTFf-bwwWKw9Kjddw_AqHuC8fRneQO6OP4U5Z6YhoL82xw8H-nC7yduIrivZGH4FwyGZ7GSBsZzaaU8Di0slFFpvKFELByM7U9XXlCNcRyl-2Q4-UReey0qQSSK-JAk-eNjoHHJsKazJTB3vpyP5bcgV7Ibhnv0ZjlqnzE8zxdTPgSjRCuHPHtZQYoKsOC_p3N00dDZCED0vNBJ1oycwn_peItIIKFdNTWNUonPpQEbihosH-kOfYZ-snCK-lNo_7QUjjgZ_WVC5esy04M88sA8OuXm6Dl2U3x4L8MRJvTQlA8npNx6Jt9u966lgFv2ZDt3X83xih3W-Q3Wp6NW7Y1rnzCW89Wjxxqh9Phh7PgUHWlG1CW8sCE4ZiiN9Y1EDS8jVx6hcEes60FixbitJ8SyoMyDS6YIDjN3Rcrh4xXu92-SJyJvtHPBr-JLGq2XdK2-_69Vq2rL_VpaXbfnR45qWxvg51PwMmxPGqmduPgyPExX8M7aQYQmGgVXxxWD0BEYhUSyTI12M7tWpUxxJUpOmZHUSMYSaUupzOYLq2epmFiCNFsFsDu17f-dr87vhSeHVcFu0Y73b-bYnK32hKGr4VyR05lPc2t_U0E4Gk74k6g4rjLmQ94dEmPTtd-T9hpgPUgeMQQqBFEl2egfVhXpckSegEXOj59EwRCWgJlmh0m3n8c4EHjAWePrdhQaKnzUgraYG_6iXzrHtLOCvdQIpQHaSktFSlDVT-AFfsIrtzrbadKPaXVajuoO4z3jrr4AlfMJHKCtvXOqBGuzK1ICbVYQ1EEq_OzwKv8ZOfDA2CBJvu_nK7R_48CduKyVpTbJApp4BnSf4ENsz1I3PEDlN0G5Frk6JJ6McgHeCCD4quZo9RaTB3Elrpm6xUnWVRQx71Ncrh29s0s8JevglYt_L6vAkiea8cpCu7cbHDXgCgdl7GXpaMfxNSq4omgkHOxeCNGzY1QhuhPwyOuwRsKGaLo5dCkdGvYJeYNBR-OSbNam209EcKJWL469ZdB5o7Sj5JThmb5GhkIABIV5Gh6WV02dqCR8AFj8jFXsrUM7y_dYAE

Requested by

Host: 2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com
URL: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.133.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

700794f513a1c8f93c311f9e0ffa8e829c82fb1fe8b517ad9bf07fcd26124fa1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:09 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 19092
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ca Show response
choices.truste.com/ Frame 005B 27 KB
10 KB 53ms
2ms Script
text/javascript 13.32.121.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.truste.com/ca?pid=digitas01&aid=hpeus01&js=pmw0&cid=2&c=digitas01cont2&w=300&h=250
Requested by: Host: 2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com
URL: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.66 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-66.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: d8c75fe2fe7d984d4bedb7c9188cfcbdf10b34691048a70fac8b643b89d1470d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Oct 2021 09:06:54 GMT
content-encoding: gzip
server: nginx
age: 70935
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 bc0a0f9f99d36a68240a31a25e39addc.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: 2AbGgB0qzoku1sMnRDFpADLi-ehdy_Qp3cbqORgo8grQqt2kOOuJdA==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211020/r20110914/client/ Frame 005B 3 KB
1 KB 61ms
28ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211020/r20110914/client/window_focus_fy2019.js

Requested by

Host: 2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com
URL: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0bb775e23934c5478dab7517dbf8a614834c96e926c4498b734399eb8a2e640d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:45:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 207
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1426
x-xss-protection: 0
server: cafe
etag: 18061233391346882222
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 10 Nov 2021 04:45:42 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 005B 120 KB
37 KB 66ms
33ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com
URL: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eaaa6059ef4c9ca12e78fcc03ae77ad4cbf05dc73c1fedf64b28a632868bd829

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 37344
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1635161763799786"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 27 Oct 2021 04:49:09 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211020/r20110914/client/ Frame 005B 14 KB
6 KB 62ms
29ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211020/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com
URL: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2698e1ed89c87280fe92182e5297140eda834b052703156646719cd5e90fc29a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:47:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 123
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 6286
x-xss-protection: 0
server: cafe
etag: 17196531676875957370
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 10 Nov 2021 04:47:06 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 005B 0
0 75ms
24ms Image
text/html 142.250.185.100
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQGLSgAuLI6qamOMuvTPpY2TqtDcqnAkmBGla1iXuU9fR6xweyGIGTSCb-kaxefeQFvG5HRVIpkbQV1HNlIQ1jTraWUbQ
Requested by: Host: 2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com
URL: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.185.100 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s49-in-f4.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

POST
H/1.1 200
OK bidding Show response
bids.proper.io/api/ 0
171 B 181ms
172ms XHR
application/octet-stream 44.225.168.153
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bids.proper.io/api/bidding
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.225.168.153 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-225-168-153.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.upi.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 27 Oct 2021 04:49:10 GMT
Connection: keep-alive
Content-Length: 0
Content-Type: application/octet-stream

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame C711 41 KB
15 KB 36ms
23ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 24 Oct 2021 15:12:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 221817
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Mon, 24 Oct 2022 15:12:12 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame BA07 41 KB
15 KB 52ms
40ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 24 Oct 2021 15:12:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 221817
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Mon, 24 Oct 2022 15:12:12 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame EF2B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJzA-skMWdIU4205xRSYuyI&google_cver=1

43 B
894 B

16ms
16ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJzA-skMWdIU4205xRSYuyI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnoIxCA2vS7Ahit0ZG1ATAB&v=APEucNV2_UxNMiOBpDDUBVA6PW6VZVW6e7APk_NHV4YtQZ8rqopEh4AhwHTwQy3upauN7cbhn7_EF015c_JLvnVcJLCqbsdK9Kw5xyLj9XYeWXUBwjIuR2U_sbD2u-3l20N-5gOx1eXvW_SfnP56IRmLBQe2lyLwYnezTeJBk1FKJDUbtm-zwe_S78JCug7y5r8oNazXgJ0f
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 27 Oct 2021 04:49:10 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 27 Oct 2021 04:49:10 GMT

Redirect headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:10 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJzA-skMWdIU4205xRSYuyI&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame EF2B
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YXjaRpXQmuOuZY9HwJMH2wAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJzA-skMWdIU4205xRSYuyI&google_cver=1

43 B
894 B

25ms
21ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJzA-skMWdIU4205xRSYuyI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnoIxCA2vS7Ahit0ZG1ATAB&v=APEucNV2_UxNMiOBpDDUBVA6PW6VZVW6e7APk_NHV4YtQZ8rqopEh4AhwHTwQy3upauN7cbhn7_EF015c_JLvnVcJLCqbsdK9Kw5xyLj9XYeWXUBwjIuR2U_sbD2u-3l20N-5gOx1eXvW_SfnP56IRmLBQe2lyLwYnezTeJBk1FKJDUbtm-zwe_S78JCug7y5r8oNazXgJ0f
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 27 Oct 2021 04:49:10 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 27 Oct 2021 04:49:10 GMT

Redirect headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:10 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJzA-skMWdIU4205xRSYuyI&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame EF2B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEI0Z0rsXGyo_-WDcFjj3pYA&google_cver=1

0
578 B

17ms
14ms

Image
text/html

185.33.221.11
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEI0Z0rsXGyo_-WDcFjj3pYA&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnoIxCA2vS7Ahit0ZG1ATAB&v=APEucNV2_UxNMiOBpDDUBVA6PW6VZVW6e7APk_NHV4YtQZ8rqopEh4AhwHTwQy3upauN7cbhn7_EF015c_JLvnVcJLCqbsdK9Kw5xyLj9XYeWXUBwjIuR2U_sbD2u-3l20N-5gOx1eXvW_SfnP56IRmLBQe2lyLwYnezTeJBk1FKJDUbtm-zwe_S78JCug7y5r8oNazXgJ0f

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.11 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 27 Oct 2021 04:49:10 GMT
X-Proxy-Origin: 216.131.111.15; 216.131.111.15; 733.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 81bf908c-0f1d-4736-aeec-45b82d7a61dd
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:10 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEI0Z0rsXGyo_-WDcFjj3pYA&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EF2B
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjgwNTMyMzM3NDg4Njk3MTAzNg%3D%3D

170 B
188 B

69ms
46ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjgwNTMyMzM3NDg4Njk3MTAzNg%3D%3D

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 27 Oct 2021 04:49:10 GMT
X-Proxy-Origin: 216.131.111.15; 216.131.111.15; 733.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 0d50c57f-d025-48d0-8692-d9a461fd4a16
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjgwNTMyMzM3NDg4Njk3MTAzNg%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame C711 106 KB
38 KB 122ms
29ms Script
text/javascript 142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
Origin: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:10:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2330
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 37892
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 28 Oct 2021 04:10:20 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211020/r20110914/elements/html/ Frame C711 8 KB
3 KB 14ms
14ms Script
text/javascript 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211020/r20110914/elements/html/omrhp.js

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

67cf5c21bfc71ee46210832792237e4a6ccd99e5c7bc198b046a38c9167fd0ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:48:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 60
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 3128
x-xss-protection: 0
server: cafe
etag: 3658073882064373855
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 10 Nov 2021 04:48:10 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211020/r20110914/ Frame C711 23 KB
9 KB 14ms
13ms Script
text/javascript 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211020/r20110914/abg_lite.js

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1f15dc13ebdca8972b7eeb648108b804feb40f890ae25cc14cf5a3b1379726a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:47:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 98
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 9298
x-xss-protection: 0
server: cafe
etag: 5575107075035495308
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 10 Nov 2021 04:47:32 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 49E8
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJzA-skMWdIU4205xRSYuyI&google_cver=1

43 B
894 B

40ms
23ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJzA-skMWdIU4205xRSYuyI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnoIxCA2vS7AhiEkpG1ATAB&v=APEucNVJxBIRLkgJjC14eKoDM36IBYCZqK3B4xdi1QTukqPsjP6eYV_fWGt4mtf7Qyu2CyT_pl3fMp2hjir9FM3WXANNrQhuKphKv4hcLT24qPNi2xrGotvzpmLYS4iqef2ehQsyvlnOlG6lRKva3rtvKD0k4qwxbg6b5a7p1tSirgGA1LVf1zYeO-xkrmCN8k_D8lzW4RU7
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 27 Oct 2021 04:49:10 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 27 Oct 2021 04:49:10 GMT

Redirect headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:10 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJzA-skMWdIU4205xRSYuyI&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 49E8
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YXjaRpXQmuOuZY9HwJMH2wAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJzA-skMWdIU4205xRSYuyI&google_cver=1

43 B
894 B

18ms
17ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJzA-skMWdIU4205xRSYuyI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnoIxCA2vS7AhiEkpG1ATAB&v=APEucNVJxBIRLkgJjC14eKoDM36IBYCZqK3B4xdi1QTukqPsjP6eYV_fWGt4mtf7Qyu2CyT_pl3fMp2hjir9FM3WXANNrQhuKphKv4hcLT24qPNi2xrGotvzpmLYS4iqef2ehQsyvlnOlG6lRKva3rtvKD0k4qwxbg6b5a7p1tSirgGA1LVf1zYeO-xkrmCN8k_D8lzW4RU7
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 27 Oct 2021 04:49:10 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 27 Oct 2021 04:49:10 GMT

Redirect headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:10 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJzA-skMWdIU4205xRSYuyI&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 49E8
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEI0Z0rsXGyo_-WDcFjj3pYA&google_cver=1

0
578 B

23ms
23ms

Image
text/html

185.33.221.11
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEI0Z0rsXGyo_-WDcFjj3pYA&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnoIxCA2vS7AhiEkpG1ATAB&v=APEucNVJxBIRLkgJjC14eKoDM36IBYCZqK3B4xdi1QTukqPsjP6eYV_fWGt4mtf7Qyu2CyT_pl3fMp2hjir9FM3WXANNrQhuKphKv4hcLT24qPNi2xrGotvzpmLYS4iqef2ehQsyvlnOlG6lRKva3rtvKD0k4qwxbg6b5a7p1tSirgGA1LVf1zYeO-xkrmCN8k_D8lzW4RU7

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.11 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 27 Oct 2021 04:49:10 GMT
X-Proxy-Origin: 216.131.111.15; 216.131.111.15; 733.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: f2051043-0d32-415f-b171-9655cbc3ae2b
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:10 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEI0Z0rsXGyo_-WDcFjj3pYA&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 49E8
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjgwNTMyMzM3NDg4Njk3MTAzNg%3D%3D

170 B
188 B

47ms
42ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjgwNTMyMzM3NDg4Njk3MTAzNg%3D%3D

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 27 Oct 2021 04:49:10 GMT
X-Proxy-Origin: 216.131.111.15; 216.131.111.15; 733.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: b1033aa1-2dd9-4140-ba26-23e2ca9028ce
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjgwNTMyMzM3NDg4Njk3MTAzNg%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame BA07 106 KB
37 KB 139ms
75ms Script
text/javascript 142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
Origin: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:10:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2330
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 37892
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 28 Oct 2021 04:10:20 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211020/r20110914/elements/html/ Frame BA07 8 KB
3 KB 19ms
19ms Script
text/javascript 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211020/r20110914/elements/html/omrhp.js

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

67cf5c21bfc71ee46210832792237e4a6ccd99e5c7bc198b046a38c9167fd0ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:48:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 60
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 3128
x-xss-protection: 0
server: cafe
etag: 3658073882064373855
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 10 Nov 2021 04:48:10 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211020/r20110914/ Frame BA07 23 KB
9 KB 17ms
17ms Script
text/javascript 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211020/r20110914/abg_lite.js

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1f15dc13ebdca8972b7eeb648108b804feb40f890ae25cc14cf5a3b1379726a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:47:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 98
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 9298
x-xss-protection: 0
server: cafe
etag: 5575107075035495308
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 10 Nov 2021 04:47:32 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 1B11 41 KB
15 KB 50ms
48ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 24 Oct 2021 15:12:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 221818
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Mon, 24 Oct 2022 15:12:12 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 7798
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJzA-skMWdIU4205xRSYuyI&google_cver=1

43 B
894 B

19ms
16ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJzA-skMWdIU4205xRSYuyI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnoIxCA2vS7AhjsvpG1ATAB&v=APEucNWBSbqcUBOcD1-g5N0bpkjQ5dEA4wc7E6I8QUt7yKxpSejMUhkmZz-bRtQKSoE2LfNJmF7ELbN8aCtbbbrNNqAvtzkbniGw-vN8-yNqytQjf62HrtIwHeW5vNOog079tSXLqEgqzot8rwpcKuIq5wykJpkIKmgm1A7opsqiXKNtu_OPnZGcUWxAoDLGK4eAmjdpQVsT
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 27 Oct 2021 04:49:10 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 27 Oct 2021 04:49:10 GMT

Redirect headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:10 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJzA-skMWdIU4205xRSYuyI&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 7798
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YXjaRpXQmuOuZY9HwJMH2wAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJzA-skMWdIU4205xRSYuyI&google_cver=1

43 B
894 B

22ms
14ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJzA-skMWdIU4205xRSYuyI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnoIxCA2vS7AhjsvpG1ATAB&v=APEucNWBSbqcUBOcD1-g5N0bpkjQ5dEA4wc7E6I8QUt7yKxpSejMUhkmZz-bRtQKSoE2LfNJmF7ELbN8aCtbbbrNNqAvtzkbniGw-vN8-yNqytQjf62HrtIwHeW5vNOog079tSXLqEgqzot8rwpcKuIq5wykJpkIKmgm1A7opsqiXKNtu_OPnZGcUWxAoDLGK4eAmjdpQVsT
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 27 Oct 2021 04:49:10 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 27 Oct 2021 04:49:10 GMT

Redirect headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:10 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJzA-skMWdIU4205xRSYuyI&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 7798
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEI0Z0rsXGyo_-WDcFjj3pYA&google_cver=1

0
578 B

15ms
15ms

Image
text/html

185.33.221.11
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEI0Z0rsXGyo_-WDcFjj3pYA&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnoIxCA2vS7AhjsvpG1ATAB&v=APEucNWBSbqcUBOcD1-g5N0bpkjQ5dEA4wc7E6I8QUt7yKxpSejMUhkmZz-bRtQKSoE2LfNJmF7ELbN8aCtbbbrNNqAvtzkbniGw-vN8-yNqytQjf62HrtIwHeW5vNOog079tSXLqEgqzot8rwpcKuIq5wykJpkIKmgm1A7opsqiXKNtu_OPnZGcUWxAoDLGK4eAmjdpQVsT

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.11 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 27 Oct 2021 04:49:10 GMT
X-Proxy-Origin: 216.131.111.15; 216.131.111.15; 733.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 350b9071-3db9-468f-9aaf-844ca36ae27d
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:10 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEI0Z0rsXGyo_-WDcFjj3pYA&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7798
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjgwNTMyMzM3NDg4Njk3MTAzNg%3D%3D

170 B
188 B

79ms
47ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjgwNTMyMzM3NDg4Njk3MTAzNg%3D%3D

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 27 Oct 2021 04:49:10 GMT
X-Proxy-Origin: 216.131.111.15; 216.131.111.15; 733.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: f4d3b88d-881d-4e6f-9075-6fc6633e49fe
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjgwNTMyMzM3NDg4Njk3MTAzNg%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 005B 41 KB
15 KB 28ms
25ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 24 Oct 2021 15:12:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 221818
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Mon, 24 Oct 2022 15:12:12 GMT

GET
H3 200 express_html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame 1B11 106 KB
37 KB 85ms
28ms Script
text/javascript 142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
Origin: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:10:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2330
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 37892
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 28 Oct 2021 04:10:20 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211020/r20110914/elements/html/ Frame 1B11 8 KB
3 KB 21ms
19ms Script
text/javascript 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211020/r20110914/elements/html/omrhp.js

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

67cf5c21bfc71ee46210832792237e4a6ccd99e5c7bc198b046a38c9167fd0ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:48:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 60
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 3128
x-xss-protection: 0
server: cafe
etag: 3658073882064373855
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 10 Nov 2021 04:48:10 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211020/r20110914/ Frame 1B11 23 KB
9 KB 48ms
40ms Script
text/javascript 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211020/r20110914/abg_lite.js

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1f15dc13ebdca8972b7eeb648108b804feb40f890ae25cc14cf5a3b1379726a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:47:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 98
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 9298
x-xss-protection: 0
server: cafe
etag: 5575107075035495308
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 10 Nov 2021 04:47:32 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 8BB2 22 KB
8 KB 43ms
35ms Document
text/html 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Sun, 24 Oct 2021 15:12:34 GMT
expires: Mon, 24 Oct 2022 15:12:34 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 221796
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 733D 22 KB
8 KB 25ms
24ms Document
text/html 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Sun, 24 Oct 2021 15:12:34 GMT
expires: Mon, 24 Oct 2022 15:12:34 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 221796
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H3 200 express_html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame 005B 106 KB
37 KB 39ms
36ms Script
text/javascript 142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
Origin: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:10:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2330
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 37892
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 28 Oct 2021 04:10:20 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211020/r20110914/elements/html/ Frame 005B 8 KB
3 KB 34ms
32ms Script
text/javascript 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211020/r20110914/elements/html/omrhp.js

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

67cf5c21bfc71ee46210832792237e4a6ccd99e5c7bc198b046a38c9167fd0ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:48:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 60
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 3128
x-xss-protection: 0
server: cafe
etag: 3658073882064373855
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 10 Nov 2021 04:48:10 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211020/r20110914/ Frame 005B 23 KB
9 KB 35ms
32ms Script
text/javascript 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211020/r20110914/abg_lite.js

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1f15dc13ebdca8972b7eeb648108b804feb40f890ae25cc14cf5a3b1379726a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:47:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 98
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 9298
x-xss-protection: 0
server: cafe
etag: 5575107075035495308
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 10 Nov 2021 04:47:32 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame BE0C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJzA-skMWdIU4205xRSYuyI&google_cver=1

43 B
894 B

13ms
12ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJzA-skMWdIU4205xRSYuyI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnoIxCA2vS7AhiA1ZG1ATAB&v=APEucNXvp86Fc0YJwkHacZB9nSGrKrnkULJucUEjqdxCcCwk18nXuE4RNH5lANBUL9Sspewb6AToFXHY1WvzV8R0S2d_zTAPGC3WW9RJqdb24hM83Elf2eSgqdu34mRRqlhkYlupVQPYllyY72DvGBhTf-NbHJjT_ELZno651p4K6-22aVPWNseQl3lyjcRUM59pxlAK6NNh
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 27 Oct 2021 04:49:10 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 27 Oct 2021 04:49:10 GMT

Redirect headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:10 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJzA-skMWdIU4205xRSYuyI&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame BE0C
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YXjaRpXQmuOuZY9HwJMH2wAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJzA-skMWdIU4205xRSYuyI&google_cver=1

43 B
894 B

13ms
13ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJzA-skMWdIU4205xRSYuyI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnoIxCA2vS7AhiA1ZG1ATAB&v=APEucNXvp86Fc0YJwkHacZB9nSGrKrnkULJucUEjqdxCcCwk18nXuE4RNH5lANBUL9Sspewb6AToFXHY1WvzV8R0S2d_zTAPGC3WW9RJqdb24hM83Elf2eSgqdu34mRRqlhkYlupVQPYllyY72DvGBhTf-NbHJjT_ELZno651p4K6-22aVPWNseQl3lyjcRUM59pxlAK6NNh
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 27 Oct 2021 04:49:10 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 27 Oct 2021 04:49:10 GMT

Redirect headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:10 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJzA-skMWdIU4205xRSYuyI&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame BE0C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEI0Z0rsXGyo_-WDcFjj3pYA&google_cver=1

0
578 B

13ms
13ms

Image
text/html

185.33.221.11
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEI0Z0rsXGyo_-WDcFjj3pYA&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPnoIxCA2vS7AhiA1ZG1ATAB&v=APEucNXvp86Fc0YJwkHacZB9nSGrKrnkULJucUEjqdxCcCwk18nXuE4RNH5lANBUL9Sspewb6AToFXHY1WvzV8R0S2d_zTAPGC3WW9RJqdb24hM83Elf2eSgqdu34mRRqlhkYlupVQPYllyY72DvGBhTf-NbHJjT_ELZno651p4K6-22aVPWNseQl3lyjcRUM59pxlAK6NNh

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.11 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 27 Oct 2021 04:49:10 GMT
X-Proxy-Origin: 216.131.111.15; 216.131.111.15; 733.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: b19db414-a7fc-4aaf-9b85-6c35cbfd1620
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:10 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEI0Z0rsXGyo_-WDcFjj3pYA&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BE0C
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjgwNTMyMzM3NDg4Njk3MTAzNg%3D%3D

170 B
188 B

34ms
34ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjgwNTMyMzM3NDg4Njk3MTAzNg%3D%3D

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 27 Oct 2021 04:49:10 GMT
X-Proxy-Origin: 216.131.111.15; 216.131.111.15; 733.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 94cf9d96-91b8-4456-b09a-ef005a545f45
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjgwNTMyMzM3NDg4Njk3MTAzNg%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 0C30 22 KB
8 KB 26ms
26ms Document
text/html 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Sun, 24 Oct 2021 15:12:34 GMT
expires: Mon, 24 Oct 2022 15:12:34 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 221796
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H3 200 index.html Show response
s0.2mdn.net/10774078/1632247700594/ Frame 9F53 13 KB
4 KB 61ms
29ms Document
text/html 142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/10774078/1632247700594/index.html

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7a9a8aa90d0074ce250c38c4aff4c1e20f86359aac6a401e3e4e6c179ceb0b43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /10774078/1632247700594/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 3759
date: Tue, 26 Oct 2021 09:00:08 GMT
expires: Wed, 27 Oct 2021 09:00:08 GMT
last-modified: Tue, 21 Sep 2021 18:08:20 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
age: 71342
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame C711 0
495 B 252ms
54ms Ping
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst2wJFHWCrpEqPimV2X7Q17SmAsujE9j39-ZSDHL-qVaE5apCABrqCMKW4UT9aXjtf18tPdXQ8hRjO6GZ9PFLnx-JBGsTnLBX31GtsMSpYP4eAumVf8j13O4W2E363E&sai=AMfl-YSgmjsAPBQUjb_BTBJe7pesOlRoY8m_j4Te3wfejWt1nQMdx0hxng6l1EQ-a-nq-A8gIipYSq7ltjujNmCGaj6LhzhtXpXj6gI7S4o&sig=Cg0ArKJSzGQs_23IQ0LYEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=329&cbvp=1&cstd=322&cisv=r20211020.24299&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Wed, 27 Oct 2021 04:49:10 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame ECCF 22 KB
8 KB 23ms
23ms Document
text/html 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Sun, 24 Oct 2021 15:12:34 GMT
expires: Mon, 24 Oct 2022 15:12:34 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 221796
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H3 200 index.html Show response
s0.2mdn.net/10774078/1632247291206/ Frame BCB2 13 KB
4 KB 53ms
26ms Document
text/html 142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/10774078/1632247291206/index.html

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2bb96ba8c0235c8edc63ca18df0e08d7309a2f2e8fddedd954a4101f1926ca6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /10774078/1632247291206/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 3720
date: Tue, 26 Oct 2021 09:00:21 GMT
expires: Wed, 27 Oct 2021 09:00:21 GMT
last-modified: Tue, 21 Sep 2021 18:01:31 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
age: 71329
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame BA07 0
60 B 237ms
54ms Ping
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstQRfDVFM0syl5qqCon-nzanc_i_S_1IDqdNP91UtFl0gyUTremhRdncKML1KUGcXx8qV5oi68q7olOgudoWM2mJo2IQDlHsQ6YLxKxR-QQ3gCOxS-nO9_qA6s7NG8Z&sai=AMfl-YQobuxuSW3oMTZ1n-aM-0eS57vhLvb5oJelXZwMmMeSQQiMX2CsHx8z7eNRqJ2yAmcabid7vrpU22GiK4UaijhGpCXAu-YNIcgspHQ&sig=Cg0ArKJSzE5Jiw9VFbYKEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=326&cbvp=1&cstd=320&cisv=r20211020.07237&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Wed, 27 Oct 2021 04:49:10 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
server: cafe

GET
DATA 200
OK truncated
/ Frame C711 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1ea093340e309d4719f15254233ef48c98cac30bd04fe0a753695fe4a07a3906

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame BA07 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 817fa7b0aa99fe856b3b57cff3130c824cd978f75a13ff217d6fbe6cfb3b7168

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 index.html Show response
s0.2mdn.net/10774078/1632248003745/ Frame DF60 13 KB
4 KB 26ms
26ms Document
text/html 142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/10774078/1632248003745/index.html

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

611f311b8a0a293169afde647bbdfbd362440a8c0d724d55aa6266a1817122d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /10774078/1632248003745/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 3743
date: Tue, 26 Oct 2021 09:00:28 GMT
expires: Wed, 27 Oct 2021 09:00:28 GMT
last-modified: Tue, 21 Sep 2021 18:13:23 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
age: 71322
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 1B11 0
23 B 1957ms
1926ms Ping
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvchnvEGPfUxIbeLS0SNS0viH8yynY05oYTaFSP3WlXcIrgZYV2qdUfDQof8663AebSB_Kd8a_A4ZVBAoCc8-HTE7dr9O0OTyO4wtTZChWd3uFiLnrBRdUifoFbUHaO&sai=AMfl-YTc1PxghvWMmQRv_hGj3c1JBa0gDhJCqr32IXA6pttaYEKkblCCJ7jwzQvo0NZB5FTaMXsX0TkZ3dq-ZC9ZxDu0a6MksjV4vxT856g&sig=Cg0ArKJSzPNB3jdaONZ4EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=462&cbvp=1&cstd=452&cisv=r20211020.84321&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Wed, 27 Oct 2021 04:49:12 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
server: cafe

GET
DATA 200
OK truncated
/ Frame 1B11 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fcbc98997915f827fa3bf4016a826578fadaaa481b7ad77a68af626d93694680

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 index.html Show response
s0.2mdn.net/10774078/1632247583250/ Frame 4D0C 13 KB
4 KB 62ms
32ms Document
text/html 142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/10774078/1632247583250/index.html

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3344d8e01236838797e394eb8fc67aee0a04981208db43b303c6029260b960aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /10774078/1632247583250/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 3727
date: Tue, 26 Oct 2021 09:01:25 GMT
expires: Wed, 27 Oct 2021 09:01:25 GMT
last-modified: Tue, 21 Sep 2021 18:06:23 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
age: 71266
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 005B 0
23 B 793ms
793ms Ping
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvLvb684ZViAIX25mn7XdZENmLEn5qCsDwBjUzo1AQbzmVSXbe2oJdec19tMFaZKVQoE_x8cYUimUKKHSqzN6ZKiJXMpB2bN1TdmLtJvj4jxr3Aj8iC6tCZRQJoDnSr&sai=AMfl-YSATMJhjIb1puBF5PrJUN06pF1ZpzCGin5YdujrsWmToKA4yXxdJ86NOTReLD4bqjpbFZRC95-990gsd2SakQ6YvondRcX2akIOaI8&sig=Cg0ArKJSzONSyVI9QKxoEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=581&cbvp=1&cstd=575&cisv=r20211020.81263&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Wed, 27 Oct 2021 04:49:11 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 7aea3848707ee5be685ed8455e4eee89.js Show response
s0.2mdn.net/10774078/1632247291206/ Frame BCB2 65 KB
17 KB 29ms
28ms Script
text/javascript 142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/10774078/1632247291206/7aea3848707ee5be685ed8455e4eee89.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247291206/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2bebd66fa14c28326d3bbeed6f458b834ff39ca2530282bb42dad895834712db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247291206/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 09:00:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71344
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17205
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:01:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 27 Oct 2021 09:00:06 GMT

GET
H3 200 d7f1c17162b23a1997e2a6527b94d5e7.js Show response
s0.2mdn.net/10774078/1632247700594/ Frame 9F53 65 KB
17 KB 26ms
25ms Script
text/javascript 142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/10774078/1632247700594/d7f1c17162b23a1997e2a6527b94d5e7.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247700594/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89fcc0375149a3f29180c96159cca98bffe1e6bbb2ba93727628c90ccaa91db5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247700594/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 09:00:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71346
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17207
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:08:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 27 Oct 2021 09:00:04 GMT

GET
DATA 200
OK truncated
/ Frame 005B 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 32c538c383b25666246f04d3fbe052c622e89a6844f72d8a2b307b7bed12c9b4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 rYsSliro57HlqQ0w1drzgXd5CbzCCwb6qdFIuIj2zIs.js Show response
pagead2.googlesyndication.com/bg/ Frame 8BB2 35 KB
13 KB 15ms
14ms Script
text/javascript 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/rYsSliro57HlqQ0w1drzgXd5CbzCCwb6qdFIuIj2zIs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ad8b12962ae8e7b1e5a90d30d5daf381777909bcc20b06faa9d148b888f6cc8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 21:18:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27023
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 13232
x-xss-protection: 0
last-modified: Tue, 19 Oct 2021 13:08:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Wed, 26 Oct 2022 21:18:47 GMT

GET
H3 200 rYsSliro57HlqQ0w1drzgXd5CbzCCwb6qdFIuIj2zIs.js Show response
pagead2.googlesyndication.com/bg/ Frame 733D 35 KB
13 KB 15ms
14ms Script
text/javascript 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/rYsSliro57HlqQ0w1drzgXd5CbzCCwb6qdFIuIj2zIs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ad8b12962ae8e7b1e5a90d30d5daf381777909bcc20b06faa9d148b888f6cc8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 21:18:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27023
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 13232
x-xss-protection: 0
last-modified: Tue, 19 Oct 2021 13:08:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Wed, 26 Oct 2022 21:18:47 GMT

GET
H3 200 rYsSliro57HlqQ0w1drzgXd5CbzCCwb6qdFIuIj2zIs.js Show response
pagead2.googlesyndication.com/bg/ Frame 0C30 35 KB
13 KB 19ms
18ms Script
text/javascript 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/rYsSliro57HlqQ0w1drzgXd5CbzCCwb6qdFIuIj2zIs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ad8b12962ae8e7b1e5a90d30d5daf381777909bcc20b06faa9d148b888f6cc8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 21:18:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27023
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 13232
x-xss-protection: 0
last-modified: Tue, 19 Oct 2021 13:08:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Wed, 26 Oct 2022 21:18:47 GMT

GET
H3 200 rYsSliro57HlqQ0w1drzgXd5CbzCCwb6qdFIuIj2zIs.js Show response
pagead2.googlesyndication.com/bg/ Frame ECCF 35 KB
13 KB 24ms
23ms Script
text/javascript 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/rYsSliro57HlqQ0w1drzgXd5CbzCCwb6qdFIuIj2zIs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ad8b12962ae8e7b1e5a90d30d5daf381777909bcc20b06faa9d148b888f6cc8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 21:18:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27023
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 13232
x-xss-protection: 0
last-modified: Tue, 19 Oct 2021 13:08:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Wed, 26 Oct 2022 21:18:47 GMT

GET
H3 200 8a93acd41770df562e6b15034558b1de.png
s0.2mdn.net/10774078/1632247291206/media/ Frame BCB2 39 KB
39 KB 26ms
26ms Image
image/png 142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632247291206/media/8a93acd41770df562e6b15034558b1de.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247291206/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6e5b59b8546c78c1b8a7683b7d6bc3784e7ea4005785f6e2ad2c40096c198f2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247291206/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 09:00:24 GMT
x-content-type-options: nosniff
age: 71327
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 40153
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:01:31 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 27 Oct 2021 09:00:24 GMT

GET
H3 200 686aaeb7afb5266ed94a8b6b114eeaed.svg
s0.2mdn.net/10774078/1632247291206/media/ Frame BCB2 7 KB
3 KB 34ms
33ms Image
image/svg+xml 142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632247291206/media/686aaeb7afb5266ed94a8b6b114eeaed.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247291206/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c35a8136a3c16c52265f3931d5304c9a932b58d366218afbd031fc300efb8695

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247291206/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 09:00:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71345
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 3102
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:01:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 27 Oct 2021 09:00:06 GMT

GET
H3 200 a55888eff24d1e07395d288bcd22afc0.svg
s0.2mdn.net/10774078/1632247291206/media/ Frame BCB2 3 KB
857 B 50ms
50ms Image
image/svg+xml 142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632247291206/media/a55888eff24d1e07395d288bcd22afc0.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247291206/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4cd018cf2827d277a354427d936c171099fa5d2fad6cb64a670f8a7bb58b5424

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247291206/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 09:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71327
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 831
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:01:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 27 Oct 2021 09:00:24 GMT

GET
H3 200 53129dad39b5c34cc29089587387d408.svg
s0.2mdn.net/10774078/1632247291206/media/ Frame BCB2 4 KB
1 KB 49ms
48ms Image
image/svg+xml 142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632247291206/media/53129dad39b5c34cc29089587387d408.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247291206/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c7e12ddef2af625e2132ca0494f7363668b3538798dffbde86cd5533e818749

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247291206/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 09:00:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71345
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1320
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:01:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 27 Oct 2021 09:00:06 GMT

GET
H3 200 fc83f287fbe43fd0e229fc7bf762d2df.svg
s0.2mdn.net/10774078/1632247291206/media/ Frame BCB2 931 B
518 B 54ms
53ms Image
image/svg+xml 142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632247291206/media/fc83f287fbe43fd0e229fc7bf762d2df.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247291206/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7d68350eaa58944f3129909e03b7baeb6f26a58e84a3cb1cbae567639cd66fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247291206/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 09:00:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71345
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 492
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:01:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 27 Oct 2021 09:00:06 GMT

GET
H3 200 42f6d5572686419cfa4025784801a59f.png
s0.2mdn.net/10774078/1632247700594/media/ Frame 9F53 25 KB
25 KB 38ms
37ms Image
image/png 142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632247700594/media/42f6d5572686419cfa4025784801a59f.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247700594/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2af0c96c9be155aa17b2bb5ff95473c66daf98e95b07cee733079a1c1447d7e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247700594/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 09:00:04 GMT
x-content-type-options: nosniff
age: 71347
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 25191
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:08:20 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 27 Oct 2021 09:00:04 GMT

GET
H3 200 dc29fbcf6c44415ccfec3ca884ee77f7.svg
s0.2mdn.net/10774078/1632247700594/media/ Frame 9F53 3 KB
867 B 41ms
41ms Image
image/svg+xml 142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632247700594/media/dc29fbcf6c44415ccfec3ca884ee77f7.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247700594/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ab25c6a17f3654f47c77617d2c89d7cdf480fb738fcaf16a63e863faadee00b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247700594/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 09:00:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71347
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 841
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:08:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 27 Oct 2021 09:00:04 GMT

GET
H3 200 7f58bedc07afcf437e72af2fa5a2ac69.svg
s0.2mdn.net/10774078/1632247700594/media/ Frame 9F53 6 KB
2 KB 38ms
37ms Image
image/svg+xml 142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632247700594/media/7f58bedc07afcf437e72af2fa5a2ac69.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247700594/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

91cf49c8559ba8967a0c9c72218e232ec1e520854279a85a78ce7742945b0e17

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247700594/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 09:00:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71347
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1619
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:08:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 27 Oct 2021 09:00:04 GMT

GET
H3 200 04bb30c261a900e19e7c98eeb3b61178.svg
s0.2mdn.net/10774078/1632247700594/media/ Frame 9F53 883 B
491 B 37ms
37ms Image
image/svg+xml 142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632247700594/media/04bb30c261a900e19e7c98eeb3b61178.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247700594/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

df93c481ac6360a9bcb5c646b2d668b11fb731b68a13c834292914917c9b385e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247700594/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 09:00:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71347
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 465
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:08:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 27 Oct 2021 09:00:04 GMT

GET
H3 200 3986f8998b9de996c13efdbf72a05970.svg
s0.2mdn.net/10774078/1632247700594/media/ Frame 9F53 7 KB
3 KB 36ms
35ms Image
image/svg+xml 142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632247700594/media/3986f8998b9de996c13efdbf72a05970.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247700594/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0007d23baa268a1cd61074407a65f5d2850f4f78a77d0cf141a0c0fdf8fc403f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247700594/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 09:00:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71347
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 3072
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:08:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 27 Oct 2021 09:00:04 GMT

GET
H3 200 d7f1c17162b23a1997e2a6527b94d5e7.js Show response
s0.2mdn.net/10774078/1632248003745/ Frame DF60 65 KB
17 KB 28ms
28ms Script
text/javascript 142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/10774078/1632248003745/d7f1c17162b23a1997e2a6527b94d5e7.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632248003745/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89fcc0375149a3f29180c96159cca98bffe1e6bbb2ba93727628c90ccaa91db5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632248003745/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 09:00:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71323
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17207
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:13:23 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 27 Oct 2021 09:00:28 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame BA07 0
23 B 533ms
532ms Ping
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstQRfDVFM0syl5qqCon-nzanc_i_S_1IDqdNP91UtFl0gyUTremhRdncKML1KUGcXx8qV5oi68q7olOgudoWM2mJo2IQDlHsQ6YLxKxR-QQ3gCOxS-nO9_qA6s7NG8Z&sai=AMfl-YQobuxuSW3oMTZ1n-aM-0eS57vhLvb5oJelXZwMmMeSQQiMX2CsHx8z7eNRqJ2yAmcabid7vrpU22GiK4UaijhGpCXAu-YNIcgspHQ&sig=Cg0ArKJSzE5Jiw9VFbYKEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1455&vt=11&dtpt=1129&dett=3&cstd=320&cisv=r20211020.07237&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Wed, 27 Oct 2021 04:49:12 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 d7f1c17162b23a1997e2a6527b94d5e7.js Show response
s0.2mdn.net/10774078/1632247583250/ Frame 4D0C 65 KB
17 KB 25ms
25ms Script
text/javascript 142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/10774078/1632247583250/d7f1c17162b23a1997e2a6527b94d5e7.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247583250/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89fcc0375149a3f29180c96159cca98bffe1e6bbb2ba93727628c90ccaa91db5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247583250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 09:01:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71262
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17207
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:06:23 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 27 Oct 2021 09:01:29 GMT

GET
H3 200 1527703ab5a330109a944d88df42ab6b.png
s0.2mdn.net/10774078/1632248003745/media/ Frame DF60 38 KB
38 KB 27ms
26ms Image
image/png 142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632248003745/media/1527703ab5a330109a944d88df42ab6b.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632248003745/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ccdb7185ec26c688f509c8d54f2e2e19db79a5cc03d740e2353f28ebc0b23f7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632248003745/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 09:00:29 GMT
x-content-type-options: nosniff
age: 71322
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 38462
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:13:23 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 27 Oct 2021 09:00:29 GMT

GET
H3 200 dc29fbcf6c44415ccfec3ca884ee77f7.svg
s0.2mdn.net/10774078/1632248003745/media/ Frame DF60 3 KB
869 B 35ms
34ms Image
image/svg+xml 142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632248003745/media/dc29fbcf6c44415ccfec3ca884ee77f7.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632248003745/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ab25c6a17f3654f47c77617d2c89d7cdf480fb738fcaf16a63e863faadee00b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632248003745/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 09:00:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71346
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 841
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:13:24 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 27 Oct 2021 09:00:05 GMT

GET
H3 200 04b808d268b3d1e7da409588a57ffeeb.svg
s0.2mdn.net/10774078/1632248003745/media/ Frame DF60 4 KB
1 KB 32ms
31ms Image
image/svg+xml 142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632248003745/media/04b808d268b3d1e7da409588a57ffeeb.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632248003745/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

28fdd9d726393af533cff49d0e127adf36798a883df2265053f7c016c023e902

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632248003745/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 09:00:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71322
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1379
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:13:23 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 27 Oct 2021 09:00:29 GMT

GET
H3 200 7ad1aca42ae6e16c7417211cdc9b0b71.svg
s0.2mdn.net/10774078/1632248003745/media/ Frame DF60 843 B
477 B 34ms
33ms Image
image/svg+xml 142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632248003745/media/7ad1aca42ae6e16c7417211cdc9b0b71.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632248003745/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ceb0c1e794d240abe8289e45a5188fd25f1131908370a0e526ea2c5bef406637

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632248003745/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 09:00:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71346
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 450
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:13:23 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 27 Oct 2021 09:00:05 GMT

GET
H3 200 3986f8998b9de996c13efdbf72a05970.svg
s0.2mdn.net/10774078/1632248003745/media/ Frame DF60 7 KB
3 KB 34ms
33ms Image
image/svg+xml 142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632248003745/media/3986f8998b9de996c13efdbf72a05970.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632248003745/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0007d23baa268a1cd61074407a65f5d2850f4f78a77d0cf141a0c0fdf8fc403f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632248003745/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 09:00:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71346
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 3072
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:13:23 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 27 Oct 2021 09:00:05 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame C711 0
23 B 2784ms
2784ms Ping
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst2wJFHWCrpEqPimV2X7Q17SmAsujE9j39-ZSDHL-qVaE5apCABrqCMKW4UT9aXjtf18tPdXQ8hRjO6GZ9PFLnx-JBGsTnLBX31GtsMSpYP4eAumVf8j13O4W2E363E&sai=AMfl-YSgmjsAPBQUjb_BTBJe7pesOlRoY8m_j4Te3wfejWt1nQMdx0hxng6l1EQ-a-nq-A8gIipYSq7ltjujNmCGaj6LhzhtXpXj6gI7S4o&sig=Cg0ArKJSzGQs_23IQ0LYEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1511&vt=11&dtpt=1182&dett=3&cstd=322&cisv=r20211020.24299&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Wed, 27 Oct 2021 04:49:14 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C711 42 B
64 B 50ms
28ms Fetch
image/gif 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssC3eDOdo-jfgiizgT7nmeu26cbTTXRC1oO-umwA_CsvSNd2Xas0-uIUmjbp6XXGSwBciiY-tTo8kEbdwG1ch_EOtfh0jpalTCNeGUjcpOy-yKxdDoJSQ&sai=AMfl-YQqCII6iKWrpJStDZK2D10Zzjz7sQVinPPenu6jGkozoEPh289nucDt5QnvPzEr0r5PIYGBF04htSxkgOOjMKlrLXen9OPeNhJoLrq-FlG-zj0sbpaybh7VvzaIUco&sig=Cg0ArKJSzFJZ6ptI-Pb2EAE&cid=CAASFeRoOE12AiTuYkSErhbIH-H9T9eoUQ&id=lidar2&mcvt=1076&p=166,436,256,1164&mtos=1076,1076,1076,1076,1076&tos=1076,0,0,0,0&v=20211025&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1840319393&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1635310149199&rpt=1240&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame BA07 42 B
64 B 44ms
27ms Fetch
image/gif 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuhYK-mHN4p8W6gvHLGk60rVSLQe5Z9IsloEzpSUl2Z2y746sCXp9-_U7VADxOvPEmSI4rfbhAeoqlGAImtqUwrC1SWeJRkHv9MqjJE7DZDSK6ZJ_oTqA&sai=AMfl-YQ3jcdK-YjG3iS_LH74V1UHGf6prOaoUbQ6s055HCWGcWY3x1W_mWZEDMJRgyZoECISVLrFHbZg2Ek91uALlL7cXiYgtC48-rKXbNqhN7fQwHrZ8hiBD9wr7raXswI&sig=Cg0ArKJSzD2vtmbHqMMAEAE&cid=CAASFeRokSleujRtWZVTDYKhXZgOTle9DQ&id=lidar2&mcvt=1045&p=958,1066,1208,1366&mtos=0,1045,1045,1045,1045&tos=0,1045,0,0,0&v=20211025&bin=7&avms=nio&bs=0,0&mc=0.97&if=1&app=0&itpl=20&adk=1870747140&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1635310149256&rpt=1271&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 e9439cabfef2fd5382d639fb72ad7f07.png
s0.2mdn.net/10774078/1632247583250/media/ Frame 4D0C 33 KB
33 KB 45ms
28ms Image
image/png 142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632247583250/media/e9439cabfef2fd5382d639fb72ad7f07.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247583250/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d04e265f592f9dd22e534707569ea81b46e9ebac59f22869f25b522b9b341f51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247583250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 09:00:03 GMT
x-content-type-options: nosniff
age: 71348
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 33754
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:06:23 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 27 Oct 2021 09:00:03 GMT

GET
H3 200 020c18acbfb89981b85c8d7af8a26899.svg
s0.2mdn.net/10774078/1632247583250/media/ Frame 4D0C 3 KB
860 B 40ms
26ms Image
image/svg+xml 142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632247583250/media/020c18acbfb89981b85c8d7af8a26899.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247583250/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78ade184ea09ec2b6fa1fbbe503999ad6d796c3257167f63fbf5975b2317284e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247583250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 09:00:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71348
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 830
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:06:23 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 27 Oct 2021 09:00:03 GMT

GET
H3 200 485947788e69126eba2048e7c2e8b050.svg
s0.2mdn.net/10774078/1632247583250/media/ Frame 4D0C 7 KB
2 KB 40ms
26ms Image
image/svg+xml 142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632247583250/media/485947788e69126eba2048e7c2e8b050.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247583250/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f84fe760c5f41a718116f581828a4118a07c55386683602ff8778a777bdc939c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247583250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 09:16:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 70389
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1698
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:06:23 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 27 Oct 2021 09:16:02 GMT

GET
H3 200 93e1148d6c00774a0115f589566781c8.svg
s0.2mdn.net/10774078/1632247583250/media/ Frame 4D0C 855 B
495 B 41ms
27ms Image
image/svg+xml 142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632247583250/media/93e1148d6c00774a0115f589566781c8.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247583250/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

479a8c676416b8e3bd723fcad11174a82b0f1d985317e65663a286b0365d6cf9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247583250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 09:00:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71348
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 462
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:06:23 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 27 Oct 2021 09:00:03 GMT

GET
H3 200 3986f8998b9de996c13efdbf72a05970.svg
s0.2mdn.net/10774078/1632247583250/media/ Frame 4D0C 7 KB
3 KB 40ms
26ms Image
image/svg+xml 142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/10774078/1632247583250/media/3986f8998b9de996c13efdbf72a05970.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/10774078/1632247583250/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0007d23baa268a1cd61074407a65f5d2850f4f78a77d0cf141a0c0fdf8fc403f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/10774078/1632247583250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 09:00:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71348
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 3072
x-xss-protection: 0
last-modified: Tue, 21 Sep 2021 18:06:23 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 27 Oct 2021 09:00:03 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 1B11 0
23 B 1290ms
1289ms Ping
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvchnvEGPfUxIbeLS0SNS0viH8yynY05oYTaFSP3WlXcIrgZYV2qdUfDQof8663AebSB_Kd8a_A4ZVBAoCc8-HTE7dr9O0OTyO4wtTZChWd3uFiLnrBRdUifoFbUHaO&sai=AMfl-YTc1PxghvWMmQRv_hGj3c1JBa0gDhJCqr32IXA6pttaYEKkblCCJ7jwzQvo0NZB5FTaMXsX0TkZ3dq-ZC9ZxDu0a6MksjV4vxT856g&sig=Cg0ArKJSzPNB3jdaONZ4EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1529&vt=11&dtpt=1067&dett=3&cstd=452&cisv=r20211020.84321&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Wed, 27 Oct 2021 04:49:13 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
server: cafe

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 005B 0
23 B 2805ms
2804ms Ping
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvLvb684ZViAIX25mn7XdZENmLEn5qCsDwBjUzo1AQbzmVSXbe2oJdec19tMFaZKVQoE_x8cYUimUKKHSqzN6ZKiJXMpB2bN1TdmLtJvj4jxr3Aj8iC6tCZRQJoDnSr&sai=AMfl-YSATMJhjIb1puBF5PrJUN06pF1ZpzCGin5YdujrsWmToKA4yXxdJ86NOTReLD4bqjpbFZRC95-990gsd2SakQ6YvondRcX2akIOaI8&sig=Cg0ArKJSzONSyVI9QKxoEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1562&vt=11&dtpt=981&dett=3&cstd=575&cisv=r20211020.81263&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Wed, 27 Oct 2021 04:49:14 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1B11 42 B
64 B 49ms
49ms Fetch
image/gif 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss-oNQWgxSOOugP17XwIqQ3xqCXsLDaGmPxxpe2u_pmXPWXcspoR3j-rQWpmDoyKr66DPZwZHXfWp-SuvQWWeAJUmsKx_xtrDW0ap5GHFiNIz9IRlmBXA&sai=AMfl-YRgp6PuckVMlPREMdKG7SYpTg86BL9RfMkZ7wban3jir2kxKoO_-v8RO9-HINVCX1v3yHVNtkwZEaSJJnCBYMuE6Rqs3Kv1091E0JBBlH2cCZCYUacU9-tt8AIfKAIN&sig=Cg0ArKJSzNkNgSxyLeGyEAE&cid=CAASFeRoU0L5c4L1IPnMrxifjjMzpvJF5Q&id=lidar2&mcvt=1044&p=1110,436,1200,1164&mtos=1044,1044,1044,1044,1044&tos=1044,0,0,0,0&v=20211025&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=784876494&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1635310149356&rpt=1402&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ca Show response
choices.trustarc.com/ Frame BA07 7 KB
3 KB 40ms
8ms Script
text/javascript 52.222.214.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.trustarc.com/ca?aid=hpeus01&pid=digitas01&cid=2&w=300&h=250&c=digitas01cont2&js=pmw1&base=te-clr1-4a77aa7c-d63e-467c-bdea-d1865aafd795
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.123 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-123.fra56.r.cloudfront.net
Software: nginx /
Resource Hash: 0bbeb2970c74a480086b41b3232691f1b0ce8559ff2348b45806ada22e0b2ad1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Oct 2021 09:06:55 GMT
content-encoding: gzip
server: nginx
age: 70937
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-pop: FRA56-P3
content-length: 2470
x-amz-cf-id: 2WUkatyqRXYnXH3KmfmUB5evxzZscaPu5HyJtnCGns3AkW3R2afAcg==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 ca Show response
choices.trustarc.com/ Frame BA07 38 KB
11 KB 40ms
9ms Script
text/javascript 52.222.214.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.trustarc.com/ca?aid=hpeus01&pid=digitas01&cid=2&w=300&h=250&c=digitas01cont2&js=pmw2
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.123 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-123.fra56.r.cloudfront.net
Software: nginx /
Resource Hash: e15a095adc9899b592ceccdd4885a3be3674a6bf6ec4be762566360424deb1f3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Oct 2021 09:10:46 GMT
content-encoding: gzip
server: nginx
age: 70706
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-pop: FRA56-P3
x-amz-cf-id: iUiA-JWDWCi8hE83DIIEiB1KnKCvJN-QIaHH2o5lTOnx_2OIT2FB-A==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 cap
choices.trustarc.com/ Frame BA07 43 B
384 B 154ms
124ms Image
image/gif 52.222.214.123
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/cap?aid=hpeus01&pid=digitas01&cid=2&w=300&h=250&c=77e1
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.123 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-123.fra56.r.cloudfront.net
Software: nginx /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:12 GMT
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA56-P3
x-cache: Miss from cloudfront
content-type: image/gif
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 43
x-amz-cf-id: b6mZI_fCKpMXGClsH69ssUrACBYAwFvkNUKr_KxAv15CCS5hSw1ppA==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 ca Show response
choices.trustarc.com/ Frame C711 7 KB
3 KB 71ms
11ms Script
text/javascript 52.222.214.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.trustarc.com/ca?aid=hpeus01&pid=digitas01&cid=2&w=728&h=90&c=digitas01cont8&js=pmw1&base=te-clr1-ebf4418c-8cb4-4064-8843-ae7cbebcebb1
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.123 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-123.fra56.r.cloudfront.net
Software: nginx /
Resource Hash: e67175b5a73d67fa530e3875f979677cc0404bdf929b25d6d856a72713399fe1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Oct 2021 09:07:07 GMT
content-encoding: gzip
server: nginx
age: 70925
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-pop: FRA56-P3
content-length: 2412
x-amz-cf-id: MPgUlgKlkdMv83kxEzE95F6Lzh-1RnHMjOXyJ2M_Ek4rVK92h-r6eA==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 ca Show response
choices.trustarc.com/ Frame C711 38 KB
11 KB 28ms
11ms Script
text/javascript 52.222.214.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.trustarc.com/ca?aid=hpeus01&pid=digitas01&cid=2&w=728&h=90&c=digitas01cont8&js=pmw2
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.123 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-123.fra56.r.cloudfront.net
Software: nginx /
Resource Hash: e15a095adc9899b592ceccdd4885a3be3674a6bf6ec4be762566360424deb1f3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Oct 2021 09:09:31 GMT
content-encoding: gzip
server: nginx
age: 70781
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-pop: FRA56-P3
x-amz-cf-id: oK1W1P3X9pR7qVUEUImoSOe0LPjnSpsUF5VZcgp4tJE_ubLVkzTffA==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 cap
choices.trustarc.com/ Frame C711 43 B
384 B 146ms
129ms Image
image/gif 52.222.214.123
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/cap?aid=hpeus01&pid=digitas01&cid=2&w=728&h=90&c=d7e0
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.123 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-123.fra56.r.cloudfront.net
Software: nginx /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:12 GMT
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA56-P3
x-cache: Miss from cloudfront
content-type: image/gif
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 43
x-amz-cf-id: T8jzS49yAONUrnkuYcJS82pjWQByYqsWyszdXVzfUs5d5g9ypkz5Dg==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/ib/static/usersync/v3/ Frame 01E3 995 B
1 KB 78ms
9ms Document
text/html 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by: Host: d3terveqlssriz.cloudfront.net
URL: https://d3terveqlssriz.cloudfront.net/script.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.13.10 /
Resource Hash: 8730c26defc411dd8a51f1da47e5ae3804fab6868f7914a26b09d8e0791bbe39

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.upi.com/
Accept-Encoding: gzip, deflate, br
Cookie: icu=ChgI1LJ5EAoYASABKAEww7TjiwY4AUABSAEQw7TjiwYYAA..; uuid2=6805323374886971036
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/

Response headers

Connection: keep-alive
Content-Length: 506
Server: nginx/1.13.10
Content-Type: text/html
Last-Modified: Fri, 20 May 2016 02:07:09 GMT
ETag: W/"573e714d-3e3"
Expires: Thu, 06 May 2021 05:24:22 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Wed, 27 Oct 2021 04:49:12 GMT
Age: 15031488
X-Served-By: cache-lga21980-LGA, cache-hhn4034-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 194520, 617845
X-Timer: S1635310153.757081,VS0,VE0
Vary: Accept-Encoding

GET
H2 200 iframe Show response
mantodea.mantisadnetwork.com/prebid/ Frame 579A 249 B
486 B 106ms
106ms Document
text/html 3.214.91.80
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://mantodea.mantisadnetwork.com/prebid/iframe?tz=0&buster=1635310146198&secure=true&version=9&mobile=false&title=Top%20News%2C%20Latest%20headlines%2C%20Latest%20News%2C%20World%20News%20%26%20U.S%20News%20-%20UPI.com&url=https%3A%2F%2Fwww.upi.com%2F
Requested by: Host: d3terveqlssriz.cloudfront.net
URL: https://d3terveqlssriz.cloudfront.net/script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.214.91.80 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-214-91-80.compute-1.amazonaws.com
Software: / Express
Resource Hash: dc951144fc5f668dd655502971f68d2918ab5ef9a2a9dae55495e9d75d15d9e9

Request headers

:method: GET
:authority: mantodea.mantisadnetwork.com
:scheme: https
:path: /prebid/iframe?tz=0&buster=1635310146198&secure=true&version=9&mobile=false&title=Top%20News%2C%20Latest%20headlines%2C%20Latest%20News%2C%20World%20News%20%26%20U.S%20News%20-%20UPI.com&url=https%3A%2F%2Fwww.upi.com%2F
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.upi.com/
accept-encoding: gzip, deflate, br
cookie: uuid=1d0a9970-e1b6-4c52-accc-3d55d0edaa6d
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/

Response headers

date: Wed, 27 Oct 2021 04:49:12 GMT
content-type: text/html; charset=utf-8
content-length: 249
x-powered-by: Express
vary: Origin
access-control-allow-credentials: true
cache-control: private, no-cache, no-store, must-revalidate
pragma: no-cache
expires: -1
etag: W/"f9-295zhhtPYkfK7MZrjwmaqyvHa3U"

GET
H/1.1 200
OK check.html Show response
biddr.brealtime.com/ Frame 9BCF 926 B
1 KB 85ms
14ms Document
text/html 104.17.120.107
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://biddr.brealtime.com/check.html
Requested by: Host: d3terveqlssriz.cloudfront.net
URL: https://d3terveqlssriz.cloudfront.net/script.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.17.120.107 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202

Request headers

Host: biddr.brealtime.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.upi.com/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/

Response headers

Date: Wed, 27 Oct 2021 04:49:12 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-id-2: 2TD5OEfqfjS9CNHZUGEUedwrWQtgI/Xd5RpLYgs6EBR8ltTENExU73kcWKY926avuCfxE3nwZRQ=
x-amz-request-id: 54CCC725FBDDCF53
Last-Modified: Tue, 08 Sep 2020 13:51:51 GMT
CF-Cache-Status: HIT
Age: 6890
Expires: Wed, 27 Oct 2021 04:50:12 GMT
Cache-Control: public, max-age=60
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 6a494be6dbef7163-DUS
Content-Encoding: gzip

GET
H2 200 sync Show response
pre.ads.justpremium.com/v/1.0/t/ Frame 4E92 4 KB
4 KB 28ms
28ms Document
text/html 3.126.160.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pre.ads.justpremium.com/v/1.0/t/sync?_c=aajerxk1635310146926
Requested by: Host: d3terveqlssriz.cloudfront.net
URL: https://d3terveqlssriz.cloudfront.net/script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.126.160.98 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-160-98.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 904dd5ba4c996aa13ceb7062743473e8b8683efed192456e130a9f130e6cdd1b

Request headers

:method: GET
:authority: pre.ads.justpremium.com
:scheme: https
:path: /v/1.0/t/sync?_c=aajerxk1635310146926
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.upi.com/
accept-encoding: gzip, deflate, br
cookie: jpxumaster=r-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836; jpxsession=r-847fc957-c6e7-47ec-af13-50e4e9505df7-66521-65170040; jpxuuid=r-07ae432c-1bda-447c-8e0f-9d173aaa16b6-66521-65199326; 112681_422054=0_0_0; 122885_458163=0_0_0; 122885_476826=0_0_0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/

Response headers

date: Wed, 27 Oct 2021 04:49:12 GMT
content-type: text/html; charset=utf-8
cache-control: public, no-cache, no-store, must-revalidate
set-cookie: OX_u=; max-age=-1635310152.717; expires=Thu Jan 01 1970 00:00:00 GMT+0000 (Coordinated Universal Time); path=/; domain=.justpremium.com; SameSite=None; Secure; jpxumaster=r-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836; max-age=2592000; expires=Fri Nov 26 2021 04:49:12 GMT+0000 (Coordinated Universal Time); path=/; domain=.justpremium.com; SameSite=None; Secure;

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame E13F 38 KB
14 KB 86ms
8ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: d3terveqlssriz.cloudfront.net
URL: https://d3terveqlssriz.cloudfront.net/script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e2cdec10db9a0a224e9f5e49b6f004c5426564fb8d857ad3df480e9c916bafe6

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.upi.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/

Response headers

last-modified: Tue, 19 Oct 2021 10:00:01 GMT
etag: "1302647-96ae-5ceb1b98ba7c4"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13882
content-type: text/html; charset=UTF-8
cache-control: public, max-age=122354
expires: Thu, 28 Oct 2021 14:48:26 GMT
date: Wed, 27 Oct 2021 04:49:12 GMT
vary: Accept-Encoding

GET
H2 200 ca Show response
choices.trustarc.com/ Frame 1B11 7 KB
3 KB 17ms
16ms Script
text/javascript 52.222.214.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.trustarc.com/ca?aid=hpeus01&pid=digitas01&cid=2&w=728&h=90&c=digitas01cont8&js=pmw1&base=te-clr1-ebf4418c-8cb4-4064-8843-ae7cbebcebb1
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.123 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-123.fra56.r.cloudfront.net
Software: nginx /
Resource Hash: e67175b5a73d67fa530e3875f979677cc0404bdf929b25d6d856a72713399fe1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Oct 2021 09:07:07 GMT
content-encoding: gzip
server: nginx
age: 70925
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-pop: FRA56-P3
content-length: 2412
x-amz-cf-id: f3ORZ_63bofNK6RleaOIWryx1dBLqZXxy-zufhJNIlDzA8chBi05FQ==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 ca Show response
choices.trustarc.com/ Frame 1B11 38 KB
11 KB 19ms
19ms Script
text/javascript 52.222.214.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.trustarc.com/ca?aid=hpeus01&pid=digitas01&cid=2&w=728&h=90&c=digitas01cont8&js=pmw2
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.123 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-123.fra56.r.cloudfront.net
Software: nginx /
Resource Hash: e15a095adc9899b592ceccdd4885a3be3674a6bf6ec4be762566360424deb1f3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Oct 2021 09:09:31 GMT
content-encoding: gzip
server: nginx
age: 70781
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-pop: FRA56-P3
x-amz-cf-id: a9yRB3Juev2EL75LLFnyp2Jo37bUlKG8qJPs3blHCkzLzMEfGFfVYA==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 cap
choices.trustarc.com/ Frame 1B11 43 B
383 B 124ms
124ms Image
image/gif 52.222.214.123
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/cap?aid=hpeus01&pid=digitas01&cid=2&w=728&h=90&c=fd0a
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.123 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-123.fra56.r.cloudfront.net
Software: nginx /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:12 GMT
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA56-P3
x-cache: Miss from cloudfront
content-type: image/gif
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 43
x-amz-cf-id: M-iI-8uBgIU3DMrsmhKcUi8Bx27zKNPmt7AwZng8XAG8THY-mTj36g==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0C30 0
20 B 3651ms
3650ms Image
image/gif 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BvaS1Rdp4YYa0MsmKjuwPoJ2rsAEAAAAAOAHgBAI&bg=!0dKl0pbNAAbUs_yW1LM7ACkAdvg8WuvnCPx85_SZ17hwCuF0G2TUHnPzswDnrSCsKY0b7hOjj8wsCgIAAASVUgAAAI5oAQeZAuu8i72f0lFTSV_CDGd7itiMq0Vo9SjuCmX_6mknSg1tmR7aXI-8Fq7Zsbjgb1f1XYMoM6RRCBMIoH7bmy90CEdytoOHcFdgCW_9Xo-1ygVAaTu7R8StVHMr-szAI8VoeyQirg4ryfI7D7Hk7QAlREf1dHVspqo3S_9RFpRE-iHD998kwPw3E8S22l5upLmY-rZSAVwMZ_-QMUVhnfVvYBoLE_Qs9qdJ0SECX3jATg5jzQOfoXavaLg7Yb1_I_mtnAFygwC3A1GoWdyPzP-rrMhoJJcnQu6qo5qHQGvwgx-jZeAso-wYNK1X8wCorsMXfrqxff40PzZyy8uEOFBcJOh73lYrIoPNPSXg5DBMd43YRcR1-S4V9lYvy8x_qEGqVcV7fFEX3EczyNHl3cKn8wsjrZLKQ0zGbSoCkAwLAUlSw3pt9jX4idPEAU2Y4gN2g3aKHLVusyjytniLaMhLKY24DcYMH-5XzEGWv47Usa83MgIZ5I-_eay0dOzdr4bIY5GfSS2hfBDGPBYIEBSA0m875AjXHlX_hlzZtT6gh-OQmpUTq-bQMlyzCVhVe51r1Q2Ev_t2Ii11jWxIlk01fGblPns5G4beBL1d9pjdfU2gIrF-MJjXHP5_nValsNSz1YMwb8dmPaGEBl9pJHtCajiCmjSC9FcwMl-AwUZgVoQ4JSM61410mo-bQ1MhmuLd8ZupzgXBA4_UWVW7d20Rg2mlcko3Gb5fGWuah-wrQIxpfhBYJSaLNB1VO8si1rlS8V-oyGoEkWqAaAqUH1oi40DZP_2rrw0xIE0WXNTTXjFH7Ar9th-KvkZzJ2tIVlDSEoZ3I4ospao0bUTFJcKIGcKaBtXAs59CN2FxHIpqmXz2wMg0_2eYN-_ec-i4c9oxJ_NTaOLkqJRuw2jNZnmv5u4BW0jvM77MvMy5Mc6WJN0_QPNYLeg-JLOpEJr3f7bh58iG_RCeACq_NeULaIE_bmxa23ieyzfVPpk_2rM

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:16 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8BB2 0
0 6726ms
6726ms Image
image/gif 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BpkM-Rdp4YYnvLKKrrASYw5v4DgAAAAA4AeAEAg&bg=!LS6lLmrNAAbUs_yW1LM7ACkAdvg8WllrkRAl-nqyaQ98lM86M690sxK_Mvimb4-RXYDpTyOOdIPh8wIAAAUwUgAAARNoAQeZAwGkMZkcWWzXaTs9kMJC8aijUmt3OyggH4LvTwMY838ykdimXwb3-h0Sxl5BRO9o7nKLn-zvctmWEbjyn7WUKc4T0L-4ed7LAPw6Dr1OuugBzypWj0iZDFy9xUAHBOqbJ61X-sYA2qPbSsuD0scHaedE3g7A5MHMFEw7S12P_oluYbKpvXOGoGTdumst552AgpOl8Dz3DFvYHqqVY532ZzwK1NvxPFEm50fzDgde37DoPbXwdQ1pkmbs76xksN8jH4hQk1RS8CcYjZxo_40Xa3J1nbUs-1iWRFNi2cxq1dR37hCZEgGx3G2KhoMnH2XoTGTlvDvS-y4b18c8VMbEqcbt9lYrVSxmnSzfpA9Nb5hrsIWGAZSCg-ZrkmlyQJ4-0Mq5nZ949t7szcFhDtoujuaSzV_Qr4eSbBmaSOAwgwxVxoyNjWRAMRpXV1D6Crm-sU2YSV9rsgTwnKynGL34SI8pmrE6Yc8UdjQqk0qElCHdFeRlp-Ibrng3Kf6psFjUV5liESMj-sYrrBg_VihjA2P2me0NO6--l27aBtzJSBTazatTFXfpjQDtwU-MgjvRTHUtkSsjN-UfpYw6-ZaokKiCv8CuSkcCg5IzOxCB8TwMVxaXS19pO9nPvyZusLlljPbqNmmZFRBsfdnpfuIdNyWpHEGhS8q2_i9v01J7ym_I4Xy1LPhqauUuwf0Sb7bNBnqjDXlZV28UNB-CtOS87JI6NrpwTmLe0Hg2u_6fV8ziVjj4hTOUahhIAA3JaHsqxgX6xFQa0MGrnEFxUKkIy_WYzMimc7cEu-o3TSsjn8DPGikNmIAWH58t0ziG1NzrNEqRzfN0ks7qZNOoc4V-XBN4KzfUNS-xGu0Cj9_RhTL8CspXXCNnQ_oTweWVB52XMy0KdWcjWmBN5KeaCYWfGoAlKc8sPYeVr4MpSqOP3riQNIqmLb4zaPrYgk8sfPB9IHakbxPaZo9HIXb3gk9SRz3FlEJpOtXop2GSkNYgF_xiz2RFuky-h1PfuHwMJsZoUEai

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:19 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 733D 0
20 B 1673ms
1670ms Image
image/gif 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BGixwRdp4YbzlLpre3wPquJuQBQAAAAA4AeAEAg&bg=!CAulC0_NAAbUs_yW1LM7ACkAdvg8Wgc5pVN-0GI8nAEEjixDjLrzZTxiY8WOEzNwKCKn7DiHFyAzjAIAAASDUgAAAYloAQcKAAoqJLOaIyx7rAG6mQLyV_lVaAUegCrlvYsUNsrqdrMpxVfP5i5kWhiq4qqr8PJP69Cc4UnfAdNowy2RqiWDzdnuzMx96GUDPMVOWbmm5QjrGYvWL3CbDmHZlgX9bpsbCcXuSHEngdD6n-IJWgV08QTRL3l1K0BxqvoS2eFeoYQDqcVQEKQUjO8uoW5imFdlnG15s5uIWjicPJPuMGiTF-U97Ldm0fYjtBU-zKbJscMOW01R7dtpEaTYjB0RSaO_ycAFcouoZgU-f8SR3BHaq1ORi62j9uXef-WwWilSnILlQTRy7rVV1d2gHlVplTD2VP9IyNI4B5Qk5K4kfDynHp121BbfH_EHrj_9S_Bdmh4oL7qScGUEEKOhBaEVrqvZCVFr-BgJB7Lls0nIUi3WR39AEwq5fdxX-xFOxKiO_Aagmq9uFXbH-WtADrf-cJO_ifYtLaRtp_pGTIt3WvY-vZV3nMS384BPsXDz8Gy1JQxGIGbg-Rs4lmmdkbHigGbMzIsqxvnD_WX135BmxNkrS4IvNplA0O_1DbKtDe8Hx_ADhNDR2DqMYHEo2pKi5xyKIbGGmeKup_hnIG9XWPI-MOFmhr3-P1OsAD5mXk7cAyWBUpj1kaIKrdmR05lKQ9w2QVl8Wwmr3CNR0_Q3X2_d1lf_TatRAvc86pG-qcdhN6OjUO0VYgd0bgCtTadCVE6RR8Ap1k8rMgxtduCdhrI9lF3bTQVMSVXZWVh_RDc8hEQWxXKQ0qaIRrtdx8u7L3EM3MU5EU7y5OscQJFioKARSdevqtv8ChmTp7GCcfBd6HwNtM9QeMcR35BI8ZHDmpZ1rvXGfri0z_w32YJzhOgs-Vb9liKm1Nk-xIz4mNb717UnBfXbstmjrJSn9u2TqYjQLiPLSk56XlUF9lzEIswFg2caa_8h5Xfl4L9swB55z3bX1DLVspwMXHOjAuUdg7cu9-dm3NVGGslBWCL2rBlnPSW_3NjtMfbCzzkGTIhl87tdP-IQ4lhu9ykXkGyT6ZBpZQ

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm Show response
u.openx.net/w/1.0/ Frame 385D 1 KB
992 B 85ms
36ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/cm?gdpr=0&gdpr_consent=&id=fa4f7893-4738-4b38-9fc3-0dca639c806d&ph=26e53f82-d199-49df-9eca-7b350c0f9646&r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fox%3Frid%3Dr-6496db2f-7e91-476d-aa64-2f4d212be258-5315-241795146%26jp_uid%3Dr-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836%26ex_uid%3D
Requested by: Host: pre.ads.justpremium.com
URL: https://pre.ads.justpremium.com/v/1.0/t/sync?_c=aajerxk1635310146926
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.217.1 /
Resource Hash: 21ef6841a3e64cc0cf64017cad146d08c49fe8b8cbb1c83fd38fbb223415fce8

Request headers

:method: GET
:authority: u.openx.net
:scheme: https
:path: /w/1.0/cm?gdpr=0&gdpr_consent=&id=fa4f7893-4738-4b38-9fc3-0dca639c806d&ph=26e53f82-d199-49df-9eca-7b350c0f9646&r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fox%3Frid%3Dr-6496db2f-7e91-476d-aa64-2f4d212be258-5315-241795146%26jp_uid%3Dr-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836%26ex_uid%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://pre.ads.justpremium.com/
accept-encoding: gzip, deflate, br
cookie: i=3ad096da-0fcf-0160-3002-f1ddbe1cce8c|1635310147
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://pre.ads.justpremium.com/

Response headers

vary: Accept, Accept-Encoding
set-cookie: i=3ad096da-0fcf-0160-3002-f1ddbe1cce8c|1635310147; Version=1; Expires=Thu, 27-Oct-2022 04:49:13 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1635310153|mOgeginskin0vNomiygu; Version=1; Expires=Thu, 11-Nov-2021 04:49:13 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.217.1
p3p: CP="CUR ADM OUR NOR STA NID"
date: Wed, 27 Oct 2021 04:49:13 GMT
content-type: text/html
content-length: 674
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H/1.1 200
OK Cookie set usermatch Show response
ssum.casalemedia.com/ Frame 694B 2 KB
3 KB 90ms
31ms Document
text/html 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum.casalemedia.com/usermatch?s=189872&cb=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fie%3Fjp_uid%3Dr-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836%26ex_uid%3D
Requested by: Host: pre.ads.justpremium.com
URL: https://pre.ads.justpremium.com/v/1.0/t/sync?_c=aajerxk1635310146926
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 39dd16ba95f1fe23e05dc73c3b156dbb6c515812273c1fd54a55dfa40746d73d

Request headers

Host: ssum.casalemedia.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://pre.ads.justpremium.com/
Accept-Encoding: gzip, deflate, br
Cookie: CMID=YXjaRpXQmuOuZY9HwJMH2wAA; CMPS=3222; CMPRO=1156; CMST=YXjaRmF42kYA; CMRUM3=2d6178da462760CAESEJzA-skMWdIU4205xRSYuyI
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://pre.ads.justpremium.com/

Response headers

Server: Apache
Content-Type: text/html
Dropped-Udsids: 39|241|230|73|10|191|88|206
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Content-Length: 1724
Expires: Wed, 27 Oct 2021 04:49:13 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 27 Oct 2021 04:49:13 GMT
Connection: keep-alive
Set-Cookie: CMID=YXjaRpXQmuOuZY9HwJMH2wAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Thu, 27 Oct 2022 04:49:13 GMT CMPS=3222;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Tue, 25 Jan 2022 04:49:13 GMT CMPRO=1156;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Tue, 25 Jan 2022 04:49:13 GMT CMRUM3=f16178da4905a0&e66178da492760&586178da4905a0&ce6178da4905a0&2d6178da462760CAESEJzA-skMWdIU4205xRSYuyI&bf6178da4905a0&0a6178da4927600&496178da4905a0&276178da490b40;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Thu, 27 Oct 2022 04:49:13 GMT CMST=YXjaRmF42kkA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Thu, 28 Oct 2021 04:49:13 GMT

GET
H2

200

id
match.justpremium.com/match/ Frame 4E92
Redirect Chain

https://ad.360yield.com/server_match?r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fid%3Frid%3Dr-6496db2f-7e91-476d-aa64-2f4d212be258-5315-241795146%26jp_uid%3Dr-993e210b-caae-4d31-8341-5b7a990a1e...
https://ad.360yield.com/ul_cb/server_match?r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fid%3Frid%3Dr-6496db2f-7e91-476d-aa64-2f4d212be258-5315-241795146%26jp_uid%3Dr-993e210b-caae-4d31-8341-5b7a...
https://match.justpremium.com/match/id?rid=r-6496db2f-7e91-476d-aa64-2f4d212be258-5315-241795146&jp_uid=r-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836&ex_uid=e9f5e252-1313-4f3a-a36f-893c110b...

43 B
201 B

9ms
9ms

Image
image/gif

3.126.160.98
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.justpremium.com/match/id?rid=r-6496db2f-7e91-476d-aa64-2f4d212be258-5315-241795146&jp_uid=r-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836&ex_uid=e9f5e252-1313-4f3a-a36f-893c110b039c&partner_id=2
Requested by: Host: pre.ads.justpremium.com
URL: https://pre.ads.justpremium.com/v/1.0/t/sync?_c=aajerxk1635310146926
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.126.160.98 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-160-98.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pre.ads.justpremium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:13 GMT
content-length: 43
content-type: image/gif

Redirect headers

location: https://match.justpremium.com/match/id?rid=r-6496db2f-7e91-476d-aa64-2f4d212be258-5315-241795146&jp_uid=r-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836&ex_uid=e9f5e252-1313-4f3a-a36f-893c110b039c&partner_id=2
date: Wed, 27 Oct 2021 04:49:13 GMT
access-control-allow-origin: *
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2

200

an
match.justpremium.com/match/ Frame 4E92
Redirect Chain

https://ib.adnxs.com/getuid?https://match.justpremium.com/match/an?rid=r-6496db2f-7e91-476d-aa64-2f4d212be258-5315-241795146&jp_uid=r-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836&ex_uid=$UID
https://match.justpremium.com/match/an?rid=r-6496db2f-7e91-476d-aa64-2f4d212be258-5315-241795146&jp_uid=r-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836&ex_uid=6805323374886971036

43 B
198 B

51ms
0ms

Image
image/gif

3.126.160.98
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.justpremium.com/match/an?rid=r-6496db2f-7e91-476d-aa64-2f4d212be258-5315-241795146&jp_uid=r-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836&ex_uid=6805323374886971036
Requested by: Host: pre.ads.justpremium.com
URL: https://pre.ads.justpremium.com/v/1.0/t/sync?_c=aajerxk1635310146926
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.126.160.98 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-160-98.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pre.ads.justpremium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:13 GMT
content-length: 43
content-type: image/gif

Redirect headers

Pragma: no-cache
Date: Wed, 27 Oct 2021 04:49:13 GMT
X-Proxy-Origin: 216.131.111.15; 216.131.111.15; 733.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: ff62a1d5-b71f-437f-9702-3d5b28224f2e
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://match.justpremium.com/match/an?rid=r-6496db2f-7e91-476d-aa64-2f4d212be258-5315-241795146&jp_uid=r-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836&ex_uid=6805323374886971036
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

un
match.justpremium.com/match/ Frame 4E92
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=justpremium&redir=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fun%3Frid%3Dr-6496db2f-7e91-476d-aa64-2f4d212be258-5315-241795146%26jp_uid%3Dr-993e210b-caae-...
https://match.justpremium.com/match/un?rid=r-6496db2f-7e91-476d-aa64-2f4d212be258-5315-241795146&jp_uid=r-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836&ex_uid=OPTOUT

43 B
201 B

11ms
11ms

Image
image/gif

3.126.160.98
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.justpremium.com/match/un?rid=r-6496db2f-7e91-476d-aa64-2f4d212be258-5315-241795146&jp_uid=r-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836&ex_uid=OPTOUT
Requested by: Host: pre.ads.justpremium.com
URL: https://pre.ads.justpremium.com/v/1.0/t/sync?_c=aajerxk1635310146926
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.126.160.98 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-160-98.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pre.ads.justpremium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:13 GMT
content-length: 43
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:13 GMT
server: Tengine
etag: OPTOUT
content-type: text/html
location: https://match.justpremium.com/match/un?rid=r-6496db2f-7e91-476d-aa64-2f4d212be258-5315-241795146&jp_uid=r-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836&ex_uid=OPTOUT
cache-control: no-store, no-cache, must-revalidate
expires: 0

GET
H2

200

gg
match.justpremium.com/match/ Frame 4E92
Redirect Chain

https://rtb.gumgum.com/getuid/jp?r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fgg%3Fjp_uid%3Dr-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836%26ex_uid%3D%5BUID%5D&us_privacy=
https://match.justpremium.com/match/gg?jp_uid=r-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836&ex_uid=e_c9834dae-12fd-4ffe-9115-46c5eb37d7fd

43 B
201 B

9ms
9ms

Image
image/gif

3.126.160.98
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.justpremium.com/match/gg?jp_uid=r-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836&ex_uid=e_c9834dae-12fd-4ffe-9115-46c5eb37d7fd
Requested by: Host: pre.ads.justpremium.com
URL: https://pre.ads.justpremium.com/v/1.0/t/sync?_c=aajerxk1635310146926
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.126.160.98 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-160-98.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pre.ads.justpremium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:13 GMT
content-length: 43
content-type: image/gif

Redirect headers

location: https://match.justpremium.com/match/gg?jp_uid=r-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836&ex_uid=e_c9834dae-12fd-4ffe-9115-46c5eb37d7fd
date: Wed, 27 Oct 2021 04:49:13 GMT
p3p: CP="This is not a P3P policy"
server: nginx
timing-allow-origin: *
content-length: 0
content-language: de-DE

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame ECCF 0
20 B 3138ms
3136ms Image
image/gif 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B_hzqRdp4YaWQOo2NjuwP5qS7sAUAAAAAOAHgBAI&bg=!Xl2lXRnNAAbUs_yW1LM7ACkAdvg8WgaSjpcSm2tibEhkxLgS7T5p7z7Imy6W7cw2Q7OviZ9V8vqYTwIAAAWyUgAAADhoAQeZAw421DkrUj_k3PQ7HamynEEgEDJ44DJ6yColpEH3lDJgpdeufmktodEgJGO_b_8YDykYVKubOpTkYtHqrZiFpyBtLHfyiv8znXXABrUGhklXBRJx66-1fBneC_bgQzUVCortznToCcGWCSwXB3sy0UzbESDcArRhH2DlGyy7DF9w8Yw4cKOx7ZTsnVa_Kd9u9O5PRGp7bI6KilOSKKbdORuMa6_pl70o0iYBXmlC3KwKaRfwZpgLmiHK9A4VgwdeCqQtf0-6pvu-1QbAEKxdLt7O_1hFs_-C7BHJX3MKEFJGnNBJBv65wAYxqaztLHwacEmf1wixjFIVIHJObTRBxIv-JNj1M8E8Qtl1vrvoCUCPPVRWBz2AILCkebDiF2wpNb_nNaEOE6EiiXDCZnT8A0AzDn-ThTGq0t-681oWNDIwIHN51p8ocAtP4559kXM4yGIJieEdnBy5kzPjfHQA4TJsjzTEKmzKklqFojGx38hJa9E0qdTuZZyyrZeWeN-5mku2yy-eYN0gwu9fuBnXhV62OzcvqfSg27R6jKlzFBRv7WFmkXdgGnJxpv_KS06nLpgmgQV917nZw42ewsJKDWo4wQTFYtJgZFZdsYXGi6F1Twq_i2RHM3_bd-_nQJKKWbqYMEGesEeeIrSZmYcD9_XC41qdw6R4sfi_mYoqD7RI3iMIMw0PyaX4DOo5AIb8iyQJPVBn3Z3j-oN52YZa_IKF2lIMNqaICY-CNYmgvvTtVquoK3r7uZOmmikKpLvBqkqaNkep2bKJpQet2MvRvk9YgMRTNjH-3K0wxijVOvzqa_dlnzEdOsmbY-IZCOrSxQFAsBOnM2rJmv0C39GCi5Kz_yb1bR5LAu5fhwVql6yakhXCLxQCnc0pnh0oSgH7JFHyuXX4uc1xR_crlugKYdO8ti_1xr4q15jJaJCGf_ddgGEbf_zXLxRHWA_3-r3lMXizyc9hv_G1GgOsAECEhsbL0Dih35IgBEeMHbLVtyUlDaWfZAaQQjqFVkXYCC59gw8bTJqPU5grXuocfZvTjQ

Requested by

Host: 2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com
URL: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:16 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
secure.adnxs.com/ Frame 01E3 0
578 B 76ms
25ms Script
text/html 185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/async_usersync?cbfn=AN_async_load

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.87 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 27 Oct 2021 04:49:13 GMT
X-Proxy-Origin: 216.131.111.15; 216.131.111.15; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: fba40edb-3ad7-4ca4-bc71-eac4455c31c2
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame E13F 3 KB
3 KB 67ms
19ms Script
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=53566211&p=109126&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: cd051a2f57f0f341ba4ff0f3c0c33a8bcff31131efbe52c4de511c28c88a03cc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:12 GMT
content-type: text/html; charset=UTF-8
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 fltiu.js Show response
pixel.yabidos.com/ Frame 579A 2 KB
1 KB 65ms
21ms Script
application/javascript 104.16.200.58
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.yabidos.com/fltiu.js?qid=83233313f553333313f513430313&cid=1041&p=60ae66d26f5619000fb3f1b5&s=www.upi.com
Requested by: Host: mantodea.mantisadnetwork.com
URL: https://mantodea.mantisadnetwork.com/prebid/iframe?tz=0&buster=1635310146198&secure=true&version=9&mobile=false&title=Top%20News%2C%20Latest%20headlines%2C%20Latest%20News%2C%20World%20News%20%26%20U.S%20News%20-%20UPI.com&url=https%3A%2F%2Fwww.upi.com%2F
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.16.200.58 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 04e15c27c7c1e344842fec61d78bfb338739501f6d293a013d57a808efcc3674

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mantodea.mantisadnetwork.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:13 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 20 Oct 2021 21:57:07 GMT
server: cloudflare
age: 2992
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 6a494be9b9cb8749-DUS
content-length: 1168
expires: Wed, 27 Oct 2021 06:49:13 GMT

GET
H2

200

query
ecs.mantisadnetwork.com/sync/pixel/ Frame 579A
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=rjrqv8k&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=rjrqv8k&ttd_tpi=1
https://ecs.mantisadnetwork.com/sync/pixel/query?source=tradedesk&id=2992f751-d465-4a45-95c7-c5768165b468

35 B
152 B

135ms
104ms

Image
image/gif

3.214.91.80
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ecs.mantisadnetwork.com/sync/pixel/query?source=tradedesk&id=2992f751-d465-4a45-95c7-c5768165b468
Requested by: Host: mantodea.mantisadnetwork.com
URL: https://mantodea.mantisadnetwork.com/prebid/iframe?tz=0&buster=1635310146198&secure=true&version=9&mobile=false&title=Top%20News%2C%20Latest%20headlines%2C%20Latest%20News%2C%20World%20News%20%26%20U.S%20News%20-%20UPI.com&url=https%3A%2F%2Fwww.upi.com%2F
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.214.91.80 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-214-91-80.compute-1.amazonaws.com
Software: / Express
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mantodea.mantisadnetwork.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:13 GMT
x-powered-by: Express
etag: W/"23-X71HIiL+uKIs9biqXcW44Tr4jis"
content-length: 35
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:13 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://ecs.mantisadnetwork.com/sync/pixel/query?source=tradedesk&id=2992f751-d465-4a45-95c7-c5768165b468
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 241

GET
H2 200 ox
match.justpremium.com/match/ Frame 385D 43 B
204 B 8ms
8ms Image
image/gif 3.126.160.98
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.justpremium.com/match/ox?rid=r-6496db2f-7e91-476d-aa64-2f4d212be258-5315-241795146&jp_uid=r-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836&ex_uid=a3fd6773-f1f9-04fd-38ca-bf03db4ebe4b
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?gdpr=0&gdpr_consent=&id=fa4f7893-4738-4b38-9fc3-0dca639c806d&ph=26e53f82-d199-49df-9eca-7b350c0f9646&r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fox%3Frid%3Dr-6496db2f-7e91-476d-aa64-2f4d212be258-5315-241795146%26jp_uid%3Dr-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836%26ex_uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.126.160.98 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-160-98.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:13 GMT
content-length: 43
content-type: image/gif

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame 385D
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_
https://pm.w55c.net/ping_match.gif?scc=1&ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_
https://eu-u.openx.net/w/1.0/sd?id=537072979&val=Col95Um01MFASd5

43 B
106 B

74ms
29ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537072979&val=Col95Um01MFASd5
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?gdpr=0&gdpr_consent=&id=fa4f7893-4738-4b38-9fc3-0dca639c806d&ph=26e53f82-d199-49df-9eca-7b350c0f9646&r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fox%3Frid%3Dr-6496db2f-7e91-476d-aa64-2f4d212be258-5315-241795146%26jp_uid%3Dr-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836%26ex_uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.217.1 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:14 GMT
via: 1.1 google
server: OXGW/16.217.1
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 27 Oct 2021 04:49:13 GMT
Server: PingMatch/v2.0.30-691-gbabbd08#rel-ec2-master i-0b2a0a0a5201c51fd@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security: max-age=2592000; includeSubDomains
P3P: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location: https://eu-u.openx.net/w/1.0/sd?id=537072979&val=Col95Um01MFASd5
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 385D
Redirect Chain

https://x.bidswitch.net/sync?ssp=openx
https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=openx&bsw_custom_parameter=afd4d911-869d-4e32-ac0a-b1787ac2e19d
https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=openx&bsw_custom_parameter=afd4d911-869d-4e32-ac0a-b1787ac2e19d
https://x.bidswitch.net/sync?dsp_id=4&user_id=38f30d7e-f32f-4093-8620-313f7196e6bf&ssp=openx&expires=30&user_group=5&bsw_param=afd4d911-869d-4e32-ac0a-b1787ac2e19d
https://us-u.openx.net/w/1.0/sd?id=537072968&val=afd4d911-869d-4e32-ac0a-b1787ac2e19d

43 B
106 B

69ms
44ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072968&val=afd4d911-869d-4e32-ac0a-b1787ac2e19d
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?gdpr=0&gdpr_consent=&id=fa4f7893-4738-4b38-9fc3-0dca639c806d&ph=26e53f82-d199-49df-9eca-7b350c0f9646&r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fox%3Frid%3Dr-6496db2f-7e91-476d-aa64-2f4d212be258-5315-241795146%26jp_uid%3Dr-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836%26ex_uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.217.1 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:14 GMT
via: 1.1 google
server: OXGW/16.217.1
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location: //us-u.openx.net/w/1.0/sd?id=537072968&val=afd4d911-869d-4e32-ac0a-b1787ac2e19d
Date: Wed, 27 Oct 2021 04:49:14 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame 385D
Redirect Chain

https://ib.adnxs.com/getuid?https://eu-u.openx.net/w/1.0/sd?id=537072399&val=$UID
https://eu-u.openx.net/w/1.0/sd?id=537072399&val=6805323374886971036

43 B
106 B

62ms
37ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537072399&val=6805323374886971036
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?gdpr=0&gdpr_consent=&id=fa4f7893-4738-4b38-9fc3-0dca639c806d&ph=26e53f82-d199-49df-9eca-7b350c0f9646&r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fox%3Frid%3Dr-6496db2f-7e91-476d-aa64-2f4d212be258-5315-241795146%26jp_uid%3Dr-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836%26ex_uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.217.1 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:13 GMT
via: 1.1 google
server: OXGW/16.217.1
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 27 Oct 2021 04:49:13 GMT
X-Proxy-Origin: 216.131.111.15; 216.131.111.15; 733.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: f60404a8-9bf7-482c-8216-8418ee031b55
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://eu-u.openx.net/w/1.0/sd?id=537072399&val=6805323374886971036
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 385D
Redirect Chain

https://match.prod.bidr.io/cookie-sync/ox
https://match.prod.bidr.io/cookie-sync/ox?_bee_ppp=1
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFDdjlVN0M4YlVBQUMzSkd5M0tUQQ&bee_sync_partners=pm%2Cpp%2Csas%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&b...
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pm%2Cpp%2Csas%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AACv9U7C8bUAAC3JGy3KTA&r=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3...
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=pp%2Csas%2Cox&bee_sync_current_partner=pm&bee_sync_initiator=adx&bee_sync_hop_count=2
https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AACv9U7C8bUAAC3JGy3KTA&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cox%26bee_sync_current_partner%3Dpp%2...
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cox&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=3&ev=AACv9U7C8bUAAC3JGy3KTA&pid=558502&do=add
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AACv9U7C8bUAAC3JGy3KTA&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dox%26bee_sync_current_part...
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=ox&bee_sync_current_partner=sas&bee_sync_initiator=adx&bee_sync_hop_count=4&userid=7413582993066672420
https://us-u.openx.net/w/1.0/sd?id=537125688&val=AACv9U7C8bUAAC3JGy3KTA

43 B
106 B

40ms
40ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537125688&val=AACv9U7C8bUAAC3JGy3KTA
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?gdpr=0&gdpr_consent=&id=fa4f7893-4738-4b38-9fc3-0dca639c806d&ph=26e53f82-d199-49df-9eca-7b350c0f9646&r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fox%3Frid%3Dr-6496db2f-7e91-476d-aa64-2f4d212be258-5315-241795146%26jp_uid%3Dr-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836%26ex_uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.217.1 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:15 GMT
via: 1.1 google
server: OXGW/16.217.1
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?id=537125688&val=AACv9U7C8bUAAC3JGy3KTA
Date: Wed, 27 Oct 2021 04:49:15 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0
strict-transport-security: max-age=2592000; includeSubDomains

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame 385D
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=28476178-da49-4f00-abe7-e4cf0b1f6601

43 B
106 B

41ms
31ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=28476178-da49-4f00-abe7-e4cf0b1f6601
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?gdpr=0&gdpr_consent=&id=fa4f7893-4738-4b38-9fc3-0dca639c806d&ph=26e53f82-d199-49df-9eca-7b350c0f9646&r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fox%3Frid%3Dr-6496db2f-7e91-476d-aa64-2f4d212be258-5315-241795146%26jp_uid%3Dr-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836%26ex_uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.217.1 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:14 GMT
via: 1.1 google
server: OXGW/16.217.1
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Wed, 27 Oct 2021 04:49:13 GMT
Server: MT3 4044 0c7f252 master zrh-pixel-x15 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=28476178-da49-4f00-abe7-e4cf0b1f6601
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 27 Oct 2021 04:49:12 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 385D
Redirect Chain

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=qwBq9vlQafywBmX2qwVwq69TPPewBmSrrgEH0OE8

43 B
106 B

64ms
39ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=qwBq9vlQafywBmX2qwVwq69TPPewBmSrrgEH0OE8
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?gdpr=0&gdpr_consent=&id=fa4f7893-4738-4b38-9fc3-0dca639c806d&ph=26e53f82-d199-49df-9eca-7b350c0f9646&r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fox%3Frid%3Dr-6496db2f-7e91-476d-aa64-2f4d212be258-5315-241795146%26jp_uid%3Dr-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836%26ex_uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.217.1 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:13 GMT
via: 1.1 google
server: OXGW/16.217.1
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:13 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=qwBq9vlQafywBmX2qwVwq69TPPewBmSrrgEH0OE8
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame 385D
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=22
https://c1.adform.net/serving/cookie/match?CC=1&party=22
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=8529334507576409661

43 B
106 B

35ms
33ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=8529334507576409661
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?gdpr=0&gdpr_consent=&id=fa4f7893-4738-4b38-9fc3-0dca639c806d&ph=26e53f82-d199-49df-9eca-7b350c0f9646&r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fox%3Frid%3Dr-6496db2f-7e91-476d-aa64-2f4d212be258-5315-241795146%26jp_uid%3Dr-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836%26ex_uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.217.1 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:14 GMT
via: 1.1 google
server: OXGW/16.217.1
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:14 GMT
server: nginx
location: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=8529334507576409661
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 openx
match.adsrvr.org/track/cmf/ Frame 385D 70 B
264 B 34ms
33ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/openx?oxid=e97ca983-a648-3e97-6ad4-3935da3bfd71&gdpr=0
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?gdpr=0&gdpr_consent=&id=fa4f7893-4738-4b38-9fc3-0dca639c806d&ph=26e53f82-d199-49df-9eca-7b350c0f9646&r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fox%3Frid%3Dr-6496db2f-7e91-476d-aa64-2f4d212be258-5315-241795146%26jp_uid%3Dr-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836%26ex_uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:13 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 385D 170 B
188 B 39ms
38ms Image
image/png 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YzUxMzdhNDktNmYzZi02MDMzLTdmMzQtNjM4YzEwZDkzMzEx

Requested by

Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?gdpr=0&gdpr_consent=&id=fa4f7893-4738-4b38-9fc3-0dca639c806d&ph=26e53f82-d199-49df-9eca-7b350c0f9646&r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fox%3Frid%3Dr-6496db2f-7e91-476d-aa64-2f4d212be258-5315-241795146%26jp_uid%3Dr-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836%26ex_uid%3D

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc.80.fd9f.ip4.static.sl-reverse.com

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:13 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 385D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEBog-h7nvYbHQJ7oR1xf5gE&google_cver=1

43 B
122 B

57ms
33ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEBog-h7nvYbHQJ7oR1xf5gE&google_cver=1
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?gdpr=0&gdpr_consent=&id=fa4f7893-4738-4b38-9fc3-0dca639c806d&ph=26e53f82-d199-49df-9eca-7b350c0f9646&r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fox%3Frid%3Dr-6496db2f-7e91-476d-aa64-2f4d212be258-5315-241795146%26jp_uid%3Dr-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836%26ex_uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.217.1 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:13 GMT
via: 1.1 google
server: OXGW/16.217.1
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:13 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEBog-h7nvYbHQJ7oR1xf5gE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 flimpobj.js Show response
pixel.yabidos.com/ Frame 579A 30 KB
24 KB 22ms
22ms Script
application/javascript 104.16.200.58
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.yabidos.com/flimpobj.js?cb=1635310153230&ver1=2.2.3&qid=83233313f553333313f513430313&rnd=t85lp2qok2rr&cid=1041
Requested by: Host: pixel.yabidos.com
URL: https://pixel.yabidos.com/fltiu.js?qid=83233313f553333313f513430313&cid=1041&p=60ae66d26f5619000fb3f1b5&s=www.upi.com
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.16.200.58 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fb10332dc621b9541b8f55eef009449040fc8f309565dad896bbaec1ad981a77

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mantodea.mantisadnetwork.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:13 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 20 Oct 2021 21:57:07 GMT
server: cloudflare
age: 2997
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 6a494bea3a2c8749-DUS
content-length: 24066
expires: Wed, 27 Oct 2021 06:49:13 GMT

GET
H2

200

match Show response
c1.adform.net/serving/cookie/ Frame CF23
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&cid=CB6BA316-A186-40C8-9AA6-51D4A8370322
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=CB6BA316-A186-40C8-9AA6-51D4A8370322

35 B
468 B

30ms
21ms

Document
image/gif

37.157.6.247
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=CB6BA316-A186-40C8-9AA6-51D4A8370322

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.247 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: GET
:authority: c1.adform.net
:scheme: https
:path: /serving/cookie/match?CC=1&party=14&cid=CB6BA316-A186-40C8-9AA6-51D4A8370322
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: C=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Wed, 27 Oct 2021 04:49:14 GMT
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
set-cookie: uid=4463180629781855722; expires=Sun, 26 Dec 2021 04:49:14 GMT; domain=adform.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
strict-transport-security: max-age=31536000; includeSubDomains

Redirect headers

server: nginx
date: Wed, 27 Oct 2021 04:49:13 GMT
content-length: 0
location: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=CB6BA316-A186-40C8-9AA6-51D4A8370322
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
set-cookie: C=1; expires=Sat, 27 Nov 2021 04:49:13 GMT; domain=adform.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 3587
Redirect Chain

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=1354140506078291191

42 B
210 B

33ms
26ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=1354140506078291191
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method: GET
:authority: image2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=1354140506078291191
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: KADUSERCOOKIE=CB6BA316-A186-40C8-9AA6-51D4A8370322; chkChromeAb67Sec=1; pi=109126:2; DPSync3=1635379200%3A174%7C1636502400%3A197_219_201; SyncRTB3=1636502400%3A220_21_7_3_13_161_56_54_8%7C1636588800%3A35%7C1637884800%3A203%7C1635897600%3A223; KRTBCOOKIE_377=6810-2992f751-d465-4a45-95c7-c5768165b468&KRTB&22918-2992f751-d465-4a45-95c7-c5768165b468&KRTB&23031-2992f751-d465-4a45-95c7-c5768165b468; PUBMDCID=3; KRTBCOOKIE_57=22776-6805323374886971036; KRTBCOOKIE_153=19420-wp82JZDPNS_ZmTklwposeMbMYCTZmTh4x56ahKy6&KRTB&22979-wp82JZDPNS_ZmTklwposeMbMYCTZmTh4x56ahKy6; KRTBCOOKIE_80=22987-CAESEG5SmXJEiV8M_l8bclkOyCw&KRTB&16514-CAESEG5SmXJEiV8M_l8bclkOyCw&KRTB&23025-CAESEG5SmXJEiV8M_l8bclkOyCw; KRTBCOOKIE_1101=23040-7023603625964599441; SPugT=1635310154; KRTBCOOKIE_27=16735-uid:017e6178-da49-4400-b43d-2acbde00dfe7&KRTB&16736-uid:017e6178-da49-4400-b43d-2acbde00dfe7&KRTB&23019-uid:017e6178-da49-4400-b43d-2acbde00dfe7&KRTB&23114-uid:017e6178-da49-4400-b43d-2acbde00dfe7; PugT=1635310153
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Wed, 27 Oct 2021 04:49:14 GMT
content-type: image/gif; charset=utf-8
content-length: 42
set-cookie: KRTBCOOKIE_336=5844-1354140506078291191; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 26-Nov-2021 04:49:14 GMT; path=/ PugT=1635310154; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 26-Nov-2021 04:49:14 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Tue, 25-Jan-2022 04:49:14 GMT; path=/
x-lat: lhrpug003:0:480
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=1354140506078291191
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2 200 usersync.aspx Show response
dis.criteo.com/dis/ Frame B395 43 B
334 B 177ms
15ms Document
image/gif 178.250.2.151
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.151 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Kestrel /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

:method: GET
:authority: dis.criteo.com
:scheme: https
:path: /dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

date: Wed, 27 Oct 2021 04:49:13 GMT
content-type: image/gif
server: Kestrel
cache-control: no-cache
pragma: no-cache
expires: Wed, 27 Oct 2021 00:00:00 GMT
x-errorlevel: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 517511

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 00C4
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=9
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7023603625964599441

42 B
367 B

58ms
12ms

Document
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7023603625964599441
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method: GET
:authority: simage2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7023603625964599441
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: KADUSERCOOKIE=CB6BA316-A186-40C8-9AA6-51D4A8370322; chkChromeAb67Sec=1; pi=109126:2; DPSync3=1635379200%3A174%7C1636502400%3A197_219_201; SyncRTB3=1636502400%3A220_21_7_3_13_161_56_54_8%7C1636588800%3A35%7C1637884800%3A203%7C1635897600%3A223
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Wed, 27 Oct 2021 04:49:12 GMT
content-type: image/gif; charset=utf-8
content-length: 42
set-cookie: KRTBCOOKIE_1101=23040-7023603625964599441; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 26-Nov-2021 04:49:12 GMT; path=/ PugT=1635310152; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 26-Nov-2021 04:49:12 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Tue, 25-Jan-2022 04:49:12 GMT; path=/
x-lat: amspug016:0:362
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

Server: nginx
Date: Wed, 27 Oct 2021 04:49:13 GMT
Transfer-Encoding: chunked
Connection: keep-alive
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
Set-Cookie: UserID1=7023603625964599441; Max-Age=7776000; domain=.adfarm1.adition.com; Path=/; SameSite=None; Secure
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7023603625964599441

GET
H2

200

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame E13F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=y2ujFqGGQMiaplHUqDcDIg%3D%3D
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

14 KB
14 KB

25ms
24ms

Image
text/html

2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:13 GMT
content-encoding: gzip
last-modified: Tue, 15 Jun 2021 06:08:03 GMT
server: Apache/2.2.15 (CentOS)
etag: "1300708-3945-5c4c7cc02bd56"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=57092
accept-ranges: bytes
content-type: text/html; charset=UTF-8
content-length: 5054
expires: Wed, 27 Oct 2021 20:40:45 GMT

Redirect headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:13 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 272
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame E13F
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=33606178-da49-4300-bd74-f677e175a13a

0
48 B

27ms
18ms

Image
text/plain

185.64.190.81
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=33606178-da49-4300-bd74-f677e175a13a
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.81 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:14 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Wed, 27 Oct 2021 04:49:13 GMT
Server: MT3 4044 0c7f252 master zrh-pixel-x31 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=33606178-da49-4300-bd74-f677e175a13a
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 27 Oct 2021 04:49:12 GMT

GET
H2

200

mw
mwzeom.zeotap.com/ Frame E13F
Redirect Chain

https://pixel.onaudience.com/?partner=214&mapped=CB6BA316-A186-40C8-9AA6-51D4A8370322
https://sync.crwdcntrl.net/map/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D
https://sync.crwdcntrl.net/map/ct=y/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D
https://pixel.onaudience.com/?partner=104&icm&cver&mapped=14ab4fca88c52aadd3779c1342e24000
https://spl.zeotap.com/?zdid=1332&zcluid=71f6af944ac8bf6b
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=1f544863-ad0b-468d-5ed8-64a5de7e2cb0&reqId=8bef58c9-a522-41ba-465a-fdf88254ca35&zclui...
https://mwzeom.zeotap.com/mw?google_gid=CAESELoaEjvAPrSgTnriTsuk5kk&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=1f544863-ad0b-468d-5ed8-64a5de7e2cb0&reqId=8bef58c9-a522-41ba-465a-fdf...

95 B
164 B

32ms
24ms

Image
image/png

172.67.13.182
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?google_gid=CAESELoaEjvAPrSgTnriTsuk5kk&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=1f544863-ad0b-468d-5ed8-64a5de7e2cb0&reqId=8bef58c9-a522-41ba-465a-fdf88254ca35&zcluid=71f6af944ac8bf6b&zdid=1332
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.13.182 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:14 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://ads.pubmatic.com
access-control-allow-credentials: true
cf-ray: 6a494bf2abec2187-DUS
access-control-allow-headers: *
content-length: 95

Redirect headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:14 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://mwzeom.zeotap.com/mw?google_gid=CAESELoaEjvAPrSgTnriTsuk5kk&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=1f544863-ad0b-468d-5ed8-64a5de7e2cb0&reqId=8bef58c9-a522-41ba-465a-fdf88254ca35&zcluid=71f6af944ac8bf6b&zdid=1332
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 469
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame E13F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=Q0I2QkEzMTYtQTE4Ni00MEM4LTlBQTYtNTFENEE4MzcwMzIy&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

42 B
187 B

138ms
15ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:13 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug012:0:371
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:13 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame E13F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEG5SmXJEiV8M_l8bclkOyCw&google_cver=1

42 B
362 B

138ms
15ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEG5SmXJEiV8M_l8bclkOyCw&google_cver=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:13 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug019:0:571
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:13 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEG5SmXJEiV8M_l8bclkOyCw&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubmatic
um.simpli.fi/ Frame E13F 43 B
612 B 613ms
8ms Image
image/gif 159.253.128.188
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.253.128.188 Amsterdam, Netherlands, ASN36351 (SOFTLAYER, US),

Reverse DNS

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:13 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Tue, 26 Oct 2021 04:49:13 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame E13F
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:017e6178-da49-4400-b43d-2acbde00dfe7&gdpr=0&gdpr_consent=

42 B
339 B

24ms
10ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:017e6178-da49-4400-b43d-2acbde00dfe7&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:13 GMT
cache-control: no-store, no-cache, private
x-lat: amspug005:0:352
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Wed, 27 Oct 2021 04:49:13 GMT
Server: MT3 4044 0c7f252 master zrh-pixel-x14 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:017e6178-da49-4400-b43d-2acbde00dfe7&gdpr=0&gdpr_consent=
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 27 Oct 2021 04:49:12 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame E13F
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=8094520430828782822

42 B
390 B

14ms
12ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=8094520430828782822
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:14 GMT
cache-control: no-store, no-cache, private
x-lat: amspug0021:0:353
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:14 GMT
server: nginx
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=8094520430828782822
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame E13F
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=2992f751-d465-4a45-95c7-c5768165b468

42 B
605 B

124ms
5ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=2992f751-d465-4a45-95c7-c5768165b468
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:13 GMT
cache-control: no-store, no-cache, private
x-lat: amspug012:0:422
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:13 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=2992f751-d465-4a45-95c7-c5768165b468
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 313

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame E13F
Redirect Chain

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=6805323374886971036&gdpr=0&gdpr_consent=

42 B
520 B

137ms
14ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=6805323374886971036&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:14 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug009:0:470
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma: no-cache
Date: Wed, 27 Oct 2021 04:49:13 GMT
X-Proxy-Origin: 216.131.111.15; 216.131.111.15; 733.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 4c1c7d07-95c2-43d2-91b4-b072c44230bc
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=6805323374886971036&gdpr=0&gdpr_consent=
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame E13F
Redirect Chain

https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=wp82JZDPNS_ZmTklwposeMbMYCTZmTh4x56ahKy6

42 B
272 B

138ms
14ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=wp82JZDPNS_ZmTklwposeMbMYCTZmTh4x56ahKy6
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:14 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug011:0:443
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:13 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=wp82JZDPNS_ZmTklwposeMbMYCTZmTh4x56ahKy6
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame E13F
Redirect Chain

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=CB6BA316-A186-40C8-9AA6-51D4A8370322&redir=true&gdpr=0&gdpr_consent=
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-qaKLBKJE2uUFNpmO2WtmlgrIUGZHSEA-~A&gdpr=0&gdpr_consent=

0
260 B

142ms
18ms

Image
text/plain

185.64.190.81
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-qaKLBKJE2uUFNpmO2WtmlgrIUGZHSEA-~A&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.81 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:14 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Wed, 27 Oct 2021 04:49:13 GMT
Server: ATS/7.1.2.138
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-qaKLBKJE2uUFNpmO2WtmlgrIUGZHSEA-~A&gdpr=0&gdpr_consent=
Connection: keep-alive
Content-Length: 0

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame 694B 70 B
264 B 50ms
30ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by: Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?s=189872&cb=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fie%3Fjp_uid%3Dr-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836%26ex_uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:13 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame 694B
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YXjaRpXQmuOuZY9HwJMH2wAABIQAAAAB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YXjaRpXQmuOuZY9HwJMH2wAABIQAAAAB&dcc=t

43 B
645 B

103ms
100ms

Image
image/gif

52.46.154.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YXjaRpXQmuOuZY9HwJMH2wAABIQAAAAB&dcc=t

Requested by

Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?s=189872&cb=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fie%3Fjp_uid%3Dr-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836%26ex_uid%3D

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 27 Oct 2021 04:49:14 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: FSBPZT0YG43HQZQCD0HQ
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 27 Oct 2021 04:49:14 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 7T9FKVF1B2YTWE4SSCMN
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YXjaRpXQmuOuZY9HwJMH2wAABIQAAAAB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

usermatchredir
ssum-sec.casalemedia.com/ Frame 694B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YXjaRpXQmuOuZY9HwJMH2wAABIQAAAAB&gdpr_consent=&us_privacy=&gdpr=1
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEGSU2IkwLxk1f1Ja6P-xBbI&google_cver=1

43 B
315 B

78ms
26ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEGSU2IkwLxk1f1Ja6P-xBbI&google_cver=1
Requested by: Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?s=189872&cb=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fie%3Fjp_uid%3Dr-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836%26ex_uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 27 Oct 2021 04:49:13 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Wed, 27 Oct 2021 04:49:13 GMT

Redirect headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:13 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEGSU2IkwLxk1f1Ja6P-xBbI&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 343
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 YXjaRpXQmuOuZY9HwJMH2wAABIQAAAAB
pr-bh.ybp.yahoo.com/sync/casale/ Frame 694B 43 B
875 B 640ms
38ms Image
image/gif 54.76.52.201
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/casale/YXjaRpXQmuOuZY9HwJMH2wAABIQAAAAB?gdpr_consent=&us_privacy=&gdpr=1

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.76.52.201 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-76-52-201.eu-west-1.compute.amazonaws.com

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:13 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 694B
Redirect Chain

https://ums.acuityplatform.com/tum?umid=8
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=10&external_user_id=617664515375

43 B
1 KB

30ms
23ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=10&external_user_id=617664515375
Requested by: Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?s=189872&cb=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fie%3Fjp_uid%3Dr-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836%26ex_uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 27 Oct 2021 04:49:13 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 27 Oct 2021 04:49:13 GMT

Redirect headers

access-control-allow-origin: *
content-length: 0
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=10&external_user_id=617664515375

GET
H2 502 index
dmp.brand-display.com/cm/api/ Frame 694B 0
0 9734ms
9131ms Image
text/html 35.241.40.233

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dmp.brand-display.com/cm/api/index?cm_dsp_id=191&cm_user_id=%3CIndex_user_id%3E&gdpr=1
Requested by: Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?s=189872&cb=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fie%3Fjp_uid%3Dr-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836%26ex_uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.40.233 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 694B
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&gdpr=1
https://sync-tm.everesttech.net/ct/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&gdpr=1&_test=YXjaSgAMKiO5XwAR
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YXjaSgAMKiO5XwAR&gdpr=1&_test=YXjaSgAMKiO5XwAR

43 B
1 KB

15ms
14ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YXjaSgAMKiO5XwAR&gdpr=1&_test=YXjaSgAMKiO5XwAR
Requested by: Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?s=189872&cb=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fie%3Fjp_uid%3Dr-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836%26ex_uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 27 Oct 2021 04:49:14 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 27 Oct 2021 04:49:14 GMT

Redirect headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:14 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1635310154.085674,VS0,VE0
x-served-by: cache-hhn4030-HHN
x-cache: HIT
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YXjaSgAMKiO5XwAR&gdpr=1&_test=YXjaSgAMKiO5XwAR
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1 204
No Content sync
ups.analytics.yahoo.com/ups/55940/ Frame 694B 0
234 B 48ms
11ms Image
text/plain 18.156.0.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=YXjaRpXQmuOuZY9HwJMH2wAABIQAAAAB&gdpr_consent=&us_privacy=&gdpr=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

18.156.0.31 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

Software

ATS/7.1.2.138 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 27 Oct 2021 04:49:13 GMT
Server: ATS/7.1.2.138
Connection: keep-alive
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 ie
match.justpremium.com/match/ Frame 694B 43 B
207 B 26ms
9ms Image
image/gif 3.126.160.98
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.justpremium.com/match/ie?jp_uid=r-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836&ex_uid=YXjaRpXQmuOuZY9HwJMH2wAA%261156
Requested by: Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?s=189872&cb=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fie%3Fjp_uid%3Dr-993e210b-caae-4d31-8341-5b7a990a1eb0-66521-65115836%26ex_uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.126.160.98 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-160-98.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:13 GMT
content-length: 43
content-type: image/gif

GET
H2 200 vbl.gif
pre.glotgrx.com/ Frame 579A 26 B
304 B 92ms
18ms Image
image/gif 104.16.64.54
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pre.glotgrx.com/vbl.gif?cb=1635310153782&rnd=t85lp2qok2rr&ifm=1&uai=1&cid=1041&s=www.upi.com&p=60ae66d26f5619000fb3f1b5&x=&adtg=&ats=0&atf=&nsi=&si=&nci=&nai=&pft=0&iip=0&adb=1&adc=0&adcd=i0_f0_o0_e0&ai=&icp=undefined&impid=&idl=&ttduid=&id5=&emh=
Requested by: Host: mantodea.mantisadnetwork.com
URL: https://mantodea.mantisadnetwork.com/prebid/iframe?tz=0&buster=1635310146198&secure=true&version=9&mobile=false&title=Top%20News%2C%20Latest%20headlines%2C%20Latest%20News%2C%20World%20News%20%26%20U.S%20News%20-%20UPI.com&url=https%3A%2F%2Fwww.upi.com%2F
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.64.54 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mantodea.mantisadnetwork.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:13 GMT
cf-cache-status: HIT
last-modified: Sat, 16 Oct 2021 23:00:33 GMT
server: cloudflare
age: 6743
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 6a494bee593b2187-DUS
content-length: 26
expires: Wed, 27 Oct 2021 06:49:13 GMT

GET
H2 200 nflrc.gif
pre.glotgrx.com/ Frame 579A 26 B
88 B 99ms
26ms Image
image/gif 104.16.64.54
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pre.glotgrx.com/nflrc.gif?cb=163531015339887&ver=1.2r81&qid=83233313f553333313f513430313&p=60ae66d26f5619000fb3f1b5&s=www.upi.com&x=&cid=1041&od1=&od2=&adtg=&nci=&nai=&si=&ai=&nsi=&co=0&cstm1=&cstm2=&cstm3=&rnd=t85lp2qok2rr&impid=&idl=&ttduid=&id5=&emh=&tps=2&ver1=2.2.3&1=04434ede043b14459ce041fbf4dcdb79&2=0.0&3=1200_1600_1200_1600_24_24_1&5=%7B%220%22%3A%7B%220%22%3A%22Chrome%2520PDF%2520Plugin%2520-%2520%2520-%2520internal-pdf-viewer%2520-%2520Portable%2520Document%2520Formatfl_br%22%2C%221%22%3A%22Chrome%2520PDF%2520Viewer%2520-%2520%2520-%2520mhjfbmdgcfjbbpaeojofohoefgiehjai%2520-%2520fl_br%22%2C%222%22%3A%22Native%2520Client%2520-%2520%2520-%2520internal-nacl-plugin%2520-%2520fl_br%22%7D%7D&6=2&7={%22e%22:%2211%22,%22m%22:%220%22,%22f%22:%223428%22}&ats=0&atf=&dbgcid=1041&ifm=1&penv=b&pt=&ptbp=&tw=0&ldp=1&icpl=24&icp=https%253A//www.upi.com/&irfl=24&irf=https%253A//www.upi.com/&cty=4&fcs=0&flky=ver-fl-6-qid-fl-28-p-fl-24-s-fl-11-x-fl-0-cid-fl-4-od1-fl-0-od2-fl-0-adtg-fl-0-nci-fl-0-nai-fl-0-si-fl-0-ai-fl-0-nsi-fl-0-co-fl-0-cstm1-fl-0-cstm2-fl-0-cstm3-fl-0-rnd-fl-12-impid-fl-0-idl-fl-0-ttduid-fl-0-id5-fl-0-emh-fl-0-tps-fl-0-cb-fl-13-ver1-fl-5-&spfp=1&spfnp=0&sp1=Chromefl_andLinux&sp2=Chromefl_andWindows&adv=0&det=1&adb=1&iip=0&spf=0&adc=0&adcd=i0_f0_o0_e0&vps=0x0&gpu=Intel%20Iris%20OpenGL%20Engine&ncf=4g_9.4_undefined_null_0_undefined_false&fli=&flerr=0&trim=&fio=398
Requested by: Host: mantodea.mantisadnetwork.com
URL: https://mantodea.mantisadnetwork.com/prebid/iframe?tz=0&buster=1635310146198&secure=true&version=9&mobile=false&title=Top%20News%2C%20Latest%20headlines%2C%20Latest%20News%2C%20World%20News%20%26%20U.S%20News%20-%20UPI.com&url=https%3A%2F%2Fwww.upi.com%2F
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.64.54 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mantodea.mantisadnetwork.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:13 GMT
cf-cache-status: HIT
last-modified: Sat, 16 Oct 2021 23:00:33 GMT
server: cloudflare
age: 6722
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 6a494bee593c2187-DUS
content-length: 26
expires: Wed, 27 Oct 2021 06:49:13 GMT

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame D738 281 B
554 B 66ms
8ms Document
text/html 23.79.143.124
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: d3terveqlssriz.cloudfront.net
URL: https://d3terveqlssriz.cloudfront.net/script.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.79.143.124 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-79-143-124.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.upi.com/
Accept-Encoding: gzip, deflate, br
Cookie: khaos=KV91FTBC-V-17DH; rsid=1|HsGqLFsFr/vVSy6g0MQzNQWiuYBcZJvAvCF6IsCkVVYgwYaQOmrhQqqdY7qJ5+fKRB+v2jLGFGeoFyjBXEn+RTT+pWw62G0J5h4qb83eS0hKp2u2D6IxNbX7Tc/cWQrERdSf+hE=; audit=1|hLZGFuTafB0JK+5ac+CRY6OTMweTG+/ruWb1UqE9a0HV2qs/+1GZzMIfEFdgL7f+4ICd6Q+AmJtbBRmG7lsDPNzpQ7vzkXQ/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Thu, 30 Sep 2021 18:24:26 GMT
ETag: "403b8-119-5cd3a8e7e6a80"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Wed, 27 Oct 2021 04:49:14 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2 200 iframe Show response
sync.teads.tv/ Frame 1B0A 153 B
314 B 97ms
45ms Document
text/html 104.111.242.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.teads.tv/iframe?gdprIab=%7B%22status%22%3A0%7D
Requested by: Host: d3terveqlssriz.cloudfront.net
URL: https://d3terveqlssriz.cloudfront.net/script.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.242.245 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-242-245.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.6 /
Resource Hash: 716a727e47216ad28191f60fb09d59015b1bcb3df8cc32b5bb94f73d534a5732

Request headers

:method: GET
:authority: sync.teads.tv
:scheme: https
:path: /iframe?gdprIab=%7B%22status%22%3A0%7D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.upi.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/

Response headers

content-type: text/html; charset=UTF-8
server: akka-http/10.2.6
content-length: 153
expires: Wed, 27 Oct 2021 04:49:14 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Wed, 27 Oct 2021 04:49:14 GMT

GET
H/1.1 204 sync_iframe
sync.bfmio.com/ Frame C6FF 0
0 510ms
95ms Document
text/plain 34.192.117.147
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.bfmio.com/sync_iframe?ifg=1&id=&gdpr=0&gc=&gce=1&us_privacy=1---
Requested by: Host: d3terveqlssriz.cloudfront.net
URL: https://d3terveqlssriz.cloudfront.net/script.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.192.117.147 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-192-117-147.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Host: sync.bfmio.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.upi.com/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/

Response headers

Date: Wed, 27 Oct 2021 04:49:13 GMT
Connection: keep-alive

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 62AE 38 KB
14 KB 22ms
5ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: d3terveqlssriz.cloudfront.net
URL: https://d3terveqlssriz.cloudfront.net/script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e2cdec10db9a0a224e9f5e49b6f004c5426564fb8d857ad3df480e9c916bafe6

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.upi.com/
accept-encoding: gzip, deflate, br
cookie: KCCH=YES; KADUSERCOOKIE=CB6BA316-A186-40C8-9AA6-51D4A8370322; chkChromeAb67Sec=1; pi=109126:2; DPSync3=1635379200%3A174%7C1636502400%3A197_219_201; SyncRTB3=1636502400%3A220_21_7_3_13_161_56_54_8%7C1636588800%3A35%7C1637884800%3A203%7C1635897600%3A223
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/

Response headers

last-modified: Tue, 19 Oct 2021 10:00:01 GMT
etag: "1302647-96ae-5ceb1b98ba7c4"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13882
content-type: text/html; charset=UTF-8
cache-control: public, max-age=122352
expires: Thu, 28 Oct 2021 14:48:26 GMT
date: Wed, 27 Oct 2021 04:49:14 GMT
vary: Accept-Encoding

GET
H2 200 pd Show response
eu-u.openx.net/w/1.0/ Frame C33B 815 B
809 B 48ms
31ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=d7066e05-92d3-4e83-b4f2-cbee552a2f6b&gdpr=0
Requested by: Host: d3terveqlssriz.cloudfront.net
URL: https://d3terveqlssriz.cloudfront.net/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.217.1 /
Resource Hash: 31620bb6bbfa87dbb87547139945d36076d81c9bfd21801557c4ad1ae362ea1c

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?plm=10&ph=d7066e05-92d3-4e83-b4f2-cbee552a2f6b&gdpr=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.upi.com/
accept-encoding: gzip, deflate, br
cookie: i=3ad096da-0fcf-0160-3002-f1ddbe1cce8c|1635310147; pd=v2|1635310153|mOgeginskin0vNomiygu
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/

Response headers

vary: Accept, Accept-Encoding
set-cookie: i=3ad096da-0fcf-0160-3002-f1ddbe1cce8c|1635310147; Version=1; Expires=Thu, 27-Oct-2022 04:49:14 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1635310153.1|kiiymOgevNomgunsn0gi.j8gmmWjofcsHqGgqsLiS; Version=1; Expires=Thu, 11-Nov-2021 04:49:14 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.217.1
p3p: CP="CUR ADM OUR NOR STA NID"
date: Wed, 27 Oct 2021 04:49:14 GMT
content-type: text/html
content-length: 481
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame C33B
Redirect Chain

https://um.simpli.fi/ox_match
https://us-u.openx.net/w/1.0/sd?id=537072966&val=1BC4E2D97ECD49269C86CC0D692AABA9

43 B
106 B

65ms
65ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072966&val=1BC4E2D97ECD49269C86CC0D692AABA9
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=d7066e05-92d3-4e83-b4f2-cbee552a2f6b&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.217.1 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:14 GMT
via: 1.1 google
server: OXGW/16.217.1
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date: Wed, 27 Oct 2021 04:49:14 GMT
x-content-type-options: nosniff
server: openresty
location: https://us-u.openx.net/w/1.0/sd?id=537072966&val=1BC4E2D97ECD49269C86CC0D692AABA9
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Tue, 26 Oct 2021 04:49:14 GMT

GET
H/1.1

200
g

c.html
j.mrpdata.net/ Frame C33B
Redirect Chain

https://j.mrpdata.net/c.html?ex=OpenX
https://j.mrpdata.net/c.html?ac=1&test=1&pd=IiJDEhk64oNJNGE8hhJnLaIH&ex=OpenX

0
0

10ms
9ms

Image
text/html

52.28.175.201
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://j.mrpdata.net/c.html?ac=1&test=1&pd=IiJDEhk64oNJNGE8hhJnLaIH&ex=OpenX
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=d7066e05-92d3-4e83-b4f2-cbee552a2f6b&gdpr=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.28.175.201 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-175-201.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Redirect headers

location: https://j.mrpdata.net/c.html?ac=1&test=1&pd=IiJDEhk64oNJNGE8hhJnLaIH&ex=OpenX
pragma: no-cache
cache-control: no-cache
x-backend: dmc_hitServer_4_f@j4mrpdatanet
Connection: keep-alive
x-deviceid: 3e16d777-4055-eeaa-6dc5-cfed8297c36a
Content-Length: 0

GET
H2 204 current
openx2-match.dotomi.com/match/bounce/ Frame C33B 0
104 B 277ms
66ms Image
text/plain 64.158.223.137
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://openx2-match.dotomi.com/match/bounce/current?networkId=15900&version=1&nuid={OX_USER_ID}
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=d7066e05-92d3-4e83-b4f2-cbee552a2f6b&gdpr=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.158.223.137 Amsterdam, Netherlands, ASN41041 (VCLK-EU-SE, US),
Reverse DNS: ams02-usadmm.dotomi.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:14 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame C33B
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=4&gdpr=0
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=4&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537072977&val=e0c0c6d3-b36a-43dc-85d6-a80c9ba2ae76-6178da4a-5553&gdpr=0&gdpr_consent=

43 B
106 B

56ms
50ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072977&val=e0c0c6d3-b36a-43dc-85d6-a80c9ba2ae76-6178da4a-5553&gdpr=0&gdpr_consent=
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=d7066e05-92d3-4e83-b4f2-cbee552a2f6b&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.217.1 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:14 GMT
via: 1.1 google
server: OXGW/16.217.1
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:14 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://us-u.openx.net/w/1.0/sd?id=537072977&val=e0c0c6d3-b36a-43dc-85d6-a80c9ba2ae76-6178da4a-5553&gdpr=0&gdpr_consent=
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2 200 ox
match.justpremium.com/match/ Frame C33B 43 B
207 B 25ms
7ms Image
image/gif 3.126.160.98
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.justpremium.com/match/ox?ex_uid=a3fd6773-f1f9-04fd-38ca-bf03db4ebe4b
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=d7066e05-92d3-4e83-b4f2-cbee552a2f6b&gdpr=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.126.160.98 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-160-98.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:14 GMT
content-length: 43
content-type: image/gif

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame C33B
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D
https://us-u.openx.net/w/1.0/sd?id=537148856&val=YXjaSgAMKiO5XwAR

43 B
106 B

63ms
62ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537148856&val=YXjaSgAMKiO5XwAR
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=d7066e05-92d3-4e83-b4f2-cbee552a2f6b&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.217.1 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:14 GMT
via: 1.1 google
server: OXGW/16.217.1
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:14 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1635310154.205268,VS0,VE0
x-served-by: cache-hhn4030-HHN
x-cache: HIT
location: https://us-u.openx.net/w/1.0/sd?id=537148856&val=YXjaSgAMKiO5XwAR
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame C33B
Redirect Chain

https://green.erne.co/openx/cm
https://pixel.onaudience.com/?mapped=h8bzAmbfEsicrZPN7mzaXtxB&partner=2&redirect=green.erne.co%2Fct%2Fcm%3Fred%3Dhttps%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253D537072998%2526rtb...
https://pixel.onaudience.com/?partner=109&icm&cver&smartmap=1&redirect=tags.bluekai.com%2Fsite%2F33141%3F%26id%3D%25m%26redir%3Dhttps%253A%252F%252Fgreen.erne.co%252Fct%252Fcm%253Fred%253Dhttps%252...
https://tags.bluekai.com/site/33141?&id=b07798573145e517&redir=https%3A%2F%2Fgreen.erne.co%2Fct%2Fcm%3Fred%3Dhttps%253A%252F%252Fus-u.openx.net%252Fw%252F1.0%252Fsd%253Fid%253D537072998%2526rtb%253...
https://green.erne.co/ct/cm?red=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072998%26rtb%3Dh8bzAmbfEsicrZPN7mzaXtxB
https://us-u.openx.net/w/1.0/sd?id=537072998&rtb=h8bzAmbfEsicrZPN7mzaXtxB

43 B
106 B

37ms
37ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072998&rtb=h8bzAmbfEsicrZPN7mzaXtxB
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=d7066e05-92d3-4e83-b4f2-cbee552a2f6b&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.217.1 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:15 GMT
via: 1.1 google
server: OXGW/16.217.1
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?id=537072998&rtb=h8bzAmbfEsicrZPN7mzaXtxB
date: Wed, 27 Oct 2021 04:49:15 GMT
server: openresty
strict-transport-security: max-age=0; includeSubDomains;
content-type: text/html; charset=UTF-8

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame C33B
Redirect Chain

https://ad.turn.com/r/cs?pid=9&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537073061&val=4323442822391727503&gdpr=0&gdpr_consent=&us_privacy=

43 B
106 B

53ms
38ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537073061&val=4323442822391727503&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=d7066e05-92d3-4e83-b4f2-cbee552a2f6b&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/16.217.1 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:14 GMT
via: 1.1 google
server: OXGW/16.217.1
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?id=537073061&val=4323442822391727503&gdpr=0&gdpr_consent=&us_privacy=
pragma: no-cache
date: Wed, 27 Oct 2021 04:49:14 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2

200

dds
rtb.openx.net/sync/ Frame C33B
Redirect Chain

https://rtb.openx.net/sync/dds
https://cm.g.doubleclick.net/pixel?google_nid=open&google_hm=Niojvw_Oh7mMoHWCCSLHyw==&ox_sc=1&ox_init=1
https://rtb.openx.net/sync/dds?ox_sc=1&ox_init=1

43 B
146 B

38ms
34ms

Image
image/gif

35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?ox_sc=1&ox_init=1
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=d7066e05-92d3-4e83-b4f2-cbee552a2f6b&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:13 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: clear
content-length: 43
x-request-id: 6sjrf431arq0cd5f9gi0qdu589tekloq

Redirect headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:14 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://rtb.openx.net/sync/dds?ox_sc=1&ox_init=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 249
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 7dbbcfc7-36e4-acde-5b03-2fc0256c3038
pr-bh.ybp.yahoo.com/sync/openx/ Frame C33B 43 B
874 B 66ms
49ms Image
image/gif 54.76.52.201
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/openx/7dbbcfc7-36e4-acde-5b03-2fc0256c3038?gdpr=0

Requested by

Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=d7066e05-92d3-4e83-b4f2-cbee552a2f6b&gdpr=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.76.52.201 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-76-52-201.eu-west-1.compute.amazonaws.com

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:14 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame D738 31 KB
9 KB 21ms
7ms Script
text/html 23.79.143.124
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.79.143.124 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-79-143-124.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 60ec4f995fdae298c2e56aa79e9d5589fd629ccfb55cb039d61e4df35c132281

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 27 Oct 2021 04:49:14 GMT
Content-Encoding: gzip
Last-Modified: Mon, 25 Oct 2021 16:13:05 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=55125
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9270
Expires: Wed, 27 Oct 2021 20:07:59 GMT

GET
H2 200 rubicon
match.adsrvr.org/track/cmf/ Frame D738 70 B
264 B 59ms
40ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/rubicon
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:14 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D738
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ZjU4MDNlYWQyZWQxMjQxZDY0YzdlMmY4YjBiMjZkZmJjMDM2YWExMw

170 B
188 B

62ms
62ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ZjU4MDNlYWQyZWQxMjQxZDY0YzdlMmY4YjBiMjZkZmJjMDM2YWExMw

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

e2.ycpi.vip.deb.yahoo.com

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ZjU4MDNlYWQyZWQxMjQxZDY0YzdlMmY4YjBiMjZkZmJjMDM2YWExMw
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

204

v1
ads.yahoo.com/cms/ Frame D738
Redirect Chain

https://token.rubiconproject.com/token?pid=26594
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KV91FTBC-V-17DH&sigv=1&esig=2~873aeb5fa674b1f842107316c492bc771ba065f2

0
615 B

146ms
10ms

Image
text/plain

87.248.118.23
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KV91FTBC-V-17DH&sigv=1&esig=2~873aeb5fa674b1f842107316c492bc771ba065f2

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

87.248.118.23 , United Kingdom, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:14 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

Redirect headers

Location: https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KV91FTBC-V-17DH&sigv=1&esig=2~873aeb5fa674b1f842107316c492bc771ba065f2
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame D738
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YXjaSgAMKiO5XwAR

0
239 B

159ms
18ms

Image
image/gif

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YXjaSgAMKiO5XwAR
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 37b22a0c36bd84993dd2cda4a5e04b1d
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:14 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1635310154.405680,VS0,VE0
x-served-by: cache-hhn4030-HHN
x-cache: HIT
location: https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YXjaSgAMKiO5XwAR
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame D738
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=28476178-da49-4f00-abe7-e4cf0b1f6601&expires=28

0
239 B

158ms
19ms

Image
image/gif

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=28476178-da49-4f00-abe7-e4cf0b1f6601&expires=28
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 37b22a0c36bd84993dd2cda4a5e04b1d
Content-Type: image/gif

Redirect headers

Date: Wed, 27 Oct 2021 04:49:14 GMT
Server: MT3 4044 0c7f252 master zrh-pixel-x14 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=28476178-da49-4f00-abe7-e4cf0b1f6601&expires=28
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 27 Oct 2021 04:49:13 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D738
Redirect Chain

https://token.rubiconproject.com/token?pid=25470
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1Y5MUZUQkMtVi0xN0RI

170 B
188 B

58ms
41ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1Y5MUZUQkMtVi0xN0RI

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ec2-54-76-52-201.eu-west-1.compute.amazonaws.com

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1Y5MUZUQkMtVi0xN0RI
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame D738
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
https://pr-bh.ybp.yahoo.com/sync/rubicon/CZoyRAGepCqZMiIYR9wwSQ?csrc=
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=3750593883680554906

0
239 B

21ms
12ms

Image
image/gif

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=3750593883680554906
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 37b22a0c36bd84993dd2cda4a5e04b1d
Content-Type: image/gif

Redirect headers

date: Wed, 27 Oct 2021 04:49:14 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=3750593883680554906
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff

GET
H2 451 709414.gif
id.rlcdn.com/ Frame D738 0
0 117ms
31ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/709414.gif
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H2 200 ca Show response
choices.trustarc.com/ Frame 005B 7 KB
3 KB 8ms
7ms Script
text/javascript 52.222.214.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.trustarc.com/ca?aid=hpeus01&pid=digitas01&cid=2&w=300&h=250&c=digitas01cont2&js=pmw1&base=te-clr1-4a77aa7c-d63e-467c-bdea-d1865aafd795
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.123 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-123.fra56.r.cloudfront.net
Software: nginx /
Resource Hash: 0bbeb2970c74a480086b41b3232691f1b0ce8559ff2348b45806ada22e0b2ad1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Oct 2021 09:06:55 GMT
content-encoding: gzip
server: nginx
age: 70939
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-pop: FRA56-P3
content-length: 2470
x-amz-cf-id: tLCEVq1ZZrCFou9RHtBzLJB4Fxvx_JT4dZb1NdpuZvU0Me7DdyXNdQ==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 ca Show response
choices.trustarc.com/ Frame 005B 38 KB
11 KB 8ms
8ms Script
text/javascript 52.222.214.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.trustarc.com/ca?aid=hpeus01&pid=digitas01&cid=2&w=300&h=250&c=digitas01cont2&js=pmw2
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.123 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-123.fra56.r.cloudfront.net
Software: nginx /
Resource Hash: e15a095adc9899b592ceccdd4885a3be3674a6bf6ec4be762566360424deb1f3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 26 Oct 2021 09:10:46 GMT
content-encoding: gzip
server: nginx
age: 70708
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-pop: FRA56-P3
x-amz-cf-id: PhlZh5I9Ajx375ColAs1aL25dIBx7vYxNmizuCVLhBPKr0mVh25G4A==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 cap
choices.trustarc.com/ Frame 005B 43 B
383 B 99ms
99ms Image
image/gif 52.222.214.123
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/cap?aid=hpeus01&pid=digitas01&cid=2&w=300&h=250&c=b0db
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.123 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-123.fra56.r.cloudfront.net
Software: nginx /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:14 GMT
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA56-P3
x-cache: Miss from cloudfront
content-type: image/gif
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 43
x-amz-cf-id: P5NKvAvoMMDqWn0jG4hYQOIjvHcv7ne4LoABfhQXOi4c-gg4kLQGcw==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame E13F 0
128 B 29ms
18ms Script
text/plain 185.64.190.81
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=109126&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.81 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:15 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 v2 Show response
de.tynt.com/deb/ Frame AACA 75 B
287 B 545ms
106ms Document
text/html 208.100.17.185
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://de.tynt.com/deb/v2?m=xch&rt=html&id=dnk45OZFOr66bCaKj0P0Le&gdpr_consent=undefined&us_privacy=undefined
Requested by: Host: d3terveqlssriz.cloudfront.net
URL: https://d3terveqlssriz.cloudfront.net/script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.100.17.185 Chicago, United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip185.208-100-17.static.steadfastdns.net
Software: /
Resource Hash: e170d20dbbd5a22f50118e25fa2eefb1e85d2ad780e5477ed3a9643186090442

Request headers

:method: GET
:authority: de.tynt.com
:scheme: https
:path: /deb/v2?m=xch&rt=html&id=dnk45OZFOr66bCaKj0P0Le&gdpr_consent=undefined&us_privacy=undefined
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.upi.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/

Response headers

cache-control: max-age=900
expires: Wed, 27 Oct 2021 05:04:15 GMT
referrer-policy: unsafe-url
content-type: text/html
content-length: 75
date: Wed, 27 Oct 2021 04:49:15 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H2

200

v2 Show response
de.tynt.com/deb/ Frame 86C6
Redirect Chain

https://de.tynt.com/deb/v2?m=xch&rt=html&id=dikp1mZFOr66bCaKj0P0Le&gdpr_consent=undefined&us_privacy=undefined
https://de.tynt.com/deb/v2?m=xch&rt=html&id=dikp1mZFOr66bCaKj0P0Le&gdpr_consent=undefined&us_privacy=undefined&b=1

75 B
289 B

114ms
114ms

Document
text/html

208.100.17.185
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://de.tynt.com/deb/v2?m=xch&rt=html&id=dikp1mZFOr66bCaKj0P0Le&gdpr_consent=undefined&us_privacy=undefined&b=1
Requested by: Host: d3terveqlssriz.cloudfront.net
URL: https://d3terveqlssriz.cloudfront.net/script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.100.17.185 Chicago, United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip185.208-100-17.static.steadfastdns.net
Software: /
Resource Hash: e170d20dbbd5a22f50118e25fa2eefb1e85d2ad780e5477ed3a9643186090442

Request headers

:method: GET
:authority: de.tynt.com
:scheme: https
:path: /deb/v2?m=xch&rt=html&id=dikp1mZFOr66bCaKj0P0Le&gdpr_consent=undefined&us_privacy=undefined&b=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.upi.com/
accept-encoding: gzip, deflate, br
cookie: uid=qLVfKGF42kvqx8QBasqrxA==
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/

Response headers

cache-control: max-age=86400
expires: Thu, 28 Oct 2021 04:49:16 GMT
referrer-policy: unsafe-url
content-type: text/html
content-length: 75
date: Wed, 27 Oct 2021 04:49:15 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

Redirect headers

location: https://de.tynt.com/deb/v2?m=xch&rt=html&id=dikp1mZFOr66bCaKj0P0Le&gdpr_consent=undefined&us_privacy=undefined&b=1
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false
expires: Sat, 26 Jul 1997 05:00:00 GMT
set-cookie: uid=xmjYO2F42kutH2XlaswqBQ==;Version=1;Comment=;SameSite=None;Domain=tynt.com;Path=/;Max-Age=31536000;Secure
referrer-policy: unsafe-url
content-length: 0
date: Wed, 27 Oct 2021 04:49:15 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H2

200

v2 Show response
de.tynt.com/deb/ Frame F97C
Redirect Chain

https://de.tynt.com/deb/v2?m=xch&rt=html&id=dxcRH4ZFOr66bCaKj0P0Le&gdpr_consent=undefined&us_privacy=undefined
https://de.tynt.com/deb/v2?m=xch&rt=html&id=dxcRH4ZFOr66bCaKj0P0Le&gdpr_consent=undefined&us_privacy=undefined&b=1

75 B
289 B

114ms
114ms

Document
text/html

208.100.17.185
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://de.tynt.com/deb/v2?m=xch&rt=html&id=dxcRH4ZFOr66bCaKj0P0Le&gdpr_consent=undefined&us_privacy=undefined&b=1
Requested by: Host: d3terveqlssriz.cloudfront.net
URL: https://d3terveqlssriz.cloudfront.net/script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.100.17.185 Chicago, United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip185.208-100-17.static.steadfastdns.net
Software: /
Resource Hash: e170d20dbbd5a22f50118e25fa2eefb1e85d2ad780e5477ed3a9643186090442

Request headers

:method: GET
:authority: de.tynt.com
:scheme: https
:path: /deb/v2?m=xch&rt=html&id=dxcRH4ZFOr66bCaKj0P0Le&gdpr_consent=undefined&us_privacy=undefined&b=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.upi.com/
accept-encoding: gzip, deflate, br
cookie: uid=qLVfKGF42kvqx8QBasqrxA==
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/

Response headers

cache-control: max-age=86400
expires: Thu, 28 Oct 2021 04:49:16 GMT
referrer-policy: unsafe-url
content-type: text/html
content-length: 75
date: Wed, 27 Oct 2021 04:49:15 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

Redirect headers

location: https://de.tynt.com/deb/v2?m=xch&rt=html&id=dxcRH4ZFOr66bCaKj0P0Le&gdpr_consent=undefined&us_privacy=undefined&b=1
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false
expires: Sat, 26 Jul 1997 05:00:00 GMT
set-cookie: uid=auYrq2F42ktO0sJYKMtwRQ==;Version=1;Comment=;SameSite=None;Domain=tynt.com;Path=/;Max-Age=31536000;Secure
referrer-policy: unsafe-url
content-length: 0
date: Wed, 27 Oct 2021 04:49:15 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H2

200

v2 Show response
de.tynt.com/deb/ Frame DBA2
Redirect Chain

https://de.tynt.com/deb/v2?m=xch&rt=html&id=dBSR_eZFOr66bCaKj0P0Le&gdpr_consent=undefined&us_privacy=undefined
https://de.tynt.com/deb/v2?m=xch&rt=html&id=dBSR_eZFOr66bCaKj0P0Le&gdpr_consent=undefined&us_privacy=undefined&b=1

75 B
289 B

113ms
112ms

Document
text/html

208.100.17.185
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://de.tynt.com/deb/v2?m=xch&rt=html&id=dBSR_eZFOr66bCaKj0P0Le&gdpr_consent=undefined&us_privacy=undefined&b=1
Requested by: Host: d3terveqlssriz.cloudfront.net
URL: https://d3terveqlssriz.cloudfront.net/script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.100.17.185 Chicago, United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip185.208-100-17.static.steadfastdns.net
Software: /
Resource Hash: e170d20dbbd5a22f50118e25fa2eefb1e85d2ad780e5477ed3a9643186090442

Request headers

:method: GET
:authority: de.tynt.com
:scheme: https
:path: /deb/v2?m=xch&rt=html&id=dBSR_eZFOr66bCaKj0P0Le&gdpr_consent=undefined&us_privacy=undefined&b=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.upi.com/
accept-encoding: gzip, deflate, br
cookie: uid=qLVfKGF42kvqx8QBasqrxA==
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/

Response headers

cache-control: max-age=86400
expires: Thu, 28 Oct 2021 04:49:16 GMT
referrer-policy: unsafe-url
content-type: text/html
content-length: 75
date: Wed, 27 Oct 2021 04:49:15 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

Redirect headers

location: https://de.tynt.com/deb/v2?m=xch&rt=html&id=dBSR_eZFOr66bCaKj0P0Le&gdpr_consent=undefined&us_privacy=undefined&b=1
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false
expires: Sat, 26 Jul 1997 05:00:00 GMT
set-cookie: uid=xL77b2F42kvE71u5atXpGw==;Version=1;Comment=;SameSite=None;Domain=tynt.com;Path=/;Max-Age=31536000;Secure
referrer-policy: unsafe-url
content-length: 0
date: Wed, 27 Oct 2021 04:49:15 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H2

200

v2 Show response
de.tynt.com/deb/ Frame 2944
Redirect Chain

https://de.tynt.com/deb/v2?m=xch&rt=html&id=dsmFFgZFOr66bCaKj0P0Le&gdpr_consent=undefined&us_privacy=undefined
https://de.tynt.com/deb/v2?m=xch&rt=html&id=dsmFFgZFOr66bCaKj0P0Le&gdpr_consent=undefined&us_privacy=undefined&b=1

75 B
289 B

112ms
111ms

Document
text/html

208.100.17.185
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://de.tynt.com/deb/v2?m=xch&rt=html&id=dsmFFgZFOr66bCaKj0P0Le&gdpr_consent=undefined&us_privacy=undefined&b=1
Requested by: Host: d3terveqlssriz.cloudfront.net
URL: https://d3terveqlssriz.cloudfront.net/script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.100.17.185 Chicago, United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip185.208-100-17.static.steadfastdns.net
Software: /
Resource Hash: e170d20dbbd5a22f50118e25fa2eefb1e85d2ad780e5477ed3a9643186090442

Request headers

:method: GET
:authority: de.tynt.com
:scheme: https
:path: /deb/v2?m=xch&rt=html&id=dsmFFgZFOr66bCaKj0P0Le&gdpr_consent=undefined&us_privacy=undefined&b=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.upi.com/
accept-encoding: gzip, deflate, br
cookie: uid=qLVfKGF42kvqx8QBasqrxA==
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/

Response headers

cache-control: max-age=86400
expires: Thu, 28 Oct 2021 04:49:16 GMT
referrer-policy: unsafe-url
content-type: text/html
content-length: 75
date: Wed, 27 Oct 2021 04:49:15 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

Redirect headers

location: https://de.tynt.com/deb/v2?m=xch&rt=html&id=dsmFFgZFOr66bCaKj0P0Le&gdpr_consent=undefined&us_privacy=undefined&b=1
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false
expires: Sat, 26 Jul 1997 05:00:00 GMT
set-cookie: uid=qLVfKGF42kvqx8QBasqrxA==;Version=1;Comment=;SameSite=None;Domain=tynt.com;Path=/;Max-Age=31536000;Secure
referrer-policy: unsafe-url
content-length: 0
date: Wed, 27 Oct 2021 04:49:15 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H2 200 v2 Show response
de.tynt.com/deb/ Frame A02E 75 B
289 B 115ms
111ms Document
text/html 208.100.17.185
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://de.tynt.com/deb/v2?m=xch&rt=html&id=dITmVMZFOr66bCaKj0P0Le&gdpr_consent=undefined&us_privacy=undefined
Requested by: Host: d3terveqlssriz.cloudfront.net
URL: https://d3terveqlssriz.cloudfront.net/script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.100.17.185 Chicago, United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip185.208-100-17.static.steadfastdns.net
Software: /
Resource Hash: e170d20dbbd5a22f50118e25fa2eefb1e85d2ad780e5477ed3a9643186090442

Request headers

:method: GET
:authority: de.tynt.com
:scheme: https
:path: /deb/v2?m=xch&rt=html&id=dITmVMZFOr66bCaKj0P0Le&gdpr_consent=undefined&us_privacy=undefined
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.upi.com/
accept-encoding: gzip, deflate, br
cookie: uid=qLVfKGF42kvqx8QBasqrxA==
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/

Response headers

cache-control: max-age=86400
expires: Thu, 28 Oct 2021 04:49:17 GMT
referrer-policy: unsafe-url
content-type: text/html
content-length: 75
date: Wed, 27 Oct 2021 04:49:16 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 62AE 2 KB
3 KB 18ms
18ms Script
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=26368251&p=109126&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 95e7e322a37a9e33a0ffa664d2a429cfe7396bf9d13144e0f8f4eed5ac6a2512

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:16 GMT
content-type: text/html; charset=UTF-8
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 380F
Redirect Chain

https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AACv9U7C8bUAAC3JGy3KTA

42 B
372 B

35ms
24ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AACv9U7C8bUAAC3JGy3KTA
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method: GET
:authority: image2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AACv9U7C8bUAAC3JGy3KTA
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: KADUSERCOOKIE=CB6BA316-A186-40C8-9AA6-51D4A8370322; KRTBCOOKIE_377=6810-2992f751-d465-4a45-95c7-c5768165b468&KRTB&22918-2992f751-d465-4a45-95c7-c5768165b468&KRTB&23031-2992f751-d465-4a45-95c7-c5768165b468; PUBMDCID=3; KRTBCOOKIE_57=22776-6805323374886971036; KRTBCOOKIE_153=19420-wp82JZDPNS_ZmTklwposeMbMYCTZmTh4x56ahKy6&KRTB&22979-wp82JZDPNS_ZmTklwposeMbMYCTZmTh4x56ahKy6; KRTBCOOKIE_80=22987-CAESEG5SmXJEiV8M_l8bclkOyCw&KRTB&16514-CAESEG5SmXJEiV8M_l8bclkOyCw&KRTB&23025-CAESEG5SmXJEiV8M_l8bclkOyCw; KRTBCOOKIE_1101=23040-7023603625964599441; KRTBCOOKIE_27=16735-uid:017e6178-da49-4400-b43d-2acbde00dfe7&KRTB&16736-uid:017e6178-da49-4400-b43d-2acbde00dfe7&KRTB&23019-uid:017e6178-da49-4400-b43d-2acbde00dfe7&KRTB&23114-uid:017e6178-da49-4400-b43d-2acbde00dfe7; KRTBCOOKIE_391=22924-8094520430828782822&KRTB&23263-8094520430828782822; KRTBCOOKIE_336=5844-1354140506078291191; KRTBCOOKIE_699=22727-AACv9U7C8bUAAC3JGy3KTA; SPugT=1635310155; chkChromeAb67Sec=2; pi=109126:4; DPSync3=1636502400%3A227_235_197_219_201_221_226%7C1635379200%3A174; SyncRTB3=1635897600%3A223_15_2%7C1636588800%3A35%7C1637884800%3A203%7C1636156800%3A63%7C1636502400%3A8_22_54_166_55_99_3_13_234_204_230_220_7_161_56_71_81_21; KRTBCOOKIE_218=4056-YXjaSgAMKiO5XwAR&KRTB&22978-YXjaSgAMKiO5XwAR&KRTB&23194-YXjaSgAMKiO5XwAR&KRTB&23209-YXjaSgAMKiO5XwAR; PugT=1635310156
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Wed, 27 Oct 2021 04:49:17 GMT
content-type: image/gif; charset=utf-8
content-length: 42
set-cookie: KRTBCOOKIE_699=22727-AACv9U7C8bUAAC3JGy3KTA; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 26-Nov-2021 04:49:17 GMT; path=/ PugT=1635310157; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 26-Nov-2021 04:49:17 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Tue, 25-Jan-2022 04:49:17 GMT; path=/
x-lat: lhrpug008:0:495
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

Date: Wed, 27 Oct 2021 04:49:17 GMT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AACv9U7C8bUAAC3JGy3KTA
Server: nginx
strict-transport-security: max-age=2592000; includeSubDomains
Content-Length: 0
Connection: keep-alive

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame D523
Redirect Chain

https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={device_id}&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0

0
88 B

30ms
12ms

Document
text/html

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: simage2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: KADUSERCOOKIE=CB6BA316-A186-40C8-9AA6-51D4A8370322; KRTBCOOKIE_377=6810-2992f751-d465-4a45-95c7-c5768165b468&KRTB&22918-2992f751-d465-4a45-95c7-c5768165b468&KRTB&23031-2992f751-d465-4a45-95c7-c5768165b468; PUBMDCID=3; KRTBCOOKIE_57=22776-6805323374886971036; KRTBCOOKIE_153=19420-wp82JZDPNS_ZmTklwposeMbMYCTZmTh4x56ahKy6&KRTB&22979-wp82JZDPNS_ZmTklwposeMbMYCTZmTh4x56ahKy6; KRTBCOOKIE_80=22987-CAESEG5SmXJEiV8M_l8bclkOyCw&KRTB&16514-CAESEG5SmXJEiV8M_l8bclkOyCw&KRTB&23025-CAESEG5SmXJEiV8M_l8bclkOyCw; KRTBCOOKIE_1101=23040-7023603625964599441; KRTBCOOKIE_27=16735-uid:017e6178-da49-4400-b43d-2acbde00dfe7&KRTB&16736-uid:017e6178-da49-4400-b43d-2acbde00dfe7&KRTB&23019-uid:017e6178-da49-4400-b43d-2acbde00dfe7&KRTB&23114-uid:017e6178-da49-4400-b43d-2acbde00dfe7; KRTBCOOKIE_391=22924-8094520430828782822&KRTB&23263-8094520430828782822; KRTBCOOKIE_336=5844-1354140506078291191; KRTBCOOKIE_699=22727-AACv9U7C8bUAAC3JGy3KTA; SPugT=1635310155; chkChromeAb67Sec=2; pi=109126:4; DPSync3=1636502400%3A227_235_197_219_201_221_226%7C1635379200%3A174; SyncRTB3=1635897600%3A223_15_2%7C1636588800%3A35%7C1637884800%3A203%7C1636156800%3A63%7C1636502400%3A8_22_54_166_55_99_3_13_234_204_230_220_7_161_56_71_81_21; KRTBCOOKIE_218=4056-YXjaSgAMKiO5XwAR&KRTB&22978-YXjaSgAMKiO5XwAR&KRTB&23194-YXjaSgAMKiO5XwAR&KRTB&23209-YXjaSgAMKiO5XwAR; KRTBCOOKIE_22=14911-4323442822391727503; KRTBCOOKIE_594=17107-OPTOUT; PugT=1635310157; KRTBCOOKIE_188=3189-e0c0c6d3-b36a-43dc-85d6-a80c9ba2ae76-6178da4a-5553
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Wed, 27 Oct 2021 04:49:16 GMT
content-type: text/html; charset=utf-8
x-lat: amspug008:2:297
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
content-encoding: gzip

Redirect headers

set-cookie: viewer_token=be27643e-e288-49f0-857b-79b6372724c8; path=/; domain=csync.loopme.me; Expires=Sat, 27-Nov-2021 04:49:17 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
content-length: 0
date: Wed, 27 Oct 2021 04:49:17 GMT
server: _

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 43C0
Redirect Chain

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=OPTOUT

42 B
358 B

15ms
15ms

Document
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=OPTOUT
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method: GET
:authority: simage2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=OPTOUT
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: KADUSERCOOKIE=CB6BA316-A186-40C8-9AA6-51D4A8370322; KRTBCOOKIE_377=6810-2992f751-d465-4a45-95c7-c5768165b468&KRTB&22918-2992f751-d465-4a45-95c7-c5768165b468&KRTB&23031-2992f751-d465-4a45-95c7-c5768165b468; PUBMDCID=3; KRTBCOOKIE_57=22776-6805323374886971036; KRTBCOOKIE_153=19420-wp82JZDPNS_ZmTklwposeMbMYCTZmTh4x56ahKy6&KRTB&22979-wp82JZDPNS_ZmTklwposeMbMYCTZmTh4x56ahKy6; KRTBCOOKIE_80=22987-CAESEG5SmXJEiV8M_l8bclkOyCw&KRTB&16514-CAESEG5SmXJEiV8M_l8bclkOyCw&KRTB&23025-CAESEG5SmXJEiV8M_l8bclkOyCw; KRTBCOOKIE_1101=23040-7023603625964599441; KRTBCOOKIE_27=16735-uid:017e6178-da49-4400-b43d-2acbde00dfe7&KRTB&16736-uid:017e6178-da49-4400-b43d-2acbde00dfe7&KRTB&23019-uid:017e6178-da49-4400-b43d-2acbde00dfe7&KRTB&23114-uid:017e6178-da49-4400-b43d-2acbde00dfe7; KRTBCOOKIE_391=22924-8094520430828782822&KRTB&23263-8094520430828782822; KRTBCOOKIE_336=5844-1354140506078291191; KRTBCOOKIE_699=22727-AACv9U7C8bUAAC3JGy3KTA; SPugT=1635310155; chkChromeAb67Sec=2; pi=109126:4; DPSync3=1636502400%3A227_235_197_219_201_221_226%7C1635379200%3A174; SyncRTB3=1635897600%3A223_15_2%7C1636588800%3A35%7C1637884800%3A203%7C1636156800%3A63%7C1636502400%3A8_22_54_166_55_99_3_13_234_204_230_220_7_161_56_71_81_21; KRTBCOOKIE_218=4056-YXjaSgAMKiO5XwAR&KRTB&22978-YXjaSgAMKiO5XwAR&KRTB&23194-YXjaSgAMKiO5XwAR&KRTB&23209-YXjaSgAMKiO5XwAR; PugT=1635310156
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Wed, 27 Oct 2021 04:49:15 GMT
content-type: image/gif; charset=utf-8
content-length: 42
set-cookie: KRTBCOOKIE_594=17107-OPTOUT; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 26-Nov-2021 04:49:15 GMT; path=/ PugT=1635310155; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 26-Nov-2021 04:49:15 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Tue, 25-Jan-2022 04:49:15 GMT; path=/
x-lat: amspug020:0:558
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

server: Tengine
date: Wed, 27 Oct 2021 04:49:17 GMT
content-type: text/html
cache-control: no-store, no-cache, must-revalidate
expires: 0
pragma: no-cache
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=OPTOUT
etag: OPTOUT

GET
H2 404 dpe Show response
ad4m.at/ad/ Frame 3E85 15 B
915 B 120ms
38ms Document
text/plain 104.26.10.209
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ad4m.at/ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.10.209 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c6420ab9ec6ebff1cd61333dade6ba9ac879d3617a59334148672dee6af12fec

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox

Request headers

:method: GET
:authority: ad4m.at
:scheme: https
:path: /ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

date: Wed, 27 Oct 2021 04:49:17 GMT
content-type: text/plain; charset=utf-8
content-length: 15
report-to: {"endpoints":[{"url":"https://as.ad4m.at/ad/vre"}],"group":"report-endpoint","max_age":86400}
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0"}
expires: 0
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy: block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
referrer-policy: same-origin
pragma: no-cache
surrogate-control: no-store
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6a494c046bee0099-AMS

GET
H2

200

Artemis
aud.pubmatic.com/AdServer/ Frame 62AE
Redirect Chain

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=CB6BA316-A186-40C8-9AA6-51D4A8370322&gdpr=
https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=CB6BA316-A186-40C8-9AA6-51D4A8370322&gdpr=&fbounce=1
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=CB6BA316-A186-40C8-9AA6-51D4A8370322&addseg=19,36,42

43 B
43 B

79ms
19ms

Image
text/plain

185.64.190.87
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=CB6BA316-A186-40C8-9AA6-51D4A8370322&addseg=19,36,42
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.87 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:17 GMT
content-length: 43
content-type: text/plain; charset=utf-8

Redirect headers

date: Wed, 27 Oct 2021 04:49:17 GMT
via: 1.1 google
p3p: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=CB6BA316-A186-40C8-9AA6-51D4A8370322&addseg=19,36,42
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-type: text/html; charset=utf-8
alt-svc: clear
content-length: 141

GET
H/1.1

200
OK

info2
uipglob.semasio.net/pubmatic/1/ Frame 62AE
Redirect Chain

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=CB6BA316-A186-40C8-9AA6-51D4A8370322&sInitiator=external&gdpr=0&gdpr_consent=
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=CB6BA316-A186-40C8-9AA6-51D4A8370322&sInitiator=external&gdpr=0&gdpr_consent=

42 B
604 B

25ms
25ms

Image
image/gif

77.243.60.138
NETIC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=CB6BA316-A186-40C8-9AA6-51D4A8370322&sInitiator=external&gdpr=0&gdpr_consent=
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 77.243.60.138 Brønderslev, Denmark, ASN42697 (NETIC-AS, DK),
Reverse DNS
Software: /
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:16 GMT
frontend-id: 13
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
access-control-allow-origin: *
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: image/gif
content-length: 42
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:16 GMT
frontend-id: 13
location: /pubmatic/1/info2?sType=sync&sExtCookieId=CB6BA316-A186-40C8-9AA6-51D4A8370322&sInitiator=external&gdpr=0&gdpr_consent=
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
access-control-allow-origin: *
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 0
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

GET
H2 200 mw
mwzeom.zeotap.com/ Frame 62AE 95 B
176 B 48ms
33ms Image
image/png 172.67.13.182
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=1384&env=mWeb&gdpr=0&gdpr_consent=&cid=CB6BA316-A186-40C8-9AA6-51D4A8370322
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.13.182 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:17 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://ads.pubmatic.com
access-control-allow-credentials: true
cf-ray: 6a494c03df722187-DUS
access-control-allow-headers: *
content-length: 95

GET
H/1.1

200

p
a.audrte.com/ Frame 62AE
Redirect Chain

https://a.audrte.com/match?gdpr=0&gdpr_consent=&p=M1717054901&uid=CB6BA316-A186-40C8-9AA6-51D4A8370322
https://a.audrte.com/p

68 B
617 B

92ms
92ms

Image
image/png

18.215.193.43
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.audrte.com/p
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.215.193.43 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-215-193-43.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 27 Oct 2021 04:49:17 GMT
Server: nginx/1.18.0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/png
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 68

Redirect headers

Date: Wed, 27 Oct 2021 04:49:17 GMT
Server: nginx/1.18.0
Access-Control-Allow-Origin: *
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST, GET, OPTIONS
Location: https://a.audrte.com:443/p
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0

GET
H2 200 CB6BA316-A186-40C8-9AA6-51D4A8370322
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame 62AE 43 B
874 B 55ms
41ms Image
image/gif 54.76.52.201
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/CB6BA316-A186-40C8-9AA6-51D4A8370322?gdpr=0&gdpr_consent=

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.76.52.201 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:17 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 62AE
Redirect Chain

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=afd4d911-869d-4e32-ac0a-b1787ac2e19d
https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=afd4d911-869d-4e32-ac0a-b1787ac2e19d
https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=890c7b6b-9986-4964-89f9-6dd2e02956ac&user_group=1&ssp=pubmatic&bsw_param=afd4d911-869d-4e32-ac0a-b1787ac2e19d
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=afd4d911-869d-4e32-ac0a-b1787ac2e19d&gdpr=&gdpr_consent=&gdpr_pd=

1 B
180 B

15ms
14ms

Image
text/html

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=afd4d911-869d-4e32-ac0a-b1787ac2e19d&gdpr=&gdpr_consent=&gdpr_pd=
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:16 GMT
cache-control: no-store, no-cache, private
x-lat: amspug008:0:362
server: nginx
content-type: text/html; charset=utf-8
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location: //simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=afd4d911-869d-4e32-ac0a-b1787ac2e19d&gdpr=&gdpr_consent=&gdpr_pd=
Date: Wed, 27 Oct 2021 04:49:17 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 62AE
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YXjaSgAMKiO5XwAR&gdpr=0&gdpr_consent=

1 B
412 B

18ms
18ms

Image
text/html

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YXjaSgAMKiO5XwAR&gdpr=0&gdpr_consent=
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:16 GMT
cache-control: no-store, no-cache, private
x-lat: amspug010:0:366
server: nginx
content-type: text/html; charset=utf-8
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:17 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1635310157.409804,VS0,VE0
x-served-by: cache-hhn4030-HHN
x-cache: HIT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YXjaSgAMKiO5XwAR&gdpr=0&gdpr_consent=
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2 204 current
pubmatic-match.dotomi.com/match/bounce/ Frame 62AE 0
103 B 50ms
32ms Image
text/plain 64.158.223.137
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=CB6BA316-A186-40C8-9AA6-51D4A8370322&gdpr=0&gdpr_consent=
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.158.223.137 Amsterdam, Netherlands, ASN41041 (VCLK-EU-SE, US),
Reverse DNS: ams02-usadmm.dotomi.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:17 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 62AE
Redirect Chain

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=4323442822391727503&gdpr=0&gdpr_consent=&us_privacy=

1 B
323 B

15ms
14ms

Image
text/html

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=4323442822391727503&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:17 GMT
cache-control: no-store, no-cache, private
x-lat: amspug018:0:381
server: nginx
content-type: text/html; charset=utf-8
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=4323442822391727503&gdpr=0&gdpr_consent=&us_privacy=
pragma: no-cache
date: Wed, 27 Oct 2021 04:49:17 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 62AE
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=e0c0c6d3-b36a-43dc-85d6-a80c9ba2ae76-6178da4a-5553&gdpr=0&gdpr_consent=

42 B
232 B

32ms
30ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=e0c0c6d3-b36a-43dc-85d6-a80c9ba2ae76-6178da4a-5553&gdpr=0&gdpr_consent=
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:17 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug007:0:580
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:16 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=e0c0c6d3-b36a-43dc-85d6-a80c9ba2ae76-6178da4a-5553&gdpr=0&gdpr_consent=
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 62AE
Redirect Chain

https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:f3929bf1-61b9-4bd9-814d-f15620006cfe&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw

42 B
110 B

23ms
12ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:f3929bf1-61b9-4bd9-814d-f15620006cfe&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:16 GMT
cache-control: no-store, no-cache, private
x-lat: amspug009:0:406
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location: https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:f3929bf1-61b9-4bd9-814d-f15620006cfe&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Date: Wed, 27 Oct 2021 04:49:17 GMT
Server: Apache/2.4.41 (Ubuntu)
Connection: Keep-Alive
Keep-Alive: timeout=5, max=3000
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 62AE
Redirect Chain

https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=6805323374886971036

42 B
111 B

13ms
13ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=6805323374886971036
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:17 GMT
cache-control: no-store, no-cache, private
x-lat: amspug0022:0:482
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma: no-cache
Date: Wed, 27 Oct 2021 04:49:17 GMT
X-Proxy-Origin: 216.131.111.15; 216.131.111.15; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 8087390d-c1c9-4a4f-ad58-e7b7dca0ad88
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=6805323374886971036
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame 62AE 0
128 B 24ms
19ms Script
text/plain 185.64.190.81
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=109126&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.81 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:18 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 ping
ping.chartbeat.net/ 43 B
200 B 173ms
79ms Image
image/gif 3.90.128.247
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ping.chartbeat.net/ping?h=upi.com&p=%2F&u=B1qMWG2flasCUayEZ&d=upi.com&g=4027&g0=No%20Section&g1=No%20Author&n=1&f=00001&c=0.25&x=0&m=0&y=6265&o=1600&w=1200&j=30&R=1&W=0&I=0&E=5&e=5&r=&b=1445&t=Cy6o_mBZFjeGvGB_5CbekTmCSp2tR&V=128&tz=0&sn=2&sv=F2H9FBPFkRYBL8UaHDr7DH4BTq_SJ&sd=1&im=0603040f&_
Requested by: Host: www.upi.com
URL: https://www.upi.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.90.128.247 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-90-128-247.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:21 GMT
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
content-length: 43
expires: 0

GET
H2 200 dc_oe=ChMI99zLhOXp8wIVDm7TCh3jugjAEAAYACCn3rpLQhMI443_g-Xp8wIVk7h3Ch0EZQWM;met=1;&timestamp=1635310161468;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame BA07 42 B
107 B 153ms
54ms Image
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI99zLhOXp8wIVDm7TCh3jugjAEAAYACCn3rpLQhMI443_g-Xp8wIVk7h3Ch0EZQWM;met=1;&timestamp=1635310161468;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMIqsDLhOXp8wIVVijTCh3AngDLEAAYACDL3rpLQhMI4o3_g-Xp8wIVk7h3Ch0EZQWM;met=1;&timestamp=1635310161493;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame C711 42 B
494 B 114ms
41ms Image
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIqsDLhOXp8wIVVijTCh3AngDLEAAYACDL3rpLQhMI4o3_g-Xp8wIVk7h3Ch0EZQWM;met=1;&timestamp=1635310161493;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dc_oe=ChMIvtTQhOXp8wIVQR7TCh0rhQK9EAAYACD64LpLQhMI7cqEhOXp8wIVi_p3Ch2Rswfz;met=1;&timestamp=1635310161677;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame 1B11 42 B
63 B 91ms
45ms Image
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIvtTQhOXp8wIVQR7TCh0rhQK9EAAYACD64LpLQhMI7cqEhOXp8wIVi_p3Ch2Rswfz;met=1;&timestamp=1635310161677;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Requested by

Host: www.upi.com
URL: https://www.upi.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
9 KB 49ms
48ms XHR
application/json 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021102501&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021102501.js?31063318

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

20b61683ed02bc119a0ff8fbc983bc3857c446eaa6deb863c7ee20a58eee405e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 27 Oct 2021 04:49:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 8740
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 57ms
57ms Script
text/javascript 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: d3terveqlssriz.cloudfront.net
URL: https://d3terveqlssriz.cloudfront.net/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 27 Oct 2021 04:49:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Wed, 27 Oct 2021 04:49:23 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 3D6A 12 KB
5 KB 31ms
30ms Document
text/html 142.250.184.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: d3terveqlssriz.cloudfront.net
URL: https://d3terveqlssriz.cloudfront.net/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.upi.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Wed, 27 Oct 2021 04:13:19 GMT
expires: Thu, 27 Oct 2022 04:13:19 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 2164
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 7B85 783 B
535 B 184ms
78ms Document
text/html 142.250.185.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: d3terveqlssriz.cloudfront.net
URL: https://d3terveqlssriz.cloudfront.net/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f4.1e100.net

Software

GSE /

Resource Hash

674faed79174c3a3d4fe1c28417d64bae00961554c04895be4186cc62a799df5

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-RJbitBGcNNe4RDc41pLHQg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.upi.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Wed, 27 Oct 2021 04:49:23 GMT
date: Wed, 27 Oct 2021 04:49:23 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-RJbitBGcNNe4RDc41pLHQg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 rYsSliro57HlqQ0w1drzgXd5CbzCCwb6qdFIuIj2zIs.js Show response
pagead2.googlesyndication.com/bg/ Frame 3D6A 35 KB
13 KB 15ms
15ms Script
text/javascript 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/rYsSliro57HlqQ0w1drzgXd5CbzCCwb6qdFIuIj2zIs.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ad8b12962ae8e7b1e5a90d30d5daf381777909bcc20b06faa9d148b888f6cc8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 21:18:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27036
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 13232
x-xss-protection: 0
last-modified: Tue, 19 Oct 2021 13:08:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Wed, 26 Oct 2022 21:18:47 GMT

GET
H3 200 dc_oe=ChMI3YHZhOXp8wIVEALTCh2uygBQEAAYACDp4bpLQhMI5I3_g-Xp8wIVk7h3Ch0EZQWM;met=1;&timestamp=1635310163906;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame 005B 42 B
63 B 61ms
60ms Image
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI3YHZhOXp8wIVEALTCh2uygBQEAAYACDp4bpLQhMI5I3_g-Xp8wIVk7h3Ch0EZQWM;met=1;&timestamp=1635310163906;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:24 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 88ms
83ms Image
image/gif 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021102501&jk=547274702019240&bg=!3d6l3prNAAbUs_yW1LM7ACkAdvg8Wgro7BV5nqv-tWqMQ-oWNfB8OYpkpy4ik_IxEOn7fIqva4_qqQIAAAJWUgAAABpoAQeZAsXzXz_xhXiOP32E8SrG_vf0uyXItMugZw2ZkcWZDr6tAy9UoBRMM6Ww0OWnqw1CDdkTUUCKh_rWLMa6VuxOw4NlpsoMZE7H1lmB4m6BPRGV_2RTxW0MmLCpg2VczEi1XVPXk3rK1JWfc8eB4gl0uej14Zp2knGCmo_ljILy2wLcfB10f-R7c4EPu_qg07wq7J_GpQsngEgw9bVSkikplVE5x_bPsmjv23gHhzxwwLSRR3E1yAAuFatzyTS8mVRURLSP42A2z3DaMj027sbXXrkS9roG635mQohrD84bBfoINCADc9I6T_-mz70FbKkzA0lCi7Dv7f8XImcfJv8rkpncdM00jPtAF5ydvwRkwHo-xDEMMAu8Lngncuoufvdu9DGyMb34qdSqZlbZ-VJhPrcS0aWyumbo0cUzAXkUp854U8s5sfRKQXWIOdqZa-Z7VpaYLCHzP-kgpSnfeDpC1xJbH8x2v0I4XOuEZuzqqUj8et0ghFufL-VWP-fW_9vPmp6vzegQpbK6y0PR05blDqaeMcP7K4QRb65OBMO9D7olkj94SNQdasY6YwKLrx0IlepOLst4BzSqnIvBPKYhqMSX59qCsdkyQi9rIOhNqbCLZcLkY9SG-AKr0gc2Tfq-On8c6-6NcXUOopP-Y6KHGdqzgrkzH8ntURaT6lovZ1Y9res3FwVUD44tejR8DlC_CbX58LxvdukbgZA47AhTnOaSutqX_qUABBp0w5Vq61_Hru59VmgrwK-w-lGhh57rsuG0Tk9YeebnNAO8dN-omcibEuZhXbYBZARoo6W25-9PW9IlmU5jneYQ39U6-rL298ceRx75tDZhUSq5PW_jRApc7KlLNHuh_s5rNpMfh5PnlbWSmM6b_Aaot45q6ACAswynqKMwToz3yWfAlkYfrdQSmwSZWUhLDyGMKAwlCO9P5fEJ3sni

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.upi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:24 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 7B85 0
0 2310ms
2290ms Image
text/html 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021102501&jk=547274702019240&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.217.23.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: mil04s23-in-f98.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H3 200 dc_oe=ChMI99zLhOXp8wIVDm7TCh3jugjAEAAYACCn3rpLQhMI443_g-Xp8wIVk7h3Ch0EZQWM;met=1;&timestamp=1635310171468;eid1=2;ecn1=0;etm1=10;
ade.googlesyndication.com/ddm/activity/ Frame BA07 42 B
63 B 56ms
43ms Image
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI99zLhOXp8wIVDm7TCh3jugjAEAAYACCn3rpLQhMI443_g-Xp8wIVk7h3Ch0EZQWM;met=1;&timestamp=1635310171468;eid1=2;ecn1=0;etm1=10;

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2fdea17adea0721aa10a1e23cad34194.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Oct 2021 04:49:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dc_oe=ChMIqsDLhOXp8wIVVijTCh3AngDLEAAYACDL3rpLQhMI4o3_g-Xp8wIVk7h3Ch0EZQWM;met=1;&timestamp=1635310171492;eid1=2;ecn1=0;etm1=10;
ade.googlesyndication.com/ddm/activity/ Frame C711 42 B
63 B 39ms
37ms Image
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIqsDLhOXp8wIVVijTCh3AngDLEAAYACDL3rpLQhMI4o3_g-Xp8wIVk7h3Ch0EZQWM;met=1;&timestamp=1635310171492;eid1=2;ecn1=0;etm1=10;

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS